Error when Provisioning TLS certs

B_DubHay · December 20, 2016, 4:36pm

Hello, it is time for me to get my tls certs renewed. I logged into my admin account, went to the TLS (SSL) Certificates page, hit the “Provision” button and get an error message. I tried looking through the MIAB forums but nothing in there helped resolve my problem. I look in my syslog and found an unusual (unusual to me at least) error:

Dec 20 10:08:19 mail Exception on /ssl/provision ....... self._ctx.set_cipher_list(ciphers)#012TypeError: must be str, not bytes

Is that the problem or is more information needed? Thanks.

Brian.

v60fan · December 20, 2016, 6:36pm

There’s a couple threads floating around on this one. Try executing these commands and then going back to TLS to renew.

apt-get remove python-openssl
pip3 uninstall pyOpenSSL
pip3 install pyOpenSSL --upgrade

Other thread that had this resolution: Let's encrypt failure: exception on /ssl/provision - #2 by mboersma

mboersma · December 20, 2016, 6:48pm

I’ve done exactly that (and several variations thereof), but it’s still broken with the must be str, not bytes error on my upgraded box.

mboersma · December 20, 2016, 6:55pm

Well it never hurts to question your own assumptions! I repeated the above three commands and this time management/daily_tasks.sh succeeded at provisioning new LetsEncrypt certs.

I swear I’d tried those same commands. Maybe I had reinstalled the packaged python-openssl version again, which seems to be the source of the conflict.

Thanks all!

B_DubHay · December 20, 2016, 7:15pm

Thank you for the response. I’ve ran those commands before which solved a different problem I had. Do I need to run those commands after every upgrade of MIAB?

Also, after running those commands, and rebooting my MIAB machine, the provision button is still grayed out (not clickable), I don’t see any clues in the syslog file either. Where do go now?

v60fan · December 20, 2016, 9:04pm

You shouldn’t need to run them again after every upgrade, no. I’m actually not sure how to solve your current issue.

B_DubHay · December 20, 2016, 9:56pm

Well that was wierd. I went back into my administrator dashboard and the Provision button was active. I clicked it and I got the button to agree to terms of service (?). Now everything is working.

B_DubHay · December 20, 2016, 9:59pm

How do i go about automating this process now? Is there a cron job I can make?

v60fan · December 20, 2016, 10:00pm

It should automatically renew the certs before they expire. There is nothing more you need to do.

sander-schippers · December 25, 2016, 10:44am

For me, this worked perfectly. Had exactly the same problem. Thanks for posting it.

User5519 · December 26, 2016, 10:32am

Worked for me with Python 2.7.6 and running ‘management/ssl_certificates.py’ as root afterwards, thank you very much!

cc.noyes · December 26, 2016, 2:56pm

I had a similar problem a couple of weeks ago. I solved it uprev’ing to the latest MIAB (v0.21b) - I was running a slightly older version. After the up-rev completed, I rebooted my server, logged into the Admin account via the GUI, clicked on the “Provision” button and the certs were renewed.

However, if everything is set up and working correctly, the LetsEncrypt certs should automatically renew without any user interaction.

system · January 2, 2017, 2:56pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.