Certificate Update For Box Failed

elpa · December 4, 2024, 6:59pm

Successfully updated my box to V70 last week. Early this morning miab’s certbot attempted to update the certificate for my box and it failed with the following message:

“An unexpected error occurred:
The request message was malformed :: No such authorization”

There is log output:

Connection: keep-alive
Boulder-Requester: 62349608
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: FVNV6H0MFV57zCApWh_PbAR5aZgkfRCw7Tzb-ce14IIjjodGmOY

{
“type”: “urn:ietf:params:acme:error:malformed”,
“detail”: “No such authorization”,
“status”: 404
}
2024-12-04 03:20:23,658:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 33, in
sys.exit(load_entry_point(‘certbot==1.21.0’, ‘console_scripts’, ‘certbot’)())
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 15, in main
return internal_main.main(cli_args)
File “/usr/lib/python3/dist-packages/certbot/_internal/main.py”, line 1574, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/_internal/main.py”, line 1419, in certonly
cert_path, chain_path, fullchain_path = _csr_get_and_save_cert(config, le_client)
File “/usr/lib/python3/dist-packages/certbot/_internal/main.py”, line 1353, in _csr_get_and_save_cert
cert, chain = le_client.obtain_certificate_from_csr(csr)
File “/usr/lib/python3/dist-packages/certbot/_internal/client.py”, line 300, in obtain_certificate_from_csr
orderr = self._get_order_and_authorizations(csr.data, best_effort=False)
File “/usr/lib/python3/dist-packages/certbot/_internal/client.py”, line 421, in _get_order_and_authorizations
orderr = self.acme.new_order(csr_pem)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 936, in new_order
return cast(ClientV2, self.client).new_order(csr_pem)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 709, in new_order
authorizations.append(self._authzr_from_response(self._post_as_get(url), uri=url))
File “/usr/lib/python3/dist-packages/acme/client.py”, line 835, in _post_as_get
return self._post(*new_args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 101, in _post
return self.net.post(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1269, in post
return self._post_once(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1283, in _post_once
response = self._check_response(response, content_type=content_type)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1128, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: No such authorization
2024-12-04 03:20:23,661:ERROR:certbot._internal.log:An unexpected error occurred:
2024-12-04 03:20:23,661:ERROR:certbot._internal.log:The request message was malformed :: No such authorization
2024-12-04 03:33:15,994:DEBUG:certbot._internal.main:certbot version: 1.21.0
2024-12-04 03:33:15,994:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2024-12-04 03:33:15,994:DEBUG:certbot._internal.main:Arguments: [‘-q’]
2024-12-04 03:33:15,994:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-12-04 03:33:16,007:DEBUG:certbot._internal.log:Root logging level set at 40
2024-12-04 03:33:16,009:DEBUG:certbot._internal.display.obj:Notifying user:

Attempted the following to resolve this issue:

checked miab forum
checked Lets Encrypt forum and there appears to be certbot version updates that may prompt this error due to api endpoint changes. My box is standard mailinabox with no modifications so ran the mailinabox update again hoping this would resolve the issue
did a certbot renew, output indicates there are no certificates on my server
checked admin panel and certificates are found, the box certificate is due for renewal

Can anyone provide guidance on how I resolve this issue ?

hzink · January 4, 2025, 6:28am

Similar issue here. My box suddenly stopped working processing email, and accessing the admin etc web-page no longer works. The certificate shows as expired.

How do I manually renew the box’s certificates, since I think that is the issue - certificates have either expired or have disappeared.

Help, please?

dms · January 4, 2025, 5:58pm

I don’t know why it’s failing, but if you want to try to renew the certificates by hand, you can do try these steps. Log into the server, become root, change to the mailinabox directory, run the ssl cert provisioning script. In case you need them, here’s the exact commands starting after you’re logged into your server:

sudo su -
cd /root/mailinabox
management/ssl_certificates.py

elpa · January 4, 2025, 6:25pm

Surprisingly the issue turned out to be fail2ban banning my ip address. The filters miab-postfix465 and miab-postfix587 were triggered hundreds of times and eventually recidive filter. I haven’t changed software or hardware on my end. This never happened prior to v70 update.

I had to use the hosting providers console to login into the box and unban my ip address because even ssh was banned along with my email account being offline.

Check the fail2ban logs and unban your ip address. If you have a static ip address you can add it to the fail2ban configuration file mailinabox.conf. Add it to the ignoreip line. If you have a dynamic ip like myself you may need to monitor for bans daily.

Once I did the above I could see the certificates had updated and installed correctly.