Error Provisioning Let's Encrypt Certificate


My initial mailinabox setup was pretty standard, including the root, www, and box subdomains. I noticed that exchange/activesync clients will provision themselves correctly using the autodiscover subdomain, so I added a domain alias for that subdomain to get it to appear in the SSL Certificates page. On the previous MIAB version, 0.20, I would get an error similar to this after clicking the Provision button: TLS certificate renewal failing with Let's Encrypt

On the newest version at this time (0.21), I just get a generic “Something went wrong, sorry” error when clicking the Provision button. In addition, every morning I get an email like this, which I assume is related:

Traceback (most recent call last):
File “management/”, line 807, in
File “management/”, line 450, in provision_certificates_cmdline
status = provision_certificates(env, agree_to_tos_url=agree_to_tos_url, logger=my_logger, force_domains=force_domains, show_extended_problems=show_extended_problems)
File “management/”, line 337, in provision_certificates
File “/usr/local/lib/python3.4/dist-packages/free_tls_certificates/”, line 64, in issue_certificate
agree_to_tos_url, validation_method, acme_server, logger)
File “/usr/local/lib/python3.4/dist-packages/free_tls_certificates/”, line 112, in validate_domain_ownership
File “/usr/local/lib/python3.4/dist-packages/free_tls_certificates/”, line 317, in create_client
client = acme.client.Client(acme_server, key)
File “/usr/local/lib/python3.4/dist-packages/acme/”, line 63, in init
File “/usr/local/lib/python3.4/dist-packages/acme/”, line 624, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/usr/local/lib/python3.4/dist-packages/acme/”, line 606, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File “/usr/local/lib/python3.4/dist-packages/requests/”, line 488, in request
resp = self.send(prep, **send_kwargs)
File “/usr/local/lib/python3.4/dist-packages/requests/”, line 609, in send
r = adapter.send(request, **kwargs)
File “/usr/local/lib/python3.4/dist-packages/requests/”, line 423, in send
File “/usr/local/lib/python3.4/dist-packages/requests/packages/urllib3/”, line 594, in urlopen
File “/usr/local/lib/python3.4/dist-packages/requests/packages/urllib3/”, line 350, in _make_request
File “/usr/local/lib/python3.4/dist-packages/requests/packages/urllib3/”, line 835, in validate_conn
File “/usr/local/lib/python3.4/dist-packages/requests/packages/urllib3/”, line 311, in connect
File "/usr/local/lib/python3.4/dist-packages/requests/packages/urllib3/util/ssl
.py", line 267, in create_urllib3_context
context.set_ciphers(ciphers or DEFAULT_CIPHERS)
File “/usr/local/lib/python3.4/dist-packages/requests/packages/urllib3/contrib/”, line 385, in set_ciphers
TypeError: must be str, not bytes

Should I just be nuking the install and provisioning a new box that includes the autodiscover subdomain or is there an easy way to fix this? I haven’t been able to find any solutions on here yet, but if I missed something please point it out to me.



I’m also getting the same email each night, when management/ runs as a cronjob.

I carried out Josh’s instructions as per the “Version 0.21 is posted” thread - although I didn’t receive any errors on the update (it was smooth) the errors in the nightly email are the same as reported there by other users and they reported that carrying out the steps worked to clear the problem for them.

Anyone got any ideas? Cheers!

Don’t know what the problem is yet, but let’s continue at