Malformed message creating Letsencrypt certificate

Hello,
Recently, when I try to activate the Let's Encrypt option, the certificate is created but the process is not completed correctly.

The first time I try to activate the certificate and run the server.sh script everything seems to be correct. On the next occasion the script tells me that the certificate has already been created:

Code:

root@panel:~# /usr/local/ispconfig/server/server.sh

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert not yet due for renewal
Keeping the existing certificate
finished.

but checking /var/log/letsencrypt/letsencrypt.log I see the error " urn:ietfarams:acme:error:malformed :: The request message was malformed :: Invalid Content-Type header on POST. Content-Type must be "application/jose+json" ":

Code:

2019-04-24 18:34:33,878:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/cert/03d3bf0c1a74cbe9afdae7dc23421599a96b HTTP/1.1" 415 168
2019-04-24 18:34:33,879:DEBUG:acme.client:Received response:
HTTP 415
Server: nginx
Content-Type: application/problem+json
Content-Length: 168
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: vkVWuz9Gngn_bc5oE7_G_QD5sNtA_0tYW_Vfsm_GHeY
Expires: Wed, 24 Apr 2019 16:34:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 24 Apr 2019 16:34:33 GMT
Connection: close

{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Invalid Content-Type header on POST. Content-Type must be \"application/jose+json\"",
  "status": 415
}
2019-04-24 18:34:33,879:DEBUG:acme.client:Error during a POST-as-GET request, your ACME CA may not support it:
urn:ietf:params:acme:error:malformed :: The request message was malformed :: Invalid Content-Type header on POST. Content-Type must be "application/jose+json"
2019-04-24 18:34:33,879:DEBUG:acme.client:Retrying request with GET.
2019-04-24 18:34:33,879:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/cert/03d3bf0c1a74cbe9afdae7dc23421599a96b.
2019-04-24 18:34:33,880:DEBUG:urllib3.connectionpool:Resetting dropped connection: acme-v02.api.letsencrypt.org
2019-04-24 18:34:34,144:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /acme/cert/03d3bf0c1a74cbe9afdae7dc23421599a96b HTTP/1.1" 200 3912
2019-04-24 18:34:34,145:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/pem-certificate-chain
Content-Length: 3912
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 24 Apr 2019 16:34:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 24 Apr 2019 16:34:34 GMT
Connection: keep-alive

-----BEGIN CERTIFICATE-----
(hiden)
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
(hiden)
-----END CERTIFICATE-----

2019-04-24 18:34:34,146:DEBUG:certbot.storage:Archive directory /etc/letsencrypt/archive/domain.es and live directory /etc/letsencrypt/live/domain.es created.
2019-04-24 18:34:34,146:DEBUG:certbot.storage:Writing certificate to /etc/letsencrypt/live/domain.es/cert.pem.
2019-04-24 18:34:34,146:DEBUG:certbot.storage:Writing private key to /etc/letsencrypt/live/domain.es/privkey.pem.
2019-04-24 18:34:34,146:DEBUG:certbot.storage:Writing chain to /etc/letsencrypt/live/domain.es/chain.pem.
2019-04-24 18:34:34,146:DEBUG:certbot.storage:Writing full chain to /etc/letsencrypt/live/domain.es/fullchain.pem.
2019-04-24 18:34:34,146:DEBUG:certbot.storage:Writing README to /etc/letsencrypt/live/domain.es/README.
2019-04-24 18:34:34,152:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer <certbot.cli._Default object at 0x7f892f05a438>
2019-04-24 18:34:34,156:DEBUG:certbot.cli:Var authenticator=webroot (set by user).
2019-04-24 18:34:34,159:DEBUG:certbot.cli:Var webroot_path=/usr/local/ispconfig/interface/acme (set by user).
2019-04-24 18:34:34,160:DEBUG:certbot.cli:Var webroot_path=/usr/local/ispconfig/interface/acme (set by user).
2019-04-24 18:34:34,160:DEBUG:certbot.cli:Var webroot_map={'webroot_path'} (set by user).
2019-04-24 18:34:34,161:DEBUG:certbot.cli:Var server=https://acme-v02.api.letsencrypt.org/directory (set by user).
2019-04-24 18:34:34,163:DEBUG:certbot.cli:Var server=https://acme-v02.api.letsencrypt.org/directory (set by user).
2019-04-24 18:34:34,163:DEBUG:certbot.cli:Var account={'server'} (set by user).
2019-04-24 18:34:34,166:DEBUG:certbot.cli:Var rsa_key_size=4096 (set by user).
2019-04-24 18:34:34,168:DEBUG:certbot.storage:Writing new config /etc/letsencrypt/renewal/domain.es.conf.
2019-04-24 18:34:34,170:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/domain.es/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/domain.es/privkey.pem

I have tried to remove the domain. Then revoke the certificate and delete all that there is regarding the domain in the folder letsencrypt (live, archive and renewal) and add the domain again. Everything without luck.

I clarify that I already have several domains included and I have had no problem until now.

Specs:
Ubuntu 16.04
ISPConfig Version: 3.1.13p1

Thank you in advance.

 

Thank you very much, Till. I have done what you tell me and it works perfectly.

 

Hi, I have a similar problem. Updated to last ispconfig version under ubuntu 16.04 and when I check the SSL and letsencrypt version under domain, SSL remains checked, but letsencrypt don't. In the same server i have 2 domains with letsencrypt certificate, it was working months ago. when I run "certbot --dry-run -renew" i don't see errors. I have the latest certbot version so I put the sources: deb [http]://ppa.launchpad.net/certbot/certbot/ubuntu xenial main

How can i debug?
thanks.