Problem when I renew with route53


#1

I ran this command: certbot renew --dns-route53 --dns-route53-propagation-seconds 30 --dry-run --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/deploy-to-zabbix-grafana-apache.sh

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/saltmaster.elementai.net.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Credentials found in config file: ~/.aws/config
Plugins selected: Authenticator dns-route53, Installer None
Attempting to renew cert (saltmaster.elementai.net) from /etc/letsencrypt/renewal/saltmaster.elementai.net.conf produced an unexpected error: 'AWSHTTPSConnection' object has no attribute 'ssl_context'. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/zabbix.utility.elementai.net.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator dns-route53, Installer None
Attempting to renew cert (zabbix.utility.elementai.net) from /etc/letsencrypt/renewal/zabbix.utility.elementai.net.conf produced an unexpected error: 'AWSHTTPSConnection' object has no attribute 'ssl_context'. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/saltmaster.elementai.net/fullchain.pem (failure)
  /etc/letsencrypt/live/zabbix.utility.elementai.net/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/saltmaster.elementai.net/fullchain.pem (failure)
  /etc/letsencrypt/live/zabbix.utility.elementai.net/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 renew failure(s), 0 parse failure(s)

#2

What OS is this on?

How was Certbot installed?

What version of Certbot is it?

Can you paste the traceback from letsencrypt.log?


#3

I use ubuntu 16.04, I install it from apt official repo.

Version : 0.28.0-1

2018-12-20 17:03:00,057:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2018-12-20 17:03:00,059:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
2018-12-20 17:03:00,080:WARNING:certbot.renewal:Attempting to renew cert (zabbix.utility.elementai.net) from /etc/letsencrypt/renewal/zabbix.utility.elementai.net.conf produced an unexpected error: 'AWSHTTPSConnection' object has no attribute 'ssl_context'. Skipping.
2018-12-20 17:03:00,081:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 430, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1166, in renew_cert
    le_client = _init_le_client(config, auth, installer)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 604, in _init_le_client
    acc, acme = _determine_account(config)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 521, in _determine_account
    config, account_storage, tos_cb=_tos_cb)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 181, in register
    acme = acme_from_config_key(config, key)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 51, in acme_from_config_key
    return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 763, in __init__
    directory = messages.Directory.from_json(net.get(server).json())
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1097, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1046, in _send_request
    response = self.session.request(method, url, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 502, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 612, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 440, in send
    timeout=timeout
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 600, in urlopen
    chunked=chunked)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 345, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 846, in _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 311, in connect
    if self.ssl_context is None:
AttributeError: 'AWSHTTPSConnection' object has no attribute 'ssl_context'

2018-12-20 17:03:00,081:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2018-12-20 17:03:00,081:ERROR:certbot.renewal:  /etc/letsencrypt/live/saltmaster.elementai.net/fullchain.pem (failure)
  /etc/letsencrypt/live/zabbix.utility.elementai.net/fullchain.pem (failure)
2018-12-20 17:03:00,081:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.28.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1340, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1247, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 455, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
certbot.errors.Error: 2 renew failure(s), 0 parse failure(s)

#4

You mean https://launchpad.net/~certbot/+archive/ubuntu/certbot?

It sounds like this issue:

Which is not exactly… fixed.


#5

Yes!

If I use pip to install certbot, can I workaround that problem ?

Thank you!


#6

Can you use certbot-auto?