Malformed message creating Letsencrypt certificate

Discussion in 'Installation/Configuration' started by eduingles, Apr 24, 2019.

  1. eduingles

    eduingles New Member

    Hello,
    Recently, when I try to activate the Let's Encrypt option, the certificate is created but the process is not completed correctly.

    The first time I try to activate the certificate and run the server.sh script everything seems to be correct. On the next occasion the script tells me that the certificate has already been created:
    Code:
    root@panel:~# /usr/local/ispconfig/server/server.sh
    
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator webroot, Installer None
    Cert not yet due for renewal
    Keeping the existing certificate
    finished.
    
    but checking /var/log/letsencrypt/letsencrypt.log I see the error " urn:ietf:params:acme:error:malformed :: The request message was malformed :: Invalid Content-Type header on POST. Content-Type must be "application/jose+json" ":

    Code:
    2019-04-24 18:34:33,878:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/cert/03d3bf0c1a74cbe9afdae7dc23421599a96b HTTP/1.1" 415 168
    2019-04-24 18:34:33,879:DEBUG:acme.client:Received response:
    HTTP 415
    Server: nginx
    Content-Type: application/problem+json
    Content-Length: 168
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Replay-Nonce: vkVWuz9Gngn_bc5oE7_G_QD5sNtA_0tYW_Vfsm_GHeY
    Expires: Wed, 24 Apr 2019 16:34:33 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Wed, 24 Apr 2019 16:34:33 GMT
    Connection: close
    
    {
      "type": "urn:ietf:params:acme:error:malformed",
      "detail": "Invalid Content-Type header on POST. Content-Type must be \"application/jose+json\"",
      "status": 415
    }
    2019-04-24 18:34:33,879:DEBUG:acme.client:Error during a POST-as-GET request, your ACME CA may not support it:
    urn:ietf:params:acme:error:malformed :: The request message was malformed :: Invalid Content-Type header on POST. Content-Type must be "application/jose+json"
    2019-04-24 18:34:33,879:DEBUG:acme.client:Retrying request with GET.
    2019-04-24 18:34:33,879:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/cert/03d3bf0c1a74cbe9afdae7dc23421599a96b.
    2019-04-24 18:34:33,880:DEBUG:urllib3.connectionpool:Resetting dropped connection: acme-v02.api.letsencrypt.org
    2019-04-24 18:34:34,144:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /acme/cert/03d3bf0c1a74cbe9afdae7dc23421599a96b HTTP/1.1" 200 3912
    2019-04-24 18:34:34,145:DEBUG:acme.client:Received response:
    HTTP 200
    Server: nginx
    Content-Type: application/pem-certificate-chain
    Content-Length: 3912
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    Expires: Wed, 24 Apr 2019 16:34:34 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Wed, 24 Apr 2019 16:34:34 GMT
    Connection: keep-alive
    
    -----BEGIN CERTIFICATE-----
    (hiden)
    -----END CERTIFICATE-----
    
    -----BEGIN CERTIFICATE-----
    (hiden)
    -----END CERTIFICATE-----
    
    2019-04-24 18:34:34,146:DEBUG:certbot.storage:Archive directory /etc/letsencrypt/archive/domain.es and live directory /etc/letsencrypt/live/domain.es created.
    2019-04-24 18:34:34,146:DEBUG:certbot.storage:Writing certificate to /etc/letsencrypt/live/domain.es/cert.pem.
    2019-04-24 18:34:34,146:DEBUG:certbot.storage:Writing private key to /etc/letsencrypt/live/domain.es/privkey.pem.
    2019-04-24 18:34:34,146:DEBUG:certbot.storage:Writing chain to /etc/letsencrypt/live/domain.es/chain.pem.
    2019-04-24 18:34:34,146:DEBUG:certbot.storage:Writing full chain to /etc/letsencrypt/live/domain.es/fullchain.pem.
    2019-04-24 18:34:34,146:DEBUG:certbot.storage:Writing README to /etc/letsencrypt/live/domain.es/README.
    2019-04-24 18:34:34,152:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer <certbot.cli._Default object at 0x7f892f05a438>
    2019-04-24 18:34:34,156:DEBUG:certbot.cli:Var authenticator=webroot (set by user).
    2019-04-24 18:34:34,159:DEBUG:certbot.cli:Var webroot_path=/usr/local/ispconfig/interface/acme (set by user).
    2019-04-24 18:34:34,160:DEBUG:certbot.cli:Var webroot_path=/usr/local/ispconfig/interface/acme (set by user).
    2019-04-24 18:34:34,160:DEBUG:certbot.cli:Var webroot_map={'webroot_path'} (set by user).
    2019-04-24 18:34:34,161:DEBUG:certbot.cli:Var server=https://acme-v02.api.letsencrypt.org/directory (set by user).
    2019-04-24 18:34:34,163:DEBUG:certbot.cli:Var server=https://acme-v02.api.letsencrypt.org/directory (set by user).
    2019-04-24 18:34:34,163:DEBUG:certbot.cli:Var account={'server'} (set by user).
    2019-04-24 18:34:34,166:DEBUG:certbot.cli:Var rsa_key_size=4096 (set by user).
    2019-04-24 18:34:34,168:DEBUG:certbot.storage:Writing new config /etc/letsencrypt/renewal/domain.es.conf.
    2019-04-24 18:34:34,170:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/domain.es/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/domain.es/privkey.pem
    
    I have tried to remove the domain. Then revoke the certificate and delete all that there is regarding the domain in the folder letsencrypt (live, archive and renewal) and add the domain again. Everything without luck.

    I clarify that I already have several domains included and I have had no problem until now.

    Specs:
    Ubuntu 16.04
    ISPConfig Version: 3.1.13p1

    Thank you in advance.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    There is a bug in current certbot versions, we implemented a workaround already. Update your ispconfig to git-stable branch by using ispconfig_update.sh command. Then enable SSL and let#s encrypt in the website again.
     
  3. eduingles

    eduingles New Member

    Thank you very much, Till. I have done what you tell me and it works perfectly.
     
  4. Jaume

    Jaume New Member

    Hi, I have a similar problem. Updated to last ispconfig version under ubuntu 16.04 and when I check the SSL and letsencrypt version under domain, SSL remains checked, but letsencrypt don't. In the same server i have 2 domains with letsencrypt certificate, it was working months ago. when I run "certbot --dry-run -renew" i don't see errors. I have the latest certbot version so I put the sources: deb [http]://ppa.launchpad.net/certbot/certbot/ubuntu xenial main

    How can i debug?
    thanks.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

Share This Page