Let's Encrypt doesn't work

Discussion in 'General' started by mymmo73, Nov 11, 2020.

  1. mymmo73

    mymmo73 Member

    Hi, I installed ispconfig 3.2 on debian 10, I installed a site and up to here everything was fine, yesterday I installed a second site, the ssl problem did not work I found a video in a thread that reproduces mine same problem:
    I have read many discussions on this forum but I have not found anything that could solve my problem, as I already have a site installed on the same server and Let's Encrypt works perfectly, in fact it creates the certificates without problem, but with the new domain it does not work, the DNS part is configured the same as the working domain also because both domains have the same provider, in the Let's Encrypt - Log I noticed that there are errors but I don't know how to intervene:
    Code:
    }
    2020-11-11 00:38:03,123:DEBUG:certbot.cert_manager:Renewal conf file /etc/letsencrypt/renewal/tradingforum.it.conf is broken. Skipping.
    2020-11-11 00:38:03,125:DEBUG:certbot.cert_manager:Traceback was:
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/certbot/cert_manager.py", line 383, in _search_lineages
        candidate_lineage = storage.RenewableCert(renewal_file, cli_config)
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
        "file reference".format(self.configfile))
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
    2020-11-11 00:38:03,129:INFO:certbot.main:Obtaining a new certificate
    2020-11-11 00:38:03,496:DEBUG:certbot.crypto_util:Generating key (4096 bits): /etc/letsencrypt/keys/0036_key-certbot.pem
    2020-11-11 00:38:03,509:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0036_csr-certbot.pem
    2020-11-11 00:38:03,510:DEBUG:acme.client:Requesting fresh nonce
    2020-11-11 00:38:03,510:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
    2020-11-11 00:38:03,646:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
    2020-11-11 00:38:03,648:DEBUG:acme.client:Received response:
    HTTP 200
    Server: nginx
    Date: Tue, 10 Nov 2020 23:38:03 GMT
    Connection: keep-alive
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Replay-Nonce: 0103n4LFu-FDHcE6OlC2YnRMMobcOy4Dv7v1cZFXD9Ippqk
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    2020-11-11 00:38:03,649:DEBUG:acme.client:Storing nonce: 0103n4LFu-FDHcE6OlC2YnRMMobcOy4Dv7v1cZFXD9Ippqk
    2020-11-11 00:38:03,649:DEBUG:acme.client:JWS payload:
    b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "inps-bonus.it"\n    }\n  ]\n}'
    2020-11-11 00:38:03,666:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
    {
      "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTkyMTM2MjYiLCAibm9uY2UiOiAiMDEwM240TEZ1LUZESGNFNk9sQzJZblJNTW9iY095NER2N3YxY1pGWEQ5SXBwcWsiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
      "signature": "UJ9Y78bk5Pw8eHOn4OMHG5cC6xg8P_Nh3fwX8jGWF6UwAT7f6qgR3QcNAsktvdi511iJLxruOGI74pfvYfA7bw5KW-slYfBRpsBp8N9Zk5qFp0q9ghfW_7dTiseBwfcliLeGGLI_RatsaeGBqLGH1xHW8emFmFCUGTrW3c27FPZOrpCg-hmKaNx1GH87q7Zl8QeMXiRPXtzHXV9OYlXNxyOV5OqpRbJy1f2XXHNx-i60GTUCgLenacpligBaOT5Acn44rDzf75sFyjo67xM1xKU0mERpEwy9GAQQEwe5MQ9h_6s9gq8bl1HmzdmZDezCpgx4v5IQSXj6gUcADJOJ53ZS6H5eK3GyhZnh56Y6vVePCF8VelLxcBXppxRr0FYGMeLjUyuoBx2qbqXe0m7tVSFZiyLsjKXBihHD5wgrrn8hjjbvz6Rcuc7l2qPDXHiPG3Ea2lz1MHXxBqagLgLVfz9B8EXMgvGmhdQ14HcR2FanbTDpyoF4ofPuKutC30W2bNegpUz8CdFYYBXYLccLZuAxogHXs4g6V-E285QhePSde2HzhJKAGFuQZy2YLrkeB0iEMbzcYuLakQSqaw8xHaOQXjvwVM_CwjcW2av3OqzK1JnGIMLsF5QojHvBRx_yfUg3r6qZTYox2zZCsdmo-H4v62mv7novWhfNyBliMKE",
      "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImlucHMtYm9udXMuaXQiCiAgICB9CiAgXQp9"
    }
    2020-11-11 00:38:03,969:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 429 201
    2020-11-11 00:38:03,970:DEBUG:acme.client:Received response:
    HTTP 429
    Server: nginx
    Date: Tue, 10 Nov 2020 23:38:03 GMT
    Content-Type: application/problem+json
    Content-Length: 201
    Connection: keep-alive
    Boulder-Requester: 99213626
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Replay-Nonce: 0104CglmMf1wF9t19gn8Buwgbm1ZUoz0GzCTRNgMj4ttK-A
    {
      "type": "urn:ietf:params:acme:error:rateLimited",
      "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
      "status": 429
    }
    2020-11-11 00:38:03,970:DEBUG:certbot.log:Exiting abnormally:
    Traceback (most recent call last):
      File "/usr/bin/letsencrypt", line 11, in <module>
        load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
        return config.func(config, plugins)
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1250, in certonly
        lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
        lineage = le_client.obtain_and_enroll_certificate(domains, certname)
      File "/usr/lib/python3/dist-packages/certbot/client.py", line 410, in obtain_and_enroll_certificate
        cert, chain, key, _ = self.obtain_certificate(domains)
      File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
        orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
      File "/usr/lib/python3/dist-packages/certbot/client.py", line 385, in _get_order_and_authorizations
        orderr = self.acme.new_order(csr_pem)
      File "/usr/lib/python3/dist-packages/acme/client.py", line 889, in new_order
        return self.client.new_order(csr_pem)
      File "/usr/lib/python3/dist-packages/acme/client.py", line 672, in new_order
        response = self._post(self.directory['newOrder'], order)
      File "/usr/lib/python3/dist-packages/acme/client.py", line 96, in _post
        return self.net.post(*args, **kwargs)
      File "/usr/lib/python3/dist-packages/acme/client.py", line 1204, in post
        return self._post_once(*args, **kwargs)
      File "/usr/lib/python3/dist-packages/acme/client.py", line 1218, in _post_once
        response = self._check_response(response, content_type=content_type)
      File "/usr/lib/python3/dist-packages/acme/client.py", line 1073, in _check_response
        raise messages.Error.from_json(jobj)
    acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
    2020-11-11 00:38:03,973:ERROR:certbot.log:An unexpected error occurred:
    2020-11-11 00:38:03,973:ERROR:certbot.log:There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
    2020-11-11 00:38:04,420:DEBUG:certbot.main:certbot version: 0.31.0
    2020-11-11 00:38:04,421:DEBUG:certbot.main:Arguments: ['--domains', 'inps-bonus.it']
    2020-11-11 00:38:04,422:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
    2020-11-11 00:38:04,432:DEBUG:certbot.log:Root logging level set at 20
    2020-11-11 00:38:04,432:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
    2020-11-11 00:38:04,436:WARNING:certbot.cert_manager:Renewal configuration file /etc/letsencrypt/renewal/tradingforum.it.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.
    2020-11-11 00:38:04,437:DEBUG:certbot.cert_manager:Traceback was:
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/certbot/cert_manager.py", line 79, in certificates
        renewal_candidate = storage.RenewableCert(renewal_file, config)
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
        "file reference".format(self.configfile))
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
    thank you in advance for your help ..
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  3. mymmo73

    mymmo73 Member

    I believe that the problem you are reporting to me is due to various attempts I have made to set the certificate, not knowing that there was a limit to the creation of certificates. Is it possible that the root cause of the problem reported in this line?
    Code:
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
     
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    That could be the case, but I think it's more likely that you reached the per domain limit, and the site you can't issue a cert for has a different domain.

    Do you have any special settings for that web - proxy, redirect, etc?
    Go through the LE FAQ: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/
    Do you have more certbot errors earlier in the log file or in a older log file, so we can find the reason the cert isn't issued and the limit is reached?
     
  5. mymmo73

    mymmo73 Member

    on the domain in question I have no active proxy or redirect, considering that on the server I have a site that works regularly with Let's Encrypt, I exclude the suggestions reported in the link you suggested, as the veb server has been installed no more than 15 days ago does then all what I installed above is all updated to the latest version, in the meantime I publish yet another Let's Encrypt log, in the hope that something new has come out that helps us to solve the problem, thank you for your patience
    Code:
    renewal_candidate = storage.RenewableCert(full_path, config)
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
        "file reference".format(self.configfile))
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
    2020-11-11 03:00:08,444:WARNING:certbot.renewal:Renewal configuration file /etc/letsencrypt/renewal/tradingforum.it.conf is broken. Skipping.
    2020-11-11 03:00:08,444:DEBUG:certbot.renewal:Traceback was:
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 67, in _reconstitute
        renewal_candidate = storage.RenewableCert(full_path, config)
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
        "file reference".format(self.configfile))
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
    2020-11-11 03:00:08,448:INFO:certbot.renewal:Cert not yet due for renewal
    2020-11-11 03:00:08,449:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2020-11-11 03:00:08,450:DEBUG:certbot.log:Exiting abnormally:
    Traceback (most recent call last):
      File "/bin/letsencrypt", line 11, in <module>
        load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
        return config.func(config, plugins)
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
        renewal.handle_renewal_request(config)
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 477, in handle_renewal_request
        len(renew_failures), len(parse_failures)))
    certbot.errors.Error: 0 renew failure(s), 1 parse failure(s)
    2020-11-11 11:19:44,139:DEBUG:certbot.main:certbot version: 0.31.0
    2020-11-11 11:19:44,141:DEBUG:certbot.main:Arguments: ['-q']
    2020-11-11 11:19:44,141:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
    2020-11-11 11:19:44,148:DEBUG:certbot.log:Root logging level set at 30
    2020-11-11 11:19:44,148:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
    2020-11-11 11:19:44,155:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7fdeccc23ef0> and installer <certbot.cli._Default object at 0x7fdeccc23ef0>
    2020-11-11 11:19:44,162:INFO:certbot.renewal:Cert not yet due for renewal
    2020-11-11 11:19:44,163:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2020-11-11 11:19:44,163:WARNING:certbot.renewal:
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 67, in _reconstitute
        renewal_candidate = storage.RenewableCert(full_path, config)
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
        "file reference".format(self.configfile))
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
    2020-11-11 11:19:44,165:WARNING:certbot.renewal:Renewal configuration file /etc/letsencrypt/renewal/tradingforum.it.conf is broken. Skipping.
    2020-11-11 11:19:44,166:DEBUG:certbot.renewal:Traceback was:
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 67, in _reconstitute
        renewal_candidate = storage.RenewableCert(full_path, config)
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
        "file reference".format(self.configfile))
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
    2020-11-11 11:19:44,169:INFO:certbot.renewal:Cert not yet due for renewal
    2020-11-11 11:19:44,170:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2020-11-11 11:19:44,170:DEBUG:certbot.log:Exiting abnormally:
    Traceback (most recent call last):
      File "/usr/bin/certbot", line 11, in <module>
        load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
        return config.func(config, plugins)
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
        renewal.handle_renewal_request(config)
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 477, in handle_renewal_request
        len(renew_failures), len(parse_failures)))
    certbot.errors.Error: 0 renew failure(s), 1 parse failure(s)
    2020-11-11 14:16:11,670:DEBUG:certbot.main:certbot version: 0.31.0
    2020-11-11 14:16:11,671:DEBUG:certbot.main:Arguments: ['-q']
    2020-11-11 14:16:11,671:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
    2020-11-11 14:16:11,679:DEBUG:certbot.log:Root logging level set at 30
    2020-11-11 14:16:11,679:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
    2020-11-11 14:16:11,686:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7f5936371e80> and installer <certbot.cli._Default object at 0x7f5936371e80>
    2020-11-11 14:16:11,693:INFO:certbot.renewal:Cert not yet due for renewal
    2020-11-11 14:16:11,694:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2020-11-11 14:16:11,694:WARNING:certbot.renewal:
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 67, in _reconstitute
        renewal_candidate = storage.RenewableCert(full_path, config)
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
        "file reference".format(self.configfile))
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
    2020-11-11 14:16:11,696:WARNING:certbot.renewal:Renewal configuration file /etc/letsencrypt/renewal/tradingforum.it.conf is broken. Skipping.
    2020-11-11 14:16:11,697:DEBUG:certbot.renewal:Traceback was:
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 67, in _reconstitute
        renewal_candidate = storage.RenewableCert(full_path, config)
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
        "file reference".format(self.configfile))
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
    2020-11-11 14:16:11,700:INFO:certbot.renewal:Cert not yet due for renewal
    2020-11-11 14:16:11,701:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2020-11-11 14:16:11,701:DEBUG:certbot.log:Exiting abnormally:
    Traceback (most recent call last):
      File "/usr/bin/certbot", line 11, in <module>
        load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
        return config.func(config, plugins)
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
        renewal.handle_renewal_request(config)
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 477, in handle_renewal_request
        len(renew_failures), len(parse_failures)))
    certbot.errors.Error: 0 renew failure(s), 1 parse failure(s)
     
  6. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Is interesting, what does that file contain?
     
  7. mymmo73

    mymmo73 Member

    tradingforum.it is the domain where Let's Encrypt works perfectly, this is the contents of the file there is practically nothing
    Code:
    [email protected]:~# less /etc/letsencrypt/renewal/tradingforum.it.conf
    
    
    
    /etc/letsencrypt/renewal/tradingforum.it.conf (END)
    
    not if i ran the right command to see what's in the file, it looks like there is nothing..
     
  8. ahrasis

    ahrasis Well-Known Member

    That is a problem as LE certs renewal file cannot simply be empty. It is best to wait for a week (since you seemed to have hit the limit), removed that domain files and path completely, and then request for a new certs for that domain.

    Alternatively, fix that renewal file, if you know how.
     
  9. mymmo73

    mymmo73 Member

    I do not know how to modify the file, however I deleted the site, in the meantime I make a new installation of wordpress at the expiry of 7 days I try to recreate a new certificate, so let's see what happens, I will keep you updated, in the meantime thanks
     
  10. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    You will have to delete the certificate manually as this currently doesn't happen when deleting the site. You can do this with
    Code:
    /opt/eff.org/certbot/venv/bin/certbot
    and then selecting the correct cert.
     
  11. mymmo73

    mymmo73 Member

    I'm a bit confused, when I go to the encrypted path I find the 2 certificates of the 2 sites that work, so I can't find the certificate of the third site affected by the problem which is inps-bonus.it, I hope I have explained ...
    Code:
    [email protected]:/etc/letsencrypt/renewal# ls
    tradingforum.it-0001.conf  tradingforum.it.conf~backup
    tradingforum.it.conf       viaggiorganizzato.com.conf
    [email protected]:/etc/letsencrypt/renewal#
     
  12. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Try creating a new cert next monday. iirc the rate limits are reset on monday.
     
  13. mymmo73

    mymmo73 Member

    ok I'll update you on Monday thanks ..
     
  14. mymmo73

    mymmo73 Member

    good morning everyone, I tried again this morning to create a new certificate, but the error persists, I also did a fresh installation of the site is the log:
    Code:
        renewal_candidate = storage.RenewableCert(full_path, config)
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
        "file reference".format(self.configfile))
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
    2020-11-15 13:30:29,164:WARNING:certbot.renewal:Renewal configuration file /etc/letsencrypt/renewal/tradingforum.it.conf is broken. Skipping.
    2020-11-15 13:30:29,165:DEBUG:certbot.renewal:Traceback was:
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 67, in _reconstitute
        renewal_candidate = storage.RenewableCert(full_path, config)
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
        "file reference".format(self.configfile))
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
    2020-11-15 13:30:29,167:INFO:certbot.renewal:Cert not yet due for renewal
    2020-11-15 13:30:29,168:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2020-11-15 13:30:29,168:DEBUG:certbot.log:Exiting abnormally:
    Traceback (most recent call last):
      File "/usr/bin/certbot", line 11, in <module>
        load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
        return config.func(config, plugins)
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
        renewal.handle_renewal_request(config)
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 477, in handle_renewal_request
        len(renew_failures), len(parse_failures)))
    certbot.errors.Error: 0 renew failure(s), 1 parse failure(s)
    2020-11-16 03:00:08,661:DEBUG:certbot.main:certbot version: 0.31.0
    2020-11-16 03:00:08,662:DEBUG:certbot.main:Arguments: ['-n', '--post-hook', "echo '1' > /usr/local/ispconfig/server/le.restart"]
    2020-11-16 03:00:08,662:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
    2020-11-16 03:00:08,670:DEBUG:certbot.log:Root logging level set at 20
    2020-11-16 03:00:08,671:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
    2020-11-16 03:00:08,681:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7f5c2b7b2e80> and installer <certbot.cli._Default object at 0x7f5c2b7b2e80>
    2020-11-16 03:00:08,691:INFO:certbot.renewal:Cert not yet due for renewal
    2020-11-16 03:00:08,693:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2020-11-16 03:00:08,694:WARNING:certbot.renewal:
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 67, in _reconstitute
        renewal_candidate = storage.RenewableCert(full_path, config)
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
        "file reference".format(self.configfile))
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
    2020-11-16 03:00:08,697:WARNING:certbot.renewal:Renewal configuration file /etc/letsencrypt/renewal/tradingforum.it.conf is broken. Skipping.
    2020-11-16 03:00:08,698:DEBUG:certbot.renewal:Traceback was:
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 67, in _reconstitute
        renewal_candidate = storage.RenewableCert(full_path, config)
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
        "file reference".format(self.configfile))
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
    2020-11-16 03:00:08,705:INFO:certbot.renewal:Cert not yet due for renewal
    2020-11-16 03:00:08,706:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2020-11-16 03:00:08,706:DEBUG:certbot.log:Exiting abnormally:
    Traceback (most recent call last):
      File "/bin/letsencrypt", line 11, in <module>
        load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
        return config.func(config, plugins)
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
        renewal.handle_renewal_request(config)
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 477, in handle_renewal_request
        len(renew_failures), len(parse_failures)))
    certbot.errors.Error: 0 renew failure(s), 1 parse failure(s)
    2020-11-16 08:57:04,203:DEBUG:certbot.main:certbot version: 0.31.0
    2020-11-16 08:57:04,206:DEBUG:certbot.main:Arguments: ['-q']
    2020-11-16 08:57:04,206:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
    2020-11-16 08:57:04,220:DEBUG:certbot.log:Root logging level set at 30
    2020-11-16 08:57:04,220:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
    2020-11-16 08:57:04,231:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7fd65d679fd0> and installer <certbot.cli._Default object at 0x7fd65d679fd0>
    2020-11-16 08:57:04,242:INFO:certbot.renewal:Cert not yet due for renewal
    2020-11-16 08:57:04,243:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2020-11-16 08:57:04,244:WARNING:certbot.renewal:
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 67, in _reconstitute
        renewal_candidate = storage.RenewableCert(full_path, config)
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
        "file reference".format(self.configfile))
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
    2020-11-16 08:57:04,247:WARNING:certbot.renewal:Renewal configuration file /etc/letsencrypt/renewal/tradingforum.it.conf is broken. Skipping.
    2020-11-16 08:57:04,247:DEBUG:certbot.renewal:Traceback was:
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 67, in _reconstitute
        renewal_candidate = storage.RenewableCert(full_path, config)
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
        "file reference".format(self.configfile))
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
    2020-11-16 08:57:04,253:INFO:certbot.renewal:Cert not yet due for renewal
    2020-11-16 08:57:04,254:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2020-11-16 08:57:04,254:DEBUG:certbot.log:Exiting abnormally:
    Traceback (most recent call last):
      File "/usr/bin/certbot", line 11, in <module>
        load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
        return config.func(config, plugins)
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
        renewal.handle_renewal_request(config)
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 477, in handle_renewal_request
        len(renew_failures), len(parse_failures)))
    certbot.errors.Error: 0 renew failure(s), 1 parse failure(s)
     
  15. ahrasis

    ahrasis Well-Known Member

    This log says you are trying to renew the certs for tradingforum.it but failed which is due to its renewal conf file (/etc/letsencrypt/renewal/tradingforum.it.conf) is broken. I already highlighted the problem and mentioned the solution for this above.
    The command I'd suggest is something like the following:
    Code:
    rm -rf /etc/letsencrypt/*/tradingforum.it*
    Only request LE SSL certs for that domain after you have deleted that domain cert files and path completely otherwise the code will still request to renew and fail again.
     
  16. mymmo73

    mymmo73 Member

    with the command you suggested I deleted the file tradingforum.it.conf then I created another certificate but nothing has changed, but I wanted to highlight the fact that the tradingforum.it domain has no problem regarding the certificate, it works perfectly
    Code:
    [email protected]:/etc/letsencrypt/renewal# ls
    tradingforum.it-0001.conf    viaggiorganizzato.com.conf
    tradingforum.it.conf~backup
    [email protected]:/etc/letsencrypt/renewal#
    so the domain for which I want to create the certificate is not shown in this directory because it can't create it I think
     
  17. mymmo73

    mymmo73 Member

    if i delete all these files do you think i will solve the situation? I'm afraid of compromising even tradingforum.it and viaggiorganizzato.com what do you suggest?
     
  18. ahrasis

    ahrasis Well-Known Member

    Best practise is always to make a proper backup first and this is expected from any server administrator experienced or otherwise, though we as human sometimes do forget to mention it.

    I did mention that you can also fix the broken renewal conf file and one of the way to fix this is actually checking your backup if you have a good copy of it and if you have any, you can restore it.
     
  19. mymmo73

    mymmo73 Member

    I don't know where to start making a backup, but I have the active backup on the wordpress site, but I think that has nothing to do with the right certificate?
     
  20. nhybgtvfr

    nhybgtvfr Active Member

    making a backup is just a case of copying files or directories to another location / device, either as is, or as a compressed tar / zip / gz etc archives. ideally including a datestamp and timestamp somewhere, ideally either added to the file/directory name itself, or as part of the archives filename or folder path.
    if it's a case of a one off event, troubleshooting, etc, do this manually, otherwise, as on ongoing backup/safety strategy, form a suitable command, or script, and call if from a cron job set to run at suitable intervals.
    i suggest you start learning how to create and automate backups asap. if you don't know how to create a backup, then you're inexperienced enough that you're likely to end up doing something that will you will need a backup to restore to get your system working again.
     

Share This Page