Can't add lets encrypt cert anymore

I read possible source “pyton”, maysbe certbot ,

Thanks

In domain port.democrasite.com
Requesting a certificate for port.democrasite.com from Let's Encrypt ..
.. request failed : Web-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for port.democrasite.com
An unexpected error occurred:
AttributeError: can't set attribute
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
   DNS-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for port.democrasite.com
An unexpected error occurred:
AttributeError: can't set attribute
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Traceback (most recent call last):
  File "/usr/bin/add-apt-repository", line 362, in <module>
    sys.exit(0 if addaptrepo.main() else 1)
                  ^^^^^^^^^^^^^^^^^
  File "/usr/bin/add-apt-repository", line 345, in main
    shortcut = handler(source, **shortcut_params)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/softwareproperties/shortcuts.py", line 40, in shortcut_handler
    return handler(shortcut, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/softwareproperties/ppa.py", line 86, in __init__
    if self.lpppa.publish_debug_symbols:
       ^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/softwareproperties/ppa.py", line 126, in lpppa
    self._lpppa = self.lpteam.getPPAByName(name=self.ppaname)
                  ^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/softwareproperties/ppa.py", line 113, in lpteam
    self._lpteam = self.lp.people(self.teamname)
                   ^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'people'
panel:/home/path/domains/ssub-server# vf /

/usr/bin/python3: No module named pip

I’m not sure why certbot would try to run pip at runtime. That’s surprising to put it mildly.

How did you install certbot? I wouldn’t think the packaged version in the Debian repos would try to install software via pip (I would hope not, that would be wildly irresponsible).

hi @Joe , thanks… traces from another try , tryied to upgrade certbot to 2.9…
return to actual version :
" certbot --version
certbot 2.1.0
"
I create a virtual server as Sub-server of “democrasite.com”… trying to achieve an apache proxy-reverse like “domain.webmin.panel” to access to my apps on port 9000… cert don’t want to go in domain/public and still in “virtualmin path”… but now,

By default, virtualmin create an self-signed cert, I don’t remember if I need asking to delete it before to go to => Let’s encrypt tab ? Or if let virtualmin do the job and change the path of cert from /virtualmin to public/domain ?

Current Certificate
Create Signing Request
Create Self-Signed Certificate
Update Certificate and Key
CA Certificate
Let's Encrypt

This section shows the details of the SSL certificate currently being used by this virtual server.
Current SSL certificate detailsSSL certificate file
/etc/ssl/virtualmin/1709340139976124/ssl.cert
SSL private key file
/etc/ssl/virtualmin/1709340139976124/ssl.key
Certificate hash type
RSA
Web server hostname
*.port.democrasite.com
Organization
docker portainer
Issuer name
*.port.democrasite.com
Issuer organization
docker portainer
Expiry date
Mar 1 00:42:26 2029 GMT
Certificate type
Self-signed
Other domain names
*.port.democrasite.com, port.democrasite.com, localhost, panel.democrasite.com, panel.
Download certificate
PEM format
PKCS12 format

Download private key
PEM format
PKCS12 format

Time until expiry
1824 days until expiry
Host default SSL certificate
No
 
Copy SSL Certificate to Services 
Use this SSL certificate for requests to this domain in Webmin, Usermin, Dovecot and Postfix
 
Set as Default Services Certificate 
Use this SSL certificate as the default in Webmin, Usermin, Dovecot, Postfix and MariaDB "

Let’s encrypt Tab :

SSL Certificate
In domain port.democrasite.com
Current Certificate
Create Signing Request
Create Self-Signed Certificate
Update Certificate and Key
CA Certificate
Let's Encrypt
Let's Encrypt is a free, automated, and open certificate authority that can be used to generate an SSL certificate for use by Virtualmin.
This page can be used to request a new certificate, which will overwrite any other you currently have configured for this domain. However, the Let's Encrypt service requires that your ownership of the certificate domain be validated by checking that this system hosts the website for the domain. This is done by placing a small temporary file under the website's document directory /home/democrasite/domains/port.democrasite.com/public_html.

Request certificate for

  Domains associated with this server 
port.democrasite.com
www.port.democrasite.com
mail.port.democrasite.com
admin.port.democrasite.com
webmail.port.democrasite.com

  Domain names listed here 
port.democrasite.com

   Also request wildcard certificate? 
Automatically renew certificate?

  Yes 
 
  No 
Certificate hash type

RSA

Answer from certbot in virtualmin :

Requesting a certificate for port.democrasite.com from Let's Encrypt ..
.. request failed : Web-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for port.democrasite.com
An unexpected error occurred:
AttributeError: can't set attribute
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
   DNS-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for port.democrasite.com
An unexpected error occurred:
AttributeError: can't set attribute
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

logs :

root@panel:/# tail -n 30 /var/log/letsencrypt/letsencrypt.log
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 711, in post
    return self._post_once(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 724, in _post_once
    response = self._check_response(response, content_type=content_type)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 575, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==2.1.0', 'console_scripts', 'certbot')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1733, in main
    with make_displayer(config) as displayer:
  File "/usr/lib/python3.11/contextlib.py", line 188, in __exit__
    exc.__traceback__ = traceback
    ^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/josepy/util.py", line 191, in __setattr__
    raise AttributeError("can't set attribute")
AttributeError: can't set attribute
2024-03-02 09:34:12,486:ERROR:certbot._internal.log:An unexpected error occurred:
2024-03-02 09:34:12,487:ERROR:certbot._internal.log:AttributeError: can't set attribute
root@panel:/# 

Apache conf :

cat port.democrasite.com.conf 
<VirtualHost 31.207.33.223:80>
    SuexecUserGroup #1006 #1004
    ServerName port.democrasite.com
    ServerAlias www.port.democrasite.com
    ServerAlias mail.port.democrasite.com
    ServerAlias webmail.port.democrasite.com
    ServerAlias admin.port.democrasite.com
    DocumentRoot /home/democrasite/domains/port.democrasite.com/public_html
    ErrorLog /var/log/virtualmin/port.democrasite.com_error_log
    CustomLog /var/log/virtualmin/port.democrasite.com_access_log combined
    ScriptAlias /cgi-bin/ /home/democrasite/domains/port.democrasite.com/cgi-bin/
    DirectoryIndex index.php index.php4 index.php5 index.htm index.html
    <Directory /home/democrasite/domains/port.democrasite.com/public_html>
        Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch 
        Require all granted
        AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    </Directory>
    <Directory /home/democrasite/domains/port.democrasite.com/cgi-bin>
        Require all granted
        AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    </Directory>
    # Proxy all requests to Portainer on port 9000 (corrected)
    ProxyPass / http://port.democrasite.com:9000/

    # Reverse proxy for correct responses from Portainer
    ProxyPassReverse / http://port.democrasite.com:9000/
    RemoveHandler .php
    RemoveHandler .php8.2
    <FilesMatch \.php$>
        SetHandler proxy:unix:/run/php/1709340139976124.sock|fcgi://127.0.0.1
    </FilesMatch>

    # Remove handler for .php files (optional, depends on your setup)
    # RemoveHandler .php
</VirtualHost>
<VirtualHost 31.207.33.223:443>
    SuexecUserGroup #1006 #1004
    ServerName port.democrasite.com
    ServerAlias www.port.democrasite.com
    ServerAlias mail.port.democrasite.com
    ServerAlias webmail.port.democrasite.com
    ServerAlias admin.port.democrasite.com
    DocumentRoot /home/democrasite/domains/port.democrasite.com/public_html
    ErrorLog /var/log/virtualmin/port.democrasite.com_error_log
    CustomLog /var/log/virtualmin/port.democrasite.com_access_log combined
    ScriptAlias /cgi-bin/ /home/democrasite/domains/port.democrasite.com/cgi-bin/
    DirectoryIndex index.php index.php4 index.php5 index.htm index.html
    <Directory /home/democrasite/domains/port.democrasite.com/public_html>
        Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch 
        Require all granted
        AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    </Directory>
    <Directory /home/democrasite/domains/port.democrasite.com/cgi-bin>
        Require all granted
        AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    </Directory>
    ProxyPass /.well-known !
    RewriteEngine on
    RewriteCond %{HTTP_HOST} =webmail.port.democrasite.com
    RewriteRule ^(?!/.well-known)(.*) https://port.democrasite.com:20000/ [R]
    RewriteCond %{HTTP_HOST} =admin.port.democrasite.com
    RewriteRule ^(?!/.well-known)(.*) https://port.democrasite.com:10000/ [R]
    RemoveHandler .php
    RemoveHandler .php8.2
    SSLEngine on
    SSLCertificateFile /etc/ssl/virtualmin/1709340139976124/ssl.combined
    SSLCertificateKeyFile /etc/ssl/virtualmin/1709340139976124/ssl.key
    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    <FilesMatch \.php$>
        SetHandler proxy:unix:/run/php/1709340139976124.sock|fcgi://127.0.0.1
    </FilesMatch>
</VirtualHost>

certbot manually test :

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Account registered.
Simulating a certificate request for port.democrasite.com
Input the webroot for port.democrasite.com: (Enter 'c' to cancel): 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 does not exist or is not a directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Input the webroot for port.democrasite.com: (Enter 'c' to cancel): /home/democrasite/domains/port.democrasite.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: port.democrasite.com
  Type:   unauthorized
  Detail: 31.207.33.223: Invalid response from http://port.democrasite.com/.well-known/acme-challenge/WYbG_0cv3UxAWhm7MSead1e4SQEE67kNjMM591KxG7s: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Something goes bad… Finally delete virtual-server, go from start :

• create virtual-server for my sub.my.domain (Sub-Server option, just
  Apache website enabled
  Apache SSL website enabled
• Proxy part : Virtualmin > Web configuration > Edit Proxy website > Poxying enabled " yes " > Proxy to URL http://my.ip.adress:“app-port” > Validate.
• SSL part (let’s encrypt) Virtualmin > Manage Virtual Server > Setup SSL Certificate > Let’s Encrypt tab > Request certificate for > Request Certificates.

Here config is for portainer : port 9000.

It works

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.