Updating registration fails with HTTP 500, ISE

My domain is: admin.konzilo.com

I ran this command: certbot register --update-registration

It produced this output: An unexpected error occurred:
The server experienced an internal error :: Unable to update registration
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version): nginx version: nginx/1.8.0

The operating system my web server runs on is (include version): Ubuntu 14.04.3 LTS

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

certbot --version

certbot 0.17.0

Part of the log file:

2017-09-19 09:25:45,472:DEBUG:acme.client:JWS payload:
{
“contact”: [
"mailto:somemail@mydomain.com"
],
“resource”: “reg”,
“agreement”: “https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf”,
“key”: {
“e”: “AQAB”,
“kty”: “RSA”,
“n”: “[…snip…]”
}
}
2017-09-19 09:25:45,476:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/reg/5333102:
{
“protected”: “[…snip…]”,
“payload”: “[…snip…]”,
“signature”: “[…snip…]”
}
2017-09-19 09:25:45,830:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “POST /acme/reg/5333102 HTTP/1.1” 500 107
2017-09-19 09:25:45,832:DEBUG:acme.client:Received response:
HTTP 500
Server: nginx
Content-Type: application/problem+json
Content-Length: 107
Boulder-Requester: 5333102
Replay-Nonce: -SFJZuBeTv6pfC9AVcEuYgOR_EAbKTO7gaHhwJsrCq8
Expires: Tue, 19 Sep 2017 09:25:45 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 19 Sep 2017 09:25:45 GMT
Connection: close

{
“type”: “urn:acme:error:serverInternal”,
“detail”: “Unable to update registration”,
“status”: 500
}
2017-09-19 09:25:45,832:DEBUG:acme.client:Storing nonce: -SFJZuBeTv6pfC9AVcEuYgOR_EAbKTO7gaHhwJsrCq8
2017-09-19 09:25:45,832:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.17.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 753, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 466, in register
body=acc.regr.body.update(contact=(‘mailto:’ + config.email,))))
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 131, in update_registration
updated_regr = self._send_recv_regr(regr, body=body)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 106, in _send_recv_regr
response = self.net.post(regr.uri, body)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 682, in post
return self._post_once(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 695, in _post_once
return self._check_response(response, content_type=content_type)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 582, in _check_response
raise messages.Error.from_json(jobj)
Error: urn:acme:error:serverInternal :: The server experienced an internal error :: Unable to update registration

Hi @letharion,

Check this post, maybe the error is just because you are not specifiying the parameter --email yournew@mailaddress.tld

Cheers,
sahsanu

Thanks @sahsanu the client interactively asks for an e-mail, which I provide. I’ve tried adding the e-mail as a parameter instead, with the same result and error message.

I also tried changing the e-mail to another one, just for testing, but that didn’t help either.

@letharion, It is strange, I’ve tested it 1 minute ago and it works:

IMPORTANT NOTES:
 - Your e-mail address was updated to ---@-----.---

Could you please try again?. Maybe the underliying issue has been resolved.

$ certbot --version
certbot 0.17.

@sahsanu: Nope, same issue here for a different domain, still does not work:

{
“type”: “urn:acme:error:serverInternal”,
“detail”: “Unable to update registration”,
“status”: 500
}
2017-09-19 11:34:58,015:DEBUG:acme.client:Storing nonce: XXX
2017-09-19 11:34:58,015:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.17.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 753, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 466, in register
body=acc.regr.body.update(contact=(‘mailto:’ + config.email,))))
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 131, in update_registration
updated_regr = self._send_recv_regr(regr, body=body)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 106, in _send_recv_regr
response = self.net.post(regr.uri, body)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 682, in post
return self._post_once(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 695, in _post_once
return self._check_response(response, content_type=content_type)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 582, in _check_response
raise messages.Error.from_json(jobj)
Error: urn:acme:error:serverInternal :: The server experienced an internal error :: Unable to update registration

@moritz, I can’t reproduce it so let’s see if @jsha or @cpu have a clue :wink:

I also made another attempt at changing the mail, to two different e-mails, and I still see the failure.

Hi @letharion,

I’ve started to look into this. I will report back when I know more. Thanks for flagging the issue! (And thanks @sahsanu for tagging me in!)

1 Like

@cpu Thank you, I’m happy to get on IRC if more quick back and forth would help in reproducing the issue.

@cpu btw: for two of my domains it worked perfectly, for two others with the same certbot version (but on a different box) this error occured. If I can help in any way - let me know.

Hi @letharion,

Thanks for the offer - I'm still reviewing the code in question. I haven't been able to reproduce the bug locally with Boulder & Certbot. I don't have any questions at the moment but I will ping you if I do. I'm ccppuu on Freenode, what is your nick?

Hi @moritz - I'm a bit confused by this report. The email address is per-registration not per-domain. Do you mean you were able to update the registration/account details for one of your accounts, but not others? If so it may be helpful to have the account ID of a "working" account and a "broken" account to compare across.

Thanks!

@cpu: 9583836 does not work, 8226412 worked.

1 Like

@cpu 9621422 did not work, whereas 9622163 does work.

I’ve spent a couple hours trying to isolate the regression. I think there are two probable commits that may have introduced the problem but haven’t had any luck reproducing it locally or understanding the reason for the failure. I’ve had to put the brakes on digging any deeper today but there’s a Boulder bug (https://github.com/letsencrypt/boulder/issues/3108) to track finding a fix.

1 Like

Hi again @letharion, @moritz

I wanted to leave a quick update for you. I’ve figured out the bug and was able to both reproduce it locally and develop a fix. Thanks again for your help/data! I’m working on adding an integration test and will have a pull-request out shortly.

I talked to some folks internally and since we’re short-staffed this week and the impact of the bug is fairly minimal (account contact information and key rollover requests are not working) we’re going to let this fix go out as part of the usual release next Thursday (Sept 28th). I’ll be posting an API Announcement shortly to communicate the status of the broken endpoint and the fix date.

I apologize about the inconvenience!

1 Like

Another follow-up:

The pull-request with the fix & a new test is now out for review: https://github.com/letsencrypt/boulder/pull/3113

I’ve also posted an API announcement to indicate that we are unfortunately not going to be able to fix this bug in production until next week: Update Registration/Key Rollover Temporarily Unavailable

@letharion, @moritz - Thank you both again for reporting the problem and helping diagnose the cause.

1 Like

@cpu Thanks for the fix. Will try again on/after the 28th. :slight_smile:

1 Like

Hi again @letharion, @moritz - the fix has been deployed to production. You should now be able to update your registration info without error. Please let me know if you have any additional trouble!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.