I enabled Letsencypt for a domain and is failing Code: root@web1:~# /usr/local/ispconfig/server/server.sh An unexpected error occurred: DeserializationError: Deserialization error: Wrong directory fields Please see the logfiles in /var/log/letsencrypt for more details. finished. root@web1:~# letsencrypt log have following Code: root@web1:~# cat /var/log/letsencrypt/letsencrypt.log 2018-07-22 18:53:28,454:DEBUG:letsencrypt.cli:Root logging level set at 30 2018-07-22 18:53:28,454:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2018-07-22 18:53:28,455:DEBUG:letsencrypt.cli:letsencrypt version: 0.4.1 2018-07-22 18:53:28,455:DEBUG:letsencrypt.cli:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', '[email protected]', '--domains', 'ispconfig-test.serverok.in', '--webroot-path', '/usr/local/ispconfig/interface/acme'] 2018-07-22 18:53:28,455:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone) 2018-07-22 18:53:28,456:DEBUG:letsencrypt.cli:Requested authenticator webroot and installer None 2018-07-22 18:53:28,456:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /usr/local/ispconfig/interface/acme/.well-known/acme-challenge 2018-07-22 18:53:28,456:DEBUG:letsencrypt.display.ops:Single candidate plugin: * webroot Description: Webroot Authenticator Interfaces: IAuthenticator, IPlugin Entry point: webroot = letsencrypt.plugins.webroot:Authenticator Initialized: <letsencrypt.plugins.webroot.Authenticator object at 0x7feef5f00610> Prep: True 2018-07-22 18:53:28,457:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt.plugins.webroot.Authenticator object at 0x7feef5f00610> and installer None 2018-07-22 18:53:29,569:DEBUG:root:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. args: (), kwargs: {} 2018-07-22 18:53:29,574:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org 2018-07-22 18:53:29,894:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 658 2018-07-22 18:53:29,896:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '658', 'Expires': 'Sun, 22 Jul 2018 18:53:29 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 22 Jul 2018 18:53:29 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json'}. Content: '{\n "ElMJ2R2o14s": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",\n "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",\n "meta": {\n "caaIdentities": [\n "letsencrypt.org"\n ],\n "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",\n "website": "https://letsencrypt.org"\n },\n "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",\n "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",\n "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",\n "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"\n}' 2018-07-22 18:53:29,897:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '658', 'Expires': 'Sun, 22 Jul 2018 18:53:29 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 22 Jul 2018 18:53:29 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json'}): '{\n "ElMJ2R2o14s": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",\n "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",\n "meta": {\n "caaIdentities": [\n "letsencrypt.org"\n ],\n "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",\n "website": "https://letsencrypt.org"\n },\n "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",\n "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",\n "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",\n "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"\n}' 2018-07-22 18:53:29,898:DEBUG:letsencrypt.cli:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/letsencrypt", line 9, in <module> load_entry_point('letsencrypt==0.4.1', 'console_scripts', 'letsencrypt')() File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1986, in main return config.func(config, plugins) File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 689, in obtain_cert le_client = _init_le_client(config, authenticator, installer) File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 206, in _init_le_client acc, acme = _determine_account(config) File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 191, in _determine_account config, account_storage, tos_cb=_tos_cb) File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 116, in register acme = acme_from_config_key(config, key) File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 41, in acme_from_config_key return acme_client.Client(config.server, key=key, net=net) File "/usr/lib/python2.7/dist-packages/acme/client.py", line 63, in __init__ self.net.get(directory).json()) File "/usr/lib/python2.7/dist-packages/acme/messages.py", line 169, in from_json raise jose.DeserializationError(str(error)) DeserializationError: Deserialization error: Wrong directory fields root@web1:~# Any idea why it is failing ?
https://community.letsencrypt.org/t/lets-encrypt-renewal-error-in-apache2-ubuntu-16-0-4/26295/4 https://certbot.eff.org/lets-encrypt/pip-apache go get a recent certbot or upgrade ubuntu or wait
Thanks, On Ubuntu 16.04, problem fixed by running Code: apt update apt install software-properties-common apt-repository ppa:certbot/certbot apt update apt upgrade -y apt remove letsencrypt -y apt install python-certbot-nginx -y
I have this same problem for Ubuntu 16.04 LTS with apache 2.4.34. Does anybody know that upgrade certbot manually won't break LE SSL option in ISPConfig? Moreover the command Code: apt-cache policy certbot | grep -i Installed gives me information that I haven't installed certbot. Is it possible if I installed letsencrypt and ISP with Perfect Server tutorial? PS For Apache for install certbot (not update) from official site: Code: $ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-apache
Yes, but does it be safe for issuing LE SSL from ISP panel? Seriously I am affraid to break this ISP feature. I am unable to check certbot or letsencrypt version. I checked docs and there is a command "certbot --version" but it gives: Code: root@s1:# certbot --version certbot: command not found PS Code: root@s1:# apt-get install python-certbot-apache Reading package lists... Done Building dependency tree Reading state information... Done E: Unable to locate package python-certbot-apache Code: root@s1:# apt-get install python-letsencrypt-apache Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: augeas-lenses libaugeas0 python-augeas Suggested packages: augeas-doc augeas-tools The following NEW packages will be installed: augeas-lenses libaugeas0 python-augeas python-letsencrypt-apache 0 upgraded, 4 newly installed, 0 to remove and 1 not upgraded. Need to get 471 kB of archives. After this operation, 2,300 kB of additional disk space will be used. Do you want to continue? [Y/n] n Second case - how check what software is used in ISP to issuing certs? If currently I don't use certbot but letsencrypt (earlier version of certbot?) why shell asked me about installation of "python-letsencrypt-apache"?
1. You should only use certbot or letsencrypt, not both, so I think that is the issue if you want to use the latest version of certbot. 2. Python is needed to issue the certs whether you are using letsencrypt or certbot, I think.
But how can I determine which I use? Both software give /etc/letsencrypt directories. Do you know which I use when I setup server using Perfect Server tutorial? There is a command "apt-get -y install letsencrypt" to install LE. And I am not sure I understood well about issue. Do you mean that the issue is, because I try use both? Ok, it's required but why I have to install it if LE worked until maybe week ago?
1. Well, you can run "apt install letsencrypt certbot" or "apt remove letsencrypt certbot" via ssh to determine that; but to me you should definitely use only one of them, preferably certbot since it is the latest so far. 2. Since it is your server, I don't know what happened to your python for letsencrypt / certbot, but I think you definitely need them for LE issuance / renewal to work. 3. I also think you may not be able to install cerbot if you do not install its ppa properly for Ubuntu 16.04, so check whether you have installed it right.
1. Commands produce: Code: root@s1:~# apt install letsencrypt certbot Reading package lists... Done Building dependency tree Reading state information... Done E: Unable to locate package certbot root@s1:~# apt remove letsencrypt certbot Reading package lists... Done Building dependency tree Reading state information... Done E: Unable to locate package certbot 2. Which one do you recommend if I used PerfectServer tutorial: apt-get install python-letsencrypt-apache apt-get install python-certbot-apache I don't want to break ISP. 3. I will check it if nothing other help. PS Results of searching phrases "letsencrypt" and "certbot": Code: root@s1:/usr/bin# find / -name letsencrypt /var/lib/letsencrypt /var/log/letsencrypt /etc/letsencrypt /usr/lib/python2.7/dist-packages/letsencrypt /usr/share/doc/letsencrypt /usr/bin/letsencrypt root@s1:/usr/bin# find / -name certbot root@s1:/usr/bin# So probably I have letsencrypt, not certbot. Moreover I find thread where people said that I can safetly update letsencrypt to certbot. Here guy says that I don't have to remove letsencrypt but only execute commands: Code: $ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-apache and all things will be done.
Well, this thread suggest you install latest certbot using its ppa and remove letsencrypt. However, if you are afraid to do it on your live server, use it on your test server instead. Only proceed if you already understand what you are going to do and how to troubleshoot if something goes wrong while doing it.
I just finished the job. Lets Encrypt Community Manager gave me some self-confidence. Now I am going to renew/issue my certs. I hope my stress help somebody. PS All things are working perfect!
Yea, right. I didn't post what I have done. Of course I did: Code: $ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-apache
