Can't renew Let's encrypt

gerdchen03 · August 15, 2019, 9:24am

I tried, but diesen’t work:
/var/www/html/apps/gallery/js/vendor# sudo certbot certonly --apache -n -d nctest.tk

Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.28.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/pkg_resources/init.py”, line 561, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File “/usr/lib/python3/dist-packages/pkg_resources/init.py”, line 2631, in load_entry_point
return ep.load()
File “/usr/lib/python3/dist-packages/pkg_resources/init.py”, line 2291, in load
return self.resolve()
File “/usr/lib/python3/dist-packages/pkg_resources/init.py”, line 2297, in resolve
module = import(self.module_name, fromlist=[‘name’], level=0)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 19, in
from certbot import cert_manager
File “/usr/lib/python3/dist-packages/certbot/cert_manager.py”, line 16, in
from certbot import storage
File “/usr/lib/python3/dist-packages/certbot/storage.py”, line 16, in
from certbot import cli
File “/usr/lib/python3/dist-packages/certbot/cli.py”, line 36, in
import certbot.plugins.selection as plugin_selection
File “”, line 983, in _find_and_load
File “”, line 967, in _find_and_load_unlocked
File “”, line 677, in _load_unlocked
File “”, line 724, in exec_module
File “”, line 857, in get_code
File “”, line 525, in _compile_bytecode
ValueError: bad marshal data (unknown type code)

I have no idea what is wrong with my installation

anon93002831 · August 15, 2019, 9:45am

ist this an answer?

edit: wrong paste

gerdchen03 · August 15, 2019, 10:21am

I’m not really sure it is the right solution. But I find out, that I have 4 different python folders at /user/lib. python2.7, python3, python3.5, python3.7

python -V 
Python 2.7.16

gas85 · August 15, 2019, 11:44am

You can try

instead of certbot.

acme.sh --renew -d example.com --force

acme.sh --issue --apache -d example.com

gerdchen03 · August 15, 2019, 11:56am

I did
apt-get install acme
acme.sh --renew -d example.com --force

acme.sh: command not found

gas85 · August 15, 2019, 12:11pm

I believe you have an error there. Try as described in Docu:

curl https://get.acme.sh | sh

Or like this:

git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh
./acme.sh --install  \
--home ~/myacme \
--config-home ~/myacme/data \
--cert-home  ~/mycerts \
--accountemail  "my@example.com" \
--accountkey  ~/myaccount.key \
--accountconf ~/myaccount.conf \
--useragent  "this is my client."

gerdchen03 · August 15, 2019, 1:48pm

curl https://get.acme.sh | sh

[Do Aug 15 15:37:34 CEST 2019] Install success!

acme.sh --renew -d example.com --force

acme.sh: command not found

gas85 · August 15, 2019, 2:01pm

According to this ticket, please check it here: /root/.acme.sh/acme.sh. In any way during the installation process it should give you a hint where it was copied.

gerdchen03 · August 15, 2019, 6:36pm

Thanks!!
but there is an other Problem:
my.domain.com is not a issued domain

gerdchen03 · August 17, 2019, 5:14pm

No ideal what’s wrong with my system?

danb35 · August 17, 2019, 5:38pm

Is that an error message you’re receiving? If so, there should be more context, and it’d be very helpful if you’d provide it. Or are you saying that you’re using a domain you don’t actually own? If that’s the case, you shouldn’t have been able to get a cert from Let’s Encrypt in the first place.

gerdchen03 · August 17, 2019, 6:36pm

Yes, it is an error message I receive when using
acme.sh --renew -d example.com --force

I always get a certificate in the past with
/var/www/html/apps/gallery/js/vendor# sudo certbot certonly --apache -n -d nctest.tk

But it ends in an error, too.
The domain is a DynDNS-address: bltest.dynvpn.de

danb35 · August 17, 2019, 8:40pm

So you’re telling acme.sh to renew a domain it hasn’t issued before? Why do you think that will work?

gas85 · August 19, 2019, 9:22am

There are 2 ways that you can go:

Issue new Certificate with acme.

Stop apache2

sudo service apache2 stop

issue new certificate

sudo acme.sh --issue --alpn -d example.org

Check that path to the new certificate is configured in your apache2 config.
Start the Apache2 server:

sudo service apache2 start

Renew with certbot with debugging:
I see that you run renew with python 3 (at least from errors), but your default is python 2.7. I believe that certbot is trying to be executed with python 2.7. Seems also an old ticket regarding python version: https://github.com/certbot/certbot/pull/1257

DarkSteve · August 25, 2019, 11:42am

Sorry for the late reply, but I’m not sure I understand what you’re trying to do.
The command to renew a Let’s Encrypt certificate is “certbot renew”. The command you tried would have created a new certificate.

gas85 · August 26, 2019, 1:44pm

Yes, but there are at least 2 tools exist (in this tread): Acme and Certbot. If Tool A of them does not work anymore, then try to take tool B.
You can move issued certificate by your hand between tools A and B, but it will be more efficient way to do it is to issue Certificate again with a working tool B. After that you have to renew it only.