Renew dry-run not working on Ubuntu 16.04.3 with nginx

My domain is: pagaloasi.com

I ran this command: certbot renew -v --dry-run

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/pagaloasi.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Invalid OCSP response status for /etc/letsencrypt/archive/pagaloasi.com/cert1.pem: OCSPResponseStatus.UNAUTHORIZED
Certificate not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Simulating renewal of an existing certificate for pagaloasi.com and www.pagaloasi.com
Performing the following challenges:
http-01 challenge for pagaloasi.com
http-01 challenge for www.pagaloasi.com
Waiting for verification...
Cleaning up challenges
Failed to renew certificate pagaloasi.com with error: urn:ietf:params:acme:error:serverInternal :: The server experienced an internal error :: Error finalizing order

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All simulated renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/pagaloasi.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

My web server is (include version): nginx/1.15.8

The operating system my web server runs on is (include version): Ubuntu 16.04.3

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.16.0

Hi guys! This is my first post. I just installed Cerbot in my server to create a certificate for my webpage. That went ok an its working, but when I tried to test the renew, it gave me that error. This is te log:

2021-07-01 23:34:40,363:ERROR:certbot._internal.renewal:Failed to renew certificate pagaloasi.com with error: urn:ietf:params:acme:error:serverInternal :: The server experienced an internal error :: Error finalizing order
2021-07-01 23:34:40,364:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 474, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 1366, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 117, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 333, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/client.py", line 391, in obtain_certificate
    cert, chain = self.obtain_certificate_from_csr(csr, orderr)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/client.py", line 290, in obtain_certificate_from_csr
    orderr = self.acme.finalize_order(orderr, deadline,
  File "/snap/certbot/1201/lib/python3.8/site-packages/acme/client.py", line 920, in finalize_order
    return cast(ClientV2, self.client).finalize_order(
  File "/snap/certbot/1201/lib/python3.8/site-packages/acme/client.py", line 742, in finalize_order
    self._post(orderr.body.finalize, wrapped_csr)
  File "/snap/certbot/1201/lib/python3.8/site-packages/acme/client.py", line 86, in _post
    return self.net.post(*args, **kwargs)
  File "/snap/certbot/1201/lib/python3.8/site-packages/acme/client.py", line 1198, in post
    return self._post_once(*args, **kwargs)
  File "/snap/certbot/1201/lib/python3.8/site-packages/acme/client.py", line 1211, in _post_once
    response = self._check_response(response, content_type=content_type)
  File "/snap/certbot/1201/lib/python3.8/site-packages/acme/client.py", line 1068, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:serverInternal :: The server experienced an internal error :: Error finalizing order

2021-07-01 23:34:40,364:DEBUG:certbot.display.util:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-07-01 23:34:40,365:ERROR:certbot._internal.renewal:All simulated renewals failed. The following certificates could not be renewed:
2021-07-01 23:34:40,365:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/pagaloasi.com/fullchain.pem (failure)
2021-07-01 23:34:40,365:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-07-01 23:34:40,365:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/1201/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 1552, in main
    return config.func(config, plugins)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 1439, in renew
    renewal.handle_renewal_request(config)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 499, in handle_renewal_request
    raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2021-07-01 23:34:40,366:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)

Thanks for your help!

1 Like

We have a service disruption in staging; the fix is in progress. Sorry for the inconvenience.

4 Likes

A fix has been deployed for staging.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.