Hi, I have ISPConfig on Ubuntu 16.04 with NginX, was working fine until recent update to ISPConfig 3.1.13. Seems like Let'sEncrypt cannot be ENABLED on website anymore. Was working fine ever since recent update. From /var/log/letsencrypt/letsencrypt.log I can see the following error: Code: 2018-08-30 22:09:02,698:DEBUG:letsencrypt.cli:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/letsencrypt", line 9, in <module> load_entry_point('letsencrypt==0.4.1', 'console_scripts', 'letsencrypt')() File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1986, in main return config.func(config, plugins) File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 689, in obtain_cert le_client = _init_le_client(config, authenticator, installer) File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 206, in _init_le_client acc, acme = _determine_account(config) File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 191, in _determine_account config, account_storage, tos_cb=_tos_cb) File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 116, in register acme = acme_from_config_key(config, key) File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 41, in acme_from_config_key return acme_client.Client(config.server, key=key, net=net) File "/usr/lib/python2.7/dist-packages/acme/client.py", line 63, in __init__ self.net.get(directory).json()) File "/usr/lib/python2.7/dist-packages/acme/messages.py", line 169, in from_json raise jose.DeserializationError(str(error)) DeserializationError: Deserialization error: Wrong directory fields
Hi Florian, I am afraid to mess with letsencrypt install in order to not break existing LE certificates, which are installed and running on existing ISPConfig web sites (configured via ISPCOnfig). Any tip on how to proceed with letsencrypt update to not ruin those? BTW... this web site, which does not want to cooperate with letsencrypt, has REDIRECT configured from www.website.com to website.com inside Wordpress. Might that be guilty for letsencrypt failure?
Should I follow the procedure, described here: https://www.howtoforge.com/community/threads/ubuntu-16-04-letsencrypt-not-working.79568/ Code: apt update apt install software-properties-common add-apt-repository ppa:certbot/certbot apt update apt upgrade -y apt remove letsencrypt -y apt install python-certbot-nginx -y What's bothering me is that I do not know, if I have Certbot or not? And also if LE will still work for existing sites with ISPConfig after those steps or not? Hmmmm....
It's ok to run that since ISPConfig will determine whether you use letsencrypt or certbot via its plugin. ISPConfig will also check whether you are using certbot version 22 or above, so that it will use acme v02 api instead of older v01. Both are using /etc/letsencrypt folder, so, if you unsure, or want to play safe, just backup that folder before running that.
SOLVED! by following the previous set of commands. Obviously I had installed letsencrypt and NOT certbot. By following the above mentioned set of commands, I added prerequisites, PPE repository and Python Certbot client while removing letsencrypt client. ISP Config coped with changes just fine and worked without any other actions needed. Thank you all for participating
Hello, my case is similar: 2018-12-19 16:30:24,366EBUG:certbot.main:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/letsencrypt", line 11, in <module> load_entry_point('certbot==0.10.2', 'console_scripts', 'certbot')() File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 849, in main return config.func(config, plugins) File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 626, in obtain_cert action, _ = _auth_from_available(le_client, config, domains, certname, lineage) File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 103, in _auth_from_available renewal.renew_cert(config, domains, le_client, lineage) File "/usr/lib/python2.7/dist-packages/certbot/renewal.py", line 296, in renew_cert new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains) File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 262, in obtain_certificate self.config.allow_subset_of_names) File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 77, in get_authorizations self._respond(resp, best_effort) File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 134, in _respond self._poll_challenges(chall_update, best_effort) File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 178, in _poll_challenges domain, chall_update[domain]) File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 209, in _handle_check self.authzr[domain], _ = self.acme.poll(self.authzr[domain]) File "/usr/lib/python2.7/dist-packages/acme/client.py", line 289, in poll response = self.net.get(authzr.uri) File "/usr/lib/python2.7/dist-packages/acme/client.py", line 641, in get self._send_request('GET', url, **kwargs), content_type=content_type) File "/usr/lib/python2.7/dist-packages/acme/client.py", line 570, in _check_response raise messages.Error.from_json(jobj) Error: urn:acme:error:serverInternal :: The server experienced an internal error :: Problem getting authorization I am using GNU/Debian 9 with Apache. ISPConfig Version: 3.1.13 Thanks.
I execute - apt install python-certbot-apache - but: 2018-12-19 17:02:42,493EBUG:certbot.main:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/letsencrypt", line 11, in <module> load_entry_point('certbot==0.10.2', 'console_scripts', 'certbot')() File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 849, in main return config.func(config, plugins) File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 626, in obtain_cert action, _ = _auth_from_available(le_client, config, domains, certname, lineage) File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 103, in _auth_from_available renewal.renew_cert(config, domains, le_client, lineage) File "/usr/lib/python2.7/dist-packages/certbot/renewal.py", line 296, in renew_cert new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains) File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 262, in obtain_certificate self.config.allow_subset_of_names) File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 77, in get_authorizations self._respond(resp, best_effort) File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 134, in _respond self._poll_challenges(chall_update, best_effort) File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 198, in _poll_challenges raise errors.FailedChallenges(all_failed_achalls) FailedChallenges: Failed authorization procedure. site.com (http-01): urn:acme:error:dns :: DNS problem: query timed out looking up CAA for site.com Thanks...
Does name service resolve your hostame? Try with Code: host servername.domain.com where you replace servername.domain.com with your own real FQDN.
Thanks, the problem was my firewall "ufw", this was blocking the ip of Letsencrypt = 66.133.109.36. Resolved ...
