Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The server experienced an internal error :: Error creating new cert #90

Closed
ndbroadbent opened this issue Oct 13, 2016 · 2 comments
Closed

The server experienced an internal error :: Error creating new cert #90

ndbroadbent opened this issue Oct 13, 2016 · 2 comments

Comments

@ndbroadbent
Copy link

ndbroadbent commented Oct 13, 2016
edited

I have a script that I use to update SSL for two ELBs:

source /opt/letsencrypt/virtualenv/bin/activate

export AWS_ACCESS_KEY_ID="******"
export AWS_SECRET_ACCESS_KEY="******"
export AWS_DEFAULT_REGION="us-east-1"


update_certs() {
    local ELB_NAME="$1"
    local HOST="$2"

    read -d '' LETSENCRYPT_AWS_CONFIG <<EOF
{
    "domains": [
        {
            "elb": {
                "name": "${ELB_NAME}"
            },
            "hosts": ["${HOST}"]
        }
    ],
    "acme_account_key": "file:///opt/letsencrypt/letsencrypt-key.pem"
}
EOF
    export LETSENCRYPT_AWS_CONFIG

    python /opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py update-certificates
}


update_certs "prod-server-com-elb" "prod.server.com" && \
  update_certs "staging-server-com-elb" "staging.server.com" && \
  curl http://ping.pushmon.com/pushmon/ping/*********

This script has recently started failing with this output:

www-data@ip-*-*-*-*:/opt/letsencrypt$ ./update_elb_certs.sh
2016-10-13 21:38:18 [startup]
2016-10-13 21:38:18 [running] mode='single'
2016-10-13 21:38:18 [updating-elb] elb_name=u'prod-server-com-elb'
2016-10-13 21:38:18 [updating-elb.certificate-expiration] expiration_date=datetime.datetime(2016, 11, 6, 15, 32) elb_name=u'prod-server-com-elb'
2016-10-13 21:38:18 [updating-elb.request-acme-challenge] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:18 [updating-elb.create-txt-record] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:19 [updating-elb.wait-for-route53] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:49 [updating-elb.local-validation] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:49 [updating-elb.answer-challenge] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:49 [updating-elb.request-cert] elb_name=u'prod-server-com-elb'
2016-10-13 21:39:20 [updating-elb.delete-txt-record] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
Traceback (most recent call last):
  File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 578, in <module>
    cli()
  File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 716, in __call__
    return self.main(*args, **kwargs)
  File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 696, in main
    rv = self.invoke(ctx)
  File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 1060, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 889, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 534, in invoke
    return callback(*args, **kwargs)
  File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 541, in update_certificates
    force_issue, certificate_requests
  File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 433, in update_certs
    cert_request,
  File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 405, in update_cert
    authorizations, csr
  File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 330, in request_certificate
    authzrs=[authz_record.authz for authz_record in authorizations],
  File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 397, in poll_and_request_issuance
    return self.request_issuance(csr, updated_authzrs), updated_authzrs
  File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 312, in request_issuance
    headers={'Accept': content_type})
  File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 649, in post
    return self._check_response(response, content_type=content_type)
  File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 565, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:acme:error:serverInternal :: The server experienced an internal error :: Error creating new cert

I've updated letsencrypt-aws to the latest commit (84d56c1), but it's still not working.

I was wondering if you have seen this before, and if you could suggest any workarounds or fixes?
@alex
Copy link
Owner

alex commented Oct 13, 2016

This looks like a bug with letsnecrypt the service.

On Thu, Oct 13, 2016 at 5:43 PM, Nathan Broadbent notifications@github.com
wrote:

I have a script that I use to update SSL for two ELBs:

source /opt/letsencrypt/virtualenv/bin/activate

export AWS_ACCESS_KEY_ID="_"
export AWS_SECRET_ACCESS_KEY="="_""
export AWS_DEFAULT_REGION="us-east-1"

update_certs() {
local ELB_NAME="$1"
local HOST="$2"

read -d '' LETSENCRYPT_AWS_CONFIG <<EOF

{
"domains": [
{
"elb": {
"name": "${ELB_NAME}"
},
"hosts": ["${HOST}"]
}
],
"acme_account_key": "file:///opt/letsencrypt/letsencrypt-key.pem"
}
EOF
export LETSENCRYPT_AWS_CONFIG

python /opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py update-certificates

}

update_certs "prod-server-com-elb" "prod.server.com" &&
update_certs "staging-server-com-elb" "staging.server.com" &&
curl http://ping.pushmon.com/pushmon/ping/*********

This script has recently started failing with this output:

www-data@ip----:/opt/letsencrypt$ ./update_elb_certs.sh
2016-10-13 21:38:18 [startup]
2016-10-13 21:38:18 [running] mode='single'
2016-10-13 21:38:18 [updating-elb] elb_name=u'prod-server-com-elb'
2016-10-13 21:38:18 [updating-elb.certificate-expiration] expiration_date=datetime.datetime(2016, 11, 6, 15, 32) elb_name=u'prod-server-com-elb'
2016-10-13 21:38:18 [updating-elb.request-acme-challenge] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:18 [updating-elb.create-txt-record] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:19 [updating-elb.wait-for-route53] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:49 [updating-elb.local-validation] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:49 [updating-elb.answer-challenge] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:49 [updating-elb.request-cert] elb_name=u'prod-server-com-elb'
2016-10-13 21:39:20 [updating-elb.delete-txt-record] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
Traceback (most recent call last):
File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 578, in
cli()
File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 716, in call
return self.main(_args, *_kwargs)
File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 696, in main
rv = self.invoke(ctx)
File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 1060, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 889, in invoke
return ctx.invoke(self.callback, *_ctx.params)
File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 534, in invoke
return callback(_args, **kwargs)
File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 541, in update_certificates
force_issue, certificate_requests
File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 433, in update_certs
cert_request,
File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 405, in update_cert
authorizations, csr
File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 330, in request_certificate
authzrs=[authz_record.authz for authz_record in authorizations],
File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 397, in poll_and_request_issuance
return self.request_issuance(csr, updated_authzrs), updated_authzrs
File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 312, in request_issuance
headers={'Accept': content_type})
File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 649, in post
return self._check_response(response, content_type=content_type)
File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 565, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:acme:error:serverInternal :: The server experienced an internal error :: Error creating new cert

I've updated letsencrypt-aws to the latest commit (84d56c1
84d56c1),
but it's still not working.

I was wondering if you have seen this before, and if you could suggest any
workarounds or fixes?


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#90, or mute the thread
https://github.com/notifications/unsubscribe-auth/AAADBGIaNX7zKLFGRXJJ-3ujIeOe6stnks5qzqYSgaJpZM4KWaIY
.

"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: D1B3 ADC0 E023 8CA6

@ndbroadbent
Copy link
Author

Strange, yeah looks like they must have fixed something and it's working now. Sorry to bother you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alex @ndbroadbent