Error when trying to update Lets Encrypt cert

amibumpin · 20 April 2022 08:53

In 4 days I have to renew my cert, and I run dietpi-letsencrypt to update it manually, and I getting an error.

https://docs.microsoft.com/en-us/sql/integration-services/import-export-data/select-source-tables-and-views-sql-server-import-and-export-wizard?view=sql-server-ver15

This is the log:

2022-04-20 10:49:07,548:DEBUG:certbot._internal.main:certbot version: 1.12.0
2022-04-20 10:49:07,550:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2022-04-20 10:49:07,551:DEBUG:certbot._internal.main:Arguments: ['--webroot', '-w', '/var/www', '--agree-tos', '--no-eff-email', '--rsa-key-size', '4096', '-m', 'email@gmail.com', '-d', 'url.ddns.net']
2022-04-20 10:49:07,551:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-04-20 10:49:07,605:DEBUG:certbot._internal.log:Root logging level set at 20
2022-04-20 10:49:07,606:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2022-04-20 10:49:07,610:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2022-04-20 10:49:07,611:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7faefae8e0>
Prep: True
2022-04-20 10:49:07,613:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7faefae8e0> and installer None
2022-04-20 10:49:07,613:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2022-04-20 10:49:07,800:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/339981900', new_authzr_uri=None, terms_of_service=None), 40883a532df2823fb6d7f9a0bc77e477, Meta(creation_dt=datetime.datetime(2021, 12, 28, 18, 5, 58, tzinfo=<UTC>), creation_host='DietPi', register_to_eff=None))>
2022-04-20 10:49:07,803:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-04-20 10:49:07,812:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-04-20 10:49:08,305:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2022-04-20 10:49:08,307:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 20 Apr 2022 08:49:08 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
  "xp7ZrPt4XuE": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
2022-04-20 10:49:08,352:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer <certbot._internal.cli.cli_utils._Default object at 0x7faeec57c0>
2022-04-20 10:49:08,532:DEBUG:certbot._internal.storage:No matches for target cert.
2022-04-20 10:49:08,533:DEBUG:certbot._internal.storage:No matches for target privkey.
2022-04-20 10:49:08,534:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==1.12.0', 'console_scripts', 'certbot')())
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1413, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1286, in certonly
    should_get_cert, lineage = _find_cert(config, domains, certname)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 331, in _find_cert
    action, lineage = _find_lineage_for_domains_and_certname(config, domains, certname)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 363, in _find_lineage_for_domains_and_certname
    return _find_lineage_for_domains(config, domains)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 307, in _find_lineage_for_domains
    return _handle_identical_cert_request(config, ident_names_cert)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 237, in _handle_identical_cert_request
    if not lineage.ensure_deployed():
  File "/usr/lib/python3/dist-packages/certbot/_internal/storage.py", line 812, in ensure_deployed
    if self.has_pending_deployment():
  File "/usr/lib/python3/dist-packages/certbot/_internal/storage.py", line 831, in has_pending_deployment
    smallest_current = min(self.current_version(x) for x in ALL_FOUR)
TypeError: '<' not supported between instances of 'NoneType' and 'NoneType'
2022-04-20 10:49:08,537:ERROR:certbot._internal.log:An unexpected error occurred:
2022-04-20 10:49:08,538:ERROR:certbot._internal.log:TypeError: '<' not supported between instances of 'NoneType' and 'NoneType'

Thank you as always!

Jappe · 20 April 2022 12:00

Did you rename your .pem files by any chance?

Can you post the output of
ls -R /etc/letsencrypt/archive/?
(mask your domains if you want)

amibumpin · 20 April 2022 12:09

/etc/letsencrypt/archive/:
domain.ddns.net

/etc/letsencrypt/archive/domain.ddns.net:
cert.pem  chain.pem  fullchain.pem  privkey.pem

I don’t remember if I rename them, because I did some test in the past, but as far I can see I rename them with their original name as it appears…

Jappe · 20 April 2022 13:10

The names are incorrect, it should be cert1.pem chain1.pem fullchain1.pem privkey1.pem

You can just rename them (at least when they are not symlinks, but I checked my certs and there are actually not symlinks).
to check if they are symlinks, run ls -la inside the folder where the pem files are. On the left you see a notation like -rw-rw-r-- or drwxrwxr-x or similiar for each file. The notation for symlinks start with l (lowercase L),so if there is no l, you are fine to rename them, I guess.

mv chain.pem chain1.pem && mv cert.pem cert1.pem && mv fullchain.pem fullchain1.pem && mv privkey.pem privkey1.pem

amibumpin · 20 April 2022 16:14

It was that, thank you!