I am trying to create and install a Let's Encrypt SSL certificate using certbot. It's for a subdomain named private.mydomain.de (on a different server than mydomain.de). Certbot aborts with the following messages:
An unexpected error occurred:
AttributeError: 'module' object has no attribute 'TLSSNI01'
Went to https://letsdebug.net/ and checked the domain in question.
http-01 and DNS-01 tests passed, TLS-ALPN-01 fails with these verbose error messages:
IssueFromLetsEncrypt
ERROR
A test authorization for private.mydomain.de to the Let's Encrypt staging service
has revealed issues that may prevent any certificate for this domain being issued.
Connection refused
DEBUG
Challenge update failures for private.mydomain.de in order
https://acme-staging-v02.api.letsencrypt.org/acme/order/<....>/<....>
acme: error code 400 "urn:ietf:params:acme:error:connection":
Connection refused PublicSuffix
RateLimit
DEBUG
1 Certificates contributing to rate limits for this domain
Serial: <serialnr>
NotBefore: 2020-02-02 22:23:22 +0000 UTC
Names: [finance.mydomain.de mydomain.de]
My plan now is to revoke the certificate contributing to the rate limit:
Used https://censys.io/certificates?q=…serialnr and copied the PEM,
inserted it at https://tools.letsdebug.net/cert-revoke,
completed the DNS challanges and checked with dig.
'Revoke certificate' then aborts with the error:
An error occured
Unfortunately something went wrong during the process. Usually this is
not recoverable - you will need to start from the beginning.
Error: Request failed with status code 400
Tried it again with same outcome, now I am asking here, what can I do?
UPDATE
I renamed the server in nginx.conf from 'private.mydomain.de' to 'consult.mydomain.de'. This subdomain has been used previously on this server and has had a certificate before (which was uninstalled by certbot delete –cert-name …). With this new old name, Certbot ran without problems, created and installed a certificate.
SOLUTION
After having several more issues with Certbot and more research, I found this solution: On the Oracle Cloud Infrastructure (OCI) with Oracle Linux 7, don't use Certbox, but install certbot-auto:
'''
wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto
sudo /usr/local/bin/certbot-auto certonly –standalone
'''
From: https://blogs.oracle.com/developers/free-ssl-certificates-in-the-oracle-cloud-using-certbot-and-lets-encrypt
I was able to create and install all desired certificates.
Best Answer
For a very fragile workaround, you can edit
/usr/lib/python3/dist-packages/certbot_nginx/configurator.pyand replacereturn [challenges.HTTP01, challenges.TLSSNI01]withreturn [challenges.HTTP01](or you… can use the webroot plugin)