Not able to renew ssl certificate

saji · August 2, 2021, 11:24am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:my.blr.amrita.edu

Ip Address of my site : ( 61.12.92.66 Please Unblock if it is blocked)

I ran this command: certbot renew

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/my.blr.amrita.edu.conf

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Attempting to renew cert (my.blr.amrita.edu) from /etc/letsencrypt/renewal/my.blr.amrita.edu.conf produced an unexpected error: EOF occurred in violation of protocol (_ssl.c:645). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/my.blr.amrita.edu/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/my.blr.amrita.edu/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

My web server is (include version): apache2

The operating system my web server runs on is (include version): Ubuntu

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

rg305 · August 2, 2021, 2:31pm

Hi @saji, and welcome to the LE community forum

Unfortunately there is not enough detail shown to understand much about the problem.
Please try:
certbot renew -vvv
[then show the related entries from the log file]

And for good measure, please show the output of:
apachectl -S
[use sudo if needed]

saji · August 3, 2021, 7:09am

Output : certbot renew -vvv

Root logging level set at -10
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/my.blr.amrita.edu.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Requested authenticator <certbot.cli._Default object at 0x7eff609649b0> and inst                                                                                                                                                             aller <certbot.cli._Default object at 0x7eff609649b0>
Should renew, less than 30 days before certificate expiry 2021-04-16 14:14:27 UT                                                                                                                                                             C.
Cert is due for renewal, auto-renewing...
Requested authenticator apache and installer apache
Apache version is 2.4.18
Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7eff                                                                                                                                                             646eaac8>
Prep: True
Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7eff                                                                                                                                                             646eaac8>
Prep: True
Selected authenticator <certbot_apache.override_debian.DebianConfigurator object                                                                                                                                                              at 0x7eff646eaac8> and installer <certbot_apache.override_debian.DebianConfigur                                                                                                                                                             ator object at 0x7eff646eaac8>
Plugins selected: Authenticator apache, Installer apache
Picked account: <Account(RegistrationResource(new_authzr_uri=None, terms_of_serv                                                                                                                                                             ice=None, uri='https://acme-v02.api.letsencrypt.org/acme/acct/51922353', body=Re                                                                                                                                                             gistration(only_return_existing=None, external_account_binding=None, agreement=N                                                                                                                                                             one, key=None, status=None, terms_of_service_agreed=None, contact=())), dfca5348                                                                                                                                                             59e3594de1f26d88e4deef3f, Meta(creation_host='my-bl.amrita.ac.in', creation_dt=d                                                                                                                                                             atetime.datetime(2019, 2, 21, 5, 31, 48, tzinfo=<UTC>)))>
Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Attempting to renew cert (my.blr.amrita.edu) from /etc/letsencrypt/renewal/my.bl                                                                                                                                                             r.amrita.edu.conf produced an unexpected error: EOF occurred in violation of pro                                                                                                                                                             tocol (_ssl.c:645). Skipping.
Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 560, in                                                                                                                                                              urlopen
    body=body, headers=headers)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 346, in                                                                                                                                                              _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 787, in                                                                                                                                                              _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 252, in conn                                                                                                                                                             ect
    ssl_version=resolved_ssl_version)
  File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 305, in ssl_w                                                                                                                                                             rap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.5/ssl.py", line 377, in wrap_socket
    _context=self)
  File "/usr/lib/python3.5/ssl.py", line 752, in __init__
    self.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 988, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 633, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:645)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 376, in send
    timeout=timeout
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 589, in                                                                                                                                                              urlopen
    raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: EOF occurred in violation of prot                                                                                                                                                             ocol (_ssl.c:645)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 465, in handle_                                                                                                                                                             renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1191, in renew_cer                                                                                                                                                             t
    le_client = _init_le_client(config, auth, installer)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 612, in _init_le_c                                                                                                                                                             lient
    return client.Client(config, acc, authenticator, installer, acme=acme)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 266, in __init__
    acme = acme_from_config_key(config, self.account.key, self.account.regr)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 51, in acme_from                                                                                                                                                             _config_key
    return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 833, in __init__
    directory = messages.Directory.from_json(net.get(server).json())
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1171, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1120, in _send_requ                                                                                                                                                             est
    response = self.session.request(method, url, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 468, in reque                                                                                                                                                             st
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 447, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: EOF occurred in violation of protocol (_ssl.c:645)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/my.blr.amrita.edu/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/my.blr.amrita.edu/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 490, in handle_                                                                                                                                                             renewal_request
    len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
1 renew failure(s), 0 parse failure(s)

saji · August 3, 2021, 7:12am

output : apachectl -S

root@my:~# apachectl -S
VirtualHost configuration:
*:443 my.blr.amrita.edu (/etc/apache2/sites-enabled/my.blr.amrita.edu-le-ssl.conf:2)
*:80 my.blr.amrita.edu (/etc/apache2/sites-enabled/my.blr.amrita.edu.conf:2)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

saji · August 3, 2021, 9:51am

2021-08-03 04:21:14,893:DEBUG:certbot.main:certbot version: 0.31.0
2021-08-03 04:21:14,894:DEBUG:certbot.main:Arguments: ['-q']
2021-08-03 04:21:14,894:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-08-03 04:21:14,903:DEBUG:certbot.log:Root logging level set at 30
2021-08-03 04:21:14,904:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-08-03 04:21:14,912:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7f45c1bb3908> and installer <certbot.cli._Default object at 0x7f45c1bb3908>
2021-08-03 04:21:14,937:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2021-04-16 14:14:27 UTC.
2021-08-03 04:21:14,937:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2021-08-03 04:21:14,937:INFO:certbot.renewal:Non-interactive renewal: random delay of 116 seconds
2021-08-03 04:23:11,008:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-08-03 04:23:11,105:DEBUG:certbot_apache.configurator:Apache version is 2.4.18
2021-08-03 04:23:11,509:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f45c5c8e1d0>
Prep: True
2021-08-03 04:23:11,510:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f45c5c8e1d0>
Prep: True
2021-08-03 04:23:11,511:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_debian.DebianConfigurator object at 0x7f45c5c8e1d0> and installer <certbot_apache.override_debian.DebianConfigurator object at 0x7f45c5c8e1d0>
2021-08-03 04:23:11,511:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2021-08-03 04:23:11,532:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(new_authzr_uri=None, uri='https://acme-v02.api.letsencrypt.org/acme/acct/51922353', body=Registration(only_return_existing=None, contact=(), agreement=None, terms_of_service_agreed=None, key=None, external_account_binding=None, status=None), terms_of_service=None), dfca534859e3594de1f26d88e4deef3f, Meta(creation_dt=datetime.datetime(2019, 2, 21, 5, 31, 48, tzinfo=<UTC>), creation_host='my-bl.amrita.ac.in'))>
2021-08-03 04:23:11,534:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-08-03 04:23:11,537:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2021-08-03 04:23:21,210:WARNING:certbot.renewal:Attempting to renew cert (my.blr.amrita.edu) from /etc/letsencrypt/renewal/my.blr.amrita.edu.conf produced an unexpected error: EOF occurred in violation of protocol (_ssl.c:645). Skipping.
2021-08-03 04:23:21,217:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 560, in urlopen
    body=body, headers=headers)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 346, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 787, in _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 252, in connect
    ssl_version=resolved_ssl_version)
  File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 305, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.5/ssl.py", line 377, in wrap_socket
    _context=self)
  File "/usr/lib/python3.5/ssl.py", line 752, in __init__
    self.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 988, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 633, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:645)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 376, in send
    timeout=timeout
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 589, in urlopen
    raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: EOF occurred in violation of protocol (_ssl.c:645)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 465, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1191, in renew_cert
    le_client = _init_le_client(config, auth, installer)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 612, in _init_le_client
    return client.Client(config, acc, authenticator, installer, acme=acme)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 266, in __init__
    acme = acme_from_config_key(config, self.account.key, self.account.regr)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 51, in acme_from_config_key
    return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 833, in __init__
    directory = messages.Directory.from_json(net.get(server).json())
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1171, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1120, in _send_request
    response = self.session.request(method, url, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 447, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: EOF occurred in violation of protocol (_ssl.c:645)

2021-08-03 04:23:21,220:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2021-08-03 04:23:21,221:ERROR:certbot.renewal:  /etc/letsencrypt/live/my.blr.amrita.edu/fullchain.pem (failure)
2021-08-03 04:23:21,222:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 490, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2021-08-03 12:27:45,174:DEBUG:certbot.main:certbot version: 0.31.0
2021-08-03 12:27:45,175:DEBUG:certbot.main:Arguments: ['-q']
2021-08-03 12:27:45,176:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-08-03 12:27:45,185:DEBUG:certbot.log:Root logging level set at 30
2021-08-03 12:27:45,185:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-08-03 12:27:45,195:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7f82bddef978> and installer <certbot.cli._Default object at 0x7f82bddef978>
2021-08-03 12:27:45,220:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2021-04-16 14:14:27 UTC.
2021-08-03 12:27:45,220:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2021-08-03 12:27:45,220:INFO:certbot.renewal:Non-interactive renewal: random delay of 189 seconds
2021-08-03 12:30:54,313:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-08-03 12:30:54,413:DEBUG:certbot_apache.configurator:Apache version is 2.4.18
2021-08-03 12:30:54,879:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f82bddd3160>
Prep: True
2021-08-03 12:30:54,881:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f82bddd3160>
Prep: True
2021-08-03 12:30:54,881:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_debian.DebianConfigurator object at 0x7f82bddd3160> and installer <certbot_apache.override_debian.DebianConfigurator object at 0x7f82bddd3160>
2021-08-03 12:30:54,881:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2021-08-03 12:30:54,903:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(terms_of_service=None, body=Registration(agreement=None, terms_of_service_agreed=None, status=None, contact=(), key=None, external_account_binding=None, only_return_existing=None), new_authzr_uri=None, uri='https://acme-v02.api.letsencrypt.org/acme/acct/51922353'), dfca534859e3594de1f26d88e4deef3f, Meta(creation_host='my-bl.amrita.ac.in', creation_dt=datetime.datetime(2019, 2, 21, 5, 31, 48, tzinfo=<UTC>)))>
2021-08-03 12:30:54,906:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-08-03 12:30:54,914:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2021-08-03 12:31:04,535:WARNING:certbot.renewal:Attempting to renew cert (my.blr.amrita.edu) from /etc/letsencrypt/renewal/my.blr.amrita.edu.conf produced an unexpected error: EOF occurred in violation of protocol (_ssl.c:645). Skipping.
2021-08-03 12:31:04,540:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 560, in urlopen
    body=body, headers=headers)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 346, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 787, in _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 252, in connect
    ssl_version=resolved_ssl_version)
  File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 305, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.5/ssl.py", line 377, in wrap_socket
    _context=self)
  File "/usr/lib/python3.5/ssl.py", line 752, in __init__
    self.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 988, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 633, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:645)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 376, in send
    timeout=timeout
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 589, in urlopen
    raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: EOF occurred in violation of protocol (_ssl.c:645)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 465, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1191, in renew_cert
    le_client = _init_le_client(config, auth, installer)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 612, in _init_le_client
    return client.Client(config, acc, authenticator, installer, acme=acme)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 266, in __init__
    acme = acme_from_config_key(config, self.account.key, self.account.regr)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 51, in acme_from_config_key
    return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 833, in __init__
    directory = messages.Directory.from_json(net.get(server).json())
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1171, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1120, in _send_request
    response = self.session.request(method, url, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 447, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: EOF occurred in violation of protocol (_ssl.c:645)

2021-08-03 12:31:04,543:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2021-08-03 12:31:04,544:ERROR:certbot.renewal:  /etc/letsencrypt/live/my.blr.amrita.edu/fullchain.pem (failure)
2021-08-03 12:31:04,545:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 490, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2021-08-03 12:33:40,813:DEBUG:certbot.main:certbot version: 0.31.0
2021-08-03 12:33:40,814:DEBUG:certbot.main:Arguments: ['-vvv']
2021-08-03 12:33:40,814:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-08-03 12:33:40,823:DEBUG:certbot.log:Root logging level set at -10
2021-08-03 12:33:40,824:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-08-03 12:33:40,834:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7eff609649b0> and installer <certbot.cli._Default object at 0x7eff609649b0>
2021-08-03 12:33:40,858:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2021-04-16 14:14:27 UTC.
2021-08-03 12:33:40,859:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2021-08-03 12:33:40,859:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-08-03 12:33:40,936:DEBUG:certbot_apache.configurator:Apache version is 2.4.18
2021-08-03 12:33:41,348:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7eff646eaac8>
Prep: True
2021-08-03 12:33:41,351:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7eff646eaac8>
Prep: True
2021-08-03 12:33:41,351:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_debian.DebianConfigurator object at 0x7eff646eaac8> and installer <certbot_apache.override_debian.DebianConfigurator object at 0x7eff646eaac8>
2021-08-03 12:33:41,352:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2021-08-03 12:33:41,372:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(new_authzr_uri=None, terms_of_service=None, uri='https://acme-v02.api.letsencrypt.org/acme/acct/51922353', body=Registration(only_return_existing=None, external_account_binding=None, agreement=None, key=None, status=None, terms_of_service_agreed=None, contact=())), dfca534859e3594de1f26d88e4deef3f, Meta(creation_host='my-bl.amrita.ac.in', creation_dt=datetime.datetime(2019, 2, 21, 5, 31, 48, tzinfo=<UTC>)))>
2021-08-03 12:33:41,374:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-08-03 12:33:41,377:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2021-08-03 12:33:50,753:WARNING:certbot.renewal:Attempting to renew cert (my.blr.amrita.edu) from /etc/letsencrypt/renewal/my.blr.amrita.edu.conf produced an unexpected error: EOF occurred in violation of protocol (_ssl.c:645). Skipping.
2021-08-03 12:33:50,760:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 560, in urlopen
    body=body, headers=headers)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 346, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 787, in _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 252, in connect
    ssl_version=resolved_ssl_version)
  File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 305, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.5/ssl.py", line 377, in wrap_socket
    _context=self)
  File "/usr/lib/python3.5/ssl.py", line 752, in __init__
    self.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 988, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 633, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:645)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 376, in send
    timeout=timeout
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 589, in urlopen
    raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: EOF occurred in violation of protocol (_ssl.c:645)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 465, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1191, in renew_cert
    le_client = _init_le_client(config, auth, installer)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 612, in _init_le_client
    return client.Client(config, acc, authenticator, installer, acme=acme)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 266, in __init__
    acme = acme_from_config_key(config, self.account.key, self.account.regr)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 51, in acme_from_config_key
    return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 833, in __init__
    directory = messages.Directory.from_json(net.get(server).json())
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1171, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1120, in _send_request
    response = self.session.request(method, url, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 447, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: EOF occurred in violation of protocol (_ssl.c:645)

2021-08-03 12:33:50,768:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2021-08-03 12:33:50,769:ERROR:certbot.renewal:  /etc/letsencrypt/live/my.blr.amrita.edu/fullchain.pem (failure)
2021-08-03 12:33:50,770:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 490, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2021-08-03 12:39:53,252:DEBUG:certbot.main:certbot version: 0.31.0
2021-08-03 12:39:53,253:DEBUG:certbot.main:Arguments: ['-vvv']
2021-08-03 12:39:53,253:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-08-03 12:39:53,262:DEBUG:certbot.log:Root logging level set at -10
2021-08-03 12:39:53,263:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-08-03 12:39:53,272:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7f1a4316bba8> and installer <certbot.cli._Default object at 0x7f1a4316bba8>
2021-08-03 12:39:53,296:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2021-04-16 14:14:27 UTC.
2021-08-03 12:39:53,297:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2021-08-03 12:39:53,297:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-08-03 12:39:53,376:DEBUG:certbot_apache.configurator:Apache version is 2.4.18
2021-08-03 12:39:53,773:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f1a431eaa20>
Prep: True
2021-08-03 12:39:53,775:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f1a431eaa20>
Prep: True
2021-08-03 12:39:53,776:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_debian.DebianConfigurator object at 0x7f1a431eaa20> and installer <certbot_apache.override_debian.DebianConfigurator object at 0x7f1a431eaa20>
2021-08-03 12:39:53,776:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2021-08-03 12:39:53,797:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(uri='https://acme-v02.api.letsencrypt.org/acme/acct/51922353', new_authzr_uri=None, body=Registration(agreement=None, status=None, only_return_existing=None, external_account_binding=None, key=None, terms_of_service_agreed=None, contact=()), terms_of_service=None), dfca534859e3594de1f26d88e4deef3f, Meta(creation_dt=datetime.datetime(2019, 2, 21, 5, 31, 48, tzinfo=<UTC>), creation_host='my-bl.amrita.ac.in'))>
2021-08-03 12:39:53,799:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-08-03 12:39:53,802:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2021-08-03 12:39:58,352:ERROR:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 465, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1191, in renew_cert
    le_client = _init_le_client(config, auth, installer)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 612, in _init_le_client
    return client.Client(config, acc, authenticator, installer, acme=acme)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 266, in __init__
    acme = acme_from_config_key(config, self.account.key, self.account.regr)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 51, in acme_from_config_key
    return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 833, in __init__
    directory = messages.Directory.from_json(net.get(server).json())
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1171, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1120, in _send_request
    response = self.session.request(method, url, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 376, in send
    timeout=timeout
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 560, in urlopen
    body=body, headers=headers)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 346, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 787, in _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 252, in connect
    ssl_version=resolved_ssl_version)
  File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 305, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.5/ssl.py", line 377, in wrap_socket
    _context=self)
  File "/usr/lib/python3.5/ssl.py", line 752, in __init__
    self.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 988, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 633, in do_handshake
    self._sslobj.do_handshake()

rg305 · August 3, 2021, 5:19pm

Please show the output of:
curl -v https://acme-v02.api.letsencrypt.org/directory
certbot certificates

saji · August 6, 2021, 3:54am

root@my:~# curl -v https://acme-v02.api.letsencrypt.org/directory

Trying 172.65.32.248...
Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
found 148 certificates in /etc/ssl/certs/ca-certificates.crt
found 594 certificates in /etc/ssl/certs
ALPN, offering http/1.1
gnutls_handshake() failed: The TLS connection was non-properly terminated.
Closing connection 0
curl: (35) gnutls_handshake() failed: The TLS connection was non-properly terminated.
root@my:~# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Revocation status for /etc/letsencrypt/live/my.blr.amrita.edu/cert.pem is unknown

Found the following certs:
Certificate Name: my.blr.amrita.edu
Domains: my.blr.amrita.edu
Expiry Date: 2021-04-16 14:14:27+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/my.blr.amrita.edu/fullchain.pem
Private Key Path: /etc/letsencrypt/live/my.blr.amrita.edu/privkey.pem

root@my:~#

saji · August 9, 2021, 6:18am

sir
can give a solution for this sir . I forwarded the output of last reply. Please check the output and give a solution sir

petercooperjr · August 9, 2021, 1:15pm

This sounds like it might be due to the DoS mitigation measures listed here, where your IP may be blocked:

And it sounds like you also suspect it was blocked. Did you get this IP recently, or was the server with this IP recently compromised? If this is a renewal, then this worked in the past, right? So did you recently change IPs or the like? Generally there's only a block like this if the IP was abusing Let's Encrypt's systems.

@lestaff, can you look and see if this IP is blocked?

JamesLE · August 9, 2021, 5:18pm

We have not been blocking this IP address.

rg305 · August 9, 2021, 5:23pm

Please show:
curl --version

saji · August 10, 2021, 9:25am

curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets

saji · August 10, 2021, 9:45am

Now problem solved . now its renewed the same cert

saji · August 10, 2021, 9:46am

Thanks Everyone for looking to this issue .

rg305 · August 10, 2021, 2:23pm

How was the problem solved?
Did you have to update curl or GnuTLS?

system · September 9, 2021, 2:23pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.