Lets Encrypt made some changes, due to which you need to upgrade your acme client if you are having issues getting SSLs. (This only applies to old installations, as new installations get latest code). Execute following command:
When i certbot renew on the command line it gives me following error:
certbot renew
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.37.2’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 378, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 2566, in load_entry_point
return ep.load()
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 2260, in load
entry = import(self.module_name, globals(),globals(), [‘name’])
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 17, in
from certbot import account
File “/usr/lib/python2.7/site-packages/certbot/account.py”, line 17, in
from acme import messages
File “/usr/lib/python2.7/site-packages/acme/messages.py”, line 11, in
from acme import challenges
File “/usr/lib/python2.7/site-packages/acme/challenges.py”, line 12, in
import requests
File “/usr/lib/python2.7/site-packages/requests/init.py”, line 97, in
from . import utils
File “/usr/lib/python2.7/site-packages/requests/utils.py”, line 28, in
from .compat import (
ImportError: cannot import name integer_types
Lets Encrypt made some changes, due to which you need to upgrade your acme client if you are having issues getting SSLs. (This only applies to old installations, as new installations get latest code). Execute following command:
That’s not the problem, CyberPanel. I am still getting errors after updating. It used to be that whenever redirect rules/.htaccess files were active, Let’s Encrypt could automatically renew certificates around those redirects. The issue is we have to completely clear out each of those .htaccess files individually, then renew manually, and then restore those .htaccess files.
EDIT: All the domains appear to renew without issue after renewing. It must be a permissions issue that requires an initial renewal after upgrading depending on the age of the certificate.
Lets Encrypt made some changes, due to which you need to upgrade your acme client if you are having issues getting SSLs. (This only applies to old installations, as new installations get latest code). Execute following command:
Cannot issue SSL. Error message: [Fri Sep 27 09:13:18 UTC 2019] Create new order error. Le_OrderFinalize not found. { “type”: “urn:ietf:params:acme:error:rateLimited”, “detail”: “Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt”, “status”: 429 } [Fri Sep 27 09:13:18 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details. [Fri Sep 27 09:13:18 UTC 2019] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub [Fri Sep 27 09:13:22 UTC 2019] Create new order error. Le_OrderFinalize not found. { “type”: “urn:ietf:params:acme:error:rateLimited”, “detail”: “Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt”, “status”: 429 } [Fri Sep 27 09:13:22 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details. [Fri Sep 27 09:13:22 UTC 2019] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub 0,283 Failed to obtain SSL for domain. [issueSSLForDomain]
CyberPanel is latest (clean installed two weeks ago)
Lets Encrypt made some changes, due to which you need to upgrade your acme client if you are having issues getting SSLs. (This only applies to old installations, as new installations get latest code). Execute following command:
Cannot issue SSL. Error message: [Fri Sep 27 09:13:18 UTC 2019] Create new order error. Le_OrderFinalize not found. { “type”: “urn:ietf:params:acme:error:rateLimited”, “detail”: “Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt”, “status”: 429 } [Fri Sep 27 09:13:18 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details. [Fri Sep 27 09:13:18 UTC 2019] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub [Fri Sep 27 09:13:22 UTC 2019] Create new order error. Le_OrderFinalize not found. { “type”: “urn:ietf:params:acme:error:rateLimited”, “detail”: “Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt”, “status”: 429 } [Fri Sep 27 09:13:22 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details. [Fri Sep 27 09:13:22 UTC 2019] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub 0,283 Failed to obtain SSL for domain. [issueSSLForDomain]
CyberPanel is latest (clean installed two weeks ago)
This issue is that when you update acme.sh, it loses the proper permissions it needs to temporarily disable the .htaccess/URL redirects of your website, which it uses in the certification process in order to verify that your domain is tied to your server. I had this problem with any of my sites that had the .htaccess enabled, be it proxies or WordPress sites. So as a workaround, you have to temporarily (1) copy to a safe place your .htaccess file contents, (2) temporarily clear your .htaccess file, (3) then run the SSL renewal in CyberPanel, and (4) finally restore your .htaccess file. After you complete this process, whenever it needs to renew again anytime in the future, it should renew automatically without you having to clear your .htaccess file.
I am experiencing issues deploying new sites with SSL Certificates. ( or deploying them without SSL and trying to get it after the fact).
I believe it does have something to do with permissions, however I don’t have the chance to update or move the .htaccess as it’s a new site. Even if I deploy the site without SSL, then try to get one after , there is no .htaccess to move
My production server is too new for any of the certs to expire…my development server is older and the certs started expiring and not renewing.
I did one manually with the entry from cron…it would show the CA server to be busy and never completed. It was leaving all kinds of orphaned Txt files.
I tried one domain manually with the --use-wget and it went straight through with curl (default) it hung in a loop.
I added the --use-wget to the cron entry and today the rest of the domains updated.
The issue I had was with letsencrypt changing to http/2 and centos (curl) not working. Acme.sh has been updated, but I don’t think it has solved all the issues with centos.
So what needs to be done here in order to update my code properly? OP posted a method, was told by the community that it didn’t work, and the OP has now ignored the community for 2 weeks. . .