Renew failed after any debian updates


#1

Please fill out the fields below so we can help you better.

My domain is:
dksi.de
I ran this command:
certrenew.sh -v
It produced this output:
root@dunedin:~# certrenew.sh -v
Checking Domain www.dksi.de:
2017-01-08 13:21:57,889:INFO:requests.packages.urllib3.connectionpool:788: Starting new HTTPS connection (1): acm
e-v01.api.letsencrypt.org
Traceback (most recent call last):
File “/opt/simp_le/simp_le.py”, line 1401, in main
return main_with_exceptions(cli_args)
File “/opt/simp_le/simp_le.py”, line 1386, in main_with_exceptions
persist_new_data(args, existing_data)
File “/opt/simp_le/simp_le.py”, line 1282, in persist_new_data
client = registered_client(args, existing_data.account_key)
File “/opt/simp_le/simp_le.py”, line 1224, in registered_client
client = acme_client.Client(directory=args.server, key=key, net=net)
File “/opt/simp_le/venv/local/lib/python2.7/site-packages/acme/client.py”, line 63, in init
self.net.get(directory).json())
File “/opt/simp_le/venv/local/lib/python2.7/site-packages/acme/messages.py”, line 169, in from_json
raise jose.DeserializationError(str(error))
DeserializationError: Deserialization error: Wrong directory fields

Unhandled error has happened, traceback is above

Debugging tips: -v improves output verbosity. Help is available under --help.
Checking Domain analytics.dksi.de
2017-01-08 13:22:09,888:INFO:simp_le:1383: Certificates already exist and renewal is not necessary, exiting with
status code 1.
My operating system is (include version):
debian 8.0
My web server is (include version):
nginx/1.9.15
My hosting provider, if applicable, is:
pcextreme
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I have no idea, where the problem is. Maybe anyone can help me.


#2

I don’t recognise “certrenew.sh” can you tell us what this contains ? or provide a link to it somewhere ?


#3

sure
That’s the shellscript to check or renew my certificates for my domains and subdomains.
It contains this:
’’
#!/bin/bash
DOMAINS=("$@")
for i in "${DOMAINS[@]}"
do
chmod -R 600 /etc/nginx/ssl/${DOMAIN}/;
echo "Checking Domain www.dksi.de:"
cd /etc/nginx/ssl/www.dksi.de;
simp_le -d www.dksi.de:/tmp/letsencrypt/www.dksi.de -f account_key.json -f key.pem -f cert.pem -f fullchain.pem --default_root /var/www/dksi.de/www/www/;
echo "Checking Domain analytics.dksi.de"
cd /etc/nginx/ssl/analytics.dksi.de;
simp_le -d analytics.dksi.de:/tmp/letsencrypt/analytics.dksi.de -f account_key.json -f key.pem -f cert.pem -f fullchain.pem --default_root /var/www/dksi.de/www/analytics/;

rm -r /tmp/letsencrypt/
;
chmod -R 400 /etc/nginx/ssl/${DOMAIN}/*;
service nginx restart;

done
’'
Before any update it worked perfect for all of my domains and subdomains.

More informations about my solutions for the configurations you can find here:

https://blog.dksi.de/solved-generating-new-letsencrypt-certificates-failed/
https://blog.dksi.de/using-simp_le-with-letsencrypt-for-free-ssl-certificates-with-nginx/
https://blog.dksi.de/

But patience, my webserver works on one of the first raspberry pi

and sorry for my bad english :smiley:


#4

This looks like a known bug in simp_le - see https://github.com/kuba/simp_le/issues/118

It doesn’t look as if simp_le is maintained, although there are others maintaining forks which have corrected the issue. Alternatively you may be better with one of the alternative clients


#5

Thank you for your support.

After a complete simp_le reistallation from https://github.com/zenhack/simp_le/ it works again. All certificates were renewed in one step.

You can close this issue.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.