Renew of certificate will fail

My domain is: sub.domain.de

I ran this command: certbot renew --dry-run

It produced this output:

Attempting to renew cert (sub.domain.de) from /etc/letsencrypt/renewal/sub.domain.de.conf produced an unexpected error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Method not allowed. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/sub.domain.de/fullchain.pem (failure)

My web server is (include version): nginx/1.14.2

The operating system my web server runs on is (include version): Debian 9 (stretch)

My hosting provider, if applicable, is: n/a

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

I have checked ports 80 and 443 and both will be forwarded fine. DNS looks fine as well. Website can be reached without issues. Certbot seems to be up to date.

I have no clue how to get this fixed. Is this related to revokation of millions of certs the past days?

Any help is appreciated.

Kind regards
//neph

1 Like

The error isn’t related to anything about domain validation, but about a change to the ACME protocol (ACME v2 - Scheduled deprecation of unauthenticated resource GETs) that went into effect in December.

If you keep the packages installed on your server up to date (apt update && apt upgrade), this problem will solve itself.

The particular package you need to target with the upgrade on Debian Stretch is python3-acme. The latest version of the package available in the Stretch repos is 0.28.0-1~deb9u2.

1 Like

apt-get install python3-acme updated module and afterwards the renewal process went perfectly fine.

Thank you so much…

Kind regards
//neph

1 Like