OpenSSL.SSL.Error:

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
puponin.com
I ran this command:
sudo certbot --nginx -d puponin.com -d www.puponin.com

It produced this output:
An unexpected error occurred:
OpenSSL.SSL.Error: [(‘x509 certificate routines’, ‘X509_load_cert_crl_file’, ‘no certificate or crl found’)]
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version):

nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):

Ubuntu 20.02

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.40.0

Unstalled certificates:

dpkg -l | grep ca-certificates
ii ca-certificates 20190110ubuntu1.1 all Common CA certificates

full log:

2020-07-08 13:39:19,647:ERROR:certbot.log:An unexpected error occurred:
OpenSSL.SSL.Error: [(‘x509 certificate routines’, ‘X509_load_cert_crl_file’, ‘no certificate or crl found’)]
raise exception_type(errors)
File “/usr/lib/python3/dist-packages/OpenSSL/_util.py”, line 54, in exception_from_error_queue
_raise_current_error()
File “/usr/lib/python3/dist-packages/OpenSSL/SSL.py”, line 776, in load_verify_locations
self.ctx.load_verify_locations(cafile, capath)
File “/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py”, line 453, in load_verify_locations
context.load_verify_locations(ca_certs, ca_cert_dir)
File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 336, in ssl_wrap_socket
self.sock = ssl_wrap_socket(
File “/usr/lib/python3/dist-packages/urllib3/connection.py”, line 352, in connect
conn.connect()
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 996, in _validate_conn
self._validate_conn(conn)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 376, in _make_request
httplib_response = self._make_request(
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 665, in urlopen
resp = conn.urlopen(
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 439, in send
r = adapter.send(request, **kwargs)
File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 646, in send
resp = self.send(prep, **send_kwargs)
File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 533, in request
response = self.session.request(method, url, *args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1088, in _send_request
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1138, in get
directory = messages.Directory.from_json(net.get(server).json())
File “/usr/lib/python3/dist-packages/acme/client.py”, line 808, in init
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 46, in acme_from_config_key
acme = acme_from_config_key(config, key)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 176, in register
acc, acme = client.register(
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 522, in _determine_account
acc, acme = _determine_account(config)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 607, in _init_le_client
le_client = _init_le_client(config, authenticator, installer)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1125, in run
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1382, in main
load_entry_point(‘certbot==0.40.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/bin/certbot”, line 11, in
Traceback (most recent call last):
2020-07-08 13:39:19,645:DEBUG:certbot.log:Exiting abnormally:
2020-07-08 13:39:19,639:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2020-07-08 13:39:19,637:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2020-07-08 13:39:09,283:INFO:certbot.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2020-07-08 13:39:09,283:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7f1852441070> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7f1852441070>
Prep: True
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f1852441070>
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Interfaces: IAuthenticator, IInstaller, IPlugin
Description: Nginx Web Server plugin
2020-07-08 13:39:09,282:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
2020-07-08 13:39:09,148:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2020-07-08 13:39:09,147:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-07-08 13:39:09,147:DEBUG:certbot.log:Root logging level set at 20
2020-07-08 13:39:09,140:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-07-08 13:39:09,140:DEBUG:certbot.main:Arguments: [’–nginx’, ‘-d’, ‘puponin.com’, ‘-d’, ‘www.puponin.com’]
2020-07-08 13:39:09,139:DEBUG:certbot.main:certbot version: 0.40.0

@Dinin i saw you have the same problem. How are you resolved it

1 Like
Can't renew certificates
2

Hi @pistoletov1974

looks like you have deleted your certificate.

So

  • restore the certificate using your backup (if you don't have a backup, that's the next problem you should fix) (or)
  • install a self signed certificate (or)
  • disable that not working vHost
1 Like
3

Thank you, @JuergenAuer
this is a first time getting certificate. And fresh ubuntu install and fresh certbot install. may be i need some extra packages for python?
this is list of commands:
79 sudo apt install certbot python3-certbot-nginx
80 sudo vim /etc/nginx/sites-available/puponin.com
81 sudo nginx -t
82 sudo certbot --nginx -d puponin.com -d www.puponin.com

i have disable my server block in nginx (sudo rm /etc/nginx/sites-enabled/puponin.com)
but the same error

and if i try simple https connection i got error:

curl https://www.example.com
curl: (77) error setting certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs

1 Like
4

Sorry, false read.

Check

https://knowledge.digicert.com/solution/SO14736

Error: "X509_load_cert_crl_file" when restarting Apache

Problem

The following error occurs when restarting an Apache server:

SSL Library Error: 185090057 error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib

Looks like a crl file is missing or has the wrong format.

If you can't use curl to connect google.com or Letsencrypt, your basic installation is incomplete.

1 Like
5

I

have resolve my problem.
The solution is:
sudo apt remove ca-certificates
sudo apt install ca-certificates
curl -I https://www.gnu.org/ - work fine!!!
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d puponin.com -d www.puponin.com
Sucessfully!!!

4 Likes
ssl.SSLError: [X509] no certificate or crl found (_ssl.c:3732)
6

Your idea was good.

Second user with the same problem and the same solution.

Looks like a general problem.

2 Likes
7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.