I moved my virtual server and 2 alias to a newer Virtualmin server. The sites load but I can’t get Let’s encrypt to request or update SSL certs. I get the following in the Let’s Encrypt module when I request a cert:
Checking hostnames for resolvability …
… all hostnames can be resolved
Requesting a certificate for xxx, www.yyy, zzz.net, www.aaa from Let’s Encrypt …
… request failed : Web-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for xxx and 5 more domains An unexpected error occurred: AttributeError: can’t set attribute Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
DNS-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for xxx and 5 more domains An unexpected error occurred: AttributeError: can’t set attribute Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
As far as I can tell, the “can’t set attribute” issue is probably a bug in some certbot versions.
Check the version:
certbot --version
And, make sure your system is up to date. I don’t think anyone else has reported this issue on Debian, so it’s either new(ish) or it’s already fixed in the repos and you’re just on an outdated package.
Yeah, that seems to be the buggy version. It’s a shame Debian hasn’t updated it. It’s a couple years old at this point. Are you sure you’re on Debian 12 and not 11? I’m confused how the version would be so old when Debian 12 is quite recent.
The suggested solution from the Let’s Encrypt folks is to install the snap version, but snap is a pain in the ass and breaks as much as it fixes, in my experience.
Or you can use the snap version as documented on the Let’s Encrypt website.
I wish Debian would fix their stuff. I’ve never been able to navigate contributing to Debian (you have to join a mailing list, find a “mentor”, etc. it’s a whole ordeal that I’m not equipped to work through, either in time or spoons), so I don’t know how to help give them a nudge on that.
This is actually a big help, even though you might not think so. Considering the PITA of the Debian scenario - I might just spin up a new Virtualmin server on a more cooperative OS and then migrate my virtual servers over and kill the Debian version.
That’s interesting, it’d be useful to know what’s different.
It could be DNS-related. Could be related to which names are being requested in the cert. Nothing else seems obvious, but I guess there could be redirects or proxy rules or something that are misbehaving and this is just a bad error (though I wouldn’t expect the same error on the DNS validation if it were a problem with the web validation).