Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

error using certbot/certmanager #37

Closed
Raldoh19 opened this issue Jul 1, 2020 · 11 comments
Closed

error using certbot/certmanager #37

Raldoh19 opened this issue Jul 1, 2020 · 11 comments
Labels
bug Something isn't working

Comments

@Raldoh19
Copy link

Raldoh19 commented Jul 1, 2020

I successfly managed to get my certificate using acme.sh.
acme.sh --server http://myserver --register-account --accountemail e@mail.com acme.sh --server http://myserver --issue -d acme-1.example.com -d example.com --standalone

But when I try using certbot or certmanager:
certbot --apache --server http://lmyserver -d example.com

I got the following error:
Error: [('asn1 encoding routines', 'ASN1_CHECK_TLEN', 'wrong tag'), ('asn1 encoding routines', 'ASN1_ITEM_EX_D2I', 'nested asn1 error'), ('asn1 encoding routines', 'ASN1_TEMPLATE_NOEXP_D2I', 'nested asn1 error'), ('PEM routines', 'PEM_ASN1_read_bio', 'ASN1 lib')]

For information, I'm using: acme2certifier and mscertsrv_ca_handler
@grindsa
Copy link
Owner

grindsa commented Jul 1, 2020
edited
Loading

Can you give it a try with the devel branch? Just to rule out that you got hit by 48500ef I fixed some days back. If this does not help please enable the debug mode in acme_srv.cfg and share the debug log for further analysis. The debug log from certbot would also be helpful.

@grindsa grindsa added the bug Something isn't working label Jul 1, 2020
@Raldoh19
Copy link
Author

Raldoh19 commented Jul 2, 2020

The devel branch seems to have the same issue, here is what I got on the logs:
The certificate is correctly issued on MSServer and all the data (csr, cert, key) returned are valid (tested with openssl) !

Certbot:

2020-07-02 09:35:05,114:DEBUG:acme.client:Sending POST request to http://myserver/acme/order/U.........M4/finalize:
{
  "protected": "eyJub............gIlJTMjU2In0",
  "payload": "ewogI............EhwQjgiCn0",
  "signature": "Jorl..............Y1w"
}
2020-07-02 09:35:05,949:DEBUG:urllib3.connectionpool:"POST /acme/order/U.........M4/finalize HTTP/1.1" 200 None
2020-07-02 09:35:05,950:DEBUG:acme.client:Received response:
HTTP 200
transfer-encoding: chunked
keep-alive: timeout=5, max=94
connection: Keep-Alive
location: http://myserver/acme/order/U.........M4
date: Thu, 02 Jul 2020 07:35:05 GMT
content-type: application/json
replay-nonce: 2678.......................0db36

{"status": "valid", "expires": "2020-07-03T07:35:00Z", "identifiers": [{"type": "dns", "value": "example.com"}], "authorizations": ["http://myserver/acme/authz/MQ3.....rPVT"], "finalize": "http://myserver/acme/order/U.........M4/finalize", "certificate": "http://myserver/acme/cert/dv.......udm"}
2020-07-02 09:35:05,950:DEBUG:acme.client:Storing nonce: 2678.......................0db36
2020-07-02 09:35:06,951:DEBUG:acme.client:JWS payload:

2020-07-02 09:35:06,953:DEBUG:acme.client:Sending POST request to http://myserver/acme/order/U.........M4:
{
  "protected": "eyJub2...........TMjU2In0",
  "payload": "",
  "signature": "hf........xH-g"
}
2020-07-02 09:35:06,989:DEBUG:urllib3.connectionpool:"POST /acme/order/U.........M4 HTTP/1.1" 200 None
2020-07-02 09:35:06,990:DEBUG:acme.client:Received response:
HTTP 200
transfer-encoding: chunked
keep-alive: timeout=5, max=93
connection: Keep-Alive
location: http://myserver/acme/order/U.........M4
date: Thu, 02 Jul 2020 07:35:06 GMT
content-type: application/json
replay-nonce: 207d...............2ffb1d

{"status": "valid", "expires": "2020-07-03T07:35:00Z", "identifiers": [{"type": "dns", "value": "example.com"}], "authorizations": ["http://myserver/acme/authz/MQ3.....rPVT"], "finalize": "http://myserver/acme/order/U.........M4/finalize", "certificate": "http://myserver/acme/cert/dv.......udm"}
2020-07-02 09:35:06,990:DEBUG:acme.client:Storing nonce: 207d..............b1d
2020-07-02 09:35:06,991:DEBUG:acme.client:JWS payload:

2020-07-02 09:35:06,993:DEBUG:acme.client:Sending POST request to http://myserver/acme/cert/dv.......udm:
{
  "protected": "eyJub.....NTYifQ",
  "payload": "",
  "signature": "vLmL......TqQ"
}
2020-07-02 09:35:07,008:DEBUG:urllib3.connectionpool:"POST /acme/cert/dv.......udm HTTP/1.1" 200 None
2020-07-02 09:35:07,008:DEBUG:acme.client:Received response:
HTTP 200
transfer-encoding: chunked
keep-alive: timeout=5, max=92
connection: Keep-Alive
date: Thu, 02 Jul 2020 07:35:06 GMT
content-type: application/pem-certificate-chain
replay-nonce: 4bdd................31f

-----BEGIN CERTIFICATE-----
MIII......yleqpw=
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIM.....+6XdMQA=
-----END CERTIFICATE-----

2020-07-02 09:35:07,009:DEBUG:acme.client:Storing nonce: 4bdd................31f
2020-07-02 09:35:07,010:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/certbot", line 9, in <module>
    load_entry_point('certbot==1.4.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1347, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1233, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 121, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 409, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 359, in obtain_certificate
    cert, chain = self.obtain_certificate_from_csr(csr, orderr)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 292, in obtain_certificate_from_csr
    cert, chain = crypto_util.cert_and_chain_from_fullchain(orderr.fullchain_pem)
  File "/usr/lib/python2.7/site-packages/certbot/crypto_util.py", line 515, in cert_and_chain_from_fullchain
    crypto.load_certificate(crypto.FILETYPE_PEM, cert)).decode() for cert in certs]
Error: [('asn1 encoding routines', 'ASN1_CHECK_TLEN', 'wrong tag'), ('asn1 encoding routines', 'ASN1_ITEM_EX_D2I', 'nested asn1 error'), ('asn1 encoding routines', 'ASN1_TEMPLATE_NOEXP_D2I', 'nested asn1 error'), ('PEM routines', 'PEM_ASN1_read_bio', 'ASN1 lib')]
2020-07-02 09:35:07,012:ERROR:certbot._internal.log:An unexpected error occurred:

acme2certifier:

[Thu Jul 02 09:35:05.172029 2020] [wsgi:error] [pid 111495] [remote ] order_lookup(name:U.........M4)
[Thu Jul 02 09:35:05.172068 2020] [wsgi:error] [pid 111495] [remote ] DBStore._order_search(column:name, pattern:U.........M4)
[Thu Jul 02 09:35:05.172796 2020] [wsgi:error] [pid 111495] [remote ] DBStore._order_search() ended
[Thu Jul 02 09:35:05.172870 2020] [wsgi:error] [pid 111495] [remote ] DBStore.order_lookup() ended with: {'identifiers': '[{"type": "dns", "value": "example.com"}]'}
[Thu Jul 02 09:35:05.172933 2020] [wsgi:error] [pid 111495] [remote ] Certificate._tnauth_identifier_check()
[Thu Jul 02 09:35:05.172979 2020] [wsgi:error] [pid 111495] [remote ] Certificate._tnauth_identifier_check() ended with: False
[Thu Jul 02 09:35:05.173018 2020] [wsgi:error] [pid 111495] [remote ] cert_san_get()
[Thu Jul 02 09:35:05.173054 2020] [wsgi:error] [pid 111495] [remote ] b64_url_recode()
[Thu Jul 02 09:35:05.173116 2020] [wsgi:error] [pid 111495] [remote ] build_pem_file()
[Thu Jul 02 09:35:05.173668 2020] [wsgi:error] [pid 111495] [remote ] cert_san_get() ended with: ['DNS:example.com']
[Thu Jul 02 09:35:05.173735 2020] [wsgi:error] [pid 111495] [remote ] Certificate._identifer_status_list()
[Thu Jul 02 09:35:05.173793 2020] [wsgi:error] [pid 111495] [remote ] SAN check for dns:example.com against identifiers returned True
[Thu Jul 02 09:35:05.173838 2020] [wsgi:error] [pid 111495] [remote ] Certificate._identifer_status_list() ended with [True]
[Thu Jul 02 09:35:05.173877 2020] [wsgi:error] [pid 111495] [remote ] Certificate._csr_check() ended with True
[Thu Jul 02 09:35:05.173927 2020] [wsgi:error] [pid 111495] [remote ] CAhandler.load_config()
[Thu Jul 02 09:35:05.173966 2020] [wsgi:error] [pid 111495] [remote ] load_config(/var/www/acme2certifier/acme/acme_srv.cfg:CAhandler)
[Thu Jul 02 09:35:05.174473 2020] [wsgi:error] [pid 111495] [remote ] CAhandler.load_config() ended
[Thu Jul 02 09:35:05.174530 2020] [wsgi:error] [pid 111495] [remote ] CAhandler.enroll(Acme_template)
[Thu Jul 02 09:35:05.179812 2020] [wsgi:error] [pid 111495] [remote ] CAhandler.__check_credentials()
[Thu Jul 02 09:35:05.180865 2020] [wsgi:error] [pid 111495] [remote ] Starting new HTTPS connection (1): msserver:443
[Thu Jul 02 09:35:05.196948 2020] [wsgi:error] [pid 111495] [remote ] https://msserver:443 "GET /certsrv/ HTTP/1.1" 401 1293
[Thu Jul 02 09:35:05.200101 2020] [wsgi:error] [pid 111495] [remote ] https://msserver:443 "GET /certsrv/ HTTP/1.1" 401 341
[Thu Jul 02 09:35:05.499221 2020] [wsgi:error] [pid 111495] [remote ] https://msserver:443 "GET /certsrv/ HTTP/1.1" 200 3626

[Thu Jul 02 09:35:05.500758 2020] [wsgi:error] [pid 111495] [remote ] Sent GET request to https://msserver/certsrv/, with headers:
[Thu Jul 02 09:35:05.500781 2020] [wsgi:error] [pid 111495] [remote ] User-agent: Mozilla/5.0 certsrv (https://github.com/magnuswatn/certsrv)
[Thu Jul 02 09:35:05.500787 2020] [wsgi:error] [pid 111495] [remote ] Connection: Keep-Alive
[Thu Jul 02 09:35:05.500792 2020] [wsgi:error] [pid 111495] [remote ] Authorization: NTLM TlR.......A==
[Thu Jul 02 09:35:05.500803 2020] [wsgi:error] [pid 111495] [remote ] and body:
[Thu Jul 02 09:35:05.500808 2020] [wsgi:error] [pid 111495] [remote ] None
[Thu Jul 02 09:35:05.500992 2020] [wsgi:error] [pid 111495] [remote ] Recieved response:
[Thu Jul 02 09:35:05.501007 2020] [wsgi:error] [pid 111495] [remote ] HTTP 200

[Thu Jul 02 09:35:05.501646 2020] [wsgi:error] [pid 111495] [remote ] CAhandler.__check_credentials() ended with True
[Thu Jul 02 09:35:05.501736 2020] [wsgi:error] [pid 111495] [remote ] b64_url_recode()

[Thu Jul 02 09:35:05.514459 2020] [wsgi:error] [pid 111495] [remote ] https://msserver:443 "GET /certsrv/certcarc.asp HTTP/1.1" 200 19656
[Thu Jul 02 09:35:05.515215 2020] [wsgi:error] [pid 111495] [remote ] Sent GET request to https://msserver/certsrv/certcarc.asp, with headers:
[Thu Jul 02 09:35:05.515228 2020] [wsgi:error] [pid 111495] [remote ] User-agent: Mozilla/5.0 certsrv (https://github.com/magnuswatn/certsrv)
[Thu Jul 02 09:35:05.515231 2020] [wsgi:error] [pid 111495] [remote ] Cookie: ASPSESSIONIDQESBATDS=MAIHLEMCILINAJBMOMDEGIMD
[Thu Jul 02 09:35:05.515234 2020] [wsgi:error] [pid 111495] [remote ] Connection: Keep-Alive
[Thu Jul 02 09:35:05.515239 2020] [wsgi:error] [pid 111495] [remote ] and body:
[Thu Jul 02 09:35:05.515243 2020] [wsgi:error] [pid 111495] [remote ] None
[Thu Jul 02 09:35:05.515380 2020] [wsgi:error] [pid 111495] [remote ] Recieved response:
[Thu Jul 02 09:35:05.515396 2020] [wsgi:error] [pid 111495] [remote ] HTTP 200

[Thu Jul 02 09:35:05.521361 2020] [wsgi:error] [pid 111495] [remote ] https://msserver:443 "GET /certsrv/certnew.p7b?ReqID=CACert&Renewal=1&Enc=b64 HTTP/1.1" 200 4404
[Thu Jul 02 09:35:05.521924 2020] [wsgi:error] [pid 111495] [remote ] Sent GET request to https://msserver/certsrv/certnew.p7b?ReqID=CACert&Renewal=1&Enc=b64, with headers:
[Thu Jul 02 09:35:05.521942 2020] [wsgi:error] [pid 111495] [remote ] User-agent: Mozilla/5.0 certsrv (https://github.com/magnuswatn/certsrv)
[Thu Jul 02 09:35:05.521946 2020] [wsgi:error] [pid 111495] [remote ] Cookie: ASPSESSIONIDQESBATDS=NAIHLEMCFKIHMCJDPFKAMJGK
[Thu Jul 02 09:35:05.521949 2020] [wsgi:error] [pid 111495] [remote ] Connection: Keep-Alive
[Thu Jul 02 09:35:05.521954 2020] [wsgi:error] [pid 111495] [remote ] and body:
[Thu Jul 02 09:35:05.521958 2020] [wsgi:error] [pid 111495] [remote ] None
[Thu Jul 02 09:35:05.522034 2020] [wsgi:error] [pid 111495] [remote ] Recieved response:
[Thu Jul 02 09:35:05.522041 2020] [wsgi:error] [pid 111495] [remote ] HTTP 200
[Thu Jul 02 09:35:05.522069 2020] [wsgi:error] [pid 111495] [remote ] -----BEGIN CERTIFICATE-----\r
[Thu Jul 02 09:35:05.522072 2020] [wsgi:error] [pid 111495] [remote ] MIIMVQYJKoZIhvcNAQcCoIIMRjCCDEICAQExADALBgkqhkiG9w0BBwGgggwqMIIG\r
[Thu Jul 02 09:35:05.522285 2020] [wsgi:error] [pid 111495] [remote ] s6Ug2CsDZFoe1O94ZxZ9ARN20j6928v2O3I3yDjAT1wXlbp0+6XdMQA=\r
[Thu Jul 02 09:35:05.522288 2020] [wsgi:error] [pid 111495] [remote ] -----END CERTIFICATE-----\r

[Thu Jul 02 09:35:05.901630 2020] [wsgi:error] [pid 111495] [remote ] https://msserver:443 "POST /certsrv/certfnsh.asp HTTP/1.1" 200 16089
[Thu Jul 02 09:35:05.902237 2020] [wsgi:error] [pid 111495] [remote ] Sent POST request to https://msserver/certsrv/certfnsh.asp, with headers:
[Thu Jul 02 09:35:05.902249 2020] [wsgi:error] [pid 111495] [remote ] User-agent: Mozilla/5.0 certsrv (https://github.com/magnuswatn/certsrv)
[Thu Jul 02 09:35:05.902252 2020] [wsgi:error] [pid 111495] [remote ] Cookie: ASPSESSIONIDQESBATDS=OAIHLEMCHLIBDDCBJGFHBDCN
[Thu Jul 02 09:35:05.902256 2020] [wsgi:error] [pid 111495] [remote ] Content-Length: 1073
[Thu Jul 02 09:35:05.902259 2020] [wsgi:error] [pid 111495] [remote ] Content-Type: application/x-www-form-urlencoded
[Thu Jul 02 09:35:05.902262 2020] [wsgi:error] [pid 111495] [remote ] Connection: Keep-Alive
[Thu Jul 02 09:35:05.902267 2020] [wsgi:error] [pid 111495] [remote ] and body:
[Thu Jul 02 09:35:05.902272 2020] [wsgi:error] [pid 111495] [remote ] Mode=newreq&CertRequest=MIICc.....A&CertAttrib=CertificateTemplate%3AAcme_template%0D%0A&FriendlyType=Saved-Request+Certificate&TargetStoreFlags=0&SaveCert=yes
[Thu Jul 02 09:35:05.902368 2020] [wsgi:error] [pid 111495] [remote ] Recieved response:
[Thu Jul 02 09:35:05.902379 2020] [wsgi:error] [pid 111495] [remote ] HTTP 200

[Thu Jul 02 09:35:05.931076 2020] [wsgi:error] [pid 111495] [remote ] https://msserver:443 "GET /certsrv/certnew.cer?ReqID=2620&Enc=b64 HTTP/1.1" 200 3084
[Thu Jul 02 09:35:05.931884 2020] [wsgi:error] [pid 111495] [remote ] Sent GET request to https://msserver/certsrv/certnew.cer?ReqID=2620&Enc=b64, with headers:
[Thu Jul 02 09:35:05.931898 2020] [wsgi:error] [pid 111495] [remote ] User-agent: Mozilla/5.0 certsrv (https://github.com/magnuswatn/certsrv)
[Thu Jul 02 09:35:05.931902 2020] [wsgi:error] [pid 111495] [remote ] Cookie: ASPSESSIONIDQESBATDS=OAIHLEMCHLIBDDCBJGFHBDCN
[Thu Jul 02 09:35:05.931905 2020] [wsgi:error] [pid 111495] [remote ] Connection: Keep-Alive
[Thu Jul 02 09:35:05.931910 2020] [wsgi:error] [pid 111495] [remote ] and body:
[Thu Jul 02 09:35:05.931914 2020] [wsgi:error] [pid 111495] [remote ] None
[Thu Jul 02 09:35:05.931990 2020] [wsgi:error] [pid 111495] [remote ] Recieved response:
[Thu Jul 02 09:35:05.931997 2020] [wsgi:error] [pid 111495] [remote ] HTTP 200
[Thu Jul 02 09:35:05.932025 2020] [wsgi:error] [pid 111495] [remote ] -----BEGIN CERTIFICATE-----\r
[Thu Jul 02 09:35:05.932027 2020] [wsgi:error] [pid 111495] [remote ] MIIIlTCCBn2gAwIBAgIKNBkI9wABAAAKPDANBgkqhkiG9w0BAQsFADBqMRUwEwYK\r
[Thu Jul 02 09:35:05.932173 2020] [wsgi:error] [pid 111495] [remote ] vps/goNaguMEJ3fGED6IgGAgOE5P013G2NTY7RgCt7L7UonlYyleqpw=\r
[Thu Jul 02 09:35:05.932176 2020] [wsgi:error] [pid 111495] [remote ] -----END CERTIFICATE-----\r

[Thu Jul 02 09:35:05.932283 2020] [wsgi:error] [pid 111495] [remote ] Certificate.enroll() ended
[Thu Jul 02 09:35:05.932666 2020] [wsgi:error] [pid 111495] [remote ] Certificate._store_cert(dv.......udm)
[Thu Jul 02 09:35:05.932726 2020] [wsgi:error] [pid 111495] [remote ] DBStore.certificate_add(dv.......udm)
[Thu Jul 02 09:35:05.932769 2020] [wsgi:error] [pid 111495] [remote ] DBStore._certificate_search(column:name, pattern:dv.......udm)
[Thu Jul 02 09:35:05.932946 2020] [wsgi:error] [pid 111495] [remote ] modified column to certificate.name
[Thu Jul 02 09:35:05.934869 2020] [wsgi:error] [pid 111495] [remote ] DBStore._certificate_search() ended
[Thu Jul 02 09:35:05.934943 2020] [wsgi:error] [pid 111495] [remote ] update existing entry for dv.......udm id:369
[Thu Jul 02 09:35:05.939151 2020] [wsgi:error] [pid 111495] [remote ] DBStore.certificate_add() ended with: 369
[Thu Jul 02 09:35:05.939230 2020] [wsgi:error] [pid 111495] [remote ] Certificate._store_cert(369) ended
[Thu Jul 02 09:35:05.939320 2020] [wsgi:error] [pid 111495] [remote ] Certificate.enroll_and_store() ended with: 369:None
[Thu Jul 02 09:35:05.939377 2020] [wsgi:error] [pid 111495] [remote ] Order._csr_process() ended with order:U.........M4 200:dv.......udm:None
[Thu Jul 02 09:35:05.939438 2020] [wsgi:error] [pid 111495] [remote ] Order._update({'name': 'U.........M4', 'status': 'valid'})
[Thu Jul 02 09:35:05.939483 2020] [wsgi:error] [pid 111495] [remote ] order_update({'name': 'U.........M4', 'status': 'valid'})
[Thu Jul 02 09:35:05.939524 2020] [wsgi:error] [pid 111495] [remote ] DBStore._status_search(column:name, pattern:valid)
[Thu Jul 02 09:35:05.939919 2020] [wsgi:error] [pid 111495] [remote ] DBStore._status_search() ended
[Thu Jul 02 09:35:05.943457 2020] [wsgi:error] [pid 111495] [remote ] DBStore.order_update() ended
[Thu Jul 02 09:35:05.943524 2020] [wsgi:error] [pid 111495] [remote ] Order._process() ended with order:U.........M4 200:None:None
[Thu Jul 02 09:35:05.943575 2020] [wsgi:error] [pid 111495] [remote ] Order._lookup(U.........M4)
[Thu Jul 02 09:35:05.943616 2020] [wsgi:error] [pid 111495] [remote ] Order._info(U.........M4)
[Thu Jul 02 09:35:05.943656 2020] [wsgi:error] [pid 111495] [remote ] order_lookup(name:U.........M4)
[Thu Jul 02 09:35:05.943694 2020] [wsgi:error] [pid 111495] [remote ] DBStore._order_search(column:name, pattern:U.........M4)
[Thu Jul 02 09:35:05.944422 2020] [wsgi:error] [pid 111495] [remote ] DBStore._order_search() ended
[Thu Jul 02 09:35:05.944499 2020] [wsgi:error] [pid 111495] [remote ] DBStore.order_lookup() ended with: {'notbefore': 0, 'notafter': 0, 'identifiers': '[{"type": "dns", "value": "example.com"}]', 'expires': 1593761700, 'status': 'valid'}
[Thu Jul 02 09:35:05.944621 2020] [wsgi:error] [pid 111495] [remote ] DBStore.authorization_lookup(column:order__name, pattern:U.........M4)
[Thu Jul 02 09:35:05.944666 2020] [wsgi:error] [pid 111495] [remote ] DBStore._authorization_search(column:order__name, pattern:U.........M4)
[Thu Jul 02 09:35:05.945682 2020] [wsgi:error] [pid 111495] [remote ] DBStore._authorization_search() ended
[Thu Jul 02 09:35:05.945770 2020] [wsgi:error] [pid 111495] [remote ] DBStore.authorization_lookup() ended
[Thu Jul 02 09:35:05.945822 2020] [wsgi:error] [pid 111495] [remote ] Order._lookup() ended
[Thu Jul 02 09:35:05.945870 2020] [wsgi:error] [pid 111495] [remote ] Message.prepare_response()
[Thu Jul 02 09:35:05.945910 2020] [wsgi:error] [pid 111495] [remote ] Nonce.nonce_generate_and_add()
[Thu Jul 02 09:35:05.945946 2020] [wsgi:error] [pid 111495] [remote ] Nonce.nonce__new()
[Thu Jul 02 09:35:05.946013 2020] [wsgi:error] [pid 111495] [remote ] got nonce: 2678.......................0db36
[Thu Jul 02 09:35:05.946053 2020] [wsgi:error] [pid 111495] [remote ] DBStore.nonce_add(2678.......................0db36)
[Thu Jul 02 09:35:05.949645 2020] [wsgi:error] [pid 111495] [remote ] DBStore.nonce_add() ended
[Thu Jul 02 09:35:05.949706 2020] [wsgi:error] [pid 111495] [remote ] Nonce.generate_and_add() ended with:2678.......................0db36
[Thu Jul 02 09:35:05.949795 2020] [wsgi:error] [pid 111495] [remote ] Order.parse() returns: {"header": {"Location": "http://myserver/acme/order/U.........M4", "Replay-Nonce": "2678.......................0db36"}, "data": {"status": "valid", "expires": "2020-07-03T07:35:00Z", "identifiers": [{"type": "dns", "value": "example.com"}], "authorizations": ["http://myserver/acme/authz/MQ........VT"], "finalize": "http://myserver/acme/order/U.........M4/finalize", "certificate": "http://myserver/acme/cert/dv.......udm"}, "code": 200}
[Thu Jul 02 09:35:05.949943 2020] [wsgi:error] [pid 111495] [remote ] ip_adress /acme/order/U.........M4/finalize {'header': {'Location': 'http://myserver/acme/order/U.........M4', 'Replay-Nonce': '- modified -'}, 'data': {'status': 'valid', 'expires': '2020-07-03T07:35:00Z', 'identifiers': [{'type': 'dns', 'value': 'example.com'}], 'authorizations': ['http://myserver/acme/authz/MQ........VT'], 'finalize': 'http://myserver/acme/order/U.........M4/finalize', 'certificate': 'http://myserver/acme/cert/dv.......udm'}, 'code': 200}
[Thu Jul 02 09:35:06.956133 2020] [authz_core:debug] [pid 111498] mod_authz_core.c(809): [client ip_adress:43364] AH01626: authorization result of Require all granted: granted
[Thu Jul 02 09:35:06.956158 2020] [authz_core:debug] [pid 111498] mod_authz_core.c(809): [client ip_adress:43364] AH01626: authorization result of <RequireAny>: granted
[Thu Jul 02 09:35:06.956267 2020] [authz_core:debug] [pid 111498] mod_authz_core.c(809): [client ip_adress:43364] AH01626: authorization result of Require all granted: granted
[Thu Jul 02 09:35:06.956274 2020] [authz_core:debug] [pid 111498] mod_authz_core.c(809): [client ip_adress:43364] AH01626: authorization result of <RequireAny>: granted
[Thu Jul 02 09:35:06.956886 2020] [wsgi:error] [pid 111495] [remote ] _config_load()
[Thu Jul 02 09:35:06.957550 2020] [wsgi:error] [pid 111495] [remote ] Order._config_load()
[Thu Jul 02 09:35:06.958016 2020] [wsgi:error] [pid 111495] [remote ] Order._config_load() ended.
[Thu Jul 02 09:35:06.958157 2020] [wsgi:error] [pid 111495] [remote ] Order.parse()
[Thu Jul 02 09:35:06.958210 2020] [wsgi:error] [pid 111495] [remote ] Message.check()
[Thu Jul 02 09:35:06.958252 2020] [wsgi:error] [pid 111495] [remote ] decode_message()
[Thu Jul 02 09:35:06.958612 2020] [wsgi:error] [pid 111495] [remote ] Nonce.check_nonce()
[Thu Jul 02 09:35:06.958670 2020] [wsgi:error] [pid 111495] [remote ] Nonce.nonce._check_and_delete(2678.......................0db36)
[Thu Jul 02 09:35:06.958717 2020] [wsgi:error] [pid 111495] [remote ] DBStore.nonce_check(2678.......................0db36)
[Thu Jul 02 09:35:06.959250 2020] [wsgi:error] [pid 111495] [remote ] DBStore.nonce_check() ended
[Thu Jul 02 09:35:06.959324 2020] [wsgi:error] [pid 111495] [remote ] DBStore.nonce_delete(2678.......................0db36)
[Thu Jul 02 09:35:06.962952 2020] [wsgi:error] [pid 111495] [remote ] DBStore.nonce_delete() ended
[Thu Jul 02 09:35:06.963018 2020] [wsgi:error] [pid 111495] [remote ] Nonce._check_and_delete() ended with:200
[Thu Jul 02 09:35:06.963067 2020] [wsgi:error] [pid 111495] [remote ] Nonce.check_nonce() ended with:200
[Thu Jul 02 09:35:06.963168 2020] [wsgi:error] [pid 111495] [remote ] Message._name_get()
[Thu Jul 02 09:35:06.963221 2020] [wsgi:error] [pid 111495] [remote ] kid: http://myserver/acme/acct/wN.......zin
[Thu Jul 02 09:35:06.963267 2020] [wsgi:error] [pid 111495] [remote ] Message._name_get() returns: wN.......zin
[Thu Jul 02 09:35:06.963350 2020] [wsgi:error] [pid 111495] [remote ] Signature.check(wN.......zin)
[Thu Jul 02 09:35:06.963397 2020] [wsgi:error] [pid 111495] [remote ] check signature against account key
[Thu Jul 02 09:35:06.963437 2020] [wsgi:error] [pid 111495] [remote ] Signature._jwk_load(wN.......zin)
[Thu Jul 02 09:35:06.963478 2020] [wsgi:error] [pid 111495] [remote ] DBStore.jwk_load(wN.......zin)
[Thu Jul 02 09:35:06.963518 2020] [wsgi:error] [pid 111495] [remote ] DBStore._account_search(column:name, pattern:wN.......zin)
[Thu Jul 02 09:35:06.963962 2020] [wsgi:error] [pid 111495] [remote ] DBStore._account_search() ended
[Thu Jul 02 09:35:06.964033 2020] [wsgi:error] [pid 111495] [remote ] DBStore.jwk_load() ended
[Thu Jul 02 09:35:06.964078 2020] [wsgi:error] [pid 111495] [remote ] signature_check()
[Thu Jul 02 09:35:06.964792 2020] [wsgi:error] [pid 111495] [remote ] Signature.check() ended with: True:None
[Thu Jul 02 09:35:06.964858 2020] [wsgi:error] [pid 111495] [remote ] Message.check() ended with:200
[Thu Jul 02 09:35:06.964912 2020] [wsgi:error] [pid 111495] [remote ] Order._name_get(http://myserver/acme/order/U.........M4)
[Thu Jul 02 09:35:06.964960 2020] [wsgi:error] [pid 111495] [remote ] parse_url(http://myserver/acme/order/U.........M4)
[Thu Jul 02 09:35:06.965066 2020] [wsgi:error] [pid 111495] [remote ] Order._name_get() ended
[Thu Jul 02 09:35:06.965115 2020] [wsgi:error] [pid 111495] [remote ] Order._lookup(U.........M4)
[Thu Jul 02 09:35:06.965160 2020] [wsgi:error] [pid 111495] [remote ] Order._info(U.........M4)
[Thu Jul 02 09:35:06.965222 2020] [wsgi:error] [pid 111495] [remote ] order_lookup(name:U.........M4)
[Thu Jul 02 09:35:06.965275 2020] [wsgi:error] [pid 111495] [remote ] DBStore._order_search(column:name, pattern:U.........M4)
[Thu Jul 02 09:35:06.966035 2020] [wsgi:error] [pid 111495] [remote ] DBStore._order_search() ended
[Thu Jul 02 09:35:06.966120 2020] [wsgi:error] [pid 111495] [remote ] DBStore.order_lookup() ended with: {'notbefore': 0, 'notafter': 0, 'identifiers': '[{"type": "dns", "value": "example.com"}]', 'expires': 1593761700, 'status': 'valid'}
[Thu Jul 02 09:35:06.966238 2020] [wsgi:error] [pid 111495] [remote ] DBStore.authorization_lookup(column:order__name, pattern:U.........M4)
[Thu Jul 02 09:35:06.966284 2020] [wsgi:error] [pid 111495] [remote ] DBStore._authorization_search(column:order__name, pattern:U.........M4)
[Thu Jul 02 09:35:06.967616 2020] [wsgi:error] [pid 111495] [remote ] DBStore._authorization_search() ended
[Thu Jul 02 09:35:06.967691 2020] [wsgi:error] [pid 111495] [remote ] DBStore.authorization_lookup() ended
[Thu Jul 02 09:35:06.967750 2020] [wsgi:error] [pid 111495] [remote ] Order._lookup() ended
[Thu Jul 02 09:35:06.967807 2020] [wsgi:error] [pid 111495] [remote ] Order._process(U.........M4)
[Thu Jul 02 09:35:06.967848 2020] [wsgi:error] [pid 111495] [remote ] polling request()
[Thu Jul 02 09:35:06.967891 2020] [wsgi:error] [pid 111495] [remote ] DBstore.certificate_lookup(order__name:U.........M4)
[Thu Jul 02 09:35:06.967932 2020] [wsgi:error] [pid 111495] [remote ] DBStore._certificate_search(column:order__name, pattern:U.........M4)
[Thu Jul 02 09:35:06.983205 2020] [wsgi:error] [pid 111495] [remote ] DBStore._certificate_search() ended
[Thu Jul 02 09:35:06.983348 2020] [wsgi:error] [pid 111495] [remote ] DBStore.certificate_lookup() ended with: {'name': 'dv.......udm', 'csr': 'MIICcT....9xHpB8=', 'cert': '-----BEGIN CERTIFICATE-----\\r\\nMIII\\n-----END CERTIFICATE-----\\r\\n-----BEGIN CERTIFICATE-----\\r\\nMIIMVQYJKoZIhvc\\r\\nBQADggIBAA2cibcae
[Thu Jul 02 09:35:06.983433 2020] [wsgi:error] [pid 111495] [remote ] Order._process() ended with order:U.........M4 200:None:None
[Thu Jul 02 09:35:06.983704 2020] [wsgi:error] [pid 111495] [remote ] Order._lookup(U.........M4)
[Thu Jul 02 09:35:06.983775 2020] [wsgi:error] [pid 111495] [remote ] Order._info(U.........M4)
[Thu Jul 02 09:35:06.983823 2020] [wsgi:error] [pid 111495] [remote ] order_lookup(name:U.........M4)
[Thu Jul 02 09:35:06.983864 2020] [wsgi:error] [pid 111495] [remote ] DBStore._order_search(column:name, pattern:U.........M4)
[Thu Jul 02 09:35:06.984599 2020] [wsgi:error] [pid 111495] [remote ] DBStore._order_search() ended
[Thu Jul 02 09:35:06.984679 2020] [wsgi:error] [pid 111495] [remote ] DBStore.order_lookup() ended with: {'notbefore': 0, 'notafter': 0, 'identifiers': '[{"type": "dns", "value": "example.com"}]', 'expires': 1593761700, 'status': 'valid'}
[Thu Jul 02 09:35:06.984823 2020] [wsgi:error] [pid 111495] [remote ] DBStore.authorization_lookup(column:order__name, pattern:U.........M4)
[Thu Jul 02 09:35:06.984875 2020] [wsgi:error] [pid 111495] [remote ] DBStore._authorization_search(column:order__name, pattern:U.........M4)
[Thu Jul 02 09:35:06.985975 2020] [wsgi:error] [pid 111495] [remote ] DBStore._authorization_search() ended
[Thu Jul 02 09:35:06.986048 2020] [wsgi:error] [pid 111495] [remote ] DBStore.authorization_lookup() ended
[Thu Jul 02 09:35:06.986100 2020] [wsgi:error] [pid 111495] [remote ] Order._lookup() ended
[Thu Jul 02 09:35:06.986148 2020] [wsgi:error] [pid 111495] [remote ] Message.prepare_response()
[Thu Jul 02 09:35:06.986189 2020] [wsgi:error] [pid 111495] [remote ] Nonce.nonce_generate_and_add()
[Thu Jul 02 09:35:06.986227 2020] [wsgi:error] [pid 111495] [remote ] Nonce.nonce__new()
[Thu Jul 02 09:35:06.986294 2020] [wsgi:error] [pid 111495] [remote ] got nonce: 207d..............b1d
[Thu Jul 02 09:35:06.986351 2020] [wsgi:error] [pid 111495] [remote ] DBStore.nonce_add(207d..............b1d)
[Thu Jul 02 09:35:06.990076 2020] [wsgi:error] [pid 111495] [remote ] DBStore.nonce_add() ended
[Thu Jul 02 09:35:06.990140 2020] [wsgi:error] [pid 111495] [remote ] Nonce.generate_and_add() ended with:207d..............b1d
[Thu Jul 02 09:35:06.990229 2020] [wsgi:error] [pid 111495] [remote ] Order.parse() returns: {"header": {"Location": "http://myserver/acme/order/U.........M4", "Replay-Nonce": "207d..............b1d"}, "data": {"status": "valid", "expires": "2020-07-03T07:35:00Z", "identifiers": [{"type": "dns", "value": "example.com"}], "authorizations": ["http://myserver/acme/authz/MQ........VT"], "finalize": "http://myserver/acme/order/U.........M4/finalize", "certificate": "http://myserver/acme/cert/dv.......udm"}, "code": 200}
[Thu Jul 02 09:35:06.990381 2020] [wsgi:error] [pid 111495] [remote ] ip_adress /acme/order/U.........M4 {'header': {'Location': 'http://myserver/acme/order/U.........M4', 'Replay-Nonce': '- modified -'}, 'data': {'status': 'valid', 'expires': '2020-07-03T07:35:00Z', 'identifiers': [{'type': 'dns', 'value': 'example.com'}], 'authorizations': ['http://myserver/acme/authz/MQ........VT'], 'finalize': 'http://myserver/acme/order/U.........M4/finalize', 'certificate': 'http://myserver/acme/cert/dv.......udm'}, 'code': 200}
[Thu Jul 02 09:35:06.995031 2020] [authz_core:debug] [pid 111498] mod_authz_core.c(809): [client ip_adress:43364] AH01626: authorization result of Require all granted: granted
[Thu Jul 02 09:35:06.995046 2020] [authz_core:debug] [pid 111498] mod_authz_core.c(809): [client ip_adress:43364] AH01626: authorization result of <RequireAny>: granted
[Thu Jul 02 09:35:06.995137 2020] [authz_core:debug] [pid 111498] mod_authz_core.c(809): [client ip_adress:43364] AH01626: authorization result of Require all granted: granted
[Thu Jul 02 09:35:06.995143 2020] [authz_core:debug] [pid 111498] mod_authz_core.c(809): [client ip_adress:43364] AH01626: authorization result of <RequireAny>: granted
[Thu Jul 02 09:35:06.995528 2020] [wsgi:error] [pid 111495] [remote ] _config_load()
[Thu Jul 02 09:35:06.996047 2020] [wsgi:error] [pid 111495] [remote ] Certificate._config_load()
[Thu Jul 02 09:35:06.996537 2020] [wsgi:error] [pid 111495] [remote ] Certificate._config_load() ended.
[Thu Jul 02 09:35:06.996681 2020] [wsgi:error] [pid 111495] [remote ] Certificate.new_post({0})
[Thu Jul 02 09:35:06.996734 2020] [wsgi:error] [pid 111495] [remote ] Message.check()
[Thu Jul 02 09:35:06.996774 2020] [wsgi:error] [pid 111495] [remote ] decode_message()
[Thu Jul 02 09:35:06.997064 2020] [wsgi:error] [pid 111495] [remote ] Nonce.check_nonce()
[Thu Jul 02 09:35:06.997115 2020] [wsgi:error] [pid 111495] [remote ] Nonce.nonce._check_and_delete(207d..............b1d)
[Thu Jul 02 09:35:06.997165 2020] [wsgi:error] [pid 111495] [remote ] DBStore.nonce_check(207d..............b1d)
[Thu Jul 02 09:35:06.997662 2020] [wsgi:error] [pid 111495] [remote ] DBStore.nonce_check() ended
[Thu Jul 02 09:35:06.997722 2020] [wsgi:error] [pid 111495] [remote ] DBStore.nonce_delete(207d..............b1d)
[Thu Jul 02 09:35:07.000989 2020] [wsgi:error] [pid 111495] [remote ] DBStore.nonce_delete() ended
[Thu Jul 02 09:35:07.001057 2020] [wsgi:error] [pid 111495] [remote ] Nonce._check_and_delete() ended with:200
[Thu Jul 02 09:35:07.001102 2020] [wsgi:error] [pid 111495] [remote ] Nonce.check_nonce() ended with:200
[Thu Jul 02 09:35:07.001143 2020] [wsgi:error] [pid 111495] [remote ] Message._name_get()
[Thu Jul 02 09:35:07.001182 2020] [wsgi:error] [pid 111495] [remote ] kid: http://myserver/acme/acct/wN.......zin
[Thu Jul 02 09:35:07.001225 2020] [wsgi:error] [pid 111495] [remote ] Message._name_get() returns: wN.......zin
[Thu Jul 02 09:35:07.001285 2020] [wsgi:error] [pid 111495] [remote ] Signature.check(wN.......zin)
[Thu Jul 02 09:35:07.001342 2020] [wsgi:error] [pid 111495] [remote ] check signature against account key
[Thu Jul 02 09:35:07.001386 2020] [wsgi:error] [pid 111495] [remote ] Signature._jwk_load(wN.......zin)
[Thu Jul 02 09:35:07.001467 2020] [wsgi:error] [pid 111495] [remote ] DBStore.jwk_load(wN.......zin)
[Thu Jul 02 09:35:07.001542 2020] [wsgi:error] [pid 111495] [remote ] DBStore._account_search(column:name, pattern:wN.......zin)
[Thu Jul 02 09:35:07.001993 2020] [wsgi:error] [pid 111495] [remote ] DBStore._account_search() ended
[Thu Jul 02 09:35:07.002066 2020] [wsgi:error] [pid 111495] [remote ] DBStore.jwk_load() ended
[Thu Jul 02 09:35:07.002111 2020] [wsgi:error] [pid 111495] [remote ] signature_check()
[Thu Jul 02 09:35:07.002765 2020] [wsgi:error] [pid 111495] [remote ] Signature.check() ended with: True:None
[Thu Jul 02 09:35:07.002832 2020] [wsgi:error] [pid 111495] [remote ] Message.check() ended with:200
[Thu Jul 02 09:35:07.002883 2020] [wsgi:error] [pid 111495] [remote ] Certificate.new_get(http://myserver/acme/cert/dv.......udm)
[Thu Jul 02 09:35:07.002930 2020] [wsgi:error] [pid 111495] [remote ] Certificate._info(dv.......udm)
[Thu Jul 02 09:35:07.002970 2020] [wsgi:error] [pid 111495] [remote ] DBstore.certificate_lookup(name:dv.......udm)
[Thu Jul 02 09:35:07.003009 2020] [wsgi:error] [pid 111495] [remote ] DBStore._certificate_search(column:name, pattern:dv.......udm)
[Thu Jul 02 09:35:07.003122 2020] [wsgi:error] [pid 111495] [remote ] modified column to certificate.name
[Thu Jul 02 09:35:07.004893 2020] [wsgi:error] [pid 111495] [remote ] DBStore._certificate_search() ended
[Thu Jul 02 09:35:07.005022 2020] [wsgi:error] [pid 111495] [remote ] DBStore.certificate_lookup() ended with: {'name': 'dv.......udm', 'csr': 'MIICcTC.......9xHpB8=', 'cert': '-----BEGIN CERTIFICATE-----\\r\\nMIIIlTC\\r\\n-----END CERTIFICATE-----\\r\\n-----BEGIN CERTIFICATE-----\\r\\nMIIMVQYggIBAA2cibcae
[Thu Jul 02 09:35:07.005099 2020] [wsgi:error] [pid 111495] [remote ] Certificate.new_get(200) ended
[Thu Jul 02 09:35:07.005143 2020] [wsgi:error] [pid 111495] [remote ] Message.prepare_response()
[Thu Jul 02 09:35:07.005182 2020] [wsgi:error] [pid 111495] [remote ] Nonce.nonce_generate_and_add()
[Thu Jul 02 09:35:07.005217 2020] [wsgi:error] [pid 111495] [remote ] Nonce.nonce__new()
[Thu Jul 02 09:35:07.005281 2020] [wsgi:error] [pid 111495] [remote ] got nonce: 4bdd................31f
[Thu Jul 02 09:35:07.005340 2020] [wsgi:error] [pid 111495] [remote ] DBStore.nonce_add(4bdd................31f)
[Thu Jul 02 09:35:07.008841 2020] [wsgi:error] [pid 111495] [remote ] DBStore.nonce_add() ended
[Thu Jul 02 09:35:07.008911 2020] [wsgi:error] [pid 111495] [remote ] Nonce.generate_and_add() ended with:4bdd................31f
[Thu Jul 02 09:35:07.008961 2020] [wsgi:error] [pid 111495] [remote ] Certificate.new_post() ended with: 200
[Thu Jul 02 09:35:07.009057 2020] [wsgi:error] [pid 111495] [remote ] ip_adress /acme/cert/dv.......udm {'code': 200, 'data': ' - certificate - ', 'header': {'Content-Type': 'application/pem-certificate-chain', 'Replay-Nonce': '- modified -'}}

@grindsa
Copy link
Owner

grindsa commented Jul 2, 2020
edited
Loading

Thanks for sharing the logs. I dont really see anything suspicious. Let me try to replicate the setup on my side later today.

Two questions:

  1. can you confirm that there is an empty line as shown below in the certbot.logs
-----BEGIN CERTIFICATE-----
MIII......yleqpw=
-----END CERTIFICATE-----
                            <------
-----BEGIN CERTIFICATE-----
MIIM.....+6XdMQA=
-----END CERTIFICATE-----
  1. can you try the --standalone option to check if the behavior is different? so something like
certbot certonly --server http://your-acme-srv --standalone --preferred-challenges http -d example.com --debug

@grindsa
Copy link
Owner

grindsa commented Jul 2, 2020

I think i found the problem. Looking into the files stored on the disk i see something strange in the chain.pem and fullchain.pem.

cat fullchain.pem
-----BEGIN CERTIFICATE-----
MIIGHzCCB....
-----END CERTIFICATE-----
6uMUA=                                <------
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFyAY...
-----END CERTIFICATE-----

Will try to understand how this happened and how to fix it.

@Raldoh19
Copy link
Author

Raldoh19 commented Jul 2, 2020

I don't have the empty line between the two certificates, and nothing seems wrong within the log but I can't find the fullchain.pem/chain.pem

I will keep you in touch if I manage to find any new leads, thank you !

grindsa added a commit that referenced this issue Jul 2, 2020
@grindsa
[fix] #37 - crlf - lf conversion
057ba57
@grindsa
Copy link
Owner

grindsa commented Jul 2, 2020

I think i found the culprit. Seems certbot is quite picky with line breaks. With the above referenced fix i was able to enroll and activate a certificate with the command
certbot --server http://acme-srv.bar.local --apache -d certbot-1.bar.local --no-eff-email

Give it a try and let me know how it works...

@Raldoh19
Copy link
Author

Raldoh19 commented Jul 6, 2020

I'm still having the same issue despite the modification. Logs are the same.

@grindsa
Copy link
Owner

grindsa commented Jul 6, 2020

This is strange. Which certbot version (certbot --version) are you using? chain.pem and full-chain.pem are stored in /etc/letsencrypt/live/example.com. These files had a damaged format before applying the patch. Can you please check if the format looks ok?

Will certbot certonly --standaloe --server http://myserver -d example.com throw the same error?

@Raldoh19
Copy link
Author

Raldoh19 commented Jul 6, 2020

I have tried with both: certbot 1.6.0.dev0 and certbot 1.4
And I do not have any directory named live in my /etc/letsencrypt:

[root@server ~]$ ls -l /etc/letsencrypt/
total 12
drwx------ 5 root root   94 Jul  2 14:48 accounts
drwxr-xr-x 2 root root 4096 Jul  6 20:03 csr
drwx------ 2 root root 4096 Jul  6 20:03 keys
-rw-r--r-- 1 root root  924 Jul  1 11:08 options-ssl-apache.conf
drwxr-xr-x 2 root root    6 Jul  1 11:09 renewal
drwxr-xr-x 5 root root   40 Jul  1 11:08 renewal-hooks

I found this in certbot.log:

2020-07-06 20:03:14,448:DEBUG:urllib3.connectionpool:http://myserver:80 "POST /acme/cert/RANDOM_CERT_TOKEN HTTP/1.1" 200 None
2020-07-06 20:03:14,448:DEBUG:acme.client:Received response:
HTTP 200
Date: Mon, 06 Jul 2020 18:03:14 GMT
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/pem-certificate-chain

-----BEGIN CERTIFICATE-----
MIIIlTCCBn2gAwIBAgIKEtiSrAABAAAKVDANBgkqhkiG9w0BAQsFADBqMRUwEwYK
49c14yWfDrLKzmbDJbsVk83VKJJ/Z/DKtd5yRcCXGfpLjDiOY8Em0Ew=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIMVQYJKoZIhvcNAQcCoIIMRjCCDEICAQExADALBgkqhkiG9w0BBwGgggwqMIIG
s6Ug2CsDZFoe1O94ZxZ9ARN20j6928v2O3I3yDjAT1wXlbp0+6XdMQA=
-----END CERTIFICATE-----

2020-07-06 20:03:14,448:DEBUG:acme.client:Storing nonce: 90ffc5b43d614f57957e9fb01b13117c
2020-07-06 20:03:14,449:DEBUG:certbot._internal.log:Exiting abnormally:

If I copy paste the whole certificate in fullchain.pem, I got the following error:

openssl x509 -text -in fullchain.pem
unable to load certificate
140379947083664:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1220:
140379947083664:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:386:Type=X509_CINF
140379947083664:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:720:Field=cert_info, Type=X509
140379947083664:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:

grindsa added a commit that referenced this issue Jul 6, 2020
@grindsa
[fix] #37 _pkcs7_to_pem()
9a580fc
@grindsa
Copy link
Owner

grindsa commented Jul 6, 2020
edited
Loading

Seems my local certbot client was too old to detect that the handler returned a pkcs#7 object instead of pem. After updating to certbot 1.5 I was able to replicate the problem. Fix 9a580fc has been pushed to devel branch which hopefully address your issue.

@Raldoh19
Copy link
Author

Raldoh19 commented Jul 7, 2020

It works! I have tried with both certbot and certmanager (kubernetes) and the certificate is correctly issued, thank you !

@Raldoh19 Raldoh19 closed this as completed Jul 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@grindsa @Raldoh19