Menu
I'm getting a weird error on lets-encrypt certbot that seems linked to the presence of a dash in my second domain name (on the real one position 8 correspond to the position of said dash).
The error occurs regardless of wether I try to renew or create a new certificate. The original (functionnal) certificate was generated using certbot no pb...
./certbot-auto certonly --nginx -d domain1 -d domain2
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for domain1
tls-sni-01 challenge for domain-2
Cleaning up challenges
An unexpected error occurred:
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 8: ordinal not in range(128)
What can I do from here?
687
The command checks to see if the certificate on the server will expire within the next 30 days, and renews it if so. The --quiet directive tells certbot not to generate output. Save and close the file. All installed certificates will be automatically renewed and reloaded.
All generated keys and issued certificates can be found in /etc/letsencrypt/live/${domain} .
Use –dry-run before running Certbot for real By adding the flag: --dry-run. to the commands renew or certonly, you can test your syntax without actually having any certificates issued on your behalf. As a result, you will receive detailed output in the console.
I indeeed had a non ascii character in that file, the useful command for such problems is :
grep -nRP '[\x80-\xFF]' /etc/nginx
Where /etc/nginx is the directory/file you want to look for a non ascii character. And where [\x80-\xFF] is the range (in this case non-ascii) you want to look for.
114
Using the following command:
grep -r -P '[^\x00-\x7f]' /etc/apache2 /etc/letsencrypt /etc/nginx
Found mine in
/etc/letsencrypt/options-ssl-nginx.conf: # The following CSP directives don't use default-src as
Using shed, I found the offending sequence. It turned out to be an editor mistake.
00008099: C2 194 302 11000010
00008100: A0 160 240 10100000
00008101: d 64 100 144 01100100
00008102: e 65 101 145 01100101
00008103: f 66 102 146 01100110
00008104: a 61 097 141 01100001
00008105: u 75 117 165 01110101
00008106: l 6C 108 154 01101100
00008107: t 74 116 164 01110100
00008108: - 2D 045 055 00101101
00008109: s 73 115 163 01110011
00008110: r 72 114 162 01110010
00008111: c 63 099 143 01100011
00008112: C2 194 302 11000010
00008113: A0 160 240 10100000
Using an editor (i.e. vim), I edited out the offending byte sequence.
44
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
