1

Urgent message to renew certificates issued before Dec 22 but renewal not working

Hi,

We recently got an email from you telling us we need to renew all Buypass ACME certificates issued before December 22nd or they will be revoked on January 4th but it looks like no renewals or new orders are possible using your API now (https://api.buypass.com/acme/directory).

We are using HTTP-01 challenge but it ends with a 500 Internal Server Error response from your endpoint and Certbot just gives the error "about:blank". 

Deleting the certificate and ordering a new one from Let's Encrypt does still work with the exact same setup for HTTP-01 challenge. 

It would be a huge inconvenience for us to renew all our certificates using LE instead as Buypass certificates are expected. 

Could you please help? 

Here is the part that fails from the logs: 

2024-01-03 09:48:42,539:DEBUG:acme.client:Storing nonce: M2RmODkyYjAtM2M2OS00Y2Q1LWE4OTktN2M1MWM2MjBlMGFm
2024-01-03 09:48:42,539:DEBUG:acme.client:JWS payload:
{
  "identifiers": [
    {
      "type": "dns",
      "value": "test.veel.no"
    }
  ]
}
2024-01-03 09:48:42,541:DEBUG:acme.client:Sending POST request to https://api.buypass.com/acme-v02/new-order:
...skipping...
}
2024-01-03 09:48:43,797:DEBUG:urllib3.connectionpool:"POST /acme-v02/authz/i2qkfgPNNbcHV7dD908lS1xQWeeUfrs7hFkRDQLjWmI/1 HTTP/1.1" 500 89
2024-01-03 09:48:43,798:DEBUG:acme.client:Received response:
HTTP 500
content-length: 89
strict-transport-security: max-age=63072000
vary: Accept-Encoding
mdc-correlationid: 6697737c-532f-40a5-a376-a780d5325718
date: Wed, 03 Jan 2024 08:48:43 GMT
content-type: application/json
x-buypass-internal-error-detail-code: INTERNAL_SERVER_ERROR

{"code":500,"message":"INTERNAL_SERVER_ERROR","details":"HTTP 500 Internal Server Error"}
2024-01-03 09:48:43,798:DEBUG:acme.client:Ignoring wrong Content-Type ('application/json') for JSON Error
2024-01-03 09:48:43,799:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
    self.acme.answer_challenge(achall.challb, resp)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 167, in answer_challenge
    response = self._post(challb.uri, response)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 97, in _post
    return self.net.post(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 1201, in post
    return self._post_once(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 1214, in _post_once
    response = self._check_response(response, content_type=content_type)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 1072, in _check_response
    raise messages.Error.from_json(jobj)
Error: about:blank

2024-01-03 09:48:43,799:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-01-03 09:48:43,799:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-01-03 09:48:43,799:DEBUG:certbot._internal.plugins.webroot:Removing /acme/http01/.well-known/acme-challenge/910A9A9166AE89B33332679DA42A5375484C1B60
2024-01-03 09:48:43,804:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2024-01-03 09:48:43,804:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 9, in <module>
    load_entry_point('certbot==1.11.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1421, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1294, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 135, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 441, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 421, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
    self.acme.answer_challenge(achall.challb, resp)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 167, in answer_challenge
    response = self._post(challb.uri, response)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 97, in _post
    return self.net.post(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 1201, in post
    return self._post_once(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 1214, in _post_once
    response = self._check_response(response, content_type=content_type)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 1072, in _check_response
    raise messages.Error.from_json(jobj)
Error: about:blank
2024-01-03 09:48:43,805:ERROR:certbot._internal.log:An unexpected error occurred:
2024-01-03 09:48:43,805:ERROR:certbot._internal.log:Error: about:blank
5replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Hi. We have adjusted some logging. Could you please try again?

    Like
    • mkon Thank you! Looks like it is now working with the test domain at least. I will continue renewing our other domains and let you know if there still are any issues. 

      Br

      Sverre

      Like 1
  • I just received the notification email today (an hour ago - practically no notice at all), and in trying to force-renew my affected certificates, I'm also getting 500 Internal Server Error.

    I've been trying for the past hour, trying from several different servers (in different datacenters), for different domains, both using http-01 validation. Output below is representative for all attempts to renew.

    I'd appreciate any suggestions or guidance. Like others, I'd rather continue using my existing Buypass certificates than revert to LetsEncrypt.

    ~$ doas /usr/sbin/acme-client -Fvvv redacted_subdomain
    acme-client: /etc/acme/buypass-privkey.pem: loaded account key
    acme-client: /etc/ssl/acme/private/redacted_subdomain/privkey.pem: loaded domain key
    acme-client: /etc/ssl/acme/redacted_subdomain/cert.pem: certificate valid: 103 days left
    acme-client: /etc/ssl/acme/redacted_subdomain/cert.pem: forcing renewal
    acme-client: https://api.buypass.com/acme/directory: directories
    acme-client: api.buypass.com: DNS: 185.62.162.162
    acme-client: transfer buffer: [{"new-reg":"https://api.buypass.com/acme/new-reg","new-cert":"https://api.buypass.com/acme/new-cert","new-authz":"https://api.buypass.com/acme/new-authz","revoke-cert":"https://api.buypass.com/acme/revoke-cert","key-change":"https://api.buypass.com/acme/key-change","meta":{"website":"https://buypass.com/","caa-identities":["buypass.com"],"terms-of-service":"https://api.buypass.com/acme/terms/1041","caaIdentities":["buypass.com"],"termsOfService":"https://api.buypass.com/acme/terms/1041"},"newNonce":"https://api.buypass.com/acme-v02/new-nonce","newAccount":"https://api.buypass.com/acme-v02/new-acct","newAuthz":"https://api.buypass.com/acme-v02/new-authz","newOrder":"https://api.buypass.com/acme-v02/new-order","revokeCert":"https://api.buypass.com/acme-v02/revoke-cert","keyChange":"https://api.buypass.com/acme-v02/key-change"}] (836 bytes)
    acme-client: transfer buffer: [{"status":"valid","contact":["mailto:it@redacted_domain"],"termsOfServiceAgreed":true,"orders":"https://api.buypass.com/acme/acct/redacted_account/orders"}] (150 bytes)
    acme-client: https://api.buypass.com/acme-v02/new-order: bad HTTP: 500
    acme-client: transfer buffer: [{"code":500,"message":"INTERNAL_SERVER_ERROR","details":"HTTP 500 Internal Server Error"}] (89 bytes)
    acme-client: bad exit: netproc(13330): 1
    
    Like
    • Bryce Chidester We had some issues. Could you try again.

      Like
    • mkon Thank you! All of my forced renewals worked just now. 🎉

      Like 1
Like1 Follow
  • Status Answered
  • 1 Likes
  • 11 mths agoLast active
  • 5Replies
  • 216Views
  • 3 Following

Buypass Official Community

This is the official community of Buypass.  A Root CA located in Norway.

Sign-up using free email domains have been blocked due to increased spam. https://community.forumbee.com/t/63zsyt/blocked-email-domains