Problems creating a new certificate

Hi, i discovered this morning while trying to add new hosting on our ispconfig that the creation of the SSL certificate wasn't working. At first i blamed ISPConfigand i looked everywhere trying to make it work but everything seems to be ok.

So i went and tried to work on the SSL generation part of the server and realised that is actually impossible for me to update any certificates on this server.

Can you help me diagnose it ? I saw that you had some problems with your api https://letsencrypt.status.io/
Could it be linked to it ?

I will link the logs as much as i can

My domains are:

000.dinao.com
abyssebienetre.fr
ambrosie.fr
avocatdoc.com
barde.pro
demo.cobating.fr
dev.vmsf.org
ftpupdate.dinao.com
goodyear-farm.com
goodyearfarmtires.fr
ispconfig.dinao.com
ispconfig.dinao.com
lean-and-partners.com
richardson-matieres-plastiques.fr
senitconsulting.com
www.goodyearfarmtires.fr
www.hyperbios.fr

I ran this command:
certbot renew --dry-run

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/000.dinao.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Attempting to renew cert (000.dinao.com) from /etc/letsencrypt/renewal/000.dinao.com.conf produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/abyssebienetre.fr-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Attempting to renew cert (abyssebienetre.fr-0001) from /etc/letsencrypt/renewal/abyssebienetre.fr-0001.conf produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/abyssebienetre.fr.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 68, in _reconstitute
    renewal_candidate = storage.RenewableCert(full_path, config)
  File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
    "file reference".format(self.configfile))
certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
Renewal configuration file /etc/letsencrypt/renewal/abyssebienetre.fr.conf is broken. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ambrosie.fr.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Attempting to renew cert (ambrosie.fr) from /etc/letsencrypt/renewal/ambrosie.fr.conf produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/avocatdoc.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Attempting to renew cert (avocatdoc.com) from /etc/letsencrypt/renewal/avocatdoc.com.conf produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/barde.pro.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Attempting to renew cert (barde.pro) from /etc/letsencrypt/renewal/barde.pro.conf produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/demo.cobating.fr-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Attempting to renew cert (demo.cobating.fr-0001) from /etc/letsencrypt/renewal/demo.cobating.fr-0001.conf produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/demo.cobating.fr.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 68, in _reconstitute
    renewal_candidate = storage.RenewableCert(full_path, config)
  File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
    "file reference".format(self.configfile))
certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
Renewal configuration file /etc/letsencrypt/renewal/demo.cobating.fr.conf is broken. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/dev.vmsf.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Attempting to renew cert (dev.vmsf.org) from /etc/letsencrypt/renewal/dev.vmsf.org.conf produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ftpupdate.dinao.com-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Attempting to renew cert (ftpupdate.dinao.com-0001) from /etc/letsencrypt/renewal/ftpupdate.dinao.com-0001.conf produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/goodyear-farm.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Attempting to renew cert (goodyear-farm.com) from /etc/letsencrypt/renewal/goodyear-farm.com.conf produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/goodyearfarmtires.fr.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Attempting to renew cert (goodyearfarmtires.fr) from /etc/letsencrypt/renewal/goodyearfarmtires.fr.conf produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ispconfig.dinao.com-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Attempting to renew cert (ispconfig.dinao.com-0001) from /etc/letsencrypt/renewal/ispconfig.dinao.com-0001.conf produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ispconfig.dinao.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Attempting to renew cert (ispconfig.dinao.com) from /etc/letsencrypt/renewal/ispconfig.dinao.com.conf produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/lean-and-partners.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Attempting to renew cert (lean-and-partners.com) from /etc/letsencrypt/renewal/lean-and-partners.com.conf produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/richardson-matieres-plastiques.fr.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Attempting to renew cert (richardson-matieres-plastiques.fr) from /etc/letsencrypt/renewal/richardson-matieres-plastiques.fr.conf produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/senitconsulting.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Attempting to renew cert (senitconsulting.com) from /etc/letsencrypt/renewal/senitconsulting.com.conf produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.goodyearfarmtires.fr.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Attempting to renew cert (www.goodyearfarmtires.fr) from /etc/letsencrypt/renewal/www.goodyearfarmtires.fr.conf produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.hyperbios.fr.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Attempting to renew cert (www.hyperbios.fr) from /etc/letsencrypt/renewal/www.hyperbios.fr.conf produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/000.dinao.com/fullchain.pem (failure)
  /etc/letsencrypt/live/abyssebienetre.fr-0001/fullchain.pem (failure)
  /etc/letsencrypt/live/ambrosie.fr/fullchain.pem (failure)
  /etc/letsencrypt/live/avocatdoc.com/fullchain.pem (failure)
  /etc/letsencrypt/live/barde.pro/fullchain.pem (failure)
  /etc/letsencrypt/live/demo.cobating.fr-0001/fullchain.pem (failure)
  /etc/letsencrypt/live/dev.vmsf.org/fullchain.pem (failure)
  /etc/letsencrypt/live/ftpupdate.dinao.com-0001/fullchain.pem (failure)
  /etc/letsencrypt/live/goodyear-farm.com/fullchain.pem (failure)
  /etc/letsencrypt/live/goodyearfarmtires.fr/fullchain.pem (failure)
  /etc/letsencrypt/live/ispconfig.dinao.com-0001/fullchain.pem (failure)
  /etc/letsencrypt/live/ispconfig.dinao.com/fullchain.pem (failure)
  /etc/letsencrypt/live/lean-and-partners.com/fullchain.pem (failure)
  /etc/letsencrypt/live/richardson-matieres-plastiques.fr/fullchain.pem (failure)
  /etc/letsencrypt/live/senitconsulting.com/fullchain.pem (failure)
  /etc/letsencrypt/live/www.goodyearfarmtires.fr/fullchain.pem (failure)
  /etc/letsencrypt/live/www.hyperbios.fr/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/000.dinao.com/fullchain.pem (failure)
  /etc/letsencrypt/live/abyssebienetre.fr-0001/fullchain.pem (failure)
  /etc/letsencrypt/live/ambrosie.fr/fullchain.pem (failure)
  /etc/letsencrypt/live/avocatdoc.com/fullchain.pem (failure)
  /etc/letsencrypt/live/barde.pro/fullchain.pem (failure)
  /etc/letsencrypt/live/demo.cobating.fr-0001/fullchain.pem (failure)
  /etc/letsencrypt/live/dev.vmsf.org/fullchain.pem (failure)
  /etc/letsencrypt/live/ftpupdate.dinao.com-0001/fullchain.pem (failure)
  /etc/letsencrypt/live/goodyear-farm.com/fullchain.pem (failure)
  /etc/letsencrypt/live/goodyearfarmtires.fr/fullchain.pem (failure)
  /etc/letsencrypt/live/ispconfig.dinao.com-0001/fullchain.pem (failure)
  /etc/letsencrypt/live/ispconfig.dinao.com/fullchain.pem (failure)
  /etc/letsencrypt/live/lean-and-partners.com/fullchain.pem (failure)
  /etc/letsencrypt/live/richardson-matieres-plastiques.fr/fullchain.pem (failure)
  /etc/letsencrypt/live/senitconsulting.com/fullchain.pem (failure)
  /etc/letsencrypt/live/www.goodyearfarmtires.fr/fullchain.pem (failure)
  /etc/letsencrypt/live/www.hyperbios.fr/fullchain.pem (failure)

Additionally, the following renewal configurations were invalid:
  /etc/letsencrypt/renewal/abyssebienetre.fr.conf (parsefail)
  /etc/letsencrypt/renewal/demo.cobating.fr.conf (parsefail)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)

#######################################################

My command is : tail -n 200 /var/log/letsencrypt/letsencrypt.log

2021-10-13 15:00:39,656:DEBUG:certbot.cli:Var account={'server'} (set by user).
2021-10-13 15:00:39,660:INFO:certbot.renewal:Cert not due for renewal, but simulating renewal for dry run
2021-10-13 15:00:39,660:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2021-10-13 15:00:39,660:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f3e6f391dd8>
Prep: True
2021-10-13 15:00:39,660:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f3e6f391dd8> and installer None
2021-10-13 15:00:39,660:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-10-13 15:00:39,862:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2021-10-13 15:00:39,862:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2021-10-13 15:00:40,174:WARNING:certbot.renewal:Attempting to renew cert (www.goodyearfarmtires.fr) from /etc/letsencrypt/renewal/www.goodyearfarmtires.fr.conf produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.
2021-10-13 15:00:40,174:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 453, in wrap_socket
    cnx.do_handshake()
  File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1915, in do_handshake
    self._raise_ssl_error(self._ssl, result)
  File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1647, in _raise_ssl_error
    _raise_current_error()
  File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 600, in urlopen
    chunked=chunked)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 343, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 841, in _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 344, in connect
    ssl_context=context)
  File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 344, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 459, in wrap_socket
    raise ssl.SSLError('bad handshake: %r' % e)
ssl.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 449, in send
    timeout=timeout
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 638, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 398, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 465, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1191, in renew_cert
    le_client = _init_le_client(config, auth, installer)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 605, in _init_le_client
    acc, acme = _determine_account(config)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 521, in _determine_account
    config, account_storage, tos_cb=_tos_cb)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 181, in register
    acme = acme_from_config_key(config, key)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 51, in acme_from_config_key
    return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 833, in __init__
    directory = messages.Directory.from_json(net.get(server).json())
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1171, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1120, in _send_request
    response = self.session.request(method, url, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

2021-10-13 15:00:40,177:DEBUG:certbot.cli:Var dry_run=True (set by user).
2021-10-13 15:00:40,177:DEBUG:certbot.cli:Var server={'staging', 'dry_run'} (set by user).
2021-10-13 15:00:40,177:DEBUG:certbot.cli:Var dry_run=True (set by user).
2021-10-13 15:00:40,177:DEBUG:certbot.cli:Var server={'staging', 'dry_run'} (set by user).
2021-10-13 15:00:40,178:DEBUG:certbot.cli:Var account={'server'} (set by user).
2021-10-13 15:00:40,180:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2021-06-21 15:38:15 UTC.
2021-10-13 15:00:40,180:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2021-10-13 15:00:40,180:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2021-10-13 15:00:40,181:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f3e6f391940>
Prep: True
2021-10-13 15:00:40,181:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f3e6f391940> and installer None
2021-10-13 15:00:40,181:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-10-13 15:00:40,536:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2021-10-13 15:00:40,537:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2021-10-13 15:00:40,846:WARNING:certbot.renewal:Attempting to renew cert (www.hyperbios.fr) from /etc/letsencrypt/renewal/www.hyperbios.fr.conf produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.
2021-10-13 15:00:40,847:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 453, in wrap_socket
    cnx.do_handshake()
  File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1915, in do_handshake
    self._raise_ssl_error(self._ssl, result)
  File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1647, in _raise_ssl_error
    _raise_current_error()
  File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 600, in urlopen
    chunked=chunked)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 343, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 841, in _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 344, in connect
    ssl_context=context)
  File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 344, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 459, in wrap_socket
    raise ssl.SSLError('bad handshake: %r' % e)
ssl.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 449, in send
    timeout=timeout
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 638, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 398, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 465, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1191, in renew_cert
    le_client = _init_le_client(config, auth, installer)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 605, in _init_le_client
    acc, acme = _determine_account(config)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 521, in _determine_account
    config, account_storage, tos_cb=_tos_cb)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 181, in register
    acme = acme_from_config_key(config, key)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 51, in acme_from_config_key
    return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 833, in __init__
    directory = messages.Directory.from_json(net.get(server).json())
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1171, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1120, in _send_request
    response = self.session.request(method, url, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

2021-10-13 15:00:40,847:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2021-10-13 15:00:40,848:ERROR:certbot.renewal:  /etc/letsencrypt/live/000.dinao.com/fullchain.pem (failure)
  /etc/letsencrypt/live/abyssebienetre.fr-0001/fullchain.pem (failure)
  /etc/letsencrypt/live/ambrosie.fr/fullchain.pem (failure)
  /etc/letsencrypt/live/avocatdoc.com/fullchain.pem (failure)
  /etc/letsencrypt/live/barde.pro/fullchain.pem (failure)
  /etc/letsencrypt/live/demo.cobating.fr-0001/fullchain.pem (failure)
  /etc/letsencrypt/live/dev.vmsf.org/fullchain.pem (failure)
  /etc/letsencrypt/live/ftpupdate.dinao.com-0001/fullchain.pem (failure)
  /etc/letsencrypt/live/goodyear-farm.com/fullchain.pem (failure)
  /etc/letsencrypt/live/goodyearfarmtires.fr/fullchain.pem (failure)
  /etc/letsencrypt/live/ispconfig.dinao.com-0001/fullchain.pem (failure)
  /etc/letsencrypt/live/ispconfig.dinao.com/fullchain.pem (failure)
  /etc/letsencrypt/live/lean-and-partners.com/fullchain.pem (failure)
  /etc/letsencrypt/live/richardson-matieres-plastiques.fr/fullchain.pem (failure)
  /etc/letsencrypt/live/senitconsulting.com/fullchain.pem (failure)
  /etc/letsencrypt/live/www.goodyearfarmtires.fr/fullchain.pem (failure)
  /etc/letsencrypt/live/www.hyperbios.fr/fullchain.pem (failure)
2021-10-13 15:00:40,848:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 490, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
certbot.errors.Error: 17 renew failure(s), 2 parse failure(s)

My web server is (include version): debian 10 w/ ispconfig

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: myself

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
ISPCONFIG

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.31.0

Hi @oanid and welcome to the LE community forum :slight_smile:

It seems that your system needs an update.
Please try updating ca-certificates and openssl
Then also try:
curl -Ivi acme-staging-v02.api.letsencrypt.org
curl -Ii acme-v02.api.letsencrypt.org
[as long as that fails, you may be in need of more updates]

1 Like

root@ispconfig:~# apt install ca-certificates
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances
Lecture des informations d'état... Fait
ca-certificates est déjà la version la plus récente (20200601~deb10u2).
0 mis à jour, 0 nouvellement installés, 0 à enlever et 5 non mis à jour.

root@ispconfig:~# apt install openssl
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances
Lecture des informations d'état... Fait
openssl est déjà la version la plus récente (1.1.1d-0+deb10u7).
openssl pass√© en ¬ę install√© manuellement ¬Ľ.
0 mis à jour, 0 nouvellement installés, 0 à enlever et 5 non mis à jour.

root@ispconfig:~# curl -Ivi acme-staging-v02.api.letsencrypt.org

* Expire in 0 ms for 6 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 1 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
* Expire in 0 ms for 1 (transfer 0x55fd076bdee0)
  • Trying 172.65.46.172...
  • TCP_NODELAY set
  • Expire in 150000 ms for 3 (transfer 0x55fd076bdee0)
  • Expire in 200 ms for 4 (transfer 0x55fd076bdee0)
  • Connected to acme-staging-v02.api.letsencrypt.org (172.65.46.172) port 80 (#0)

HEAD / HTTP/1.1
Host: acme-staging-v02.api.letsencrypt.org
User-Agent: curl/7.64.0
Accept: /

< HTTP/1.1 301 Moved Permanently
HTTP/1.1 301 Moved Permanently
< Server: nginx
Server: nginx
< Date: Wed, 13 Oct 2021 13:54:57 GMT
Date: Wed, 13 Oct 2021 13:54:57 GMT
< Content-Type: text/html
Content-Type: text/html
< Content-Length: 162
Content-Length: 162
< Connection: keep-alive
Connection: keep-alive
< Location: https://acme-staging-v02.api.letsencrypt.org/
Location: https://acme-staging-v02.api.letsencrypt.org/

<

root@ispconfig:~# curl -Ii acme-v02.api.letsencrypt.org
curl: (56) Recv failure: Connexion ré-initialisée par le correspondant

That may be related to:

This seems like another problem:

@lestaff please check if this IP is being blocked ("185.190.91.11").

1 Like

I do not see this ip address blocked in our configurations.

3 Likes

I did the command curl -Ii acme-v02.api.letsencrypt.org from another machine in our infrastructure with the same result. I'm guessing the problem is more global than we think.
Any idea what could cause this ?

edit: I did try the same command from a server in a totaly different location and with no link to our infrastructure and still the same error.

Thank you for checking anyway :slight_smile:

1 Like

@oanid That endpoint is normally used with https. And, that is what Certbot would have used. The original error message only named the host - not the protocol. Try:
curl -I https://acme-v02.api.letsencrypt.org
It should work

I also get the curl(56) when trying just with http (with Linux).

Oddly, with acme-staging-v02.api.letsencrypt.org the http redirects to https and https then works fine. I am not sure if the http failure to the production endpoint is new. @rg305 would know if this is a recent change.

1 Like

Yeah, now it's working right.
root@ispconfig:~# curl -I https://acme-v02.api.letsencrypt.org
HTTP/2 200
server: nginx
date: Thu, 14 Oct 2021 12:47:38 GMT
content-type: text/html
content-length: 2174
last-modified: Wed, 18 Aug 2021 16:36:13 GMT
etag: "611d36fd-87e"
x-frame-options: DENY
strict-transport-security: max-age=604800

So the problem doesn't come from the communication with the server... What else coud be the cause ?

Because i keep getting errors like this :


Processing /etc/letsencrypt/renewal/goodyear-farm.com.conf


Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Attempting to renew cert (goodyear-farm.com) from /etc/letsencrypt/renewal/goodyear-farm.com.conf produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.

Try staging:
curl -I https://acme-staging-v02.api.letsencrypt.org

If that also works, try again:
certbot renew --dry-run

The first command is working now with the HTTPS specified, but the

keeps giving me the same error 'bad handshake'

Can you reboot the system?

Unfortunately not at the moment, i can plan a reboot for tonight in order to not bother too much my customers.

I just rebooted the server and nothing has changed.

At this point, the only thing I could suggest it to try using another (free) CA [that supports ACME protocol].

i just tried the command certbot renew --dry-run --no-verify-ssl and it worked (giving me a LOT of warnings in the process)

root@ispconfig:~# certbot renew --dry-run  --no-verify-ssl
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/000.dinao.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
**I skipped a bit of the return to be able to share it with you**
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/avocatdoc.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Renewing an existing certificate
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Performing the following challenges:
http-01 challenge for avocatdoc.com
http-01 challenge for www.avocatdoc.com
Waiting for verification...
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Cleaning up challenges
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/avocatdoc.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/barde.pro.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Renewing an existing certificate
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Performing the following challenges:
http-01 challenge for barde.pro
http-01 challenge for www.barde.pro
Waiting for verification...
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Cleaning up challenges
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/barde.pro/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/demo.cobating.fr-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Renewing an existing certificate
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Performing the following challenges:
http-01 challenge for demo.cobating.fr
Waiting for verification...
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Cleaning up challenges
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/demo.cobating.fr-0001/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/demo.cobating.fr.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 68, in _reconstitute
    renewal_candidate = storage.RenewableCert(full_path, config)
  File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
    "file reference".format(self.configfile))
certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
Renewal configuration file /etc/letsencrypt/renewal/demo.cobating.fr.conf is broken. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/dev.vmsf.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Renewing an existing certificate
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Performing the following challenges:
http-01 challenge for dev.vmsf.org
Waiting for verification...
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Cleaning up challenges
Attempting to renew cert (dev.vmsf.org) from /etc/letsencrypt/renewal/dev.vmsf.org.conf produced an unexpected error: Failed authorization procedure. dev.vmsf.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://dev.vmsf.org/.well-known/acme-challenge/FX3aGknVSOSR7rpHTkKKOIyhnGYBXLtiI1UiJLbX59o: Connection refused. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ftpupdate.dinao.com-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Renewing an existing certificate
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Performing the following challenges:
http-01 challenge for ftpupdate.dinao.com
Waiting for verification...
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Cleaning up challenges
Attempting to renew cert (ftpupdate.dinao.com-0001) from /etc/letsencrypt/renewal/ftpupdate.dinao.com-0001.conf produced an unexpected error: Failed authorization procedure. ftpupdate.dinao.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://ftpupdate.dinao.com/.well-known/acme-challenge/W1dzYIY3Soyc_dh8vz6JmzuoYy9M_U3EAsUgw5NPoIw: Connection refused. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/goodyear-farm.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Renewing an existing certificate
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Performing the following challenges:
http-01 challenge for goodyear-farm.com
http-01 challenge for www.goodyear-farm.com
Waiting for verification...
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Cleaning up challenges
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/goodyear-farm.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/goodyearfarmtires.fr.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Renewing an existing certificate
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Performing the following challenges:
http-01 challenge for goodyearfarmtires.fr
http-01 challenge for www.goodyearfarmtires.fr
Waiting for verification...
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Cleaning up challenges
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/goodyearfarmtires.fr/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ispconfig.dinao.com-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Renewing an existing certificate
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Performing the following challenges:
http-01 challenge for ispconfig.dinao.com
Cleaning up challenges
Attempting to renew cert (ispconfig.dinao.com-0001) from /etc/letsencrypt/renewal/ispconfig.dinao.com-0001.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Input the webroot for ispconfig.dinao.com:. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ispconfig.dinao.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Renewing an existing certificate
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Performing the following challenges:
http-01 challenge for ispconfig.dinao.com
http-01 challenge for web01lamp.dinao.com
http-01 challenge for www.ispconfig.dinao.com
Waiting for verification...
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Cleaning up challenges
Attempting to renew cert (ispconfig.dinao.com) from /etc/letsencrypt/renewal/ispconfig.dinao.com.conf produced an unexpected error: Failed authorization procedure. web01lamp.dinao.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://web01lamp.dinao.com/.well-known/acme-challenge/uo9M0qoEekcWQjBZ4ZL4IJrBdS40W_HJpFbOhqNCsfA: Connection refused, www.ispconfig.dinao.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.ispconfig.dinao.com/.well-known/acme-challenge/8Vot_RJ4_jXrF-pyg8gIgVem41CjJ3cO12B9MtdspQg: Connection refused. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/lean-and-partners.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Renewing an existing certificate
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Performing the following challenges:
http-01 challenge for lean-and-partners.com
http-01 challenge for www.lean-and-partners.com
Waiting for verification...
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Cleaning up challenges
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/lean-and-partners.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/richardson-matieres-plastiques.fr.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Renewing an existing certificate
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Performing the following challenges:
http-01 challenge for richardson-matieres-plastiques.fr
http-01 challenge for www.richardson-matieres-plastiques.fr
Waiting for verification...
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Cleaning up challenges
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/richardson-matieres-plastiques.fr/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/senitconsulting.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Renewing an existing certificate
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Performing the following challenges:
http-01 challenge for senitconsulting.com
http-01 challenge for www.senitconsulting.com
Waiting for verification...
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Cleaning up challenges
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/senitconsulting.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.goodyearfarmtires.fr.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Renewing an existing certificate
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/www.goodyearfarmtires.fr/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.hyperbios.fr.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Renewing an existing certificate
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Performing the following challenges:
http-01 challenge for www.hyperbios.fr
Waiting for verification...
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Cleaning up challenges
Attempting to renew cert (www.hyperbios.fr) from /etc/letsencrypt/renewal/www.hyperbios.fr.conf produced an unexpected error: Failed authorization procedure. www.hyperbios.fr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://www.hyperbios.fr/.well-known/acme-challenge/xW6GD-fskN5ZVLzB8_qLSkuclne7yEnKOGOvn-aIWqs [34.140.182.177]: "<!doctype html><html lang=\"en\"><head><script async src=\"https://www.googletagmanager.com/gtag/js?id=G-9Q8MTXF4SJ\"></script><scri". Skipping.
The following certs could not be renewed:
  /etc/letsencrypt/live/dev.vmsf.org/fullchain.pem (failure)
  /etc/letsencrypt/live/ftpupdate.dinao.com-0001/fullchain.pem (failure)
  /etc/letsencrypt/live/ispconfig.dinao.com-0001/fullchain.pem (failure)
  /etc/letsencrypt/live/ispconfig.dinao.com/fullchain.pem (failure)
  /etc/letsencrypt/live/www.hyperbios.fr/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

The following certs were successfully renewed:
  /etc/letsencrypt/live/000.dinao.com/fullchain.pem (success)
  /etc/letsencrypt/live/abyssebienetre.fr-0001/fullchain.pem (success)
  /etc/letsencrypt/live/ambrosie.fr/fullchain.pem (success)
  /etc/letsencrypt/live/avocatdoc.com/fullchain.pem (success)
  /etc/letsencrypt/live/barde.pro/fullchain.pem (success)
  /etc/letsencrypt/live/demo.cobating.fr-0001/fullchain.pem (success)
  /etc/letsencrypt/live/goodyear-farm.com/fullchain.pem (success)
  /etc/letsencrypt/live/goodyearfarmtires.fr/fullchain.pem (success)
  /etc/letsencrypt/live/lean-and-partners.com/fullchain.pem (success)
  /etc/letsencrypt/live/richardson-matieres-plastiques.fr/fullchain.pem (success)
  /etc/letsencrypt/live/senitconsulting.com/fullchain.pem (success)
  /etc/letsencrypt/live/www.goodyearfarmtires.fr/fullchain.pem (success)

The following certs could not be renewed:
  /etc/letsencrypt/live/dev.vmsf.org/fullchain.pem (failure)
  /etc/letsencrypt/live/ftpupdate.dinao.com-0001/fullchain.pem (failure)
  /etc/letsencrypt/live/ispconfig.dinao.com-0001/fullchain.pem (failure)
  /etc/letsencrypt/live/ispconfig.dinao.com/fullchain.pem (failure)
  /etc/letsencrypt/live/www.hyperbios.fr/fullchain.pem (failure)

Additionally, the following renewal configurations were invalid:
  /etc/letsencrypt/renewal/abyssebienetre.fr.conf (parsefail)
  /etc/letsencrypt/renewal/demo.cobating.fr.conf (parsefail)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Running post-hook command: echo '1' > /usr/local/ispconfig/server/le.restart
5 renew failure(s), 2 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: dev.vmsf.org
   Type:   connection
   Detail: Fetching
   http://dev.vmsf.org/.well-known/acme-challenge/FX3aGknVSOSR7rpHTkKKOIyhnGYBXLtiI1UiJLbX59o:
   Connection refused

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
 - The following errors were reported by the server:

   Domain: ftpupdate.dinao.com
   Type:   connection
   Detail: Fetching
   http://ftpupdate.dinao.com/.well-known/acme-challenge/W1dzYIY3Soyc_dh8vz6JmzuoYy9M_U3EAsUgw5NPoIw:
   Connection refused

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
 - The following errors were reported by the server:

   Domain: web01lamp.dinao.com
   Type:   connection
   Detail: Fetching
   http://web01lamp.dinao.com/.well-known/acme-challenge/uo9M0qoEekcWQjBZ4ZL4IJrBdS40W_HJpFbOhqNCsfA:
   Connection refused

   Domain: www.ispconfig.dinao.com
   Type:   connection
   Detail: Fetching
   http://www.ispconfig.dinao.com/.well-known/acme-challenge/8Vot_RJ4_jXrF-pyg8gIgVem41CjJ3cO12B9MtdspQg:
   Connection refused

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
 - The following errors were reported by the server:

   Domain: www.hyperbios.fr
   Type:   unauthorized
   Detail: Invalid response from
   https://www.hyperbios.fr/.well-known/acme-challenge/xW6GD-fskN5ZVLzB8_qLSkuclne7yEnKOGOvn-aIWqs
   [34.140.182.177]: "<!doctype html><html lang=\"en\"><head><script
   async
   src=\"https://www.googletagmanager.com/gtag/js?id=G-9Q8MTXF4SJ\"></script><scri"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

It doesn't solve my problem but it could be a lead

It did solve some of the problem :slight_smile:
And since certbot never sends the private key, I would think that entire conversation via ACME could be done in HTTP (or this "insecure" HTTPS) without much concern.

The remaining problem:

Indicates that the challenge requests aren't being properly handled.

Problem has been solved !!!
It was the command update-ca-certificates that needed to be entered.
Thank you for your kind help.

2 Likes