Page MenuHomeDevCentral
Create Task
Maniphest T825

Renew Let's encrypt certificate for notifications.nasqueron.org
Closed, ResolvedPublic
Actions

Event Timeline

dereckson claimed this task.May 12 2016, 09:56
dereckson added a subscriber: dereckson.
dereckson added a project: Servers.May 12 2016, 09:57
dereckson added a comment.May 12 2016, 10:02

I've ran letsencrypt renew on Dwellers, then reloaded nginx.

It's okay for notifications, but some domains are problematic, and there is an UTF-8 character issue somewhere. We should investigate these issues.

New certificate parameter:

  • Issued On Thursday, May 12, 2016 at 10:57:00 AM
  • Expires On Wednesday, August 10, 2016 at 10:57:00 AM
Dwellers
$ letsencrypt renew
Processing /etc/letsencrypt/renewal/phabricator-files-for-devcentral-nasqueron.spacetechnology.net.conf
Processing /etc/letsencrypt/renewal/notifications.nasqueron.org.conf
new certificate deployed without reload, fullchain is /etc/letsencrypt/live/notifications.nasqueron.org/fullchain.pem
Processing /etc/letsencrypt/renewal/mail.nasqueron.org.conf
2016-05-12 09:57:29,046:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/mail.nasqueron.org.conf produced an unexpected error: Fa
iled authorization procedure. mail.wolfplex.be (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from htt
p://mail.wolfplex.be/.well-known/acme-challenge/Eo5i6Hl30G6N0GuFl1Kwo87nk6MiOg-sLZE-czc9C-s [212.129.32.223]: 403, mail.nasqueron.org (http-01): urn:acme:error
:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.nasqueron.org/.well-known/acme-challenge/XSjvjqmALvMhoNz5cCKe_-
MX2VZkqaB0MhnmuFnvfZ0 [212.129.32.223]: 403, mail.dereckson.be (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid r
esponse from http://mail.dereckson.be/.well-known/acme-challenge/H3dQTMtSjRcj7Vl-n-FMM92-jI3KCfYRK7JNdzJy7CU [212.129.32.223]: 403, mail.bioty.co (http-01): ur
n:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.bioty.co/.well-known/acme-challenge/PQr0x0qywjTDSkz
vkHP8hhnohK7lM8R1NJJFKF5JOrg [212.129.32.223]: 403. Skipping.
Processing /etc/letsencrypt/renewal/phabricator.nasqueron.org.conf
Traceback (most recent call last):
  File "/usr/lib/python2.7/logging/__init__.py", line 851, in emit
    msg = self.format(record)
  File "/opt/letsencrypt/src/letsencrypt/colored_logging.py", line 41, in format
    else super(StreamHandler, self).format(record))
  File "/usr/lib/python2.7/logging/__init__.py", line 724, in format
    return fmt.format(record)
  File "/usr/lib/python2.7/logging/__init__.py", line 464, in format
    record.message = record.getMessage()
  File "/usr/lib/python2.7/logging/__init__.py", line 328, in getMessage
    msg = msg % self.args
  File "/opt/letsencrypt/src/letsencrypt/errors.py", line 48, in __str__
    for achall in self.failed_achalls if achall.error is not None))
  File "/opt/letsencrypt/src/letsencrypt/errors.py", line 48, in <genexpr>
    for achall in self.failed_achalls if achall.error is not None))
UnicodeEncodeError: 'ascii' codec can't encode character u'\u2026' in position 287: ordinal not in range(128)
Logged from file cli.py, line 1031
Traceback (most recent call last):
  File "/usr/lib/python2.7/logging/handlers.py", line 76, in emit
    if self.shouldRollover(record):
  File "/usr/lib/python2.7/logging/handlers.py", line 156, in shouldRollover
    msg = "%s\n" % self.format(record)
  File "/usr/lib/python2.7/logging/__init__.py", line 724, in format
    return fmt.format(record)
  File "/usr/lib/python2.7/logging/__init__.py", line 464, in format
    record.message = record.getMessage()
  File "/usr/lib/python2.7/logging/__init__.py", line 328, in getMessage
    msg = msg % self.args
  File "/opt/letsencrypt/src/letsencrypt/errors.py", line 48, in __str__
    for achall in self.failed_achalls if achall.error is not None))
  File "/opt/letsencrypt/src/letsencrypt/errors.py", line 48, in <genexpr>
    for achall in self.failed_achalls if achall.error is not None))
UnicodeEncodeError: 'ascii' codec can't encode character u'\u2026' in position 287: ordinal not in range(128)
Logged from file cli.py, line 1031
Processing /etc/letsencrypt/renewal/code.zed.dereckson.be.conf
new certificate deployed without reload, fullchain is /etc/letsencrypt/live/code.zed.dereckson.be/fullchain.pem
Processing /etc/letsencrypt/renewal/rocketchat.nasqueron.org.conf
new certificate deployed without reload, fullchain is /etc/letsencrypt/live/rocketchat.nasqueron.org/fullchain.pem
Processing /etc/letsencrypt/renewal/sentry.nasqueron.org.conf
new certificate deployed without reload, fullchain is /etc/letsencrypt/live/sentry.nasqueron.org/fullchain.pem

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/phabricator-files-for-devcentral-nasqueron.spacetechnology.net/fullchain.pem (skipped)
The following certs were successfully renewed:
  /etc/letsencrypt/live/notifications.nasqueron.org/fullchain.pem (success)
  /etc/letsencrypt/live/code.zed.dereckson.be/fullchain.pem (success)
  /etc/letsencrypt/live/rocketchat.nasqueron.org/fullchain.pem (success)
  /etc/letsencrypt/live/sentry.nasqueron.org/fullchain.pem (success)

The following certs could not be renewed:
  /etc/letsencrypt/live/mail.nasqueron.org/fullchain.pem (failure)
  /etc/letsencrypt/live/phabricator.nasqueron.org/fullchain.pem (failure)
2 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: mail.wolfplex.be
   Type:   unauthorized
   Detail: Invalid response from http://mail.wolfplex.be/.well-known
   /acme-challenge/Eo5i6Hl30G6N0GuFl1Kwo87nk6MiOg-sLZE-czc9C-s
   [212.129.32.223]: 403

   Domain: mail.nasqueron.org
   Type:   unauthorized
   Detail: Invalid response from http://mail.nasqueron.org/.well-known
   /acme-challenge/XSjvjqmALvMhoNz5cCKe_-MX2VZkqaB0MhnmuFnvfZ0
   [212.129.32.223]: 403

   Domain: mail.dereckson.be
   Type:   unauthorized
   Detail: Invalid response from http://mail.dereckson.be/.well-known
   /acme-challenge/H3dQTMtSjRcj7Vl-n-FMM92-jI3KCfYRK7JNdzJy7CU
   [212.129.32.223]: 403

   Domain: mail.bioty.co
   Type:   unauthorized
   Detail: Invalid response from http://mail.bioty.co/.well-known
   /acme-challenge/PQr0x0qywjTDSkzvkHP8hhnohK7lM8R1NJJFKF5JOrg
   [212.129.32.223]: 403

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.
[...]
$ nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
$ nginx -s reload
dereckson closed this task as Resolved.May 12 2016, 10:02
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator