Renew failed : 'Namespace' object error

My domain is: cocktail.dyndns.biz

I ran this command:certbot renew or certbot-auto renew

It produced this output:
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/cryptography/hazmat/primitives/constant_time.py:26: CryptographyDeprecationWarning: Support for your Python version is deprecated. The next version of cryptography will remove support. Please upgrade to a 2.7.x release that supports hmac.compare_digest as soon as possible.
utils.PersistentlyDeprecated2018,
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/cocktail.dyndns.biz.conf


Renewal configuration file /etc/letsencrypt/renewal/cocktail.dyndns.biz.conf (cert: cocktail.dyndns.biz) produced an unexpected error: ‘Namespace’ object has no attribute ‘standalone_supported_challenges’. Skipping.


No renewals were attempted.

Additionally, the following renewal configurations were invalid:
/etc/letsencrypt/renewal/cocktail.dyndns.biz.conf (parsefail)


0 renew failure(s), 1 parse failure(s)

My web server is (include version): none (standalone)

The operating system my web server runs on is (include version):

Linux Horus 3.12.53-40-desktop #1 SMP PREEMPT Thu Feb 25 06:26:23 UTC 2016 (b2ce64e) x86_64 x86_64 x86_64 GNU/Linux

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.33.1

My config is:

renew_before_expiry = 30 days

version = 0.30.2
archive_dir = /etc/letsencrypt/archive/cocktail.dyndns.biz
cert = /etc/letsencrypt/live/cocktail.dyndns.biz/cert.pem
privkey = /etc/letsencrypt/live/cocktail.dyndns.biz/privkey.pem
chain = /etc/letsencrypt/live/cocktail.dyndns.biz/chain.pem
fullchain = /etc/letsencrypt/live/cocktail.dyndns.biz/fullchain.pem

Options used in the renewal process

[renewalparams]
authenticator = standalone
account = …
standalone_supported_challenges = tls-sni-01
post_hook = /usr/bin/tomcat-renew
server = https://acme-v02.api.letsencrypt.org/directory

Hi @edrobal

looks like you have used a very old Certbot, so the config file has too old entries.

Add a # to that row and try it again.

Or make a backup of that file, delete it and use

certbot -d yourdomainname

to create a new certificate (and a new renew config file).

If I comment this entry and renew, I got the error: Challenge failed for domain cocktail.dyndns.biz. If I delete all file, same error +
IMPORTANT NOTES:

Your configuration doesn’t work.

Checking your config some things are looking ok ( https://check-your-website.server-daten.de/?q=cocktail.dyndns.biz ):

Domainname Http-Status redirect Sec. G
http://cocktail.dyndns.biz/
77.56.118.228 302 http://cocktail.dyndns.biz/admin 0.087 D
http://www.cocktail.dyndns.biz/
77.56.118.228 302 http://www.cocktail.dyndns.biz/admin 0.090 D
http://cocktail.dyndns.biz/admin 301 http://cocktail.dyndns.biz/admin/ 0.087 D
http://cocktail.dyndns.biz/admin/ 302 http://cocktail.dyndns.biz/config.php 0.100 D
http://www.cocktail.dyndns.biz/admin 301 http://www.cocktail.dyndns.biz/admin/ 0.093 D
http://www.cocktail.dyndns.biz/admin/ 302 http://www.cocktail.dyndns.biz/config.php 0.097 D
http://cocktail.dyndns.biz/config.php 404 0.087 M
Not Found
http://www.cocktail.dyndns.biz/config.php 404 0.093 M
Not Found
https://cocktail.dyndns.biz/
77.56.118.228 -2 1.140 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 77.56.118.228:443
https://www.cocktail.dyndns.biz/
77.56.118.228 -2 1.123 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 77.56.118.228:443
http://cocktail.dyndns.biz/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
77.56.118.228 404 0.090 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server.
http://www.cocktail.dyndns.biz/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
77.56.118.228 404 0.083 A
Not Found

Port 80 is open, checking a not-existing file in /.well-known/acme-challenge there is the expected result http status 404 - Not found.

There answers a

Server: Apache/2.4.6 (Sangoma) OpenSSL/1.0.2k-fips PHP/5.6.36

So find the DocumentRoot of that vHost, then use it.

certbot run -a webroot certonly -w yourDocumentRoot -d cocktail.dyndns.biz

certonly because it looks that you have a tomcat running (your post_hook).

I have no web server, only tomcat. So I use standalone but I have the “Namespace” error.

You see: There answers a webserver.

http://cocktail.dyndns.biz/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

So you have one running webserver, so use that.

It is the pbx web server. It is always running and there was no problem before.

You have an old config file. So you may have used tls-sni-01 validation via port 443. That’s not longer supported.

So you have

  • to switch to http-01 validation, then port 80 is required. That can’t work if port 80 is blocked by another instance. Or you have to stop that instance and use standalone (or)
  • switch to another validation method: dns-01 or tls-alpn-01 (via port 443, but Certbot doesn’t support that).

Check

OK. I changed my pbx port and all is working… until next :bomb:

Thank you very much

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.