Ubuntu 16.04 LetsEncrypt Not working

Discussion in 'Installation/Configuration' started by HostOnNet, Jul 22, 2018.

Tags:
  1. HostOnNet

    HostOnNet New Member

    I enabled Letsencypt for a domain and is failing

    Code:
    root@web1:~# /usr/local/ispconfig/server/server.sh
               
    
    An unexpected error occurred:
    DeserializationError: Deserialization error: Wrong directory fields
    Please see the logfiles in /var/log/letsencrypt for more details.
    finished.
    root@web1:~#
    
    letsencrypt log have following

    Code:
    root@web1:~# cat /var/log/letsencrypt/letsencrypt.log
    2018-07-22 18:53:28,454:DEBUG:letsencrypt.cli:Root logging level set at 30
    2018-07-22 18:53:28,454:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
    2018-07-22 18:53:28,455:DEBUG:letsencrypt.cli:letsencrypt version: 0.4.1
    2018-07-22 18:53:28,455:DEBUG:letsencrypt.cli:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', '[email protected]', '--domains', 'ispconfig-test.serverok.in', '--webroot-path', '/usr/local/ispconfig/interface/acme']
    2018-07-22 18:53:28,455:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
    2018-07-22 18:53:28,456:DEBUG:letsencrypt.cli:Requested authenticator webroot and installer None
    2018-07-22 18:53:28,456:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
    2018-07-22 18:53:28,456:DEBUG:letsencrypt.display.ops:Single candidate plugin: * webroot
    Description: Webroot Authenticator
    Interfaces: IAuthenticator, IPlugin
    Entry point: webroot = letsencrypt.plugins.webroot:Authenticator
    Initialized: <letsencrypt.plugins.webroot.Authenticator object at 0x7feef5f00610>
    Prep: True
    2018-07-22 18:53:28,457:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt.plugins.webroot.Authenticator object at 0x7feef5f00610> and installer None
    2018-07-22 18:53:29,569:DEBUG:root:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. args: (), kwargs: {}
    2018-07-22 18:53:29,574:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
    2018-07-22 18:53:29,894:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 658
    2018-07-22 18:53:29,896:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '658', 'Expires': 'Sun, 22 Jul 2018 18:53:29 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 22 Jul 2018 18:53:29 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json'}. Content: '{\n  "ElMJ2R2o14s": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",\n  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",\n  "meta": {\n    "caaIdentities": [\n      "letsencrypt.org"\n    ],\n    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",\n    "website": "https://letsencrypt.org"\n  },\n  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",\n  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",\n  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",\n  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"\n}'
    2018-07-22 18:53:29,897:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '658', 'Expires': 'Sun, 22 Jul 2018 18:53:29 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 22 Jul 2018 18:53:29 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json'}): '{\n  "ElMJ2R2o14s": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",\n  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",\n  "meta": {\n    "caaIdentities": [\n      "letsencrypt.org"\n    ],\n    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",\n    "website": "https://letsencrypt.org"\n  },\n  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",\n  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",\n  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",\n  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"\n}'
    2018-07-22 18:53:29,898:DEBUG:letsencrypt.cli:Exiting abnormally:
    Traceback (most recent call last):
      File "/usr/bin/letsencrypt", line 9, in <module>
        load_entry_point('letsencrypt==0.4.1', 'console_scripts', 'letsencrypt')()
      File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1986, in main
        return config.func(config, plugins)
      File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 689, in obtain_cert
        le_client = _init_le_client(config, authenticator, installer)
      File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 206, in _init_le_client
        acc, acme = _determine_account(config)
      File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 191, in _determine_account
        config, account_storage, tos_cb=_tos_cb)
      File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 116, in register
        acme = acme_from_config_key(config, key)
      File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 41, in acme_from_config_key
        return acme_client.Client(config.server, key=key, net=net)
      File "/usr/lib/python2.7/dist-packages/acme/client.py", line 63, in __init__
        self.net.get(directory).json())
      File "/usr/lib/python2.7/dist-packages/acme/messages.py", line 169, in from_json
        raise jose.DeserializationError(str(error))
    DeserializationError: Deserialization error: Wrong directory fields
    
    root@web1:~#
    
    Any idea why it is failing ?
     
  2. ztk.me

    ztk.me Well-Known Member HowtoForge Supporter

  3. HostOnNet

    HostOnNet New Member

    Thanks, On Ubuntu 16.04, problem fixed by running

    Code:
    apt update
    apt install software-properties-common
    apt-repository ppa:certbot/certbot
    apt update
    apt upgrade -y
    apt remove letsencrypt -y
    apt install python-certbot-nginx -y
    
     
    ztk.me likes this.
  4. Poliman

    Poliman Member

    I have this same problem for Ubuntu 16.04 LTS with apache 2.4.34. Does anybody know that upgrade certbot manually won't break LE SSL option in ISPConfig? Moreover the command
    Code:
    apt-cache policy certbot | grep -i Installed
    gives me information that I haven't installed certbot. Is it possible if I installed letsencrypt and ISP with Perfect Server tutorial?

    PS
    For Apache for install certbot (not update) from official site:
    Code:
    $ sudo apt-get update
    $ sudo apt-get install software-properties-common
    $ sudo add-apt-repository ppa:certbot/certbot
    $ sudo apt-get update
    $ sudo apt-get install python-certbot-apache 
     
    Last edited: Aug 22, 2018
  5. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    I think you have to remove letsencrypt too, as posted before yours.
     
  6. Poliman

    Poliman Member

    Yes, but does it be safe for issuing LE SSL from ISP panel? Seriously I am affraid to break this ISP feature. I am unable to check certbot or letsencrypt version. I checked docs and there is a command "certbot --version" but it gives:
    Code:
    root@s1:# certbot --version
    certbot: command not found
    PS
    Code:
    root@s1:# apt-get install python-certbot-apache
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    E: Unable to locate package python-certbot-apache
    
    Code:
    root@s1:# apt-get install python-letsencrypt-apache
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    The following additional packages will be installed:
      augeas-lenses libaugeas0 python-augeas
    Suggested packages:
      augeas-doc augeas-tools
    The following NEW packages will be installed:
      augeas-lenses libaugeas0 python-augeas python-letsencrypt-apache
    0 upgraded, 4 newly installed, 0 to remove and 1 not upgraded.
    Need to get 471 kB of archives.
    After this operation, 2,300 kB of additional disk space will be used.
    Do you want to continue? [Y/n] n
    
    Second case - how check what software is used in ISP to issuing certs? If currently I don't use certbot but letsencrypt (earlier version of certbot?) why shell asked me about installation of "python-letsencrypt-apache"?
     
    Last edited: Aug 22, 2018
  7. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    1. You should only use certbot or letsencrypt, not both, so I think that is the issue if you want to use the latest version of certbot.

    2. Python is needed to issue the certs whether you are using letsencrypt or certbot, I think.
     
  8. Poliman

    Poliman Member

    But how can I determine which I use? :p Both software give /etc/letsencrypt directories. Do you know which I use when I setup server using Perfect Server tutorial? There is a command "apt-get -y install letsencrypt" to install LE. And I am not sure I understood well about issue. Do you mean that the issue is, because I try use both?

    Ok, it's required but why I have to install it if LE worked until maybe week ago?
     
  9. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    1. Well, you can run "apt install letsencrypt certbot" or "apt remove letsencrypt certbot" via ssh to determine that; but to me you should definitely use only one of them, preferably certbot since it is the latest so far.

    2. Since it is your server, I don't know what happened to your python for letsencrypt / certbot, but I think you definitely need them for LE issuance / renewal to work.

    3. I also think you may not be able to install cerbot if you do not install its ppa properly for Ubuntu 16.04, so check whether you have installed it right.
     
  10. Poliman

    Poliman Member

    1. Commands produce:
    Code:
    root@s1:~# apt install letsencrypt certbot
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    E: Unable to locate package certbot
    
    root@s1:~# apt remove letsencrypt certbot
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    E: Unable to locate package certbot
    
    2. Which one do you recommend if I used PerfectServer tutorial:
    apt-get install python-letsencrypt-apache
    apt-get install python-certbot-apache
    I don't want to break ISP. ;)
    3. I will check it if nothing other help. ;)

    PS
    Results of searching phrases "letsencrypt" and "certbot":
    Code:
    root@s1:/usr/bin# find / -name letsencrypt
    /var/lib/letsencrypt
    /var/log/letsencrypt
    /etc/letsencrypt
    /usr/lib/python2.7/dist-packages/letsencrypt
    /usr/share/doc/letsencrypt
    /usr/bin/letsencrypt
    root@s1:/usr/bin# find / -name certbot
    root@s1:/usr/bin#
    
    So probably I have letsencrypt, not certbot. Moreover I find thread where people said that I can safetly update letsencrypt to certbot. Here guy says that I don't have to remove letsencrypt but only execute commands:
    Code:
    $ sudo apt-get update
    $ sudo apt-get install software-properties-common
    $ sudo add-apt-repository ppa:certbot/certbot
    $ sudo apt-get update
    $ sudo apt-get install python-certbot-apache 
    and all things will be done.
     
    Last edited: Aug 22, 2018
  11. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Well, this thread suggest you install latest certbot using its ppa and remove letsencrypt. However, if you are afraid to do it on your live server, use it on your test server instead. Only proceed if you already understand what you are going to do and how to troubleshoot if something goes wrong while doing it. :D
     
  12. Poliman

    Poliman Member

    I just finished the job. Lets Encrypt Community Manager gave me some self-confidence. Now I am going to renew/issue my certs. ;) I hope my stress help somebody. :p

    PS
    All things are working perfect! ;)
     
    Last edited: Aug 22, 2018
  13. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Well, seems like it does help you, though we do not know what did you do until you share it here. :p;)
     
  14. Poliman

    Poliman Member

    Yea, right. I didn't post what I have done. :p Of course I did:
    Code:
    $ sudo apt-get update
    $ sudo apt-get install software-properties-common
    $ sudo add-apt-repository ppa:certbot/certbot
    $ sudo apt-get update
    $ sudo apt-get install python-certbot-apache 
     

Share This Page