Requested domain is not a FQDN because it contains an empty label

Luluwebmaster · March 8, 2017, 9:00pm

Hello,

I have follow this tutorial: https://www.grafikart.fr/formations/serveur-linux/apache-ssl-letsencrypt

My domain is: https://www.fm-motoculture.fr/

I ran this command: /usr/local/sbin/le-renew fm-motoculture.fr >> /var/log/le-renew.log

It produced this output: Requested domain is not a FQDN because it contains an empty label.

My operating system is (include version): Ubuntu 16.04.2

My web server is (include version): Apache2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Thanks !

schoen · March 8, 2017, 9:21pm

Hi @Luluwebmaster,

I’d suggest running

fgrep -r .. /etc

to look for a possibly corrupted configuration file that mentions a domain name containing “…” (which is what the software would refer to as an empty label). This might be caused by mentioning such a domain name in /etc/letsencrypt/cli.ini, for example.

Luluwebmaster · March 8, 2017, 11:05pm

Hello,

Thank you for your help,

After running this command, I not found “/etc/letsencrypt/cli.ini” :-/

schoen · March 8, 2017, 11:18pm

Can you show us the contents of /usr/local/sbin/le-renew? That’s not a script that we wrote, so probably it’s a script that you wrote?

Also, can you add another -v to the renew command line and then check or send the log from /var/log/letsencrypt?

Luluwebmaster · March 8, 2017, 11:35pm

I use this script : https://gist.githubusercontent.com/erikaheidi/4d579acf553297da0fa1/raw/ced2ece3b346e25a7424f4de123510fb8de1f47a/le-renew.sh from “https://www.grafikart.fr/formations/serveur-linux/apache-ssl-letsencrypt”.

I tested “/usr/local/sbin/le-renew -v fm-motoculture.fr >> /var/log/le-renew.log”, I don’t have response from console.

There are many log files in “/ var / log / letsencrypt” : https://i.luwe.fr/73036223.png

The content of “certbot.log” :

Traceback (most recent call last):

File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py”, line 875, in main
args = cli.prepare_and_parse_args(plugins, cli_args)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/cli.py”, line 1074, in prepare_and_parse_args
return helpful.parse_args()
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/cli.py”, line 526, in parse_args
parsed_args = self.parser.parse_args(self.args)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/configargparse.py”, line 216, in parse_args
env_vars = env_vars)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/configargparse.py”, line 349, in parse_known_args
self, args=args, namespace=namespace)
File “/usr/lib/python2.7/argparse.py”, line 1733, in parse_known_args
namespace, args = self._parse_known_args(args, namespace)
File “/usr/lib/python2.7/argparse.py”, line 1939, in _parse_known_args
start_index = consume_optional(start_index)
File “/usr/lib/python2.7/argparse.py”, line 1879, in consume_optional
take_action(action, args, option_string)
File “/usr/lib/python2.7/argparse.py”, line 1807, in take_action
action(self, namespace, argument_values, option_string)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/cli.py”, line 1216, in call
add_domains(namespace, domain)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/cli.py”, line 1235, in add_domains
domain = util.enforce_domain_sanity(domain.strip())
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/util.py”, line 506, in enforce_domain_sanity
raise errors.ConfigurationError("{0} it contains an empty label.".format(msg))
ConfigurationError: Requested domain is not a FQDN because it contains an empty label.

schoen · March 9, 2017, 12:20am

I looked at the le-renew script that you linked to, and I suspect it’s making assumptions about your /etc/letsencrypt directory contents that are not right in your case and are causing the process to fail. We can try to figure out if this is the case if you want (and then what to do about it).

However, I wanted to ask if you’re familiar with the letsencrypt-auto renew command which we’ve already provided for this purpose. It attempts to renew all of your certificates that are near expiry. Is there some reason that you can’t use that?

Luluwebmaster · March 9, 2017, 12:27am

Hmm, I did not know this command.

After having tried it (“letsencrypt renew”, “letsencrypt-auto renew” does not exist), for my domain “https://www.fm-motoculture.fr/”, I have this error:

2017-03-09 01:23:39,118:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/fm-motoculture.fr.conf produced an unexpected error: 'server'. Skipping.

schoen · March 9, 2017, 12:43am

Hi @Luluwebmaster,

I spoke to @bmw about this and came to this conclusion:

You have both letsencrypt-auto, probably in /opt/letsencrypt, and letsencrypt (probably in /usr/bin). They were installed in two different ways, probably via apt-get.
The bugs that you’re encountering probably have to do with the different versions. The letsencrypt version provided by the OS package is older.
The best thing would probably be to use letsencrypt-auto renew instead of le-renew.sh, but you may have to specify /opt/letsencrypt.

Luluwebmaster · March 9, 2017, 12:52am

Ok !!

Nice !

The problem is now solved !

Thank you very much !

Last question : Can I automate this process with crontab ( cd /opt/letsencrypt && ./letsencrypt-auto renew ), for every week ?

schoen · March 9, 2017, 1:00am

Great!

Yes, perhaps you should simply use /opt/letsencrypt/letsencrypt-auto renew. (You can specify a full path when running a command from a shell or from cron.) Also, it can run more often than every week, because it checks whether certificates are near to expiry and renews them only if they will expire in less than 30 days. We’ve suggested that it be run twice per day, although you can run it however often you’d like.

I do suggest checking in 60 days from now to make sure that the cronjob successfully renewed your certificates again!

Luluwebmaster · March 9, 2017, 1:05am

Hum, I do not master crontab very well, is it good ?

0 3 * * 1 /opt/letsencrypt/letsencrypt-auto renew

Luluwebmaster · March 9, 2017, 1:53am

After testing, I think it’s good!

Thanks a lot for your help !

Good conitnuation!

system · April 8, 2017, 1:53am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.