Unable to renew. Errors about "not a FQDN"


#1

Please fill out the fields below so we can help you better.

My domain is: techonmancy.org, townlands.ie, kindle-maps.com

I ran this command: /root/certbot-auto renew --apache

It produced this output:

2016-09-27 10:43:48,804:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/townlands.ie.conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(('There has been an error in parsing the file (%s): %s', u'/etc/apache2/sites-available/certbot.log', u'Syntax error'),). Skipping.

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/technomancy.org.conf
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/www.kindle-maps.com.conf
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/townlands.ie.conf
-------------------------------------------------------------------------------

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/technomancy.org/fullchain.pem (skipped)
  /etc/letsencrypt/live/www.kindle-maps.com/fullchain.pem (skipped)
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/townlands.ie/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

Additionally this file:

# cat /etc/apache2/sites-available/certbot.log  | sed 's/^/    /g'
Traceback (most recent call last):
  File "/home/rory/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/home/rory/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 703, in main
    args = cli.prepare_and_parse_args(plugins, cli_args)
  File "/home/rory/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/cli.py", line 858, in prepare_and_parse_args
    return helpful.parse_args()
  File "/home/rory/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/cli.py", line 362, in parse_args
    parsed_args = self.parser.parse_args(self.args)
  File "/home/rory/.local/share/letsencrypt/local/lib/python2.7/site-packages/configargparse.py", line 216, in parse_args
    env_vars = env_vars)
  File "/home/rory/.local/share/letsencrypt/local/lib/python2.7/site-packages/configargparse.py", line 349, in parse_known_args
    self, args=args, namespace=namespace)
  File "/usr/lib/python2.7/argparse.py", line 1722, in parse_known_args
    namespace, args = self._parse_known_args(args, namespace)
  File "/usr/lib/python2.7/argparse.py", line 1928, in _parse_known_args
    start_index = consume_optional(start_index)
  File "/usr/lib/python2.7/argparse.py", line 1868, in consume_optional
    take_action(action, args, option_string)
  File "/usr/lib/python2.7/argparse.py", line 1796, in take_action
    action(self, namespace, argument_values, option_string)
  File "/home/rory/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/cli.py", line 988, in __call__
    add_domains(namespace, domain)
  File "/home/rory/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/cli.py", line 1008, in add_domains
    domain = util.enforce_domain_sanity(domain.strip())
  File "/home/rory/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/util.py", line 433, in enforce_domain_sanity
    .format(domain))
ConfigurationError: Requested domain technomancy.org www.technomancy.org is not a FQDN

My operating system is (include version): Ubuntu 14.04 trusty

My web server is (include version): Apache 2.4

My hosting provider, if applicable, is: N/A, I have root on this machine/VM.

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No.


#2

Hmm. Looks like Certbot thinks these two names are one thing, with a space in the middle. Is it possible that you’ve manually edited a configuration file and merged them together, or something like that ?


#3

I have’t manually edited any LE config files, or anything like that. When I tried to register it at first, I might have put that into the command line (since I wanted to register the bare domain and the www prefix). I can’t find anything in the config file which includes that string,


#4

I have solved this.

If you look carefully, you’ll see that certbot-auto is complaining about the file /etc/apache2/sites-available/certbot.log. Why is there a certbot.log file in /etc/apache2/sites-available/? I don’t know. But it shouldn’t be there. I think certbot is trying to parse that file as an apache config file, and failing (hence the SyntaxError message). I moved that file out of the way, and certbot auto is able to work fine.

I must have made a mistake when setting up certbot and ran it with 2 domains. I presume my cwd was /etc/apache2/sites-available/ and so certbot put a certbot.log file there. Which then broke further runs of certbot.

This is a bug in certbot-auto because any non-apache config file in /etc/apache2/sites-available/ will break certbot.


#5

@ebel, @bmw told me that this is an effect of a deliberate feature: if certbot crashes early enough that it couldn’t set up logging in /var/log, it will save its crash log into the current directory in order to avoid having to print a Python traceback.

I guess the benefits of this can be questioned in the kind of situation you encountered, but it seems like it could be useful to people in other circumstances.


Sticky error after trying to generate "IDN" certificate
#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.