Failed to renew SSL certs

Seems to keep mentioning the --manual-public-ip-logging-ok flag:

Log:

Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Performing the following challenges: dns-01 challenge for box.aislemonkey.co.uk dns-01 challenge for mta-sts.box.aislemonkey.co.uk Cleaning up challenges Encountered exception during recovery: Traceback (most recent call last): File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 75, in handle_authorizations resp = self._solve_challenges(aauthzrs) File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 139, in _solve_challenges resp = self.auth.perform(all_achalls) File “/usr/lib/python3/dist-packages/certbot/plugins/manual.py”, line 155, in perform self._verify_ip_logging_ok() File “/usr/lib/python3/dist-packages/certbot/plugins/manual.py”, line 182, in _verify_ip_logging_ok if display.yesno(msg, cli_flag=cli_flag, force_interactive=True): File “/usr/lib/python3/dist-packages/certbot/display/util.py”, line 542, in yesno self._interaction_fail(message, cli_flag) File “/usr/lib/python3/dist-packages/certbot/display/util.py”, line 469, in _interaction_fail raise errors.MissingCommandlineFlag(msg) certbot.errors.MissingCommandlineFlag: Missing command line flag or config entry for this setting: NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you’re running certbot in manual mode on a machine that is not your server, please ensure you’re okay with that. Are you OK with your IP being logged? (You can set this with the --manual-public-ip-logging-ok flag) During handling of the above exception, another exception occurred: Traceback (most recent call last): File “/usr/lib/python3/dist-packages/certbot/error_handler.py”, line 108, in _call_registered self.funcs-1 File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 323, in _cleanup_challenges self.auth.cleanup(achalls) File “/usr/lib/python3/dist-packages/certbot/plugins/manual.py”, line 242, in cleanup env = self.env.pop(achall) KeyError: KeyAuthorizationAnnotatedChallenge(challb=ChallengeBody(chall=DNS01(token=b’\xcf/\xd1M\xe9\x02\x1b\xa5_J\x06{H\x95\x0fT\xb8vEU\x99*v3\x81\xf8\xc7\x96\xc8G\x8dl’), uri=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/14024552176/P2CRXg’, _url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/14024552176/P2CRXg’, status=Status(pending), validated=None, error=None), domain=‘box.aislemonkey.co.uk’, account_key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey object at 0x7ff10f2255f8>)>)) Missing command line flag or config entry for this setting: NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you’re running certbot in manual mode on a machine that is not your server, please ensure you’re okay with that. Are you OK with your IP being logged? (You can set this with the --manual-public-ip-logging-ok flag)

Any ideas?

Maybe someone here is willing to parse your post, but my recommendation is you edit it do add return lines so it doesn’t post to the forum as a single line to scroll horizontally and read. I know I’m not going to read it.

You are doing dns-01 challenge?

I’m not doing anything manually if thats what you are inferring; it failed on cert renewal (both the automatic jobs as well as starting it from the admin panel)

You never used certbot from command line using the dns-01 challenge to generate certs? Because MiaB is only configured to use http-01 challenge.

It does look like MiaB completed certs, somehow, today:

Never ran certbot manually no. I had to amend ssl_certificates.py and added --manual-public-ip-logging-ok then ran ./ssl_certificates.py and it generated the certificates. Found here:

https://discourse.mailinabox.email/t/weird-ssl-renewal-problem/6347

This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.