Mail Response failing

[soberhofer]

Hello there,

i tried using acme_email to get an S/MIME Certificate. I get the first Mail with the Header: "ACME xxxxxxxxxxx", and got the text with the acme response. I replied to the Mail with the ACME Response, but after some time the script just quit with:

All authorizations were not finalized by the CA.

Relevant Logs:

{"status": "pending", "expires": "2021-07-13T12:09:06.199Z", "identifier": {"type": "dns", "value": "info@example.net"}, "challenges": [{"url": "https://acme.castle.cloud/acme/chall/XXXXXXX", "type": "email-reply-00", "token": "XXXXXXXX", "status": "processing", "from": "acme+XXXXXX@castle.cloud"}]}
2021-07-12 14:10:56,734:DEBUG:acme.client:Storing nonce: XXXXXXXXXXXXXX
2021-07-12 14:10:56,735:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 93, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/local/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 185, in _poll_authorizations
    raise errors.AuthorizationError('All authorizations were not finalized by the CA.')
certbot.errors.AuthorizationError: All authorizations were not finalized by the CA.

2021-07-12 14:10:56,736:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-07-12 14:10:56,736:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-07-12 14:10:56,736:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/Users/soberhofer/Documents/acme_email/cli.py", line 163, in <module>
    main(args)
  File "/Users/soberhofer/Documents/acme_email/cli.py", line 116, in main
    request_cert(args, config)
  File "/Users/soberhofer/Documents/acme_email/cli.py", line 89, in request_cert
    cert_path, fullchain_path = certbot_main._csr_get_and_save_cert(config, le_client)
  File "/usr/local/lib/python3.9/site-packages/certbot/_internal/main.py", line 1354, in _csr_get_and_save_cert
    cert, chain = le_client.obtain_certificate_from_csr(csr)
  File "/usr/local/lib/python3.9/site-packages/certbot/_internal/client.py", line 286, in obtain_certificate_from_csr
    orderr = self._get_order_and_authorizations(csr.data, best_effort=False)
  File "/usr/local/lib/python3.9/site-packages/certbot/_internal/client.py", line 425, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/local/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 93, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/local/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 185, in _poll_authorizations
    raise errors.AuthorizationError('All authorizations were not finalized by the CA.')
certbot.errors.AuthorizationError: All authorizations were not finalized by the CA.
2021-07-12 14:10:56,738:ERROR:certbot._internal.log:All authorizations were not finalized by the CA.

EDIT: After some more troubleshooting i have also tried the non-interactive mode, which failed due to some DKIM Checks. Once i disabled them it also went through but the CA did not finalize the Authorization. Is this expected? Are the DKIM Checks necessary?

[polhenarejos]

I made a small change in the backend. Try it again.

About DKIM checks, yes. It is defined in the RFC to avoid faked email addresses.

[soberhofer]

Thanks, i've tried it. But got an Issuance Error, i think the Certificate has been rejected. I don't see the exact reason on my end though... (I've used the interactive mode

2021-07-12 15:06:19,099:DEBUG:acme.client:Received response:
HTTP 200
Date: Mon, 12 Jul 2021 13:06:19 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://acme.castle.cloud/acme/order/XXXXX
Replay-Nonce: 1hY7m7Yo4kjNR4vLmxmsmQ
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=15768000
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=zhRK0b1m%2Bv%2B1r3XXXXXXXXXXXXXPOJeU%2BuKy96wQB9nCjQQZhS8GvrTJ716gbJmRh8iRvWTIwJc5wUsdSUYPxNWdZ9EsFvut%2FEzyb6YQ7b8hrg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 66da7cf51862dfbb-FRA
Content-Encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

{"status": "invalid", "expires": "2021-07-13T13:06:10.472Z", "identifiers": [{"type": "dns", "value": "info@XXX.net"}], "authorizations": ["https://acme.castle.cloud/acme/authz/XXXX"], "finalize": "https://acme.castle.cloud/acme/order/XXXX/finalize", "error": "An error ocurred during issuing process"}
2021-07-12 15:06:19,099:DEBUG:acme.client:Storing nonce: XXXXX
2021-07-12 15:06:20,102:DEBUG:acme.client:JWS payload:
b''
2021-07-12 15:06:20,105:DEBUG:acme.client:Sending POST request to https://acme.castle.cloud/acme/order/XXX:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS5jYXN0bGUuY2xvdWQvYWNtZS9hY2N0L3BJTDVlN3E0RTVlIiwgIm5vbmNlIjogIjFXXXXXXXXXXXXXXXidXJsIjogImh0dHBzOi8vYWNtZS5jYXN0bGUuY2xvdWQvYWNtZS9vcmRlci90WWY1aDdPZGdybSJ9",
  "signature": "FCfK_XKlPdEhX4AUksKVrTW7Kddn1iXXXXXXXXXXXXXXXXXXXXXXgkwR7aCuOamdqIDDUcZul8hzK1bjZ1AASdzjpH8Lem9gWgxvcw2N-EJOtcSxjN0Vh5Bqu7QPPOIMfXXXXXXXXXXXXXGqLkijFsZ7NL0K5Fa5DiGlfvsGXtdSOCpPxOgmipZ8S1BtvAxC1LqmMPszuNHHfELSb9Z36Ek21j-a9hz0JsgkXw",
  "payload": ""
}
2021-07-12 15:06:21,148:DEBUG:urllib3.connectionpool:https://acme.castle.cloud:443 "POST /acme/order/XXXXX HTTP/1.1" 200 None
2021-07-12 15:06:21,149:DEBUG:acme.client:Received response:
HTTP 200
Date: Mon, 12 Jul 2021 13:06:21 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://acme.castle.cloud/acme/order/XXXXX
Replay-Nonce: ae0lTqw2zDf1nakm2rBcVw
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=15768000
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gJ90I1UWVETnZIgwEUlyOWw3BV%2F01PvQXXXXXXXXXXXXULZrEQV7zpAHHd9qMLS6w%2FwTtdsJ7FYX9jGk5JuL7fd4Wf%2ByyP5pUI7cpDYvVM5xXBQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 66da7cfd4f6bdfbb-FRA
Content-Encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

{"status": "invalid", "expires": "2021-07-13T13:06:10.472Z", "identifiers": [{"type": "dns", "value": "info@XXXXX.net"}], "authorizations": ["https://acme.castle.cloud/acme/authz/XXXX"], "finalize": "https://acme.castle.cloud/acme/order/XXXXX/finalize", "error": "An error ocurred during issuing process"}
2021-07-12 15:06:21,155:DEBUG:acme.client:Storing nonce: XXXXX
2021-07-12 15:06:21,155:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/Users/soberhofer/Documents/acme_email/cli.py", line 163, in <module>
    main(args)
  File "/Users/soberhofer/Documents/acme_email/cli.py", line 116, in main
    request_cert(args, config)
  File "/Users/soberhofer/Documents/acme_email/cli.py", line 89, in request_cert
    cert_path, fullchain_path = certbot_main._csr_get_and_save_cert(config, le_client)
  File "/usr/local/lib/python3.9/site-packages/certbot/_internal/main.py", line 1354, in _csr_get_and_save_cert
    cert, chain = le_client.obtain_certificate_from_csr(csr)
  File "/usr/local/lib/python3.9/site-packages/certbot/_internal/client.py", line 290, in obtain_certificate_from_csr
    orderr = self.acme.finalize_order(orderr, deadline,
  File "/usr/local/lib/python3.9/site-packages/acme/client.py", line 923, in finalize_order
    return cast(ClientV2, self.client).finalize_order(
  File "/usr/local/lib/python3.9/site-packages/acme/client.py", line 751, in finalize_order
    raise errors.IssuanceError(body.error)
acme.errors.IssuanceError
2021-07-12 15:06:21,157:ERROR:certbot._internal.log:An unexpected error occurred:
2021-07-12 15:06:21,158:ERROR:certbot._internal.log:acme.errors.IssuanceError

[polhenarejos]

Could you try it again?

[soberhofer]

Tried it again. I got a certificate back, but i think now there is a minor issue in the Python Code

{"status": "pending", "expires": "2021-07-13T13:30:23.332Z", "identifier": {"type": "dns", "value": "info@XXX.net"}, "challenges": [{"url": "https://acme.castle.cloud/acme/chall/p8NRZYq1bg6", "type": "email-reply-00", "token": "Rz-XXXX", "status": "processing", "from": "acme+XXXX@castle.cloud"}]}
2021-07-12 15:30:27,864:DEBUG:acme.client:Storing nonce: Z8i77uJZ06dTTcuy3Z1gew
2021-07-12 15:30:30,866:DEBUG:acme.client:JWS payload:
b''
2021-07-12 15:30:30,867:DEBUG:acme.client:Sending POST request to https://acme.castle.cloud/acme/authz/cXXX:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNXXXXXXXXXXXXXXZS9hY2N0L3BJTDVlN3E0RTVlIiwgIm5vbmNlIjogIlo4aTc3dUpaMDZkVFRjdXkzWjFnZXciLCAidXJsIjogImh0dHBzOi8vYWNtZS5jYXN0bGUuY2xvdWQvYWNtZS9hdXRoei9jbmw0VGtVQlA3RiJ9",
  "signature": "nzE0-0mnLLHmsH5qsvLQfPgBmr2s6yHvJnULZ7jAoI7jGDcRbdXLwXXXXXXXXXXXXXXnJpwg1iPwxmNXhXpzJcodS6QGgavPGKqAT-HQwAv5oZ0rRt8CG5Ef-x-zy_tkWMybpfaLbsNwo1FWOUabKY9YHF8LhbXfMJBD26XPYiOBReMJOWcglMZ3X-c11SypS4IWTgLmn_yaWxEEecdzvhIFqTAyGbxLJqgPgLXJoSVXfH3jMVjsLpTl1hGnlPqDb55pVE_0mc2lgbShvgWOp4AVuy1FX9HfeOD9ZEX421uo3-o6iNAwn0JYdeoE3Kgt7A",
  "payload": ""
}
2021-07-12 15:30:30,975:DEBUG:urllib3.connectionpool:https://acme.castle.cloud:443 "POST /acme/authz/XXXX HTTP/1.1" 200 None
2021-07-12 15:30:30,976:DEBUG:acme.client:Received response:
HTTP 200
Date: Mon, 12 Jul 2021 13:30:31 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://acme.castle.cloud/acme/authz/XXXX
Replay-Nonce: iZ0T6BF5WqpDcw8NJO6U2g
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=15768000
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=t2Ch5rXXXXXXXXXXXXXXXXXXXYNqqv%2FSy7HdAnluPWUy%2FXZqSPZZXV8KBMMKBS0mHt8KIUNmo3D6poemVX%2BfT0gBRmYa9zzRc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 66daa0683f494a9e-FRA
Content-Encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

{"status": "valid", "expires": "2021-07-13T13:30:23.332Z", "identifier": {"type": "dns", "value": "info@XXXXXX"}, "challenges": [{"url": "https://acme.castle.cloud/acme/chall/p8NRZYq1bg6", "type": "email-reply-00", "token": "Rz-XXXXXXXXX", "status": "valid", "from": "acme+XXXXXX@castle.cloud"}]}
2021-07-12 15:30:30,976:DEBUG:acme.client:Storing nonce: XXXXXXXXXx
2021-07-12 15:30:30,977:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-07-12 15:30:30,977:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-07-12 15:30:30,977:DEBUG:imapclient.imaplib:> b'KPKP8 LOGOUT'
2021-07-12 15:30:31,000:DEBUG:imapclient.imaplib:< b'* BYE Logging out'
2021-07-12 15:30:31,001:DEBUG:imapclient.imaplib:   matched b'\\* (?P<type>[A-Z-]+)( (?P<data>.*))?' => (b'BYE', b' Logging out', b'Logging out')
2021-07-12 15:30:31,001:DEBUG:imapclient.imaplib:untagged_responses[BYE] 0 += ["b'Logging out'"]
2021-07-12 15:30:31,001:DEBUG:imapclient.imaplib:BYE response: b'Logging out'
2021-07-12 15:30:31,001:DEBUG:imapclient.imapclient:Logged out, connection closed
2021-07-12 15:30:31,019:DEBUG:acme.client:JWS payload:
b'{\n  "csr": "MIIClDCCAXwCAQAwHjEcMBoGA1UEAwwTaW5mb0Bzb2JlcmhvZmVyLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKY990AuUOJw57aWkUZgCGQ9A3CHJPwgVT8ZyqrPpgJohOCGgRUV7RDTtCOvuhyFzFOv4eanNjelwqhCARXOwRR8XiH-hWa8XTeE0B5cs-PRvs7NfgP_KJuUXXXXXXXXXXXXXXXXt68cVDHo0oBsYlTcnb7vV4CNs8rQN7XjfWlIHcaW1OQzaGKqI0EkbZGaVz5spOS2krES4B7nGLS0cQSBt8Xqet49zDjPGgA3HvrWtOIPMqtXB-mzx9MNepiI6OxPr_43JbB1eA5V1rzfyiXoFMBFmBd2RkX6hFuYYNThlEU3dPm3w1wSzNit2lkNShJpiFSwwjDO-nPuON_x29i4NrrhVTru9DV2Ok9LDh8uyj8eGfCIp_CZZ29eKXBJ0v_y2KmIbuyZwCxQ"\n}'
2021-07-12 15:30:31,020:DEBUG:acme.client:Sending POST request to https://acme.castle.cloud/acme/order/qDYUfczb8vd/finalize:
{
  "protected": "eyJXXXXXXXXXX2lkIjogImh0dHBzOi8vYWNtZS5jYXN0bGUuY2xvdWQvYWNtZS9hY2N0L3BJTDVlN3E0RTVlIiwgIm5vbmNlIjogImlaMFQ2QkY1V3FwRGN3OE5KTzZVMmciLCAidXJsIjogImh0dHBzOi8vYWNtZS5jYXN0bGUuY2xvdWQvYWNtZS9vcmRlci9xRFlVZmN6Yjh2ZC9maW5hbGl6ZSJ9",
  "signature": "YB8rcVW3tE56CDXXXXXXXXXXXXXXX_b2uDno-n-C24Rnoqp8h-BnG3pAW5nCQ-UH9XnI2jfm1ZtcaduhfmRaMozJ3TZ_zphwhOkjZnR7NB3I7d2Is8Jb8O17rc34s9Zv3JBqf-ub7XYE_4PX-qfNndelqMg26_4hBkg1rFkrv7jS2fCVLWr6ikiMD8dIMOQi_0fqh3ywQ9khQw7TSoL_16sQyVf9gU1_xMrC5to4dDzHbzbybvNOx7HJ2jhDikTgwAmPnTXjtLmnSdUl25gm1Dag9xPwScTev-HJ4O8m7M6SocV1z1YW6iqzQhddbcKfbg",
  "payload": "ewogICJjc3IiOiAiTUlJQ2xEQ0NBWHdDQVFBd0hqRWNNQm9HQTFVRUF3d1RhVzVtYjBCemIySmxjbWh2Wm1WeUxtNWxkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFPS1k5OTBBdVVPSnc1N2FXa1VaZ0NHUTlBM0NISlB3Z1ZUOFp5cXJQcGdKb2hPQ0dnUlVWN1JEVHRDT3Z1aHlGekZPdjRlYW5OamVsd3FoQ0FSWE93UlI4WGlILWhXYThYVGVFMEI1Y3MtUFJ2czdOZmdQX0tKdVVrNXpxOUNvU3NOQkZLZi1pb2YtZ2NCMFV0dXItMkxMcHkxTzM4OVFtWl9UQjZWOGl1NE10V2FVWE1sU00ycWVUbFRwZHR1aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxWWc3bTY3MVpLRGtXQW9HaU1Pd3FaaHQ2OGNWREhvMG9Cc1lsVGNuYjd2VjRDTnM4clFON1hqZldsSUhjYVcxT1F6YUdLcUkwRWtiWkdhVno1c3BPUzJrckVTNEI3bkdMUzBjUVNCdDhYcWV0NDl6RGpQR2dBM0h2cld0T0lQTXF0WEItbXp4OU1OZXBpSTZPeFByXzQzSmJCMWVBNVYxcnpmeWlYb0ZNQkZtQmQyUmtYNmhGdVlZTlRobEVVM2RQbTN3MXdTek5pdDJsa05TaEpwaUZTd3dqRE8tblB1T05feDI5aTROcnJoVlRydTlEVjJPazlMRGg4dXlqOGVHZkNJcF9DWloyOWVLWEJKMHZfeTJLbUlidXlad0N4USIKfQ"
}
2021-07-12 15:30:31,171:DEBUG:urllib3.connectionpool:https://acme.castle.cloud:443 "POST /acme/order/XXX/finalize HTTP/1.1" 200 None
2021-07-12 15:30:31,172:DEBUG:acme.client:Received response:
HTTP 200
Date: Mon, 12 Jul 2021 13:30:31 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://acme.castle.cloud/acme/order/XXXXXXXXX
Replay-Nonce: XXXXXXXXXX
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=15768000
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=9DGpny5mAMLNpFA21ueoBfgXXXXXXXXXXXXXXXXXXXXXXXeGfthPZsnDOUMifYuQLS%2FvloZPm8wVuZmESpadHr9rfjyMII6dECCVoM%2FoJ0Bin76BAIoRMV3cwsnGQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 66daa06929c54a9e-FRA
Content-Encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

{"status": "valid", "expires": "2021-07-13T13:30:23.305Z", "identifiers": [{"type": "dns", "value": "XXXXXXXXXXX"}], "authorizations": ["https://acme.castle.cloud/acme/authz/cnlXXXXXXX"], "finalize": "https://acme.castle.cloud/acme/order/qDXXXXb8vd/finalize", "certificate": "https://acme.castle.cloud/acme/order/qXXXX/certificate"}
2021-07-12 15:30:31,172:DEBUG:acme.client:Storing nonce: XXXXXXXX
2021-07-12 15:30:32,173:DEBUG:acme.client:JWS payload:
b''
2021-07-12 15:30:32,175:DEBUG:acme.client:Sending POST request to https://acme.castle.cloud/acme/order/XXXX8vd:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS5jYXN0bGUuY2xvdWQvYWNtZS9hYXXXXXXXXXXlIjogInRUS1FSaWtQOHpnQUJ4R2tSVE5WMWciLCAidXJsIjogImh0dHBzOi8vYWNtZS5jYXN0bGUuY2xvdWQvYWNtZS9vcmRlci9xRFlVZmN6Yjh2ZCJ9",
  "signature": "cdmjZxBn-gP_ZzPX79Nv221GNo2BRUw71l3_R1nWCMDDDYepJBSDk--PIEY6HHZUhIu4OT9JhoWbJGMFXXXXXXXXXXXXoMI3X1YOf0lJyiVHD1Y-NN2eBvhlJesZwJBGkh0kosY9P7eTXnFxtOXhp6VCDWCOsAhF5A61ex9LamfT6eEBpYywIShFRBQpUtzs4UjfxfccCfqr-MWe9UZrpdABEiYSphXqHr0MVU3Fe0IJiTvSXBQlDLLp7aVRqsec5YAp_hlafXZvmfRUIcOPwff8vNBv49V-SSlzyYxbpXZl1l_3JlR8BoQ68fVTiCh1e3HpPVAyIyFKWikg",
  "payload": ""
}
2021-07-12 15:30:32,411:DEBUG:urllib3.connectionpool:https://acme.castle.cloud:443 "POST /acme/order/XXXXXXX HTTP/1.1" 200 None
2021-07-12 15:30:32,412:DEBUG:acme.client:Received response:
HTTP 200
Date: Mon, 12 Jul 2021 13:30:32 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://acme.castle.cloud/acme/order/XXXX
Replay-Nonce: XXXXXX
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=15768000
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=XXXXXXXXXXXXXXXX%2F7UGnYG%2FUDIRDXXXXXXXXXXXXXXXXXTrKi3i2s3lTCLLuHRp9HEBjGOGCOIPDN7IQFCiRvgl%2FA2ANoOOcV%2FE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 66daa0705c474a9e-FRA
Content-Encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

{"status": "valid", "expires": "2021-07-13T13:30:23.305Z", "identifiers": [{"type": "dns", "value": "info@XXXXX.net"}], "authorizations": ["https://acme.castle.cloud/acme/authz/cnl4TkUBP7F"], "finalize": "https://acme.castle.cloud/acme/order/XXXX/finalize", "certificate": "https://acme.castle.cloud/acme/order/qDYUfczb8vd/certificate"}
2021-07-12 15:30:32,412:DEBUG:acme.client:Storing nonce: XXXX
2021-07-12 15:30:32,412:DEBUG:acme.client:JWS payload:
b''
2021-07-12 15:30:32,414:DEBUG:acme.client:Sending POST request to https://acme.castle.cloud/acme/order/XXXXX/certificate:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS5jYXN0bGUuY2xvdWQvYWNtZS9hY2N0L3BJTDVlN3E0RTVlIXXXXXXXXXXXXXXXXXXXmVLcWs4R05VQ3A5aWciLCAidXJsIjogImh0dHBzOi8vYWNtZS5jYXN0bGUuY2xvdWQvYWNtZS9vcmRlci9xRFlVZmN6Yjh2ZC9jZXJ0aWZpY2F0ZSJ9",
  "signature": "qQw2CbxJIEM8Nc3MAW6ftM35Cfo_OsWyAZH5T2vaO5mlij-O3zOSZalFjumLonUhiZz0F0jMt0i6mZD3jlIvN1XXXXXXXXXXXXXXXXX96b9zmfj2_Ah0up7KxcPZWqxo8_46dK2UWIItmEYOqx1EeaNNQlD9c5_rU67jPx8jtIgS7We__Xp_qobmX8QGH4kDOhzM6K3Fat8RVcWICp_3AUnqB9gi0AMwMzzUuHCI4hE-gHnCeGrHGoRKnDhXFsNJg5x0TDaPFl0T85cb18SInJXASD3rz-v7nZ9-x-BrtRqKlio90AI3pW1qTHQb-pndW467dLvEeIzwQ",
  "payload": ""
}
2021-07-12 15:30:32,641:DEBUG:urllib3.connectionpool:https://acme.castle.cloud:443 "POST /acme/order/XXXX/certificate HTTP/1.1" 200 3948
2021-07-12 15:30:32,642:DEBUG:acme.client:Received response:
HTTP 200
Date: Mon, 12 Jul 2021 13:30:32 GMT
Content-Type: application/pem-certificate-chain
Content-Length: 3948
Connection: keep-alive
Location: https://acme.castle.cloud/acme/order/XXXX
Replay-Nonce: XXXX
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=15768000
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=XXXXXXXXXXXXXXXXXXXXXXX%2B%XXXXXXX%2F6F6DkmIjH1BE1b8NfqO8L6%2F3ncNZ%2FCTpk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 66daa071d8544a9e-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

-----BEGIN CERTIFICATE-----
XXXXXX
-----END CERTIFICATE-----

2021-07-12 15:30:32,642:DEBUG:acme.client:Storing nonce: XXXXX
2021-07-12 15:30:32,696:DEBUG:certbot._internal.plugins.selection:Requested authenticator castle-imap and installer castle-installer
2021-07-12 15:30:32,697:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/Users/soberhofer/Documents/acme_email/cli.py", line 163, in <module>
    main(args)
  File "/Users/soberhofer/Documents/acme_email/cli.py", line 116, in main
    request_cert(args, config)
  File "/Users/soberhofer/Documents/acme_email/cli.py", line 89, in request_cert
    cert_path, fullchain_path = certbot_main._csr_get_and_save_cert(config, le_client)
ValueError: too many values to unpack (expected 2)
2021-07-12 15:30:32,697:ERROR:certbot._internal.log:An unexpected error occurred:
2021-07-12 15:30:32,698:ERROR:certbot._internal.log:ValueError: too many values to unpack (expected 2)

[polhenarejos]

Which version of certbot are you using?

Get it from python3 -c "import certbot;print(certbot.__version__)"

I suspect they changed something from the internal API.

[soberhofer]

Certbot Version 1.17.0, pulled with pip 21.1.3

[polhenarejos]

b88eaa0 should fix it. Can you pull and try it?

[soberhofer]

Thanks, i think it worked. I got a cert from staging. Will try with production, but right now i am rate limited. Thanks for your help

[soberhofer]

Production now worked as well. Of course the Root Cert is not implemented in standard OS, but that's expected i guess. Thanks for your help :)