Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): xxx@yyy.zz
An unexpected error occurred:
requests.exceptions.SSLError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError(9, '[X509] PEM lib (_ssl.c:4262)')))
Please see the logfiles in /var/log/letsencrypt for more details.
and log file contents :
vmsig@vmsig:~$ tail /var/log/letsencrypt/letsencrypt.log
tail: impossible d'ouvrir '/var/log/letsencrypt/letsencrypt.log' en lecture: Permission non accordée
vmsig@vmsig:~$ sudo tail /var/log/letsencrypt/letsencrypt.log
response = self.session.request(method, url, *args, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError(9, '[X509] PEM lib (_ssl.c:4262)')))
2022-05-31 23:59:21,117:ERROR:certbot._internal.log:An unexpected error occurred:
2022-05-31 23:59:21,118:ERROR:certbot._internal.log:requests.exceptions.SSLError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError(9, '[X509] PEM lib (_ssl.c:4262)')))
vmsig@vmsig:~$
Thank you _az.
I already tried these commands without success but I found the issue : an empty record existed in ca-certificates.crt
----- BEGIN CERTIFICATE -----
----- END CERTIFICATE -----
I removed these lines and curl issue was solved.
But I get a new error when creating certificate :
vmsig@vmsig:~$ sudo certbot --nginx -d carto.mairie-saintmartinduriage.fr
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Requesting a certificate for carto.mairie-saintmartinduriage.fr
Performing the following challenges:
http-01 challenge for carto.mairie-saintmartinduriage.fr
Waiting for verification...
Challenge failed for domain carto.mairie-saintmartinduriage.fr
http-01 challenge for carto.mairie-saintmartinduriage.fr
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: carto.mairie-saintmartinduriage.fr
Type: connection
Detail: 194.51.125.129: Fetching
http://carto.mairie-saintmartinduriage.fr/.well-known/acme-challenge/of6OP6E5iA2_MLadNdxDhJJ2Fvev0phkKNGENpSTyEw:
Server is speaking HTTP/2 over HTTP
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
IP address routing seems to be ok
jma@ns98:~$ sudo traceroute --tcp carto.mairie-saintmartinduriage.fr
traceroute to carto.mairie-saintmartinduriage.fr (194.51.125.129), 30 hops max, 60 byte packets
1 pdc1-2-m2.fr.eu (213.251.156.222) 0.462 ms 0.426 ms 0.475 ms
2 10.72.17.67 (10.72.17.67) 0.704 ms 0.720 ms 0.861 ms
3 10.73.48.24 (10.73.48.24) 0.204 ms 10.73.48.22 (10.73.48.22) 0.199 ms 10.73.48.24 (10.73.48.24) 0.166 ms
4 10.73.48.1 (10.73.48.1) 0.961 ms 0.931 ms 1.018 ms
5 be104.par-th2-sbb1-nc5.fr.eu (91.121.215.132) 1.094 ms be104.par-gsw-sbb1-nc5.fr.eu (91.121.131.208) 1.170 ms 1.108 ms
6 10.200.2.85 (10.200.2.85) 0.655 ms 10.200.2.69 (10.200.2.69) 1.108 ms 10.200.2.73 (10.200.2.73) 1.035 ms
7 * 54.36.50.217 (54.36.50.217) 1.355 ms 1.324 ms
8 193.251.132.76 (193.251.132.76) 0.900 ms 193.251.242.100 (193.251.242.100) 1.197 ms ae0-0.nilyo202.rbci.orange.net (81.253.184.101) 7.984 ms
9 * 193.251.129.110 (193.251.129.110) 1.036 ms 0.977 ms
10 ae0-0.nilyo202.rbci.orange.net (81.253.184.101) 7.915 ms * *
11 ae43-0.nclyo202.rbci.orange.net (193.252.101.150) 6.790 ms 81.253.183.6 (81.253.183.6) 6.625 ms ae43-0.nclyo202.rbci.orange.net (193.252.101.150) 6.693 ms
12 * * *
13 81.253.183.6 (81.253.183.6) 6.536 ms * 6.618 ms
14 213.56.184.4 (213.56.184.4) 8.923 ms * *
15 * * *
16 serveur.malet-roquefort.com (194.51.125.129) 9.492 ms 9.047 ms 213.56.184.4 (213.56.184.4) 8.949 ms
jma@ns98:~$ sudo traceroute --icmp carto.mairie-saintmartinduriage.fr
traceroute to carto.mairie-saintmartinduriage.fr (194.51.125.129), 30 hops max, 60 byte packets
1 pdc1-2-m2.fr.eu (213.251.156.222) 0.381 ms 0.462 ms 0.502 ms
2 10.72.17.67 (10.72.17.67) 0.705 ms 0.829 ms 0.950 ms
3 10.73.48.22 (10.73.48.22) 0.213 ms 0.237 ms 0.229 ms
4 10.73.48.1 (10.73.48.1) 1.133 ms 1.124 ms 1.112 ms
5 be104.par-th2-sbb1-nc5.fr.eu (91.121.215.132) 1.176 ms 1.181 ms 1.221 ms
6 10.200.2.73 (10.200.2.73) 69.947 ms 69.773 ms 69.858 ms
7 * * *
8 ae0-0.nilyo202.rbci.orange.net (81.253.184.101) 7.969 ms 7.959 ms 7.952 ms
9 ae43-0.nclyo202.rbci.orange.net (193.252.101.150) 6.472 ms 6.464 ms 6.456 ms
10 lag-1.nmlyo206.rbci.orange.net (193.253.85.217) 6.296 ms 6.291 ms 6.439 ms
11 81.253.183.6 (81.253.183.6) 6.411 ms 6.380 ms 6.357 ms
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
jma@ns98:~$