[SOLVED] KeyError: 'server' on Ubuntu 16.04 LTS

Server
1

Hello everyone! I have recently upgraded my server to Ubuntu 16.04 LTS and installed letsencrypt from the apt repository.

I would like to automate the renewal of certificates, but letsencrypt renew --force-renewal does not work using the new command. If I use the git folder that I cloned, the renewal works fine, but the new command fails with this:

2016-05-12 21:44:10,504:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/dev.cencam.org.conf produced an unexpected error: 'server'. Skipping.

Here is the log from /var/log/letsencrypt/letsencrypt.log:

2016-05-13 01:33:39,459:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/dev.cencam.org.conf produced an unexpected error: 'server'. Skipping.
2016-05-13 01:33:39,460:DEBUG:letsencrypt.cli:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1017, in renew
    obtain_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 706, in obtain_cert
    _, action = _auth_from_domains(le_client, config, domains, lineage)
  File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 453, in _auth_from_domains
    original_server = lineage.configuration["renewalparams"]["server"]
  File "/usr/lib/python2.7/dist-packages/configobj.py", line 554, in __getitem__
    val = dict.__getitem__(self, key)
KeyError: 'server'

2016-05-13 01:33:39,460:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/letsencrypt", line 9, in <module>
    load_entry_point('letsencrypt==0.4.1', 'console_scripts', 'letsencrypt')()
  File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1986, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1034, in renew
    len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)

Here is the log from /etc/letsencrypt/renewal/dev.cencam.org.conf:

# renew_before_expiry = 30 days
cert = /etc/letsencrypt/live/dev.cencam.org/cert.pem
privkey = /etc/letsencrypt/live/dev.cencam.org/privkey.pem
chain = /etc/letsencrypt/live/dev.cencam.org/chain.pem
fullchain = /etc/letsencrypt/live/dev.cencam.org/fullchain.pem

# Options and defaults used in the renewal process
[renewalparams]
installer = apache
authenticator = apache
account = d20ff480e306444e985e04848839da21
apache_ctl = apache2ctl

Letsencrypt command in apt: letsencrypt 0.4.1

Letsencrypt command in git: letsencrypt 0.6.0

The version in apt appears to be much older, is this the problem, or am I doing something wrong here? I also tried the to renew the certificate from the graphical interface, and the same issue occurs.

Any help would be appreciated, thanks!

EDIT 1:
I forgot to mention that I installed it by following the instructions on certbot.eff.org.

EDIT 2:
To fix it I deleted the newer configuration file from 0.6.0, and copied the old configuration file. After than I replaced the lines with the domain information.

2

Hi @jsDl2ksSd, this problem is definitely fixed in newer versions of the client. Can you explain what problem you’re having when trying to using your 0.6.0 copy from git (which would now be called certbot instead of letsencrypt due to the client renaming)?

I will try to get people to look into how this problem could arise – it looks to me like your dev.cencam.org.conf file was created by a newer version of the client than 0.4.1. In the past, server was explicitly set in the config file and then read back in from it. In newer client versions, the value of server is not stored if it’s the default server, and it’s also not read back from the file.

Do you remember what client version you were using when you originally got this certificate, and how you obtained it?

3

We’re thinking that you were previously using le-auto with version 0.5 from git, and then you chose to switch to version 0.4.1 via apt-get? … if that’s so, we can understand why this happens but it’s pretty unfortunate for people in that situation.

One fix would be to figure out how we can get things working with certbot-auto from 0.6.

4

Hi @schoen, thankfully I don't have to remember what version I was using! Git stores the history of user commands through the git reflog command. Here is the output of that:

d68322f HEAD@{0}: pull: Fast-forward
b347e9f HEAD@{1}: pull: Fast-forward
a105f8e HEAD@{2}: pull: Fast-forward
ce14851 HEAD@{3}: clone: from https://github.com/letsencrypt/letsencrypt

I looked looked through the commits, but I can't find a VERSION file... and running letsencrypt-auto from each version just upgrades it first before outputing the version number.

Letsencrypt-auto from the latest git pull worked perfectly, it's the old version that is the problem.

I just installed a new certificate using the version in apt, and this is the configuration file output:

cert = /etc/letsencrypt/live/www.cencam.org/cert.pem
privkey = /etc/letsencrypt/live/www.cencam.org/privkey.pem
chain = /etc/letsencrypt/live/www.cencam.org/chain.pem
fullchain = /etc/letsencrypt/live/www.cencam.org/fullchain.pem

# Options and defaults used in the renewal process
[renewalparams]
no_self_upgrade = False
apache_enmod = a2enmod
no_verify_ssl = False
ifaces = None
apache_dismod = a2dismod
register_unsafely_without_email = False
apache_handle_modules = True
uir = None
installer = apache
config_dir = /etc/letsencrypt
text_mode = False
func = <function run at 0x7fc65289bb90>
staging = False
dry_run = False
work_dir = /var/lib/letsencrypt
tos = False
init = False
http01_port = 80
duplicate = False
noninteractive_mode = False
key_path = None
nginx = False
fullchain_path = None
email = None
csr = None
agree_dev_preview = None
redirect = None
verb = run
verbose_count = -3
config_file = None
renew_by_default = False
hsts = False
apache_handle_sites = True
authenticator = apache
domains = www.cencam.org, cencam.org
rsa_key_size = 2048
apache_challenge_location = /etc/apache2
checkpoints = 1
manual_test_mode = False
apache = True
cert_path = None
webroot_path = ,
reinstall = False
expand = False
strict_permissions = False
apache_server_root = /etc/apache2
account = d20ff480e306444e985e04848839da21
prepare = False
manual_public_ip_logging_ok = False
chain_path = None
break_my_certs = False
standalone = False
manual = False
server = https://acme-v01.api.letsencrypt.org/directory
standalone_supported_challenges = "tls-sni-01,http-01"
webroot = False
os_packages_only = False
apache_init_script = None
user_agent = None
apache_ctl = None
apache_le_vhost_ext = -le-ssl.conf
debug = False
tls_sni_01_port = 443
logs_dir = /var/log/letsencrypt
apache_vhost_root = /etc/apache2/sites-available
configurator = None
[[webroot_map]]

This is the config file output from the newer version:

# renew_before_expiry = 30 days
cert = /etc/letsencrypt/live/dev.cencam.org/cert.pem
privkey = /etc/letsencrypt/live/dev.cencam.org/privkey.pem
chain = /etc/letsencrypt/live/dev.cencam.org/chain.pem
fullchain = /etc/letsencrypt/live/dev.cencam.org/fullchain.pem

# Options and defaults used in the renewal process
[renewalparams]
installer = apache
authenticator = apache
account = d20ff480e306444e985e04848839da21
apache_ctl = apache2ctl

To fix it I deleted the newer configuration file from 0.6.0, and copied the old configuration file. After than I replaced the lines with the domain information. It seems like it worked.

1 Like
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.