I am trying to create and install a Let's Encrypt SSL certificate using certbot. It's for a subdomain named private.mydomain.de (on a different server than mydomain.de). Certbot aborts with the following messages:
An unexpected error occurred:
AttributeError: 'module' object has no attribute 'TLSSNI01'
Went to https://letsdebug.net/ and checked the domain in question.
http-01 and DNS-01 tests passed, TLS-ALPN-01 fails with these verbose error messages:
IssueFromLetsEncrypt
ERROR
A test authorization for private.mydomain.de to the Let's Encrypt staging service
has revealed issues that may prevent any certificate for this domain being issued.
Connection refused
DEBUG
Challenge update failures for private.mydomain.de in order
https://acme-staging-v02.api.letsencrypt.org/acme/order/<....>/<....>
acme: error code 400 "urn:ietf:params:acme:error:connection":
Connection refused PublicSuffix
RateLimit
DEBUG
1 Certificates contributing to rate limits for this domain
Serial: <serialnr>
NotBefore: 2020-02-02 22:23:22 +0000 UTC
Names: [finance.mydomain.de mydomain.de]
My plan now is to revoke the certificate contributing to the rate limit:
Used https://censys.io/certificates?q=...serialnr and copied the PEM, inserted it at https://tools.letsdebug.net/cert-revoke, completed the DNS challanges and checked with dig. 'Revoke certificate' then aborts with the error:
An error occured
Unfortunately something went wrong during the process. Usually this is
not recoverable - you will need to start from the beginning.
Error: Request failed with status code 400
Tried it again with same outcome, now I am asking here, what can I do?
UPDATE I renamed the server in nginx.conf from 'private.mydomain.de' to 'consult.mydomain.de'. This subdomain has been used previously on this server and has had a certificate before (which was uninstalled by certbot delete --cert-name ...). With this new old name, Certbot ran without problems, created and installed a certificate.
SOLUTION
After having several more issues with Certbot and more research, I found this solution: On the Oracle Cloud Infrastructure (OCI) with Oracle Linux 7, don't use Certbox, but install certbot-auto:
'''
wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto
sudo /usr/local/bin/certbot-auto certonly --standalone
'''
From: https://blogs.oracle.com/developers/free-ssl-certificates-in-the-oracle-cloud-using-certbot-and-lets-encrypt
I was able to create and install all desired certificates.
For a very fragile workaround, you can edit
/usr/lib/python3/dist-packages/certbot_nginx/configurator.py
and replacereturn [challenges.HTTP01, challenges.TLSSNI01]
withreturn [challenges.HTTP01]
(or you… can use the webroot plugin)I had the same issue after updating to Ubuntu 20.04.
There's a one-liner install that runs on Focal: https://github.com/vinyll/certbot-install#how-to-install
That solved for me, and there's an uninstall also when certbot PPA will be fixed.
Use webroot plugin:
where
/var/www/yourdoma.in
is your domain's webroot directory.This error can be obtained when using old packages on Ubuntu/Debian distros.
Check if you have at the same time the packages
python-certbot
andpython3-certbot
. You should uninstall the older one (python-certbot).Also update the
ca-certificates
package withapt install ca-certificates