Let's Encrypt Fails to Renew SSL after moving Virtual Server

SYSTEM INFORMATION
OS type and version Debian Linux 12
Virtualmin version 7.20.2

I moved my virtual server and 2 alias to a newer Virtualmin server. The sites load but I can’t get Let’s encrypt to request or update SSL certs. I get the following in the Let’s Encrypt module when I request a cert:

Checking hostnames for resolvability …
… all hostnames can be resolved

Requesting a certificate for xxx, www.yyy, zzz.net, www.aaa from Let’s Encrypt …
… request failed : Web-based validation failed :

Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for xxx and 5 more domains An unexpected error occurred: AttributeError: can’t set attribute Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

DNS-based validation failed :

Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for xxx and 5 more domains An unexpected error occurred: AttributeError: can’t set attribute Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

As far as I can tell, the “can’t set attribute” issue is probably a bug in some certbot versions.

Check the version:

certbot --version

And, make sure your system is up to date. I don’t think anyone else has reported this issue on Debian, so it’s either new(ish) or it’s already fixed in the repos and you’re just on an outdated package.

Thanks Joe.

root@burt:/home/keith# certbot --version
certbot 2.1.0

I do have some package updates to run. Not seeing anything for certbot though.

Yeah, that seems to be the buggy version. It’s a shame Debian hasn’t updated it. It’s a couple years old at this point. Are you sure you’re on Debian 12 and not 11? I’m confused how the version would be so old when Debian 12 is quite recent.

The suggested solution from the Let’s Encrypt folks is to install the snap version, but snap is a pain in the ass and breaks as much as it fixes, in my experience.

There’s a Debian bug report about it, but it never went anywhere: #1071088 - certbot: Certbot produces "AttributeError: can't set attribute" - Debian Bug report logs

Looks like newer versions are in unstable, so maybe you want to enable the unstable repo for that one package (apt - How do I install a single package from Debian testing or unstable on stable? - Unix & Linux Stack Exchange)

Or you can use the snap version as documented on the Let’s Encrypt website.

I wish Debian would fix their stuff. I’ve never been able to navigate contributing to Debian (you have to join a mailing list, find a “mentor”, etc. it’s a whole ordeal that I’m not equipped to work through, either in time or spoons), so I don’t know how to help give them a nudge on that.

1 Like

This is actually a big help, even though you might not think so. Considering the PITA of the Debian scenario - I might just spin up a new Virtualmin server on a more cooperative OS and then migrate my virtual servers over and kill the Debian version.

Thanks again. Appreciate the candidness.

Wow, thanks for THIS !!!

1 Like

Just want to say that I’m also on Debian 12 and I do NOT have any problems. Everything is fine.

And I’m working on complex architectures even if I don’t have enough means to complete everything.

Sometime I really ask me if some members are not trying too hard some “things”.

1 Like

That’s interesting, it’d be useful to know what’s different.

It could be DNS-related. Could be related to which names are being requested in the cert. Nothing else seems obvious, but I guess there could be redirects or proxy rules or something that are misbehaving and this is just a bad error (though I wouldn’t expect the same error on the DNS validation if it were a problem with the web validation).

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.