The server experienced an internal error :: Error creating new cert
ndbroadbent opened this issue · 2 comments
I have a script that I use to update SSL for two ELBs:
source /opt/letsencrypt/virtualenv/bin/activate
export AWS_ACCESS_KEY_ID="******"
export AWS_SECRET_ACCESS_KEY="******"
export AWS_DEFAULT_REGION="us-east-1"
update_certs() {
local ELB_NAME="$1"
local HOST="$2"
read -d '' LETSENCRYPT_AWS_CONFIG <<EOF
{
"domains": [
{
"elb": {
"name": "${ELB_NAME}"
},
"hosts": ["${HOST}"]
}
],
"acme_account_key": "file:///opt/letsencrypt/letsencrypt-key.pem"
}
EOF
export LETSENCRYPT_AWS_CONFIG
python /opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py update-certificates
}
update_certs "prod-server-com-elb" "prod.server.com" && \
update_certs "staging-server-com-elb" "staging.server.com" && \
curl http://ping.pushmon.com/pushmon/ping/*********
This script has recently started failing with this output:
www-data@ip-*-*-*-*:/opt/letsencrypt$ ./update_elb_certs.sh
2016-10-13 21:38:18 [startup]
2016-10-13 21:38:18 [running] mode='single'
2016-10-13 21:38:18 [updating-elb] elb_name=u'prod-server-com-elb'
2016-10-13 21:38:18 [updating-elb.certificate-expiration] expiration_date=datetime.datetime(2016, 11, 6, 15, 32) elb_name=u'prod-server-com-elb'
2016-10-13 21:38:18 [updating-elb.request-acme-challenge] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:18 [updating-elb.create-txt-record] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:19 [updating-elb.wait-for-route53] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:49 [updating-elb.local-validation] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:49 [updating-elb.answer-challenge] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:49 [updating-elb.request-cert] elb_name=u'prod-server-com-elb'
2016-10-13 21:39:20 [updating-elb.delete-txt-record] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
Traceback (most recent call last):
File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 578, in <module>
cli()
File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 716, in __call__
return self.main(*args, **kwargs)
File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 696, in main
rv = self.invoke(ctx)
File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 1060, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 889, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 534, in invoke
return callback(*args, **kwargs)
File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 541, in update_certificates
force_issue, certificate_requests
File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 433, in update_certs
cert_request,
File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 405, in update_cert
authorizations, csr
File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 330, in request_certificate
authzrs=[authz_record.authz for authz_record in authorizations],
File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 397, in poll_and_request_issuance
return self.request_issuance(csr, updated_authzrs), updated_authzrs
File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 312, in request_issuance
headers={'Accept': content_type})
File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 649, in post
return self._check_response(response, content_type=content_type)
File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 565, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:acme:error:serverInternal :: The server experienced an internal error :: Error creating new cert
I've updated letsencrypt-aws to the latest commit (84d56c1), but it's still not working.
I was wondering if you have seen this before, and if you could suggest any workarounds or fixes?
This looks like a bug with letsnecrypt the service.
On Thu, Oct 13, 2016 at 5:43 PM, Nathan Broadbent notifications@github.com
wrote:
I have a script that I use to update SSL for two ELBs:
source /opt/letsencrypt/virtualenv/bin/activate
export AWS_ACCESS_KEY_ID="_"
export AWS_SECRET_ACCESS_KEY="="_""
export AWS_DEFAULT_REGION="us-east-1"update_certs() {
local ELB_NAME="$1"
local HOST="$2"read -d '' LETSENCRYPT_AWS_CONFIG <<EOF{
"domains": [
{
"elb": {
"name": "${ELB_NAME}"
},
"hosts": ["${HOST}"]
}
],
"acme_account_key": "file:///opt/letsencrypt/letsencrypt-key.pem"
}
EOF
export LETSENCRYPT_AWS_CONFIGpython /opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py update-certificates}
update_certs "prod-server-com-elb" "prod.server.com" &&
update_certs "staging-server-com-elb" "staging.server.com" &&
curl http://ping.pushmon.com/pushmon/ping/*********This script has recently started failing with this output:
www-data@ip----:/opt/letsencrypt$ ./update_elb_certs.sh
2016-10-13 21:38:18 [startup]
2016-10-13 21:38:18 [running] mode='single'
2016-10-13 21:38:18 [updating-elb] elb_name=u'prod-server-com-elb'
2016-10-13 21:38:18 [updating-elb.certificate-expiration] expiration_date=datetime.datetime(2016, 11, 6, 15, 32) elb_name=u'prod-server-com-elb'
2016-10-13 21:38:18 [updating-elb.request-acme-challenge] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:18 [updating-elb.create-txt-record] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:19 [updating-elb.wait-for-route53] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:49 [updating-elb.local-validation] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:49 [updating-elb.answer-challenge] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:49 [updating-elb.request-cert] elb_name=u'prod-server-com-elb'
2016-10-13 21:39:20 [updating-elb.delete-txt-record] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
Traceback (most recent call last):
File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 578, in
cli()
File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 716, in call
return self.main(_args, *_kwargs)
File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 696, in main
rv = self.invoke(ctx)
File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 1060, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 889, in invoke
return ctx.invoke(self.callback, *_ctx.params)
File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 534, in invoke
return callback(_args, **kwargs)
File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 541, in update_certificates
force_issue, certificate_requests
File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 433, in update_certs
cert_request,
File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 405, in update_cert
authorizations, csr
File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 330, in request_certificate
authzrs=[authz_record.authz for authz_record in authorizations],
File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 397, in poll_and_request_issuance
return self.request_issuance(csr, updated_authzrs), updated_authzrs
File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 312, in request_issuance
headers={'Accept': content_type})
File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 649, in post
return self._check_response(response, content_type=content_type)
File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 565, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:acme:error:serverInternal :: The server experienced an internal error :: Error creating new certI've updated letsencrypt-aws to the latest commit (84d56c1
84d56c1),
but it's still not working.I was wondering if you have seen this before, and if you could suggest any
workarounds or fixes?—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#90, or mute the thread
https://github.com/notifications/unsubscribe-auth/AAADBGIaNX7zKLFGRXJJ-3ujIeOe6stnks5qzqYSgaJpZM4KWaIY
.
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: D1B3 ADC0 E023 8CA6
Strange, yeah looks like they must have fixed something and it's working now. Sorry to bother you!