MALFORMED_BAD_REQUEST while renew an expiring certificate
Hello. I have issue with 2 certificates which are due to expire. I can see in the letsencrypt.log the following message as a result to the following request:
2021-01-04 14:07:59,896:DEBUG:acme.client:Sending POST request to https://api.buypass.com/acme-v02/authz/NLdkznrp_XjB5X86mjmEiI37APbFvQrl8VyS-bynYoo/2
"
2021-01-04 14:08:04,498:DEBUG:requests.packages.urllib3.connectionpool:https://api.buypass.com:443 "POST /acme-v02/authz/NLdkznrp_XjB5X86mjmEiI37APbFvQrl8VyS-bynYoo/2 HTTP/1.1" 400 194
2021-01-04 14:08:04,501:DEBUG:acme.client:Received response:
HTTP 400
Cache-Control: no-store
Content-Language: en
Content-Length: 194
Content-Type: application/problem+json
Date: Mon, 04 Jan 2021 12:07:59 GMT
Mdc-Correlationid: 63a28b82-310f-4ddd-8090-f2831e1c5e5d
Replay-Nonce: YzI5MDBhOGEtODFlYS00ODU0LWIxY2ItOWE5NTE4ZGFhMGMy
Vary: Accept-Encoding
X-Buypass-Internal-Error-Detail-Code: MALFORMED_BAD_REQUEST
Strict-Transport-Security: max-age=63072000
{"type":"urn:ietf:params:acme:error:malformed","detail":"Unable to process challenge, authorization is not pending","code":400,"message":"MALFORMED_BAD_REQUEST","details":"HTTP 400 Bad Request"}
2021-01-04 14:08:04,502:DEBUG:acme.client:Error while responding to a challenge without keyAuthorization in the JWS, your ACME CA server may not support it:
urn:ietf:params:acme:error:malformed :: The request message was malformed :: Unable to process challenge, authorization is not pending
2021-01-04 14:08:04,502:DEBUG:acme.client:Retrying request with keyAuthorization set.
"
Then with the re-try, this was logged:
"
2021-01-04 14:08:09,082:DEBUG:requests.packages.urllib3.connectionpool:https://api.buypass.com:443 "POST /acme-v02/authz/NLdkznrp_XjB5X86mjmEiI37APbFvQrl8VyS-bynYoo/2 HTTP/1.1" 400 194
2021-01-04 14:08:09,083:DEBUG:acme.client:Received response:
HTTP 400
Cache-Control: no-store
Content-Language: en
Content-Length: 194
Content-Type: application/problem+json
Date: Mon, 04 Jan 2021 12:08:04 GMT
Mdc-Correlationid: fc570705-f08a-4712-8e1e-9506d907c72f
Replay-Nonce: Mzc5ZGFkZTMtMTQ4ZS00ZTU5LTk0MDctYjliYTQwMzc2NzAy
Vary: Accept-Encoding
X-Buypass-Internal-Error-Detail-Code: MALFORMED_BAD_REQUEST
Strict-Transport-Security: max-age=63072000
{"type":"urn:ietf:params:acme:error:malformed","detail":"Unable to process challenge, authorization is not pending","code":400,"message":"MALFORMED_BAD_REQUEST","details":"HTTP 400 Bad Request"}
2021-01-04 14:08:09,087:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 158, in _respond
self._send_responses(aauthzrs, resp, chall_update)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 191, in _send_responses
self.acme.answer_challenge(achall.challb, resp)
File "/usr/lib/python3/dist-packages/acme/client.py", line 163, in answer_challenge
response = self._post(challb.uri, response)
File "/usr/lib/python3/dist-packages/acme/client.py", line 95, in _post
return self.net.post(*args, **kwargs)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1187, in post
return self._post_once(*args, **kwargs)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1201, in _post_once
response = self._check_response(response, content_type=content_type)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1056, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Unable to process challenge, authorization is not pending
2021-01-04 14:08:09,087:DEBUG:certbot.error_handler:Calling registered functions
2021-01-04 14:08:09,087:INFO:certbot.auth_handler:Cleaning up challenges
2021-01-04 14:08:09,436:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.28.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1340, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1225, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 318, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 335, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 371, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 158, in _respond
self._send_responses(aauthzrs, resp, chall_update)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 191, in _send_responses
self.acme.answer_challenge(achall.challb, resp)
File "/usr/lib/python3/dist-packages/acme/client.py", line 163, in answer_challenge
response = self._post(challb.uri, response)
File "/usr/lib/python3/dist-packages/acme/client.py", line 95, in _post
return self.net.post(*args, **kwargs)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1187, in post
return self._post_once(*args, **kwargs)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1201, in _post_once
response = self._check_response(response, content_type=content_type)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1056, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Unable to process challenge, authorization is not pending
2021-01-04 14:08:09,444:ERROR:certbot.log:An unexpected error occurred:
2021-01-04 14:08:09,445:ERROR:certbot.log:The request message was malformed :: Unable to process challenge, authorization is not pending
"
This is a certificate with 2 domain names, no wildcard.
Do you have any advice ?