Urgent message to renew certificates issued before Dec 22 but renewal not working
Hi,
We recently got an email from you telling us we need to renew all Buypass ACME certificates issued before December 22nd or they will be revoked on January 4th but it looks like no renewals or new orders are possible using your API now (https://api.buypass.com/acme/directory).
We are using HTTP-01 challenge but it ends with a 500 Internal Server Error response from your endpoint and Certbot just gives the error "about:blank".
Deleting the certificate and ordering a new one from Let's Encrypt does still work with the exact same setup for HTTP-01 challenge.
It would be a huge inconvenience for us to renew all our certificates using LE instead as Buypass certificates are expected.
Could you please help?
Here is the part that fails from the logs:
2024-01-03 09:48:42,539:DEBUG:acme.client:Storing nonce: M2RmODkyYjAtM2M2OS00Y2Q1LWE4OTktN2M1MWM2MjBlMGFm
2024-01-03 09:48:42,539:DEBUG:acme.client:JWS payload:
{
"identifiers": [
{
"type": "dns",
"value": "test.veel.no"
}
]
}
2024-01-03 09:48:42,541:DEBUG:acme.client:Sending POST request to https://api.buypass.com/acme-v02/new-order:
...skipping...
}
2024-01-03 09:48:43,797:DEBUG:urllib3.connectionpool:"POST /acme-v02/authz/i2qkfgPNNbcHV7dD908lS1xQWeeUfrs7hFkRDQLjWmI/1 HTTP/1.1" 500 89
2024-01-03 09:48:43,798:DEBUG:acme.client:Received response:
HTTP 500
content-length: 89
strict-transport-security: max-age=63072000
vary: Accept-Encoding
mdc-correlationid: 6697737c-532f-40a5-a376-a780d5325718
date: Wed, 03 Jan 2024 08:48:43 GMT
content-type: application/json
x-buypass-internal-error-detail-code: INTERNAL_SERVER_ERROR
{"code":500,"message":"INTERNAL_SERVER_ERROR","details":"HTTP 500 Internal Server Error"}
2024-01-03 09:48:43,798:DEBUG:acme.client:Ignoring wrong Content-Type ('application/json') for JSON Error
2024-01-03 09:48:43,799:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
self.acme.answer_challenge(achall.challb, resp)
File "/usr/lib/python2.7/site-packages/acme/client.py", line 167, in answer_challenge
response = self._post(challb.uri, response)
File "/usr/lib/python2.7/site-packages/acme/client.py", line 97, in _post
return self.net.post(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/acme/client.py", line 1201, in post
return self._post_once(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/acme/client.py", line 1214, in _post_once
response = self._check_response(response, content_type=content_type)
File "/usr/lib/python2.7/site-packages/acme/client.py", line 1072, in _check_response
raise messages.Error.from_json(jobj)
Error: about:blank
2024-01-03 09:48:43,799:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-01-03 09:48:43,799:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-01-03 09:48:43,799:DEBUG:certbot._internal.plugins.webroot:Removing /acme/http01/.well-known/acme-challenge/910A9A9166AE89B33332679DA42A5375484C1B60
2024-01-03 09:48:43,804:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2024-01-03 09:48:43,804:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 9, in <module>
load_entry_point('certbot==1.11.0', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1421, in main
return config.func(config, plugins)
File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1294, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 135, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 441, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 421, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
self.acme.answer_challenge(achall.challb, resp)
File "/usr/lib/python2.7/site-packages/acme/client.py", line 167, in answer_challenge
response = self._post(challb.uri, response)
File "/usr/lib/python2.7/site-packages/acme/client.py", line 97, in _post
return self.net.post(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/acme/client.py", line 1201, in post
return self._post_once(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/acme/client.py", line 1214, in _post_once
response = self._check_response(response, content_type=content_type)
File "/usr/lib/python2.7/site-packages/acme/client.py", line 1072, in _check_response
raise messages.Error.from_json(jobj)
Error: about:blank
2024-01-03 09:48:43,805:ERROR:certbot._internal.log:An unexpected error occurred:
2024-01-03 09:48:43,805:ERROR:certbot._internal.log:Error: about:blank-
Hi. We have adjusted some logging. Could you please try again?
-
mkon Thank you! Looks like it is now working with the test domain at least. I will continue renewing our other domains and let you know if there still are any issues.
Br
Sverre
-
-
I just received the notification email today (an hour ago - practically no notice at all), and in trying to force-renew my affected certificates, I'm also getting 500 Internal Server Error.
I've been trying for the past hour, trying from several different servers (in different datacenters), for different domains, both using http-01 validation. Output below is representative for all attempts to renew.
I'd appreciate any suggestions or guidance. Like others, I'd rather continue using my existing Buypass certificates than revert to LetsEncrypt.
~$ doas /usr/sbin/acme-client -Fvvv redacted_subdomain acme-client: /etc/acme/buypass-privkey.pem: loaded account key acme-client: /etc/ssl/acme/private/redacted_subdomain/privkey.pem: loaded domain key acme-client: /etc/ssl/acme/redacted_subdomain/cert.pem: certificate valid: 103 days left acme-client: /etc/ssl/acme/redacted_subdomain/cert.pem: forcing renewal acme-client: https://api.buypass.com/acme/directory: directories acme-client: api.buypass.com: DNS: 185.62.162.162 acme-client: transfer buffer: [{"new-reg":"https://api.buypass.com/acme/new-reg","new-cert":"https://api.buypass.com/acme/new-cert","new-authz":"https://api.buypass.com/acme/new-authz","revoke-cert":"https://api.buypass.com/acme/revoke-cert","key-change":"https://api.buypass.com/acme/key-change","meta":{"website":"https://buypass.com/","caa-identities":["buypass.com"],"terms-of-service":"https://api.buypass.com/acme/terms/1041","caaIdentities":["buypass.com"],"termsOfService":"https://api.buypass.com/acme/terms/1041"},"newNonce":"https://api.buypass.com/acme-v02/new-nonce","newAccount":"https://api.buypass.com/acme-v02/new-acct","newAuthz":"https://api.buypass.com/acme-v02/new-authz","newOrder":"https://api.buypass.com/acme-v02/new-order","revokeCert":"https://api.buypass.com/acme-v02/revoke-cert","keyChange":"https://api.buypass.com/acme-v02/key-change"}] (836 bytes) acme-client: transfer buffer: [{"status":"valid","contact":["mailto:it@redacted_domain"],"termsOfServiceAgreed":true,"orders":"https://api.buypass.com/acme/acct/redacted_account/orders"}] (150 bytes) acme-client: https://api.buypass.com/acme-v02/new-order: bad HTTP: 500 acme-client: transfer buffer: [{"code":500,"message":"INTERNAL_SERVER_ERROR","details":"HTTP 500 Internal Server Error"}] (89 bytes) acme-client: bad exit: netproc(13330): 1-
Bryce Chidester We had some issues. Could you try again.
-
mkon Thank you! All of my forced renewals worked just now. 🎉
-
