Closed ndbroadbent closed 7 years ago
This looks like a bug with letsnecrypt the service.
On Thu, Oct 13, 2016 at 5:43 PM, Nathan Broadbent notifications@github.com wrote:
I have a script that I use to update SSL for two ELBs:
source /opt/letsencrypt/virtualenv/bin/activate
export AWS_ACCESS_KEYID="*****" export AWS_SECRET_ACCESSKEY="="*****"" export AWS_DEFAULT_REGION="us-east-1"
update_certs() { local ELB_NAME="$1" local HOST="$2"
read -d '' LETSENCRYPT_AWS_CONFIG <<EOF
{ "domains": [ { "elb": { "name": "${ELB_NAME}" }, "hosts": ["${HOST}"] } ], "acme_account_key": "file:///opt/letsencrypt/letsencrypt-key.pem" } EOF export LETSENCRYPT_AWS_CONFIG
python /opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py update-certificates
}
update_certs "prod-server-com-elb" "prod.server.com" && \ update_certs "staging-server-com-elb" "staging.server.com" && \ curl http://ping.pushmon.com/pushmon/ping/*****
This script has recently started failing with this output:
www-data@ip----:/opt/letsencrypt$ ./update_elb_certs.sh 2016-10-13 21:38:18 [startup] 2016-10-13 21:38:18 [running] mode='single' 2016-10-13 21:38:18 [updating-elb] elb_name=u'prod-server-com-elb' 2016-10-13 21:38:18 [updating-elb.certificate-expiration] expiration_date=datetime.datetime(2016, 11, 6, 15, 32) elb_name=u'prod-server-com-elb' 2016-10-13 21:38:18 [updating-elb.request-acme-challenge] host=u'prod.server.com' elb_name=u'prod-server-com-elb' 2016-10-13 21:38:18 [updating-elb.create-txt-record] host=u'prod.server.com' elb_name=u'prod-server-com-elb' 2016-10-13 21:38:19 [updating-elb.wait-for-route53] host=u'prod.server.com' elb_name=u'prod-server-com-elb' 2016-10-13 21:38:49 [updating-elb.local-validation] host=u'prod.server.com' elb_name=u'prod-server-com-elb' 2016-10-13 21:38:49 [updating-elb.answer-challenge] host=u'prod.server.com' elb_name=u'prod-server-com-elb' 2016-10-13 21:38:49 [updating-elb.request-cert] elb_name=u'prod-server-com-elb' 2016-10-13 21:39:20 [updating-elb.delete-txt-record] host=u'prod.server.com' elb_name=u'prod-server-com-elb' Traceback (most recent call last): File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 578, in
cli() File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 716, in call return self.main(_args, _kwargs) File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 696, in main rv = self.invoke(ctx) File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 1060, in invoke return _process_result(sub_ctx.command.invoke(sub_ctx)) File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 889, in invoke return ctx.invoke(self.callback, _ctx.params) File "/opt/letsencrypt/virtualenv/local/lib/python2.7/site-packages/click/core.py", line 534, in invoke return callback(_args, **kwargs) File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 541, in update_certificates force_issue, certificate_requests File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 433, in update_certs cert_request, File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 405, in update_cert authorizations, csr File "/opt/letsencrypt/letsencrypt-aws/letsencrypt-aws.py", line 330, in request_certificate authzrs=[authz_record.authz for authz_record in authorizations], File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 397, in poll_and_request_issuance return self.request_issuance(csr, updated_authzrs), updated_authzrs File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 312, in request_issuance headers={'Accept': content_type}) File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 649, in post return self._check_response(response, content_type=content_type) File "/opt/letsencrypt/virtualenv/src/acme/acme/acme/client.py", line 565, in _check_response raise messages.Error.from_json(jobj) acme.messages.Error: urn:acme:error:serverInternal :: The server experienced an internal error :: Error creating new cert I've updated letsencrypt-aws to the latest commit (84d56c1 https://github.com/alex/letsencrypt-aws/commit/84d56c17800868f64d64564c3dd4c3e6de2e924a), but it's still not working.
I was wondering if you have seen this before, and if you could suggest any workarounds or fixes?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/alex/letsencrypt-aws/issues/90, or mute the thread https://github.com/notifications/unsubscribe-auth/AAADBGIaNX7zKLFGRXJJ-3ujIeOe6stnks5qzqYSgaJpZM4KWaIY .
"I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: D1B3 ADC0 E023 8CA6
Strange, yeah looks like they must have fixed something and it's working now. Sorry to bother you!
I have a script that I use to update SSL for two ELBs:
This script has recently started failing with this output:
I've updated
letsencrypt-aws
to the latest commit (84d56c17), but it's still not working.I was wondering if you have seen this before, and if you could suggest any workarounds or fixes?