Hello, it is time for me to get my tls certs renewed. I logged into my admin account, went to the TLS (SSL) Certificates page, hit the “Provision” button and get an error message. I tried looking through the MIAB forums but nothing in there helped resolve my problem. I look in my syslog and found an unusual (unusual to me at least) error:
Dec 20 10:08:19 mail Exception on /ssl/provision ....... self._ctx.set_cipher_list(ciphers)#012TypeError: must be str, not bytes
Is that the problem or is more information needed? Thanks.
There’s a couple threads floating around on this one. Try executing these commands and then going back to TLS to renew.
apt-get remove python-openssl
pip3 uninstall pyOpenSSL
pip3 install pyOpenSSL --upgrade
Other thread that had this resolution: Let's encrypt failure: exception on /ssl/provision
I’ve done exactly that (and several variations thereof), but it’s still broken with the
must be str, not bytes error on my upgraded box.
Well it never hurts to question your own assumptions! I repeated the above three commands and this time management/daily_tasks.sh succeeded at provisioning new LetsEncrypt certs.
I swear I’d tried those same commands. Maybe I had reinstalled the packaged
python-openssl version again, which seems to be the source of the conflict.
Thank you for the response. I’ve ran those commands before which solved a different problem I had. Do I need to run those commands after every upgrade of MIAB?
Also, after running those commands, and rebooting my MIAB machine, the provision button is still grayed out (not clickable), I don’t see any clues in the syslog file either. Where do go now?
You shouldn’t need to run them again after every upgrade, no. I’m actually not sure how to solve your current issue.
Well that was wierd. I went back into my administrator dashboard and the Provision button was active. I clicked it and I got the button to agree to terms of service (?). Now everything is working.
How do i go about automating this process now? Is there a cron job I can make?
It should automatically renew the certs before they expire. There is nothing more you need to do.
For me, this worked perfectly. Had exactly the same problem. Thanks for posting it.
Worked for me with Python 2.7.6 and running ‘management/ssl_certificates.py’ as root afterwards, thank you very much!
I had a similar problem a couple of weeks ago. I solved it uprev’ing to the latest MIAB (v0.21b) - I was running a slightly older version. After the up-rev completed, I rebooted my server, logged into the Admin account via the GUI, clicked on the “Provision” button and the certs were renewed.
However, if everything is set up and working correctly, the LetsEncrypt certs should automatically renew without any user interaction.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.