Invalid version when updating certificate with certbot

Grigorii

6/1/24, 4:45 PM

I have a server with a Let's encrypt certificate installed with certbot. I want to renew it with the following command sudo certbot renew --force-renewal

but I get an error:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mydomain.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Attempting to renew cert (mydomain) from /etc/letsencrypt/renewal/mydomain.conf produced an unexpected error: Invalid version. The only valid version for X509Req is 0.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/mydomain/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/mydomain/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

I have Ubuntu 20.04.4 LTS,Python 3.8.10 What should I do?

1475

1 + 2

ubuntu

lets-encrypt

certbot

Gerald Schneider

6/1/24, 4:56 PM

check `X509Req` in `/etc/letsencrypt/renewal/mydomain.conf`?

Grigorii

6/1/24, 6:24 PM

here is the contents of the conf file # renew_before_expiry = 30 days version = 0.40.0 archive_dir = /etc/letsencrypt/archive/my domain cert = /etc/letsencrypt/live/my domain/cert.pem privkey = /etc/letsencrypt/live/my domain/privkey.pem chain = /etc/letsencrypt/live/my domain/chain.pem fullchain = /etc/letsencrypt/live/my domain/fullchain.pem # Options used in the renewal process [renewalparams] account = [my account] pref_challs = http-01, authenticator = standalone server = https://acme-v02.api.letsencrypt.org/directory

Score:4

Server

Marlon Anjos

6/5/24, 11:33 AM

I had the same problem in Ubuntu 18.04 and it was caused by the pyOpenSSL 23.2.0 version. After downgrading to 23.1.1 it worked again:

pip3 install pyOpenSSL==23.1.1

+ 1

Paul Tobias

7/31/24, 2:21 AM

Yes, looks like this bug: https://github.com/certbot/certbot/issues/9722 and the problem is that although `csr.set_version(0)` is used [since `acme-v1.29.0`](https://github.com/certbot/certbot/commit/dedbdea1d9854761df9ba28d26e368bdd78d72c9), but because since `acme==1.24.0` there is a dependency on `Python >=3.7`, the latest `acme` version which can be installed with Python 3.6 is `acme-1.23.0`.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Invalid version when updating certificate with certbot

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.