Giters

certbot / certbot

Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Everything worked fine until today

MrKira34 opened this issue · comments

commented

certbot --version
certbot 1.32.0

certbot --nginx -d rel.congood.ligastavok.php.dev2.thecoders.ru

root@dev2:/var/log/letsencrypt# certbot --nginx -d rel.congood.ligastavok.php.dev2.thecoders.ru
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Encountered error while loading certificate or csr: [('PEM routines', '', 'no start line')]
An unexpected error occurred:
OpenSSL.crypto.Error: [('PEM routines', '', 'no start line')]
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
root@dev2:/var/log/letsencrypt#

cat /var/log/letsencrypt/letsencrypt.log

2022-11-22 21:12:25,693:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2022-11-22 21:12:25,909:DEBUG:certbot._internal.main:certbot version: 1.32.0
2022-11-22 21:12:25,909:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/2539/bin/certbot
2022-11-22 21:12:25,909:DEBUG:certbot._internal.main:Arguments: ['--nginx', '-d', 'rel.congood.ligastavok.php.dev2.thecoders.ru', '--preconfigured-renewal']
2022-11-22 21:12:25,909:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-11-22 21:12:25,914:DEBUG:certbot._internal.log:Root logging level set at 30
2022-11-22 21:12:25,915:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2022-11-22 21:12:27,630:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f30dd2bce50>
Prep: True
2022-11-22 21:12:27,631:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f30dd2bce50> and installer <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f30dd2bce50>
2022-11-22 21:12:27,631:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2022-11-22 21:12:27,661:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/117838353', new_authzr_uri=None, terms_of_service=None), 7a79bcec4c5caa7b5ca83ff3343d86db, Meta(creation_dt=datetime.datetime(2021, 4, 2, 16, 33, 42, tzinfo=<UTC>), creation_host='server0.changeme.com', register_to_eff=None))>
2022-11-22 21:12:27,662:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-11-22 21:12:27,663:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-11-22 21:12:28,241:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 659
2022-11-22 21:12:28,242:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 22 Nov 2022 17:51:54 GMT
Content-Type: application/json
Content-Length: 659
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "L8haHFG2qM4": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2022-11-22 21:12:28,259:DEBUG:certbot.crypto_util:
Traceback (most recent call last):
  File "/snap/certbot/2539/lib/python3.8/site-packages/certbot/crypto_util.py", line 475, in _load_cert_or_req
    return load_func(typ, cert_or_req_str)
  File "/snap/certbot/2539/lib/python3.8/site-packages/OpenSSL/crypto.py", line 1998, in load_certificate
    _raise_current_error()
  File "/snap/certbot/2539/lib/python3.8/site-packages/OpenSSL/_util.py", line 57, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.crypto.Error: [('PEM routines', '', 'no start line')]
2022-11-22 21:12:28,260:ERROR:certbot.crypto_util:Encountered error while loading certificate or csr: [('PEM routines', '', 'no start line')]
2022-11-22 21:12:28,260:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/2539/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/2539/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/2539/lib/python3.8/site-packages/certbot/_internal/main.py", line 1744, in main
    return config.func(config, plugins)
  File "/snap/certbot/2539/lib/python3.8/site-packages/certbot/_internal/main.py", line 1437, in run
    should_get_cert, lineage = _find_cert(config, domains, certname)
  File "/snap/certbot/2539/lib/python3.8/site-packages/certbot/_internal/main.py", line 357, in _find_cert
    action, lineage = _find_lineage_for_domains_and_certname(config, domains, certname)
  File "/snap/certbot/2539/lib/python3.8/site-packages/certbot/_internal/main.py", line 387, in _find_lineage_for_domains_and_certname
    return _find_lineage_for_domains(config, domains)
  File "/snap/certbot/2539/lib/python3.8/site-packages/certbot/_internal/main.py", line 325, in _find_lineage_for_domains
    ident_names_cert, subset_names_cert = cert_manager.find_duplicative_certs(config, domains)
  File "/snap/certbot/2539/lib/python3.8/site-packages/certbot/_internal/cert_manager.py", line 199, in find_duplicative_certs
    return _search_lineages(config, update_certs_for_domain_matches, init)
  File "/snap/certbot/2539/lib/python3.8/site-packages/certbot/_internal/cert_manager.py", line 442, in _search_lineages
    rv = func(candidate_lineage, rv, *args)
  File "/snap/certbot/2539/lib/python3.8/site-packages/certbot/_internal/cert_manager.py", line 185, in update_certs_for_domain_matches
    candidate_names = set(candidate_lineage.names())
  File "/snap/certbot/2539/lib/python3.8/site-packages/certbot/_internal/storage.py", line 943, in names
    return crypto_util.get_names_from_cert(f.read())
  File "/snap/certbot/2539/lib/python3.8/site-packages/certbot/crypto_util.py", line 529, in get_names_from_cert
    return _get_names_from_cert_or_req(
  File "/snap/certbot/2539/lib/python3.8/site-packages/certbot/crypto_util.py", line 509, in _get_names_from_cert_or_req
    loaded_cert_or_req = _load_cert_or_req(cert_or_req, load_func, typ)
  File "/snap/certbot/2539/lib/python3.8/site-packages/certbot/crypto_util.py", line 475, in _load_cert_or_req
    return load_func(typ, cert_or_req_str)
  File "/snap/certbot/2539/lib/python3.8/site-packages/OpenSSL/crypto.py", line 1998, in load_certificate
    _raise_current_error()
  File "/snap/certbot/2539/lib/python3.8/site-packages/OpenSSL/_util.py", line 57, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.crypto.Error: [('PEM routines', '', 'no start line')]
2022-11-22 21:12:28,260:ERROR:certbot._internal.log:An unexpected error occurred:
2022-11-22 21:12:28,261:ERROR:certbot._internal.log:OpenSSL.crypto.Error: [('PEM routines', '', 'no start line')]

No settings were made on the server. They didn't change anything. Everything usually worked.
I ask for help. Any ideas?

commented

I reinstalled certbot from the default repository:
sudo apt install certbot python-certbot-nginx

certbot --version
certbot 0.31.0

sudo certbot --nginx -d rel.congood.ligastavok.php.dev2.thecoders.ru

root@dev2:/var/log/letsencrypt# sudo certbot --nginx -d rel.congood.ligastavok.php.dev2.thecoders.ru
Saving debug log to /var/log/letsencrypt/letsencrypt.log
/etc/letsencrypt/options-ssl-nginx.conf has been manually modified; updated file saved to /usr/lib/python3/dist-packages/certbot_nginx/options-ssl-nginx.conf. We recommend updating /etc/letsencrypt/options-ssl-nginx.conf for security purposes.
Plugins selected: Authenticator nginx, Installer nginx

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/crypto_util.py", line 334, in _load_cert_or_req
    return load_func(typ, cert_or_req_str)
  File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 1837, in load_certificate
    _raise_current_error()
  File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.crypto.Error: [('PEM routines', 'get_name', 'no start line')]
An unexpected error occurred:
OpenSSL.crypto.Error: [('PEM routines', 'get_name', 'no start line')]
Please see the logfiles in /var/log/letsencrypt for more details.

cat /var/log/letsencrypt/letsencrypt.log

2022-11-22 21:25:35,896:DEBUG:certbot.main:certbot version: 0.31.0
2022-11-22 21:25:35,896:DEBUG:certbot.main:Arguments: ['--nginx', '-d', 'rel.congood.ligastavok.php.dev2.thecoders.ru']
2022-11-22 21:25:35,896:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-11-22 21:25:35,928:DEBUG:certbot.log:Root logging level set at 20
2022-11-22 21:25:35,928:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2022-11-22 21:25:35,928:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2022-11-22 21:25:37,577:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7fd9f332af28>
Prep: True
2022-11-22 21:25:37,577:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7fd9f332af28> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7fd9f332af28>
2022-11-22 21:25:37,577:INFO:certbot.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2022-11-22 21:25:37,580:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/117838353', new_authzr_uri=None, terms_of_service=None), 7a79bcec4c5caa7b5ca83ff3343d86db, Meta(creation_dt=datetime.datetime(2021, 4, 2, 16, 33, 42, tzinfo=<UTC>), creation_host='server0.changeme.com'))>
2022-11-22 21:25:37,580:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-11-22 21:25:37,581:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-11-22 21:25:38,171:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 659
2022-11-22 21:25:38,172:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 22 Nov 2022 18:05:04 GMT
Content-Type: application/json
Content-Length: 659
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
  "sctJaQnFScY": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
2022-11-22 21:25:38,184:ERROR:certbot.crypto_util:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/crypto_util.py", line 334, in _load_cert_or_req
    return load_func(typ, cert_or_req_str)
  File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 1837, in load_certificate
    _raise_current_error()
  File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.crypto.Error: [('PEM routines', 'get_name', 'no start line')]
2022-11-22 21:25:38,184:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1114, in run
    should_get_cert, lineage = _find_cert(config, domains, certname)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 286, in _find_cert
    action, lineage = _find_lineage_for_domains_and_certname(config, domains, certname)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 313, in _find_lineage_for_domains_and_certname
    return _find_lineage_for_domains(config, domains)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 257, in _find_lineage_for_domains
    ident_names_cert, subset_names_cert = cert_manager.find_duplicative_certs(config, domains)
  File "/usr/lib/python3/dist-packages/certbot/cert_manager.py", line 167, in find_duplicative_certs
    return _search_lineages(config, update_certs_for_domain_matches, (None, None))
  File "/usr/lib/python3/dist-packages/certbot/cert_manager.py", line 388, in _search_lineages
    rv = func(candidate_lineage, rv, *args)
  File "/usr/lib/python3/dist-packages/certbot/cert_manager.py", line 155, in update_certs_for_domain_matches
    candidate_names = set(candidate_lineage.names())
  File "/usr/lib/python3/dist-packages/certbot/storage.py", line 880, in names
    return crypto_util.get_names_from_cert(f.read())
  File "/usr/lib/python3/dist-packages/certbot/crypto_util.py", line 382, in get_names_from_cert
    csr, crypto.load_certificate, typ)
  File "/usr/lib/python3/dist-packages/certbot/crypto_util.py", line 362, in _get_names_from_cert_or_req
    loaded_cert_or_req = _load_cert_or_req(cert_or_req, load_func, typ)
  File "/usr/lib/python3/dist-packages/certbot/crypto_util.py", line 334, in _load_cert_or_req
    return load_func(typ, cert_or_req_str)
  File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 1837, in load_certificate
    _raise_current_error()
  File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.crypto.Error: [('PEM routines', 'get_name', 'no start line')]
2022-11-22 21:25:38,185:ERROR:certbot.log:An unexpected error occurred: