[SOLVED] 'str' object has no attribute 'append' when trying to expand certificate



when trying to add syncthing.totally.rip to my existing certificate it fails with:
An unexpected error occurred:
AttributeError: 'str' object has no attribute 'append'

Renewing said certificate works fine.

Cli output and log from /var/log/letsencrypt/letsencrypt.log: https://gist.github.com/jkhsjdhjs/13c698e82bb68e40f826229d95cd9965

My domain is: totally.rip

I ran this command: sudo certbot certonly --rsa-key-size 4096 -d totally.rip -d files.totally.rip -d fpaste.totally.rip -d kf2.totally.rip -d mcs.totally.rip -d screens.totally.rip -d znc.totally.rip -d syncthing.totally.rip --nginx

It produced this output: see above

My web server is (include version): nginx 1.13.12

The operating system my web server runs on is (include version): Arch Linux (up to date)

My hosting provider, if applicable, is: Hetzner

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


@erica @sydneyli, this appears to be a type confusion error in the nginx parser

    File "/usr/lib/python3.6/site-packages/certbot_nginx/parser.py", line 674, in _add_directive
AttributeError: 'str' object has no attribute 'append'

Maybe the use of Mypy and/or the new nginx parser will avoid this problem in the future?

The GitHub gist does include the entire traceback and apparently the particular nginx configuration that Certbot was attempting to parse. It was Certbot 0.23.0.


It’s possible, but this might be an actual, different bug – there’s something weird going on, because the error’s hitting in http01.py, but it includes /etc/letsencrypt/le_tls_sni_01_cert_challenge.conf, and also there are DNS authzs being sent down from Let’s Encrypt, so it’s not entirely clear what’s going on immediately. I don’t have time to investigate this right now, but @schoen if you want to dig through tracebacks I’d appreciate figuring out what’s actually going on. Otherwise, I’ll look into this either later in the week or next week.


Ok, I attempted to reproduce this by replicating the setup and didn’t hit the bug. My recommendation is to add --preferred-challenges http-01, because I suspect this is caused by combining tls-sni-01 and http-01 challenges in a single cert.


Sorry for the late reply, for some reason the notification mails landed in my spam folder.

That fixed it, thanks a lot!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.