Unexpected error

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
ecclesmasonic.dvrdns.org

I ran this command:
certbot certonly --standalone

It produced this output:
http-01 challenge for ecclesmasonic.dvrdns.org
An unexpected error occurred:
AttributeError: ‘module’ object has no attribute ‘TLSSNI01’
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version):
Oracle ORDS 18.4 standalone

The operating system my web server runs on is (include version):
Oracle Enterprise Linux 7

My hosting provider, if applicable, is:
Self
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.39.0

1 Like

The http challenge needs a response from the server when it queries it over http. Looks like your server is configured to listen on different ports:

[root@Revan:~]# curl -ILv http://ecclesmasonic.dvrdns.org/
*   Trying 109.149.221.185...
* TCP_NODELAY set
* connect to 109.149.221.185 port 80 failed: Connection refused
* Failed to connect to ecclesmasonic.dvrdns.org port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to ecclesmasonic.dvrdns.org port 80: Connection refused

[root@Revan:~]# dig +short ecclesmasonic.dvrdns.org
109.149.221.185

[root@Revan:~]# nmap 109.149.221.185 -sV -v -P0
[...]
Discovered open port 8080/tcp on 109.149.221.185
Discovered open port 1521/tcp on 109.149.221.185
Discovered open port 8443/tcp on 109.149.221.185
Discovered open port 5500/tcp on 109.149.221.185
[...]
PORT     STATE  SERVICE       VERSION
21/tcp   closed ftp
80/tcp   closed http
1521/tcp open   oracle-tns    Oracle TNS listener 1.2.0.0.0 (unauthorized)
5500/tcp open   ssl/http      Oracle XML DB Enterprise Edition httpd
8080/tcp open   http-proxy
8443/tcp open   ssl/https-alt

See the following:

1 Like

Hi @ZetaRevan

that’s correct, if a running webserver exists and is used.

But if there is no webserver (sample: Only a mail server) and if --standalone is used, that’s not a problem.

Then Certbot starts a temporary webserver.

So --standalone is used - it’s hard to debug the configuration.

PS: I don’t know exact the problem with that

May be an old configuration file with a wrong entry.

1 Like

First link I posted stated TLS-SNI-01 challenge type was disabled back in March, so that leads me on the same thought process.

1 Like

That can happen if you’re running a new version of Certbot and an old version of some of Certbot’s (included) plugins.

Can you post the traceback from /var/log/letsencrypt/?

How did you install Certbot?

Are all of your packages up-to-date?

1 Like