Renewal failure (404 error)


#1

Hi there,

When trying to use the letsencrypt-auto renew option, I’m getting the following error:

2016-03-25 21:31:12,173:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/****.conf produced an unexpected error: <Response [404]>. Skipping.

(**** inserted by me in place of domain name)

A further look in the logs suggest that the client is getting a 404 error:

016-03-25 21:31:12,916:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org 2016-03-25 21:31:13,353:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory157 HTTP/1.1" 404 19 2016-03-25 21:31:13,356:DEBUG:root:Received <Response [404]>. Headers: {'Content-Length': '19', 'X-Content-Type-Options': 'nosniff', 'Expires': 'Fri, 25 Mar 2016 21:31$ 2016-03-25 21:31:13,357:DEBUG:acme.client:Received response <Response [404]> (headers: {'Content-Length': '19', 'X-Content-Type-Options': 'nosniff', 'Expires': 'Fri, 2$
What’s going on here? Is it trying an incorrect URL?
Any help would be appreciated.

Thanks :slight_smile:


#2

Could you paste the content of /etc/letsencrypt/renewal/****.conf? This file includes the settings Let’s Encrypt will use to renew your certificate - for example the webroot path, if you used that method. Did any of your webroots change since your last renewal, by any chance?


#3

I think someone had a very similar error before who turned out to have some random data at the end of the server line in the renewal config file (and deleting the random data made it work again). I haven’t been able to find the previous problem by searching for it, but it’s kind of weird if that’s happened twice to two different people.


#4

Thanks guys, here’s the .conf data:

`cert = /etc/letsencrypt/live//cert.pem
privkey = /etc/letsencrypt/live/
/privkey.pem
chain = /etc/letsencrypt/live//chain.pem
fullchain = /etc/letsencrypt/live/
/fullchain.pem

[renewalparams]
no_self_upgrade = False
apache_enmod = a2enmod
no_verify_ssl = False
ifaces = None
apache_dismod = a2dismod
register_unsafely_without_email = False
apache_handle_modules = True
uir = None
installer = apache
config_dir = /etc/letsencrypt
text_mode = False
func = <function run at 0x7f3e3d48d0c8>
staging = False
dry_run = False
work_dir = /var/lib/letsencrypt
tos = False
init = False
http01_port = 80
duplicate = False
noninteractive_mode = False
key_path = None
nginx = False
fullchain_path = None
email = ****@outlook.com
csr = None
agree_dev_preview = None
redirect = None
verb = run
verbose_count = -3
config_file = None
renew_by_default = False
hsts = False
apache_handle_sites = True
authenticator = apache
domains = ****,
rsa_key_size = 2048
apache_challenge_location = /etc/apache2
checkpoints = 1
manual_test_mode = False
apache = True
cert_path = None
webroot_path = ,
reinstall = False
expand = False
strict_permissions = False
apache_server_root = /etc/apache2
account = c4623a118f3571fcfb9eae8811296368
prepare = False
manual_public_ip_logging_ok = False
chain_path = None
break_my_certs = False
standalone = False
manual = False
server = https://acme-v01.api.letsencrypt.org/directory
standalone_supported_challenges = "tls-sni-01,http-01"
webroot = False
os_packages_only = False
apache_init_script = None
user_agent = None
apache_ctl = None
apache_le_vhost_ext = -le-ssl.conf
debug = False
tls_sni_01_port = 443
logs_dir = /var/log/letsencrypt
apache_vhost_root = /etc/apache2/sites-available
configurator = None
[[webroot_map]]`

As before **** is data removed by me, in this case just the domain (which is correct) and my email address.

Oh: And my webroots have not changed. Thanks


#5

Hi,
i get the same error. My renewal/*.conf does not contain any random number, but the final execution does call directory54. I have no idea where this number is coming from. Any idea?

Note: The config-file says https://acme-v01.api.letsencrypt.org/directory -> the actual request goes to https://acme-v01.api.letsencrypt.org/directory54

Excerpt of conf-file
break_my_certs = False standalone = False manual = False server = https://acme-v01.api.letsencrypt.org/directory standalone_supported_challenges = "tls-sni-01,http-01" webroot = True apache_init_script = None user_agent = None apache_ctl = apache2ctl

Excerpt of logfile
2016-04-01 14:03:42,084:DEBUG:letsencrypt.cli:Root logging level set at 30 2016-04-01 14:03:42,085:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2016-04-01 14:03:42,085:DEBUG:letsencrypt.cli:letsencrypt version: 0.4.2 2016-04-01 14:03:42,085:DEBUG:letsencrypt.cli:Arguments: [] 2016-04-01 14:03:42,085:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntry$ 2016-04-01 14:03:42,135:DEBUG:letsencrypt.cli:Requested authenticator webroot and installer 2016-04-01 14:03:42,136:DEBUG:letsencrypt.cli:Default Detector is Namespace(account='', agree_dev_preview=None, apache='', apache_challenge_location='/etc/apache2', apache_ctl=None, apache$ 2016-04-01 14:03:42,138:INFO:letsencrypt.cli:Auto-renewal forced with --force-renewal... 2016-04-01 14:03:42,171:DEBUG:letsencrypt.cli:Requested authenticator webroot and installer none 2016-04-01 14:03:42,171:DEBUG:letsencrypt.display.ops:No candidate plugin 2016-04-01 14:03:42,177:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /var/www/partybroker2/.well-known/acme-challenge 2016-04-01 14:03:42,178:DEBUG:letsencrypt.display.ops:Single candidate plugin: * webroot Description: Webroot Authenticator Interfaces: IAuthenticator, IPlugin Entry point: webroot = letsencrypt.plugins.webroot:Authenticator Initialized: <letsencrypt.plugins.webroot.Authenticator object at 0x2bd0750> Prep: True 2016-04-01 14:03:42,178:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt.plugins.webroot.Authenticator object at 0x2bd0750> and installer None 2016-04-01 14:03:42,283:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory54. args: (), kwargs: {} 2016-04-01 14:03:42,290:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org 2016-04-01 14:03:42,680:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory54 HTTP/1.1" 404 19 2016-04-01 14:03:42,684:DEBUG:root:Received <Response [404]>. Headers: {'Content-Length': '19', 'X-Content-Type-Options': 'nosniff', 'Expires': 'Fri, 01 Apr 2016 14:03:42 GMT', 'Server': '$ 2016-04-01 14:03:42,685:DEBUG:acme.client:Received response <Response [404]> (headers: {'Content-Length': '19', 'X-Content-Type-Options': 'nosniff', 'Expires': 'Fri, 01 Apr 2016 14:03:42 G$ 2016-04-01 14:03:42,686:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/app.partybroker.net.conf produced an unexpected error: <Response [404]>. Skipping. 2016-04-01 14:03:42,688:DEBUG:letsencrypt.cli:Traceback was: Traceback (most recent call last): File "/home/valentin/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py", line 1024, in renew obtain_cert(lineage_config, plugins, renewal_candidate) File "/home/valentin/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py", line 690, in obtain_cert le_client = _init_le_client(config, authenticator, installer) File "/home/valentin/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py", line 207, in _init_le_client acc, acme = _determine_account(config) File "/home/valentin/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py", line 192, in _determine_account config, account_storage, tos_cb=_tos_cb) File "/home/valentin/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/client.py", line 116, in register acme = acme_from_config_key(config, key) File "/home/valentin/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/client.py", line 41, in acme_from_config_key return acme_client.Client(config.server, key=key, net=net) File "/home/valentin/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py", line 63, in __init__ self.net.get(directory).json()) File "/home/valentin/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py", line 627, in get self._send_request('GET', url, **kwargs), content_type=content_type) File "/home/valentin/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py", line 574, in _check_response raise errors.ClientError(response)


#6

I find this really mysterious. I filed a bug to track this problem:


#7

What commands are each of you running the renewal with, and what version of the client do you have?


#8

Hi guys,

I managed to solve my problem yesterday - it turns out that I had a ‘cli.ini’ with a bad server setting under /etc/letsencrypt - somehow the numbers had been appended to the directory url there.

I didn’t create it myself, and for unrelated reasons I’m now using a fresh install and there’s no ‘cli.ini’ in the folder in the fresh install…so I’m still a bit mystified about how it came to be there.

I was using the letsencrypt-auto renew command under (I believe) 0.4.2.


#9

Right. The cli.ini did contain the bad server setting. I was simply calling ./letsencrypt-auto renew
server = https://acme-v01.api.letsencrypt.org/directory54

Changing the setting in there to server = https://acme-v01.api.letsencrypt.org/directory did solve the issue.


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.