Update to Certbot last version on Debian 8/NGinx


#1

Hello everyone, I have the SSL certificate on my mail server that has expired, I tried to renew it, but no command worked. I remembered it was an older version of LetsEncrypt. So I installed Certbot, but I’m afraid there is now a double configuration. Here is the message at the end of the installation.

My domain is: srv-mail.kameleonfr
My web server is (include version): Debian Jessie (GNU/Linux 4.5.7-std-3 x86_64 )

It produced this output:

Attempting to parse the version 0.26.0 renewal configuration file found at /etc/letsencrypt/renewal/srv-mail.kameleon.fr.conf with version 0.10.2 of Certbot. This might not work.
Obtaining a new certificate
An unexpected error occurred:
The request message was malformed :: Error creating new authz :: Name does not end in a public suffix
Please see the logfiles in /var/log/letsencrypt for more details.

IMPORTANT NOTES:

  • If you lose your account credentials, you can recover through
    e-mails sent to kameleon1er@gmail.com.
  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.
    root@srv-mail:/etc/letsencrypt#

Thanks for your help.


#2

Hi @kameleon1er

your configuration file is too old. But you can use certbot directly, not with the renew option

sudo certbot

Then the new configuration should be saved. Or empty your /etc/letsencrypt/renewal - folder (create a backup before).

Isn’t this a typo? srv-mail.kameleonfr instead of srv-mail.kameleon.fr - one dot is missing.


#3

Hi Juergen, thanks for help :slight_smile:

Blockquote Isn’t this a typo? srv-mail.kameleonfr

-Yes it is :wink:

I’m doing what you say and I’m not sure what I have to put after the Certbot last line :

1: Place files in webroot directory (webroot)
2: Spin up a temporary webserver (standalone)

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel):srv-mail.kameleon.fr
Attempting to parse the version 0.26.0 renewal configuration file found at /etc/letsencrypt/renewal/srv-mail.kameleon.fr.conf with version 0.10.2 of Certbot. This might not work.
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for srv-mail.kameleon.fr

Select the webroot for srv-mail.kameleon.fr:

1: Enter a new webroot

Press 1 [enter] to confirm the selection (press ‘c’ to cancel): 1
Input the webroot for srv-mail.kameleon.fr: (Enter ‘c’ to cancel):


#4

Certbot want’s your webroot, the path your nginx loads your index - page of

http://srv-mail.kameleon.fr/

So check your nginx - configuration, there should be a name “root” with the webroot.


#5

Mmm… I found this :

root /var/www/html;

Do I write the complete path like : /var/www/html ?

Thanks


#6

Looks good (20 character)


#7

Woww !!! :

Input the webroot for srv-mail.kameleon.fr: (Enter ‘c’ to cancel):/var/www
Waiting for verification…
Resetting dropped connection: acme-v01.api.letsencrypt.org
Resetting dropped connection: acme-v01.api.letsencrypt.org
Cleaning up challenges
Failed authorization procedure. srv-mail.kameleon.fr (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://srv-mail.kameleon.fr/.well-known/acme-challenge/786DbcTJU1iX0vCax6fPGHB_ZXVSgEktGD2b9cou8Lo: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n

IMPORTANT NOTES:


#8

I have to check this subdomain configuration i guess.


#9

Your “/html” is missing


#10

Woahooo :smiley: You save my day !!! Merci :

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/srv-mail.kameleon.fr/fullchain.pem. Your cert
    will expire on 2019-01-14. To obtain a new or tweaked version of
    this certificate in the future, simply run certbot again. To
    non-interactively renew all of your certificates, run “certbot
    renew”

#11

But … :face_with_raised_eyebrow:

SSL Report: srv-mail.kameleon.fr (163.172.150.10)
Assessed on: Tue, 16 Oct 2018 15:35:12 UTC

Assessment failed: Unable to connect to the server


#12

Firewall? No running webserver?


#13

Ok, I’m really newbie with Nginx, I forgot to stop and restart the server. Done ! Now on “crt.sh” I see the cert :

https://crt.sh/?id=867799834

Yes, maybe firewall issue. I will ask my colleague who deployed this server. In any case, the certificate is present, it’s a good start. :slight_smile:

Thanks again for your time. Have a good day :wink:


#14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.