Date: Wed, 11 Mar 2020 14:11:59 -0600 From: Gary Aitken <freebsd@dreamchaser.org> To: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: letsencrypt renewal failure "sslv3 alert bad record mac" Message-ID: <7e6cb54d-a38a-0772-01fb-01ebd4834c91@dreamchaser.org>
next in thread | raw e-mail | index | archive | help
Previous renewals worked ok, but may have been under 10.3 11.2-RELEASE-p9 FreeBSD 11.2-RELEASE-p9 I know I need to upgrade to 11.3 but this seems not related to that. Any help / pointers would be much appreciated. certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /usr/local/etc/letsencrypt/renewal/dreamchaser.org.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator standalone, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for discoveriesinwood.com http-01 challenge for dreamchaser.org http-01 challenge for git.dreamchaser.org http-01 challenge for www.discoveriesinwood.com http-01 challenge for www.dreamchaser.org Waiting for verification... Cleaning up challenges Attempting to renew cert (dreamchaser.org) from /usr/local/etc/letsencrypt/renewal/dreamchaser.org.conf produced an unexpected error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert bad record mac')]. Skipping. All renewal attempts failed. The following certs could not be renewed: /usr/local/etc/letsencrypt/live/dreamchaser.org/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All renewal attempts failed. The following certs could not be renewed: /usr/local/etc/letsencrypt/live/dreamchaser.org/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 renew failure(s), 0 parse failure(s) The debug log shows the following exception: 2020-03-11 14:48:04,062:DEBUG:certbot.error_handler:Encountered exception: Traceback (most recent call last): File "/usr/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 82, in handle_authorizations self._respond(aauthzrs, resp, best_effort) File "/usr/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 165, in _respond self._send_responses(aauthzrs, resp, chall_update) File "/usr/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 198, in _send_responses self.acme.answer_challenge(achall.challb, resp) File "/usr/local/lib/python2.7/site-packages/acme/client.py", line 158, in answer_challenge response = self._post(challb.uri, response) File "/usr/local/lib/python2.7/site-packages/acme/client.py", line 95, in _post return self.net.post(*args, **kwargs) File "/usr/local/lib/python2.7/site-packages/acme/client.py", line 1185, in post return self._post_once(*args, **kwargs) File "/usr/local/lib/python2.7/site-packages/acme/client.py", line 1201, in _post_once response = self._send_request('POST', url, data=data, **kwargs) File "/usr/local/lib/python2.7/site-packages/acme/client.py", line 1101, in _send_request response = self.session.request(method, url, *args, **kwargs) File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 533, in request resp = self.send(prep, **send_kwargs) File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 646, in send r = adapter.send(request, **kwargs) File "/usr/local/lib/python2.7/site-packages/requests/adapters.py", line 449, in send timeout=timeout File "/usr/local/lib/python2.7/site-packages/urllib3/connectionpool.py", line 601, in urlopen chunked=chunked) File "/usr/local/lib/python2.7/site-packages/urllib3/connectionpool.py", line 380, in _make_request httplib_response = conn.getresponse(buffering=True) File "/usr/local/lib/python2.7/httplib.py", line 1121, in getresponse response.begin() File "/usr/local/lib/python2.7/httplib.py", line 438, in begin version, status, reason = self._read_status() File "/usr/local/lib/python2.7/httplib.py", line 394, in _read_status line = self.fp.readline(_MAXLINE + 1) File "/usr/local/lib/python2.7/socket.py", line 480, in readline data = self._sock.recv(self._rbufsize) File "/usr/local/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 274, in recv return self.recv(*args, **kwargs) File "/usr/local/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 258, in recv data = self.connection.recv(*args, **kwargs) File "/usr/local/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1783, in recv self._raise_ssl_error(self._ssl, result) File "/usr/local/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1639, in _raise_ssl_error _raise_current_error() File "/usr/local/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue raise exception_type(errors)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7e6cb54d-a38a-0772-01fb-01ebd4834c91>