Unable to setup auto renewal of SSL certificate


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: http://admin.letmecode.in/ and http://api.letmecode.in/

I ran this command: /opt/letsencrypt/letsencrypt-auto renew -n --webroot -w /mnt/letmecode/apps/api -d www.api.letmecode.in -d api.letmecode.in -w /mnt/letmecode/apps/admin-portal -d www.admin.letmecode.in -d admin.letmecode.in

It produced this output: I’m trying to run above command from cron, but it is asking for user input. So, I want to run above command in non-interactive mode, So I added -n option. But, still it is throwing following error -

Which names would you like to activate HTTPS for?

1: admin.letmecode.in
2: api.letmecode.in

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): Exiting abnormally:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 861, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 692, in run
domains, certname = _find_domains_or_certname(config, installer)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 289, in _find_domains_or_certname
domains = display_ops.choose_names(installer)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/display/ops.py”, line 111, in choose_names
code, names = _filter_names(names)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/display/ops.py”, line 161, in _filter_names
tags=sorted_names, cli_flag="–domains", force_interactive=True)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/display/util.py”, line 258, in checklist
force_interactive=True)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/display/util.py”, line 181, in input
ans = input_with_timeout(message)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/display/util.py”, line 86, in input_with_timeout
raise EOFError
EOFError
An unexpected error occurred:
EOFError
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version): nginx/1.10.1

The operating system my web server runs on is (include version): Debian

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

Please show the output of letsencrypt-auto certificates


#3

Found the following certs:
Certificate Name: admin.letmecode.in
Domains: admin.letmecode.in
Expiry Date: 2018-02-22 08:48:27+00:00 (VALID: 86 days)
Certificate Path: /etc/letsencrypt/live/admin.letmecode.in/fullchain.pem
Private Key Path: /etc/letsencrypt/live/admin.letmecode.in/privkey.pem
Certificate Name: api.letmecode.in
Domains: admin.letmecode.in api.letmecode.in
Expiry Date: 2018-01-22 03:37:13+00:00 (VALID: 55 days)
Certificate Path: /etc/letsencrypt/live/api.letmecode.in/fullchain.pem
Private Key Path: /etc/letsencrypt/live/api.letmecode.in/privkey.pem


#4

OK, I think you don’t have to specify all those domain and webroot parameters upon renewal.
Did you try to run the simple command certbot-auto renew?

By the way: you have two certificates for admin.letmecode.in, this will be confusing in the future.


#5

I ran certbot-auto renew command, but still no use. Still getting the same error.


#6

Do you need two distinct certificates? Maybe this error is related to this.
I would delete the newer one (make sure you don’t use it beforehand) with:

letsencrypt-auto delete --cert-name admin.letmecode.in

Then run letsencrypt-auto renew


#7

letsencrypt-auto delete --cert-name admin.letmecode.in I deleted the certifcate


#8

Now, it shows only following certificate

Certificate Name: api.letmecode.in
Domains: admin.letmecode.in api.letmecode.in
Expiry Date: 2018-01-22 03:37:13+00:00 (VALID: 55 days)
Certificate Path: /etc/letsencrypt/live/api.letmecode.in/fullchain.pem
Private Key Path: /etc/letsencrypt/live/api.letmecode.in/privkey.pem

But, still getting the same error


#9

Could you post the full output again, please?


#10

Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7fce11ee0e10> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7fce11ee0e10>
Plugins selected: Authenticator nginx, Installer nginx
Picked account: <Account(RegistrationResource(body=Registration(status=None, contact=(u’mailto:truthorerr@gmail.com’,), agreement=u’https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf’, key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7fce11eb0ad0>)>)), uri=u’https://acme-v01.api.letsencrypt.org/acme/reg/2946756’, new_authzr_uri=u’https://acme-v01.api.letsencrypt.org/acme/new-authz’, terms_of_service=u’https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf’), 05e72dc1ac8794234aa504c739b94c92, Meta(creation_host=u’ip-172-31-44-114.us-west-2.compute.internal’, creation_dt=datetime.datetime(2016, 8, 5, 11, 31, 27, tzinfo=)))>
Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
https://acme-v01.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 562
Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 562
Replay-Nonce: WdfqRMgZYu2OFELkgEor5iTlHyUeetZPVw1Xc7hYRm8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 27 Nov 2017 14:21:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 27 Nov 2017 14:21:20 GMT
Connection: keep-alive

{
“key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”,
“meta”: {
“terms-of-service”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
},
“new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”,
“new-cert”: “https://acme-v01.api.letsencrypt.org/acme/new-cert”,
“new-reg”: “https://acme-v01.api.letsencrypt.org/acme/new-reg”,
“revoke-cert”: “https://acme-v01.api.letsencrypt.org/acme/revoke-cert”,
“t1-mlnCW_V8”: “Adding random entries to the directory
}
Not suggesting name "localhost"
localhost needs at least two labels

Which names would you like to activate HTTPS for?

1: admin.letmecode.in
2: api.letmecode.in

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):


#11

This is when calling letencrypt-auto renew (without any further parameters)?
Then there must be something broken with the client, I would suggest updating/upgrading the client.


#12

There seems to be a vhost config using “localhost” somewhere.


#13

Okay Thanks. I will try to update the letsencrypt and let you know.


#14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.