search

alex / letsencrypt-aws

BSD 3-Clause "New" or "Revised" License
728 stars 121 forks source link

The server experienced an internal error :: Error creating new cert #90

Closed ndbroadbent closed 7 years ago

ndbroadbent commented 7 years ago

I have a script that I use to update SSL for two ELBs:

source /opt/letsencrypt/virtualenv/bin/activate

export AWS_ACCESS_KEY_ID="******"
export AWS_SECRET_ACCESS_KEY="******"
export AWS_DEFAULT_REGION="us-east-1"

update_certs() {
    local ELB_NAME="$1"
    local HOST="$2"

    read -d '' LETSENCRYPT_AWS_CONFIG <<EOF
{
    "domains": [
        {
            "elb": {
                "name": "${ELB_NAME}"
            },
            "hosts": ["${HOST}"]
        }
    ],
    "acme_account_key": "file:///opt/letsencrypt/letsencrypt-key.pem"
}
EOF
    export LETSENCRYPT_AWS_CONFIG

    python /opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py update-certificates
}

update_certs "prod-server-com-elb" "prod.server.com" && \
  update_certs "staging-server-com-elb" "staging.server.com" && \
  curl http://ping.pushmon.com/pushmon/ping/*********

This script has recently started failing with this output:

www-data@ip-*-*-*-*:/opt/letsencrypt$ ./update_elb_certs.sh
2016-10-13 21:38:18 [startup]
2016-10-13 21:38:18 [running] mode='single'
2016-10-13 21:38:18 [updating-elb] elb_name=u'prod-server-com-elb'
2016-10-13 21:38:18 [updating-elb.certificate-expiration] expiration_date=datetime.datetime(2016, 11, 6, 15, 32) elb_name=u'prod-server-com-elb'
2016-10-13 21:38:18 [updating-elb.request-acme-challenge] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:18 [updating-elb.create-txt-record] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:19 [updating-elb.wait-for-route53] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:49 [updating-elb.local-validation] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:49 [updating-elb.answer-challenge] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
2016-10-13 21:38:49 [updating-elb.request-cert] elb_name=u'prod-server-com-elb'
2016-10-13 21:39:20 [updating-elb.delete-txt-record] host=u'prod.server.com' elb_name=u'prod-server-com-elb'
Traceback (most recent call last):
  File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 578, in <module>
    cli()
  File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 716, in __call__
    return self.main(*args, **kwargs)
  File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 696, in main
    rv = self.invoke(ctx)
  File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 1060, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 889, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 534, in invoke
    return callback(*args, **kwargs)
  File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 541, in update_certificates
    force_issue, certificate_requests
  File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 433, in update_certs
    cert_request,
  File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 405, in update_cert
    authorizations, csr
  File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 330, in request_certificate
    authzrs=[authz_record.authz for authz_record in authorizations],
  File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 397, in poll_and_request_issuance
    return self.request_issuance(csr, updated_authzrs), updated_authzrs
  File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 312, in request_issuance
    headers={'Accept': content_type})
  File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 649, in post
    return self._check_response(response, content_type=content_type)
  File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 565, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:acme:error:serverInternal :: The server experienced an internal error :: Error creating new cert

I've updated letsencrypt-aws to the latest commit (84d56c17), but it's still not working.

I was wondering if you have seen this before, and if you could suggest any workarounds or fixes?

alex commented 7 years ago

This looks like a bug with letsnecrypt the service.

On Thu, Oct 13, 2016 at 5:43 PM, Nathan Broadbent notifications@github.com wrote:

I have a script that I use to update SSL for two ELBs:

source /opt/letsencrypt/virtualenv/bin/activate

export AWS_ACCESS_KEYID="*****" export AWS_SECRET_ACCESSKEY="="*****"" export AWS_DEFAULT_REGION="us-east-1"

update_certs() { local ELB_NAME="$1" local HOST="$2"

read -d '' LETSENCRYPT_AWS_CONFIG <<EOF

{ "domains": [ { "elb": { "name": "${ELB_NAME}" }, "hosts": ["${HOST}"] } ], "acme_account_key": "file:///opt/letsencrypt/letsencrypt-key.pem" } EOF export LETSENCRYPT_AWS_CONFIG

python /opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py update-certificates

}

update_certs "prod-server-com-elb" "prod.server.com" && \ update_certs "staging-server-com-elb" "staging.server.com" && \ curl http://ping.pushmon.com/pushmon/ping/*****

This script has recently started failing with this output:

www-data@ip----:/opt/letsencrypt$ ./update_elb_certs.sh 2016-10-13 21:38:18 [startup] 2016-10-13 21:38:18 [running] mode='single' 2016-10-13 21:38:18 [updating-elb] elb_name=u'prod-server-com-elb' 2016-10-13 21:38:18 [updating-elb.certificate-expiration] expiration_date=datetime.datetime(2016, 11, 6, 15, 32) elb_name=u'prod-server-com-elb' 2016-10-13 21:38:18 [updating-elb.request-acme-challenge] host=u'prod.server.com' elb_name=u'prod-server-com-elb' 2016-10-13 21:38:18 [updating-elb.create-txt-record] host=u'prod.server.com' elb_name=u'prod-server-com-elb' 2016-10-13 21:38:19 [updating-elb.wait-for-route53] host=u'prod.server.com' elb_name=u'prod-server-com-elb' 2016-10-13 21:38:49 [updating-elb.local-validation] host=u'prod.server.com' elb_name=u'prod-server-com-elb' 2016-10-13 21:38:49 [updating-elb.answer-challenge] host=u'prod.server.com' elb_name=u'prod-server-com-elb' 2016-10-13 21:38:49 [updating-elb.request-cert] elb_name=u'prod-server-com-elb' 2016-10-13 21:39:20 [updating-elb.delete-txt-record] host=u'prod.server.com' elb_name=u'prod-server-com-elb' Traceback (most recent call last): File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 578, in cli() File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 716, in call return self.main(_args, _kwargs) File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 696, in main rv = self.invoke(ctx) File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 1060, in invoke return _process_result(sub_ctx.command.invoke(sub_ctx)) File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 889, in invoke return ctx.invoke(self.callback, _ctx.params) File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 534, in invoke return callback(_args, **kwargs) File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 541, in update_certificates force_issue, certificate_requests File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 433, in update_certs cert_request, File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 405, in update_cert authorizations, csr File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 330, in request_certificate authzrs=[authz_record.authz for authz_record in authorizations], File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 397, in poll_and_request_issuance return self.request_issuance(csr, updated_authzrs), updated_authzrs File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 312, in request_issuance headers={'Accept': content_type}) File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 649, in post return self._check_response(response, content_type=content_type) File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 565, in _check_response raise messages.Error.from_json(jobj) acme.messages.Error: urn:acme:error:serverInternal :: The server experienced an internal error :: Error creating new cert

I've updated letsencrypt-aws to the latest commit (84d56c1 https://github.com/alex/letsencrypt-aws/commit/84d56c17800868f64d64564c3dd4c3e6de2e924a), but it's still not working.

I was wondering if you have seen this before, and if you could suggest any workarounds or fixes?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/alex/letsencrypt-aws/issues/90, or mute the thread https://github.com/notifications/unsubscribe-auth/AAADBGIaNX7zKLFGRXJJ-3ujIeOe6stnks5qzqYSgaJpZM4KWaIY .

"I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: D1B3 ADC0 E023 8CA6

ndbroadbent commented 7 years ago

Strange, yeah looks like they must have fixed something and it's working now. Sorry to bother you!