The server experienced an internal error - Error finalizing order

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: whois.nic.llp

I ran this command: certbot certonly --webroot -w /var/www/html/ -d whois.nic.llp

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
An unexpected error occurred:
The server experienced an internal error :: Error finalizing order
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version):N/A

The operating system my web server runs on is (include version): Debian 10.3

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Hi,

Can you please share us the log in /var/log/letsencrypt?
Can you also try this again after 5 minutes?

Thank you

cat letsencrypt.log
2020-02-22 04:07:52,298:DEBUG:certbot.main:certbot version: 0.31.0
2020-02-22 04:07:52,298:DEBUG:certbot.main:Arguments: ['--webroot', '-w', '/var/www/html/', '-d', 'whois.nic.llp']
2020-02-22 04:07:52,298:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-02-22 04:07:52,310:DEBUG:certbot.log:Root logging level set at 20
2020-02-22 04:07:52,311:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-02-22 04:07:52,311:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2020-02-22 04:07:52,312:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f895ba3f860>
Prep: True
2020-02-22 04:07:52,312:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f895ba3f860> and installer None
2020-02-22 04:07:52,312:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2020-02-22 04:07:52,317:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v01.api.letsencrypt.org/acme/reg/49754125', new_authzr_uri='https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=None), f206ea3f9a8e28759011adf88eb7614e, Meta(creation_dt=datetime.datetime(2019, 1, 18, 11, 53, 35, tzinfo=<UTC>), creation_host='puppet.uniregistry.net'))>
2020-02-22 04:07:52,318:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2020-02-22 04:07:52,320:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2020-02-22 04:07:52,494:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2020-02-22 04:07:52,495:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 22 Feb 2020 04:07:52 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "6UhyveIr-bc": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2020-02-22 04:07:52,520:INFO:certbot.main:Obtaining a new certificate
2020-02-22 04:07:53,137:DEBUG:certbot.crypto_util:Generating key (4096 bits): /etc/letsencrypt/keys/0373_key-certbot.pem
2020-02-22 04:07:53,165:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0373_csr-certbot.pem
2020-02-22 04:07:53,166:DEBUG:acme.client:Requesting fresh nonce
2020-02-22 04:07:53,166:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2020-02-22 04:07:53,206:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2020-02-22 04:07:53,207:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 22 Feb 2020 04:07:53 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001HCzkHSVfO4rzE7ZhuFDbxek26wg02awa-zkjn5Av1e0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2020-02-22 04:07:53,207:DEBUG:acme.client:Storing nonce: 0001HCzkHSVfO4rzE7ZhuFDbxek26wg02awa-zkjn5Av1e0
2020-02-22 04:07:53,207:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "whois.nic.llp"\n    }\n  ]\n}'
2020-02-22 04:07:53,211:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy80OTc1NDEyNSIsICJub25jZSI6ICIwMDAxSEN6a0hTVmZPNHJ6RTdaaHVGRGJ4ZWsyNndnMDJhd2EtemtqbjVBdjFlMCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
  "signature": "agjMOa7fvho4Xd6AP7ZQDuteYm0S9vzMCB0Oe1-Fv15zCERhEgUxh5f2yRLYB2_NNLLUll8-qkwhZ43KVgniu_PGEW4k8VnRn0WVHF9ka11C0o5z3uBV41QaffBMclrWzfC-XcHsQlGfePVpbHikQBQCKFc1k8fG0as1xYEZ2iidYiycGXhuVfi-W-R-iCxdi-7Cz8wmeTEOGgbFX30JhpyEHGQSs7RQUXmCwAr4bfpuDyHOXBdC8vTivVLAvZhD3M28oCl0FMzWn1yKtkib4KUi01eD4RS-Pvm3Fs-fh54ugNe-vsxlbKpFfWTEvzUO-q5bUsaD9bqXj9DxomjxGw",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIndob2lzLm5pYy5sbHAiCiAgICB9CiAgXQp9"
}
2020-02-22 04:07:53,304:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 341
2020-02-22 04:07:53,305:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sat, 22 Feb 2020 04:07:53 GMT
Content-Type: application/json
Content-Length: 341
Connection: keep-alive
Boulder-Requester: 49754125
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/49754125/2407076722
Replay-Nonce: 0002NobIMbAjaYKlGelQEQVJoA7SoBYxEoSD12oy8qUsARE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "ready",
  "expires": "2020-02-29T04:07:53.267506022Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "whois.nic.llp"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/2945791429"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/49754125/2407076722"
}
2020-02-22 04:07:53,305:DEBUG:acme.client:Storing nonce: 0002NobIMbAjaYKlGelQEQVJoA7SoBYxEoSD12oy8qUsARE
2020-02-22 04:07:53,305:DEBUG:acme.client:JWS payload:
b''
2020-02-22 04:07:53,308:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/2945791429:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy80OTc1NDEyNSIsICJub25jZSI6ICIwMDAyTm9iSU1iQWphWUtsR2VsUUVRVkpvQTdTb0JZeEVvU0QxMm95OHFVc0FSRSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjk0NTc5MTQyOSJ9",
  "signature": "dhUl8IYV0kjG16ETtwYk2eImCBA_l49OoTm_-bCsrr66IHoRzKnsznjgIX7egx8eamjCmjAgdm07P_gvFtJdloh9Qa473p8_QX1h4CQgV1vJC1IWYG6BGxULVJrbazsqxOBrn0ad5iw3ciwu1fpUPQjVcfqbldFkN0bYgKT85rVOPecbzLgNv4JDidYrGsXDG6ccBBsbUw4iXjRzvPUHPrV-ZjfU1A9yXz07ht3B8XLiBZQb3o_Rwd2f-A82DNcThQmZAMAQoQI1RS2_kOpgoYEUnlbALaDXiLQ7ACHRsyyuFhXpg-2Vszzwo2yJycPi1pJxwTddPt-TUz2MEahGXw",
  "payload": ""
}
2020-02-22 04:07:53,360:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/2945791429 HTTP/1.1" 200 742
2020-02-22 04:07:53,360:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 22 Feb 2020 04:07:53 GMT
Content-Type: application/json
Content-Length: 742
Connection: keep-alive
Boulder-Requester: 49754125
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002iGpd4WV6EYCMMQ5KPbKx2teRNBVgDylCcC8BNDNIB_4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "whois.nic.llp"
  },
  "status": "valid",
  "expires": "2020-03-23T03:29:46Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "valid",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/2945791429/k2zBXQ",
      "token": "_5MFpITeVfnkELTyKRm232hyCQBfhZ64uYSiK8iJQ0A",
      "validationRecord": [
        {
          "url": "http://whois.nic.llp/.well-known/acme-challenge/_5MFpITeVfnkELTyKRm232hyCQBfhZ64uYSiK8iJQ0A",
          "hostname": "whois.nic.llp",
          "port": "80",
          "addressesResolved": [
            "64.96.47.20",
            "2620:57:400d::20"
          ],
          "addressUsed": "2620:57:400d::20"
        }
      ]
    }
  ]
}
2020-02-22 04:07:53,360:DEBUG:acme.client:Storing nonce: 0002iGpd4WV6EYCMMQ5KPbKx2teRNBVgDylCcC8BNDNIB_4
2020-02-22 04:07:53,361:DEBUG:certbot.client:CSR: CSR(file='/etc/letsencrypt/csr/0373_csr-certbot.pem', data=b'-----BEGIN CERTIFICATE REQUEST-----\nMIIEcDCCAlgCAQIwADCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM4E\nmnJBDf0XZXv5rLxjR4eEn6Co4SFxQs13suy0sO2I0hpZji/C3tjRuRVUzYRpDrzI\n5l7dTZ50r3WusqkNXOY8DKfkr5QjXtdxvB1bac7Mlx+t6iQgUf2EWIMIHpjepARk\no94kUKjiJzVo1QOpU4JjNXHO6BDrcL+nOC6uZu+Pm5JuVUmLP5qEItWZrwIdt2v9\n2cmGhj1RQF6cC2fU2J3pPXJvBMf2PEDXoahSZrfHgF+0paAdDQ+a2yeXI4guxea9\nVv4E71a4Eui3jhHzDHWBJwKFjmjB2BEACgS0nN6A5lGRdN82RsnT01PMEnQRizUp\n6V+HTew/HvF7zRaY+iq3gv8pG8BXZQqs6hWtG+en9kpKGBAJ1qL+PqYzobRpXgVV\nt2q0s3IEJaYoVuPTYnL9JBYj4MkuWUkNegjWCKtwBy+6WopDaswpAgqvrZ3haEys\nf8/Zq9IVkNWkJdkZnBh+EpvCdoqjh8hVe6pQy8EPJ9V1m3MVTZ47gemFfd0LmyHx\nHnpJ0yytEgFTJc9w6MRZQif0oZygguHlxJ/u9msK8UIM+OjNB2Hv3p3vzN0G2Q1z\nXH1hBL5pq24M5cnWnQfgyvta5o/1e51eNO0i78nvUteKgEZgbQKS2FdMLyHUjeO1\nTDLJJV0gbxRaGOVbU2CTwJA/ODGPNkEwrlkRxDxbAgMBAAGgKzApBgkqhkiG9w0B\nCQ4xHDAaMBgGA1UdEQQRMA+CDXdob2lzLm5pYy5sbHAwDQYJKoZIhvcNAQELBQAD\nggIBAGmKjIzyeBEpHzqWrBmcU538AG4d8ddTpJV/hhQNCHGDvc9Ca2xniLNis+Ll\nFHaHCPua99rRmS/aaGfLC7Ip5k/A2qLhwyjnQsUtpHdFowHIbKWiQOlYaTgjrBys\ngyxkj/dSjifs4KkGX+kLW/DtEABBrhB9Tkcld6rVtL2/pOJEIvuQfxlGFCrwBU1A\nROxbKqUrqLRmV1AFvrPX5rYMmTRoX2bxGoFVL3wGunuhhlHmmjCJd6ylPj/cv1Pb\naKtdKuNdeXER/z8T1RnkepfIx5f6mbH6G6IcP8xIQsubefVDvzS7Wsi46BEWyCJM\nnL2CnHx9HVmZ/x8koUGVW5Q9DwpS8taoBC1OhDoyf6y68LwqVqSM6d2xriEactg/\nkdFsN3CajoDnjH/IQAuCV0m7Ouo39tnhSkje0oHpdWJ9DMuF9/S6Cm4IFWN2WJ1r\nOuIDcKUQ84EikEC1NqEgFmSDcWIy4csRBHMVbAG5I60ZkllB/pvBmtyiK9srCOxT\nk46xcGVrK0Exug6/yZKAE21u6ogY5gf6RMQvrtS070aawDnOpLIszGj8XRstkJ4m\nPYXUcgHhbJeDl9BsElx6ZXFyFMXbXWq5OpCjMQqvTX3ge3CFoofaYs+OUexJvBOv\njLFpKV4/1AXmw8x54TGUzoFmNetU04gFFyqLuVxCfQDNSgVH\n-----END CERTIFICATE REQUEST-----\n', form='pem')
2020-02-22 04:07:53,361:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "new-cert",\n  "csr": "MIIEcDCCAlgCAQIwADCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM4EmnJBDf0XZXv5rLxjR4eEn6Co4SFxQs13suy0sO2I0hpZji_C3tjRuRVUzYRpDrzI5l7dTZ50r3WusqkNXOY8DKfkr5QjXtdxvB1bac7Mlx-t6iQgUf2EWIMIHpjepARko94kUKjiJzVo1QOpU4JjNXHO6BDrcL-nOC6uZu-Pm5JuVUmLP5qEItWZrwIdt2v92cmGhj1RQF6cC2fU2J3pPXJvBMf2PEDXoahSZrfHgF-0paAdDQ-a2yeXI4guxea9Vv4E71a4Eui3jhHzDHWBJwKFjmjB2BEACgS0nN6A5lGRdN82RsnT01PMEnQRizUp6V-HTew_HvF7zRaY-iq3gv8pG8BXZQqs6hWtG-en9kpKGBAJ1qL-PqYzobRpXgVVt2q0s3IEJaYoVuPTYnL9JBYj4MkuWUkNegjWCKtwBy-6WopDaswpAgqvrZ3haEysf8_Zq9IVkNWkJdkZnBh-EpvCdoqjh8hVe6pQy8EPJ9V1m3MVTZ47gemFfd0LmyHxHnpJ0yytEgFTJc9w6MRZQif0oZygguHlxJ_u9msK8UIM-OjNB2Hv3p3vzN0G2Q1zXH1hBL5pq24M5cnWnQfgyvta5o_1e51eNO0i78nvUteKgEZgbQKS2FdMLyHUjeO1TDLJJV0gbxRaGOVbU2CTwJA_ODGPNkEwrlkRxDxbAgMBAAGgKzApBgkqhkiG9w0BCQ4xHDAaMBgGA1UdEQQRMA-CDXdob2lzLm5pYy5sbHAwDQYJKoZIhvcNAQELBQADggIBAGmKjIzyeBEpHzqWrBmcU538AG4d8ddTpJV_hhQNCHGDvc9Ca2xniLNis-LlFHaHCPua99rRmS_aaGfLC7Ip5k_A2qLhwyjnQsUtpHdFowHIbKWiQOlYaTgjrBysgyxkj_dSjifs4KkGX-kLW_DtEABBrhB9Tkcld6rVtL2_pOJEIvuQfxlGFCrwBU1AROxbKqUrqLRmV1AFvrPX5rYMmTRoX2bxGoFVL3wGunuhhlHmmjCJd6ylPj_cv1PbaKtdKuNdeXER_z8T1RnkepfIx5f6mbH6G6IcP8xIQsubefVDvzS7Wsi46BEWyCJMnL2CnHx9HVmZ_x8koUGVW5Q9DwpS8taoBC1OhDoyf6y68LwqVqSM6d2xriEactg_kdFsN3CajoDnjH_IQAuCV0m7Ouo39tnhSkje0oHpdWJ9DMuF9_S6Cm4IFWN2WJ1rOuIDcKUQ84EikEC1NqEgFmSDcWIy4csRBHMVbAG5I60ZkllB_pvBmtyiK9srCOxTk46xcGVrK0Exug6_yZKAE21u6ogY5gf6RMQvrtS070aawDnOpLIszGj8XRstkJ4mPYXUcgHhbJeDl9BsElx6ZXFyFMXbXWq5OpCjMQqvTX3ge3CFoofaYs-OUexJvBOvjLFpKV4_1AXmw8x54TGUzoFmNetU04gFFyqLuVxCfQDNSgVH"\n}'
2020-02-22 04:07:53,365:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/finalize/49754125/2407076722:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy80OTc1NDEyNSIsICJub25jZSI6ICIwMDAyaUdwZDRXVjZFWUNNTVE1S1BiS3gydGVSTkJWZ0R5bENjQzhCTkROSUJfNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvZmluYWxpemUvNDk3NTQxMjUvMjQwNzA3NjcyMiJ9",
  "signature": "XJGBuE9K7UuuQAuzARUYbLINZAenUSo-Rp8NibxWVo78yFVJ1QywsqYmt2t-kLh2q0FSlVvK4SjpH8MNpvBXK7rXpAZquCq_NzYKKG8a4O2wSKFayWPNOBqSOpEiN_ct4hC1NXu_tMtY3-1GeZdGcjhw6O-nYgvpw99ew0ri8NYgGDSAfLkYPc5Ar-E4EdOfdq-c1VVgVSww0D-6s8WzQE2j_yjN6uSabaVM0WsVCpxBn8ye36X0NXaCLuD98NpBmSodyY5n6yWwHgshGCp3EP4i87Hiwpx9WJsdvzsbWMIPdDHEK5gVZBo21HkrKPG-S53I_VgX1k06a_qORyr2Vg",
  "payload": "ewogICJyZXNvdXJjZSI6ICJuZXctY2VydCIsCiAgImNzciI6ICJNSUlFY0RDQ0FsZ0NBUUl3QURDQ0FpSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnSVBBRENDQWdvQ2dnSUJBTTRFbW5KQkRmMFhaWHY1ckx4alI0ZUVuNkNvNFNGeFFzMTNzdXkwc08ySTBocFpqaV9DM3RqUnVSVlV6WVJwRHJ6STVsN2RUWjUwcjNXdXNxa05YT1k4REtma3I1UWpYdGR4dkIxYmFjN01seC10NmlRZ1VmMkVXSU1JSHBqZXBBUmtvOTRrVUtqaUp6Vm8xUU9wVTRKak5YSE82QkRyY0wtbk9DNnVadS1QbTVKdVZVbUxQNXFFSXRXWnJ3SWR0MnY5MmNtR2hqMVJRRjZjQzJmVTJKM3BQWEp2Qk1mMlBFRFhvYWhTWnJmSGdGLTBwYUFkRFEtYTJ5ZVhJNGd1eGVhOVZ2NEU3MWE0RXVpM2poSHpESFdCSndLRmptakIyQkVBQ2dTMG5ONkE1bEdSZE44MlJzblQwMVBNRW5RUml6VXA2Vi1IVGV3X0h2Rjd6UmFZLWlxM2d2OHBHOEJYWlFxczZoV3RHLWVuOWtwS0dCQUoxcUwtUHFZem9iUnBYZ1ZWdDJxMHMzSUVKYVlvVnVQVFluTDlKQllqNE1rdVdVa05lZ2pXQ0t0d0J5LTZXb3BEYXN3cEFncXZyWjNoYUV5c2Y4X1pxOUlWa05Xa0pka1puQmgtRXB2Q2RvcWpoOGhWZTZwUXk4RVBKOVYxbTNNVlRaNDdnZW1GZmQwTG15SHhIbnBKMHl5dEVnRlRKYzl3Nk1SWlFpZjBvWnlnZ3VIbHhKX3U5bXNLOFVJTS1Pak5CMkh2M3AzdnpOMEcyUTF6WEgxaEJMNXBxMjRNNWNuV25RZmd5dnRhNW9fMWU1MWVOTzBpNzhudlV0ZUtnRVpnYlFLUzJGZE1MeUhVamVPMVRETEpKVjBnYnhSYUdPVmJVMkNUd0pBX09ER1BOa0V3cmxrUnhEeGJBZ01CQUFHZ0t6QXBCZ2txaGtpRzl3MEJDUTR4SERBYU1CZ0dBMVVkRVFRUk1BLUNEWGRvYjJsekxtNXBZeTVzYkhBd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFHbUtqSXp5ZUJFcEh6cVdyQm1jVTUzOEFHNGQ4ZGRUcEpWX2hoUU5DSEdEdmM5Q2EyeG5pTE5pcy1MbEZIYUhDUHVhOTlyUm1TX2FhR2ZMQzdJcDVrX0EycUxod3lqblFzVXRwSGRGb3dISWJLV2lRT2xZYVRnanJCeXNneXhral9kU2ppZnM0S2tHWC1rTFdfRHRFQUJCcmhCOVRrY2xkNnJWdEwyX3BPSkVJdnVRZnhsR0ZDcndCVTFBUk94YktxVXJxTFJtVjFBRnZyUFg1cllNbVRSb1gyYnhHb0ZWTDN3R3VudWhobEhtbWpDSmQ2eWxQal9jdjFQYmFLdGRLdU5kZVhFUl96OFQxUm5rZXBmSXg1ZjZtYkg2RzZJY1A4eElRc3ViZWZWRHZ6UzdXc2k0NkJFV3lDSk1uTDJDbkh4OUhWbVpfeDhrb1VHVlc1UTlEd3BTOHRhb0JDMU9oRG95ZjZ5NjhMd3FWcVNNNmQyeHJpRWFjdGdfa2RGc04zQ2Fqb0RuakhfSVFBdUNWMG03T3VvMzl0bmhTa2plMG9IcGRXSjlETXVGOV9TNkNtNElGV04yV0oxck91SURjS1VRODRFaWtFQzFOcUVnRm1TRGNXSXk0Y3NSQkhNVmJBRzVJNjBaa2xsQl9wdkJtdHlpSzlzckNPeFRrNDZ4Y0dWckswRXh1ZzZfeVpLQUUyMXU2b2dZNWdmNlJNUXZydFMwNzBhYXdEbk9wTElzekdqOFhSc3RrSjRtUFlYVWNnSGhiSmVEbDlCc0VseDZaWEZ5Rk1YYlhXcTVPcENqTVFxdlRYM2dlM0NGb29mYVlzLU9VZXhKdkJPdmpMRnBLVjRfMUFYbXc4eDU0VEdVem9GbU5ldFUwNGdGRnlxTHVWeENmUUROU2dWSCIKfQ"
}
2020-02-22 04:07:53,437:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/finalize/49754125/2407076722 HTTP/1.1" 500 112
2020-02-22 04:07:53,438:DEBUG:acme.client:Received response:
HTTP 500
Server: nginx
Date: Sat, 22 Feb 2020 04:07:53 GMT
Content-Type: application/problem+json
Content-Length: 112
Connection: keep-alive
Boulder-Requester: 49754125
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002EjuDPGgs3Yty-OePyArcB_GSyDbx3f7fLvLl4zQs2hI

{
  "type": "urn:ietf:params:acme:error:serverInternal",
  "detail": "Error finalizing order",
  "status": 500
}
2020-02-22 04:07:53,438:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1250, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 410, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 369, in obtain_certificate
    cert, chain = self.obtain_certificate_from_csr(csr, orderr)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 301, in obtain_certificate_from_csr
    orderr = self.acme.finalize_order(orderr, deadline)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 927, in finalize_order
    return self.client.finalize_order(orderr, deadline)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 754, in finalize_order
    self._post(orderr.body.finalize, wrapped_csr)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 96, in _post
    return self.net.post(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1204, in post
    return self._post_once(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1218, in _post_once
    response = self._check_response(response, content_type=content_type)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1073, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:serverInternal :: The server experienced an internal error :: Error finalizing order
2020-02-22 04:07:53,439:ERROR:certbot.log:An unexpected error occurred:
2020-02-22 04:07:53,440:ERROR:certbot.log:The server experienced an internal error :: Error finalizing order
2020-02-22 04:11:43,025:DEBUG:certbot.main:certbot version: 0.31.0
2020-02-22 04:11:43,025:DEBUG:certbot.main:Arguments: ['-v']
2020-02-22 04:11:43,025:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-02-22 04:11:43,037:DEBUG:certbot.log:Root logging level set at 10
2020-02-22 04:11:43,037:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-02-22 04:11:43,038:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2020-02-22 04:11:43,038:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1101, in run
    installer, authenticator = plug_sel.choose_configurator_plugins(config, plugins, "run")
  File "/usr/lib/python3/dist-packages/certbot/plugins/selection.py", line 210, in choose_configurator_plugins
    raise errors.MissingCommandlineFlag(msg)
certbot.errors.MissingCommandlineFlag: With the webroot plugin, you probably want to use the "certonly" command, eg:

    certbot certonly --webroot

(Alternatively, add a --installer flag. See https://eff.org/letsencrypt-plugins
 and "--help plugins" for more information.)

Same error when I tried to issue the certificate. Also tried expanding an certificate by adding the new domain, but the output/outcome is the same.

Hi,

I’m not sure what’s wrong from your log outputs…
So it might be time for Let’s Encrypt staff to take a look at this.

Can someone from @lestaff team take a look at this?
(I felt it might be related to nic or whois, but I might be wrong)

Thank you

2 Likes

It looks like .llp is a new gTLD, delegated as of 2019-12-05. We use a linting tool called zlint, that among other things, verifies that domains end in valid TLDs. We are currently at version 1.1.0 of zlint, released just before .llp was delegated, so its internal list does not include .llp, and it considers issuance for .llp an error.

We’ve been working on bringing in the next version of zlint and will include it in an upcoming release. It may take two or three weeks, since this is a major revision (v2.0.0) and we have to get the change through an upstream library too. Sorry for the inconvenience!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.