Hi all,
My certificat is working fine at the moment and was created with the plugin. But it is about to expire and I just noticed that the automatic renew process is failing 
So I tried to renew it by hand.
root@home-server:/etc/cron.d# /usr/bin/certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/FAMILLE-BOCQUET.FR.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for home-server.famille-bocquet.fr
Waiting for verification...
Challenge failed for domain home-server.famille-bocquet.fr
Cleaning up challenges
Attempting to renew cert (FAMILLE-BOCQUET.FR) from /etc/letsencrypt/renewal/FAMILLE-BOCQUET.FR.conf produced an unexpected error: Challenges failed for all domains. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/FAMILLE-BOCQUET.FR/fullchain.pem (failure)
-------------------------------------------------------------------------------
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/FAMILLE-BOCQUET.FR/fullchain.pem (failure)
-------------------------------------------------------------------------------
1 renew failure(s), 0 parse failure(s)
Alles anzeigen
I can see that in the log file:
2018-05-31 10:07:34,618:WARNING:certbot.renewal:Attempting to renew cert (FAMILLE-BOCQUET.FR) from /etc/letsencrypt/renewal/FAMILLE-BOCQUET.FR.conf produced an unexpected error: Challenges failed for all domains. Skipping.
2018-05-31 10:07:34,619:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 422, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1102, in renew_cert
_get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 113, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 297, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 294, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 330, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 91, in handle_authorizations
"Challenges failed for all domains")
certbot.errors.AuthorizationError: Challenges failed for all domains
2018-05-31 10:07:34,620:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2018-05-31 10:07:34,620:ERROR:certbot.renewal: /etc/letsencrypt/live/FAMILLE-BOCQUET.FR/fullchain.pem (failure)
2018-05-31 10:07:34,620:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.23.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1266, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1179, in renew
renewal.handle_renewal_request(config)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 443, in handle_renewal_request
len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
Alles anzeigen
Here is the Python version
root@home-server:/etc/cron.d# python -V
Python 2.7.13
Don't know what to do. Any help would be greatly appreciated.
Thx
EDIT:
After a few research, I found that my certbot package was updated with the one from stretch-backports (v0.23) which need python 3 !
I don't think that upgraded python to v3.x is a good solution, so I simply want to downgrade the certbot package to the one in the stretch repository (v 0.10).
root@home-server:/etc/cron.d# apt-get install certbot/stretch
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances
Lecture des informations d'état... Fait
Version choisie « 0.10.2-1 » (Debian:9.4/stable [all]) pour « certbot »
The following additional packages will be installed:
python-acme python-certbot python-cffi-backend python-chardet python-configargparse python-configobj python-cryptography python-enum34 python-funcsigs python-idna python-ipaddress python-mock python-openssl
python-parsedatetime python-pbr python-pkg-resources python-pyasn1 python-requests python-rfc3339 python-setuptools python-six python-tz python-urllib3 python-zope.component python-zope.event
python-zope.hookable python-zope.interface
Paquets suggérés :
python-certbot-apache python-certbot-doc python-acme-doc python-configobj-doc python-cryptography-doc python-cryptography-vectors python-enum34-doc python-funcsigs-doc python-mock-doc python-openssl-doc
python-openssl-dbg doc-base python-socks python-setuptools-doc python-ntlm
Paquets recommandés :
python-psutil python-pyicu
Les NOUVEAUX paquets suivants seront installés :
python-acme python-certbot python-cffi-backend python-chardet python-configargparse python-configobj python-cryptography python-enum34 python-funcsigs python-idna python-ipaddress python-mock python-openssl
python-parsedatetime python-pbr python-pkg-resources python-pyasn1 python-requests python-rfc3339 python-setuptools python-six python-tz python-urllib3 python-zope.component python-zope.event
python-zope.hookable python-zope.interface
Les paquets suivants seront mis à une VERSION INFÉRIEURE :
certbot
0 mis à jour, 27 nouvellement installés, 1 remis à une version inférieure, 0 à enlever et 13 non mis à jour.
Il est nécessaire de prendre 1 858 ko dans les archives.
Après cette opération, 9 388 ko d'espace disque supplémentaires seront utilisés.
Souhaitez-vous continuer ? [O/n] n
Alles anzeigen
I'm a little nervous to "update" all those package ??? Is it safe or am I going to break everything in OMV ?