Problem with renew certificates on CentOs

Gravedigger1 · July 2, 2020, 10:30am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
ocs.afiassurances.fr
I ran this command:
./certbot-auto renew
It produced this output:
Creating virtual environment…
Installing Python packages…
Had a problem while installing Python packages.

pip prints the following errors:

Collecting ConfigArgParse==1.0 (from -r /tmp/tmp.ZYWjmb4dg5/letsencrypt-auto-requirements.txt (line 12))
Could not fetch URL https://pypi.python.org/simple/configargparse/: There was a problem confirming the ssl certificate: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618) - skipping
Could not find a version that satisfies the requirement ConfigArgParse==1.0 (from -r /tmp/tmp.ZYWjmb4dg5/letsencrypt-auto-requirements.txt (line 12)) (from versions: )
No matching distribution found for ConfigArgParse==1.0 (from -r /tmp/tmp.ZYWjmb4dg5/letsencrypt-auto-requirements.txt (line 12))

Certbot has problem setting up the virtual environment.

We were not be able to guess the right solution from your pip
output.

Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment
for possible solutions.

My web server is (include version):
CentOs
The operating system my web server runs on is (include version):

I have upgrade python on 3.6 but that’s still 2.7
Thank you

_az · July 2, 2020, 10:44am

Does this work?

curl -X GET -I https://pypi.python.org

Gravedigger1 · July 2, 2020, 12:04pm

HTTP/1.1 301 Redirect to Primary Domain
Connection: close
Content-Length: 122
Server: Varnish
Retry-After: 0
Location: https://pypi.org/
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Date: Thu, 02 Jul 2020 12:03:27 GMT
X-Served-By: cache-cdg20750-CDG
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1593691407.446929,VS0,VE0
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none

Gravedigger1 · July 2, 2020, 12:42pm

Ok my firewall bloqued !
I make a new rule, and now i have

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ocs.afiassurances.fr
Cleaning up challenges
Attempting to renew cert (ocs.afiassurances.fr) from /etc/letsencrypt/renewal/ocs.afiassurances.fr.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.

Gravedigger1 · July 2, 2020, 2:03pm

It’s ok for 2 domains, but one doesn’t want. I have a centreon serveur :

   Domain: centreon.afiassurances.fr
   Type:   unauthorized
   Detail: Invalid response from
   https://centreon.afiassurances.fr/.well-known/acme-challenge/PZqh6GbTVZ5padci5P2a45VHiOahlkzgEP0ItN9uV0E
   [178.132.25.170]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

_az · July 2, 2020, 9:13pm

If you use the standalone authenticator, you must first stop nginx before renewing.

Otherwise, try something like:

certbot renew --nginx --dry-run

Gravedigger1 · July 3, 2020, 9:52am

It’s ok. Can be close

system · August 2, 2020, 9:52am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.