0

I am trying to renew my certbot certificates running the command cerbot renew and I get this error

2021-12-02 10:46:30,686:INFO:certbot.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2021-12-02 10:46:30,779:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2021-12-02 10:46:30,783:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
2021-12-02 10:46:30,960:WARNING:certbot.renewal:Attempting to renew cert (ventureserp.com) from /etc/letsencrypt/renewal/ventureserp.com.conf produced an unexpected error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645). Skipping.
2021-12-02 10:46:30,975:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/local/lib/python3.5/dist-packages/requests/packages/urllib3/connectionpool.py", line 595, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python3.5/dist-packages/requests/packages/urllib3/connectionpool.py", line 352, in _make_request
    self._validate_conn(conn)
  File "/usr/local/lib/python3.5/dist-packages/requests/packages/urllib3/connectionpool.py", line 831, in _validate_conn
    conn.connect()
  File "/usr/local/lib/python3.5/dist-packages/requests/packages/urllib3/connection.py", line 289, in connect
    ssl_version=resolved_ssl_version)
  File "/usr/local/lib/python3.5/dist-packages/requests/packages/urllib3/util/ssl_.py", line 308, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.5/ssl.py", line 377, in wrap_socket
    _context=self)
  File "/usr/lib/python3.5/ssl.py", line 752, in __init__
    self.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 988, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 633, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

When I run cerbot --version it gives me 0.31.0 which seems to be the latest version of certbot, so I am not really sure why this is happening? I have gone through numerous articles online and it didnt help my cause, please anyone who can kinldy help as this is urgent.

Paul
  • 2,755
  • 6
  • 24
  • 35
Akoh
  • 1
  • 1
    The CA certificates on your system are out of date. – Gerald Schneider Dec 02 '21 at 10:57
  • How do I update the certificates to the latest? – Akoh Dec 02 '21 at 11:00
  • Usually by keeping your packages up to date. It depends on the distribution you are using. Searching for `$yourdistribution update ca certificates` should give you plenty results. – Gerald Schneider Dec 02 '21 at 11:01
  • 1
    Your server is running Ubuntu with nginx version 1.10.3. You are likely running Ubuntu 16.04, which is EOL. The solution is to upgrade to a supported version of Ubuntu. – Paul Dec 05 '21 at 17:02

0 Answers0