'UnexpectedUpdate' error on Ubuntu 14.04.3

dk88 · December 4, 2015, 2:00pm

I did this:

cd /etc
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto

But after choosing the ‘names’, input email and agreeing to TOS, I get the error message:

An unexpected error occurred:
UnexpectedUpdate: AuthorizationResource(body=Authorization(status=Status(pending), challenges=(ChallengeBody(chall=TLSSNI01(token='\ ...

Log says this:

File "/home/david11/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 179, in _authzr_from_response
    raise errors.UnexpectedUpdate(authzr)

Any ideas? Thanks!

Update: It works on the same server for another domain, so I have no idea, what the problem could be…

dClauzel · December 5, 2015, 9:51am

Same problem here, for all my domains (served with apache).

Exemple:

2015-12-04 17:28:52,367:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-04 17:28:52,595:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 568
2015-12-04 17:28:52,597:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '568', 'Expires': 'Fri, 04 Dec 2015 17:28:52 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/S5-JE4rNYkF5nN4i3WelgLl5kdJGTQcCs41rnvpHPyE', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 04 Dec 2015 17:28:52 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'nhy4joMFJCGdANEnam_VX6kFLJt4Ki-OOYSqud-TIPA'}. Content: '{"identifier":{"type":"dns","value":"damien.clauzel.eu"},"status":"pending","expires":"2015-12-11T17:28:52.514553153Z","challenges":[{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/S5-JE4rNYkF5nN4i3WelgLl5kdJGTQcCs41rnvpHPyE/798523","token":"xjWCCltlo67PhGyRntiUg1OkaFfSx0yQti05465CH0Y"},{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/S5-JE4rNYkF5nN4i3WelgLl5kdJGTQcCs41rnvpHPyE/798524","token":"5j3MGPF8BIGUI99as4gTcUs7wjuTVrGroxq5iJB4jRg"}],"combinations":[[0],[1]]}'
2015-12-04 17:28:52,598:DEBUG:acme.client:Storing nonce: "\x9e\x1c\xb8\x8e\x83\x05$!\x9d\x00\xd1'jo\xd5_\xa9\x05,\x9bx*/\x8e9\x84\xaa\xb9\xdf\x93 \xf0"
2015-12-04 17:28:52,598:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '568', 'Expires': 'Fri, 04 Dec 2015 17:28:52 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/S5-JE4rNYkF5nN4i3WelgLl5kdJGTQcCs41rnvpHPyE', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 04 Dec 2015 17:28:52 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'nhy4joMFJCGdANEnam_VX6kFLJt4Ki-OOYSqud-TIPA'}): '{"identifier":{"type":"dns","value":"damien.clauzel.eu"},"status":"pending","expires":"2015-12-11T17:28:52.514553153Z","challenges":[{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/S5-JE4rNYkF5nN4i3WelgLl5kdJGTQcCs41rnvpHPyE/798523","token":"xjWCCltlo67PhGyRntiUg1OkaFfSx0yQti05465CH0Y"},{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/S5-JE4rNYkF5nN4i3WelgLl5kdJGTQcCs41rnvpHPyE/798524","token":"5j3MGPF8BIGUI99as4gTcUs7wjuTVrGroxq5iJB4jRg"}],"combinations":[[0],[1]]}'
2015-12-04 17:28:52,600:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 1283, in main
    return args.func(args, config, plugins)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 512, in obtain_cert
    _auth_from_domains(le_client, config, domains)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 336, in _auth_from_domains
    lineage = le_client.obtain_and_enroll_certificate(domains)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 283, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 266, in obtain_certificate
    return self._obtain_certificate(domains, csr) + (key, csr)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 224, in _obtain_certificate
    authzr = self.auth_handler.get_authorizations(domains)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 74, in get_authorizations
    domain, self.account.regr.new_authzr_uri)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 215, in request_domain_challenges
    typ=messages.IDENTIFIER_FQDN, value=domain), new_authz_uri)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 198, in request_challenges
    return self._authzr_from_response(response, identifier)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 179, in _authzr_from_response
    raise errors.UnexpectedUpdate(authzr)
UnexpectedUpdate: AuthorizationResource(body=Authorization(status=Status(pending), challenges=(ChallengeBody(chall=TLSSNI01(token='\xc65\x82\n[e\xa3\xae\xcf\x84l\x91\x9e\xd8\x94\x83S\xa4hW\xd2\xc7L\x90\xb6-9\xe3\xaeB\x1fF'), status=Status(pending), validated=None, uri=u'https://acme-v01.api.letsencrypt.org/acme/challenge/S5-JE4rNYkF5nN4i3WelgLl5kdJGTQcCs41rnvpHPyE/798523', error=None), ChallengeBody(chall=HTTP01(token='\xe6=\xcc\x18\xf1|\x04\x81\x94#\xdfZ\xb3\x88\x13qK;\xc2;\x93V\xb1\xab\xa3\x1a\xb9\x88\x90x\x8d\x18'), status=Status(pending), validated=None, uri=u'https://acme-v01.api.letsencrypt.org/acme/challenge/S5-JE4rNYkF5nN4i3WelgLl5kdJGTQcCs41rnvpHPyE/798524', error=None)), identifier=Identifier(typ=IdentifierType(dns), value=u'damien.clauzel.eu'), expires=datetime.datetime(2015, 12, 11, 17, 28, 52, 514553, tzinfo=<UTC>), combinations=((0,), (1,))), new_cert_uri='https://acme-v01.api.letsencrypt.org/acme/new-cert', uri='https://acme-v01.api.letsencrypt.org/acme/authz/S5-JE4rNYkF5nN4i3WelgLl5kdJGTQcCs41rnvpHPyE')

jespertheend · December 19, 2015, 9:18pm

I fixed this problem by modifying the client.py file in /root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py (link)
I commented out these two lines:

if authzr.body.identifier != identifier:
    raise errors.UnexpectedUpdate(authzr)

in the _authzr_from_response method.

Probably not the best solution but at least it works.

Spork_Schivago · January 20, 2016, 4:57am

Oh! I think I know what might be going on. I had a similar problem. I think jespertheend’s solution shined some light on it for me. For me, I was using -d www.JetBBS.com -d JetBBS.com

It was erroring out. But when I put -d www.jetbbs.com -d jetbbs.com, it seemed to go through. I noticed in the log, when I was using -d www.JetBBS.com -d JetBBS.com, it was replacing it with www.jetbbs.com and jetbbs.com.

www.JetBBS.com != www.jetbbs.com
Maybe the authzr.body.indentifier or identifier gets set from the -d switch and if we use capitalized letters, when it does the compare against lower cases, because they don’t match, they fail.

Did anyone who had trouble with it failing use capitalized letters, like I did?

Spork_Schivago · January 20, 2016, 5:04am

I think I’m right on this. I just tried but I modified the client.py script to print out the values of authzr.body.identifier and identifier. This is what they were populated with:

authzr.body.identifier:  Identifier(typ=IdentifierType(dns), value=u'www.jetbbs.com')
identifier:              Identifier(typ=IdentifierType(dns), value='www.JetBBS.com')

ziggymo · October 1, 2017, 8:16pm

Thanks - lowercasing my domains worked!

Spork_Schivago · October 2, 2017, 6:10pm

You’re welcome. I wish this wasn’t the case, I wish we could use capitalized domain names, but I guess it could cause issues. In my mind, Example.com and example.com should be considered the same domain. I wonder if there’s a way to use rewrite rules or something so when visitors visit example.com, it shows as eXample.com or something like that, in the address bar…that’d be cool.

jsha · October 2, 2017, 6:42pm

@ziggymo, @Spork_Schivago: What version of certbot are you running? I thought we had fixed this issue.

Spork_Schivago · October 2, 2017, 11:25pm

jsha,

It might be fixed in the newer versions of certbot. Because originally, I fixed the problem, I haven’t tried registering a domain with capital letters in it. I just assumed because ziggymo thanked me a day or so ago, saying the lower case fixed the problem, that the problem still existed. Sorry for the confusion.

ziggymo · October 3, 2017, 5:13am

It may actually be fixed though I’m using a third-party library that’s likely calling an older version.