Renew Let's Encrypt certificate

Vassilis · February 15, 2017, 6:27pm

Hello,
I’m trying to to renew the certificate with this command:

./letsencrypt-auto certonly --email [email protected] -d example.duckdns.org

but I’m getting the following error:

Installing Python packages...
Had a problem while installing Python packages.

pip prints the following errors:
=====================================================
Collecting argparse==1.4.0 (from -r /tmp/tmp.9WFX0MRGFv/letsencrypt-auto-requirements.txt (line 11))
  Downloading argparse-1.4.0-py2.py3-none-any.whl
Collecting pycparser==2.14 (from -r /tmp/tmp.9WFX0MRGFv/letsencrypt-auto-requirements.txt (line 17))
  Downloading pycparser-2.14.tar.gz (223kB)
Collecting cffi==1.4.2 (from -r /tmp/tmp.9WFX0MRGFv/letsencrypt-auto-requirements.txt (line 21))
  Downloading cffi-1.4.2.tar.gz (365kB)
    Complete output from command python setup.py egg_info:
    cc1: internal compiler error: Segmentation fault
    Please submit a full bug report,
    with preprocessed source if appropriate.
    See <file:///usr/share/doc/gcc-4.9/README.Bugs> for instructions.
    cc1: internal compiler error: Segmentation fault
    Please submit a full bug report,
    with preprocessed source if appropriate.
    See <file:///usr/share/doc/gcc-4.9/README.Bugs> for instructions.

        No working compiler found, or bogus compiler options
        passed to the compiler from Python's distutils module.
        See the error messages above.
        (If they are about -mno-fused-madd and you are on OS/X 10.8,
        see http://stackoverflow.com/questions/22313407/ .)

    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-JqRwHZ/cffi
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
=====================================================

Certbot has problem setting up the virtual environment.

We were not be able to guess the right solution from your pip
output.

Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment
for possible solutions.
You may also find some support resources at https://certbot.eff.org/support/ .

Any help?

Mike_D · February 15, 2017, 6:46pm

Based on those two items I would start with updating PIP and run it again.

Vassilis · February 16, 2017, 8:01am

I tried it and the result is:
Requirement already up-to-date: pip in /usr/local/lib/python2.7/dist-packages

I tried also everything i found in the internet. I give up.

Mike_D · February 16, 2017, 12:40pm

Have you tried running sudo apt-get update and then sudo apt-get upgrade? Looks like your dist packages need updated.

Also I found yesterday that if you are upgrading existing certs you only need to run

./letsencrypt-auto renew --email youremailaddres

It will automatically find your certs and your domain and update them.

Vassilis · February 16, 2017, 1:24pm

Thank you for the support. Sadly, same error all the time.

I want to thank you all for the trip. I decided to move to a commercial product that all of this is out of the box. I spend to many time everyday in order to solve problems. SSL renewal, Restarts, Updates that broke working components, abandoned buggy components (LG WebOS) etc…

Mike_D · February 16, 2017, 3:25pm

Dang, sorry to hear that. Good luck and best wishes.

gieljnssns · February 17, 2017, 6:11am

And pip3 install --upgrade pip?

Dustin_Schmidt · March 21, 2017, 10:31am

Did you try temporarily opening ports 80 and 443 on your router?

anon35356645 · March 25, 2017, 9:01am

I managed to renew following the instructions

Bob_NL · June 28, 2017, 8:37pm

I’m getting the following error:

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/<redacted>.duckdns.org/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: <redacted>.duckdns.org
   Type:   unauthorized
   Detail: Incorrect validation certificate for tls-sni-01 challenge.
   Requested
   c3abfee05277410f095ad3af97f68750.fe79ef0da9725b48b540a45de8a493a6.acme.invalid
   from <redacted IP>:443. Received 2 certificate(s), first certificate
   had names "<redacted>.duckdns.org"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

I opened up port 80 just like I allways do.
Any idea what’s wrong?

rippleglass · May 28, 2018, 10:00pm

I’m running home assistant ver 0.54 on a hassbian install. attempting to renew my certbot certs and having all of the issues documented thus far on this thread. Has anyone figured it out?