Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
edenfielddentistry.com (any domain for that matter)

I ran this command:
sudo -H certbot certonly --manual --preferred-challenges dns -d www.edenfielddentistry.com -d edenfielddentistry.com

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
An unexpected error occurred:
UnicodeEncodeError: ‘ascii’ codec can’t encode character ‘\u2248’ in position 0: ordinal not in range(128)
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version):
Linux / Apache / PHP 7.2

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
LiquidWeb

I can login to a root shell on my machine (yes or no, or I don’t know):
I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
I think so

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.33.1

This happens every time I try to run any domain on this machine using the same command above with the domain switched of course. I have no issues on another machine. So I assume it’s specific to this machine obviously. I’ve read through multiple support pages

Hi @bullaka

\u2248 - that's the Unicode code point with the hex value 2248 and the integer codepoint 8776 ≈

Looks like you have this character ≈ somewhere in your config file (code or comment).

Check your webserver config files and the Letsencrypt config files

/etc/letsencrypt/renewal

Thank you @JuergenAuer. I’m BRAND new at this stuff. So I know very little about what you wrote. Do you mind guiding me a bit more please?

For instance I went to that directory you mentioned. I don’t even see the domain I listed in there. I tried one of the domains in that directory and I received the same error.

There are files. Check every file if the file contains ≈.

And check your Apache config files.

Certbot tries to check your configuration and doesn’t handle the character ≈ correct.

Wait, I don’t understand how certonly --manual is reading any web server configuration files. It should never have a reason to do that!

@bullaka, could you please show us the log file from /var/log/letsencrypt that was mentioned in the error? I feel like this special character might be in some other kind of configuration file entirely.

Thank you for your reply.

Here’s further information. I know for sure it’s my machine, hence the error, and not the server as I checked with LiquidWeb. I also know it’s my machine and not the server because it doesn’t do this using another computer, only mine. Simply trying to eliminate all the variables I can.

When I attempt to find that directory via terminal I get the following:
-bash: cd: /var/log/letsencrypt: Permission denied

So then I went to finder and then go to folder. Type in the path: /var/log/letsencrypt. I get: the folder can’t be found.

I did eventually find logs files here: Macintosh HD > private > var > log > letsencrypt which is NOT what’s in the error code. That’s: /var/log/letsencrypt. I did find 13 files in there. I searched those files and can’t find ≈.

At this point, would it be easier to manually delete Homebrew and Letsencrypt folders and reinstall them both? I’ve already tried deleting them and then reinstalling via terminal and the same issue showed up. So I’m wondering if there are some personal preferences set somewhere.

I didn’t realize that you were running Certbot on your laptop rather than your web server. Normally Certbot is meant to be run directly on your web server.

Is there a way that you could run Certbot on the web server or use features in the control panel to obtain your certificates instead?

If you want to debug this with the way you’re currently doing it, I’d like to see the actual content of the log file in /var/log/letsencrypt even if it doesn’t appear to contain a literal ≈ character.

Here you go. And once again thank you!

2019-05-06 14:08:25,679:DEBUG:certbot.main:certbot version: 0.26.1
2019-05-06 14:08:25,680:DEBUG:certbot.main:Arguments: [’–manual’, ‘–preferred-challenges’, ‘dns’, ‘-d’, ‘www.edenfielddentistry.com’, ‘-d’, ‘edenfielddentistry.com’]
2019-05-06 14:08:25,680:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-05-06 14:08:25,711:DEBUG:certbot.log:Root logging level set at 20
2019-05-06 14:08:25,712:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-05-06 14:08:25,713:DEBUG:certbot.plugins.selection:Requested authenticator manual and installer None
2019-05-06 14:08:25,716:DEBUG:certbot.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: IAuthenticator, IPlugin
Entry point: manual = certbot.plugins.manual:Authenticator
Initialized: <certbot.plugins.manual.Authenticator object at 0x103e63160>
Prep: True
2019-05-06 14:08:25,717:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.manual.Authenticator object at 0x103e63160> and installer None
2019-05-06 14:08:25,717:INFO:certbot.plugins.selection:Plugins selected: Authenticator manual, Installer None
2019-05-06 14:08:25,722:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x104144a58>)>), contact=(‘mailto:aaron@bullcm.com’,), agreement=‘https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf’, status=‘valid’, terms_of_service_agreed=None, only_return_existing=None), uri=‘https://acme-v01.api.letsencrypt.org/acme/reg/34001879’, new_authzr_uri=‘https://acme-v01.api.letsencrypt.org/acme/new-authz’, terms_of_service=‘https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf’), 96b56b216e7842fab314906434ad4ef7, Meta(creation_dt=datetime.datetime(2018, 4, 26, 20, 19, 10, tzinfo=), creation_host=‘Bullakas-MacBook-Pro-2016.local’))>
2019-05-06 14:08:25,734:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2019-05-06 14:08:25,741:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2019-05-06 14:08:25,922:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 658
2019-05-06 14:08:25,923:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 658
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 06 May 2019 18:08:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 06 May 2019 18:08:25 GMT
Connection: keep-alive

{
“9RMo_NY0zGE”: “Adding random entries to the directory”,
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
“letsencrypt.org”
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org”
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert”
}
2019-05-06 14:08:25,937:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/local/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.26.1’, ‘console_scripts’, ‘certbot’)()
File “/usr/local/Cellar/certbot/0.26.1/libexec/lib/python3.7/site-packages/certbot/main.py”, line 1364, in main
return config.func(config, plugins)
File “/usr/local/Cellar/certbot/0.26.1/libexec/lib/python3.7/site-packages/certbot/main.py”, line 1247, in certonly
should_get_cert, lineage = _find_cert(config, domains, certname)
File “/usr/local/Cellar/certbot/0.26.1/libexec/lib/python3.7/site-packages/certbot/main.py”, line 285, in _find_cert
action, lineage = _find_lineage_for_domains_and_certname(config, domains, certname)
File “/usr/local/Cellar/certbot/0.26.1/libexec/lib/python3.7/site-packages/certbot/main.py”, line 312, in _find_lineage_for_domains_and_certname
return _find_lineage_for_domains(config, domains)
File “/usr/local/Cellar/certbot/0.26.1/libexec/lib/python3.7/site-packages/certbot/main.py”, line 256, in _find_lineage_for_domains
ident_names_cert, subset_names_cert = cert_manager.find_duplicative_certs(config, domains)
File “/usr/local/Cellar/certbot/0.26.1/libexec/lib/python3.7/site-packages/certbot/cert_manager.py”, line 166, in find_duplicative_certs
return _search_lineages(config, update_certs_for_domain_matches, (None, None))
File “/usr/local/Cellar/certbot/0.26.1/libexec/lib/python3.7/site-packages/certbot/cert_manager.py”, line 387, in _search_lineages
rv = func(candidate_lineage, rv, *args)
File “/usr/local/Cellar/certbot/0.26.1/libexec/lib/python3.7/site-packages/certbot/cert_manager.py”, line 154, in update_certs_for_domain_matches
candidate_names = set(candidate_lineage.names())
File “/usr/local/Cellar/certbot/0.26.1/libexec/lib/python3.7/site-packages/certbot/storage.py”, line 856, in names
return crypto_util.get_names_from_cert(f.read())
File “/usr/local/Cellar/certbot/0.26.1/libexec/lib/python3.7/site-packages/certbot/crypto_util.py”, line 381, in get_names_from_cert
csr, crypto.load_certificate, typ)
File “/usr/local/Cellar/certbot/0.26.1/libexec/lib/python3.7/site-packages/certbot/crypto_util.py”, line 361, in _get_names_from_cert_or_req
loaded_cert_or_req = _load_cert_or_req(cert_or_req, load_func, typ)
File “/usr/local/Cellar/certbot/0.26.1/libexec/lib/python3.7/site-packages/certbot/crypto_util.py”, line 333, in _load_cert_or_req
return load_func(typ, cert_or_req_str)
File “/usr/local/Cellar/certbot/0.26.1/libexec/lib/python3.7/site-packages/OpenSSL/crypto.py”, line 1812, in load_certificate
buffer = buffer.encode(“ascii”)
UnicodeEncodeError: ‘ascii’ codec can’t encode character ‘\u2248’ in position 0: ordinal not in range(128)
2019-05-06 14:08:25,943:ERROR:certbot.log:An unexpected error occurred:

It sounds like you have an existing certificate file that contains that strange character for some reason.

Could you show us the output of certbot certificates (or sudo certbot certificates if necessary)?

That’s with ANY certificate I try to setup on this machine for any site. Regardless of what site address I change it to, on this machine I always get the same error. Any other machine, no error.

Yes, that makes sense. So, could we see the output of certbot certificates?

As I mentioned earlier, I’m new to all of this. So I’m not sure what you’re asking for. So what are you asking for? Is this what you’re looking for? This is what I get after I put in the aforementioned command.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for edenfielddentistry.com
dns-01 challenge for www.edenfielddentistry.com

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?

(Y)es/(N)o: y

Please deploy a DNS TXT record under the name
_acme-challenge.edenfielddentistry.com with the following value:

And then, of course, it gives the www value

I’d like you to run the command certbot certificates on your computer. (Is that the output that you got from running that?)

OOOOOHHH. Ok thank you for your patience. Here you go:

The following error was encountered:
[Errno 13] Permission denied: ‘/var/log/letsencrypt/.certbot.lock’
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.

In that case, please run sudo certbot certificates instead.

Thanks again. Here you go. Since I’m a new user I couldn’t attach it nor could I copy and paste the info here. So here’s a link to it: https://www.dropbox.com/s/608065lzhsvzdbi/sudo%20certbot%20certificates.txt?dl=0

What’s the content of that file:

/etc/letsencrypt/renewal/www.kalodemo.com.conf

That’s the last row.

renew_before_expiry = 30 days

version = 0.23.0
archive_dir = /etc/letsencrypt/archive/www.kalodemo.com
cert = /etc/letsencrypt/live/www.kalodemo.com/cert.pem
privkey = /etc/letsencrypt/live/www.kalodemo.com/privkey.pem
chain = /etc/letsencrypt/live/www.kalodemo.com/chain.pem
fullchain = /etc/letsencrypt/live/www.kalodemo.com/fullchain.pem

Options used in the renewal process

[renewalparams]
account = 96b56b216e7842fab314906434ad4ef7
pref_challs = dns-01,
authenticator = manual
installer = None
manual_public_ip_logging_ok = True

Sorry, incomplete question.

And the content of that file:

/etc/letsencrypt/live/www.kalodemo.com/cert.pem

That’s on the server side and not the domain I’m having issues with. Asking for understanding. As such, would that matter?

-----BEGIN CERTIFICATE-----
MIIGGjCCBQKgAwIBAgISAzf0Dt5+MjR03vBDaCoq7br+MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA3MTIxOTE1NDlaFw0x
ODEwMTAxOTE1NDlaMBsxGTAXBgNVBAMTEHd3dy5rYWxvZGVtby5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaULczuDLJoQ1/RG/MTk3XroCc4XKi
FAn7IhaTGFo54RzQbRoJc9R6kgThGzJ7vgay9l1ZYYDjhcAmJVbsWc1g70cpx4oS
5VBe6IAOa4msv5HHF6wTIicZcFE3ixSdj1YlQpG5cL7aCFHm5zUQ6tM1r++Q9svX
AVJ4py7KQ2UHhsMQz+VLzZBSBXIpy/sFaRSnAmGf1FB+8zu5qfRXeGGMdr0J8AOp
uWtFZ/3AesJQnJ/AQAJanllERtQHLix//Aeb7ibCGkg0sN2lq4oVNJIwSMS2Qh+c
jV1EW7B5sjUb0HNHHsQt0iWWxAK6p1p3Fb6SrExK/RVHjIgbanBxF9sXAgMBAAGj
ggMnMIIDIzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOEKyS378RKhlTuMTDkGDOW9
CuCOMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEB
BGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0
Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0
Lm9yZy8wKQYDVR0RBCIwIIIMa2Fsb2RlbW8uY29tghB3d3cua2Fsb2RlbW8uY29t
MIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggr
BgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwIC
MIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBi
eSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRo
ZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlw
dC5vcmcvcmVwb3NpdG9yeS8wggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgApPFGW
VMg5ZbqqUPxYB9S3b79Yeily3KTDDPTlRUf0eAAAAWSQIq4aAAAEAwBHMEUCIQCe
4hxsLbyglGH1ah3bwpfjRfAqSvumkW1oKHU9zes73QIgQGlO9PNaPfrYIk7R9bc0
nmxBW0q+bVS51c50NrYALCsAdwBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6od
BxPTDAAAAWSQIq67AAAEAwBIMEYCIQClv/zJ3AcGg+U2+mSc19e3jjiJ6xbTf1IN
hIWTk1O4mQIhAOlVDy6/QRtfj/1SGXR6FCA34nAVNaz5c5wcGOhLVzayMA0GCSqG
SIb3DQEBCwUAA4IBAQAykiuVorlNagLDJI3B5rXPZQgC8FhRzr4uH6578rIf5m5n
4QIN1tECCaJiN3W4sXXbcpN5A/RzDTX+778HiFvayuZNVFSw+pkx2C7GAgYE+Rjt
M5DZnjJIRj1e5s/L5tzR01RM2O+Dt8ga5hoP5lt5xzUozSViClA/jdj+VAKDA7Qa
djIaW3fFhyBduMUoduz4rsDMGGiK+X9oTjGbjx/ssQnHK8KvVqGATtn/Xcn3xEeL
YnxSGu+ufN54P4l8sa4VIZMZTwsjpJVmlQMJW9Ur7cnfZPrM18gCE3rItPFLPexj
h7Kt4/CYgVZLw78tpRgwk80VbPBV1dRpO1tinSbz
-----END CERTIFICATE-----