Let's Encrypt - agreement error

deschet · August 3, 2016, 1:25am

hi there, does anyone know if this error is because I registered too many times in single a week or is it something else?

I’ve re-built my Digitalocean droplets a few times and then this last time I was assigned a new IP.

Now I’m getting the following error:

fatal: [mydomain.com]: FAILED! => {“changed”: false, “cmd”: ["./renew-certs.py"], “delta”: “0:00:00.559734”, “end”: “2016-08-03 01:15:02.528851”, “failed”: true, “invocation”: {“module_args”: {"_raw_params": “./renew-certs.py”, “_uses_shell”: false, “chdir”: “/var/lib/letsencrypt”, “creates”: null, “executable”: null, “removes”: null, “warn”: true}, “module_name”: “command”}, “rc”: 1, “start”: “2016-08-03 01:15:01.969117”, “stderr”: “”, “stdout”: “Generating certificate for mydomain.com\nError while generating certificate for mydomain.com\nParsing account key…\nParsing CSR…\nRegistering account…\nTraceback (most recent call last):\n File “/usr/local/letsencrypt/acme_tiny.py”, line 198, in \n main(sys.argv[1:])\n File “/usr/local/letsencrypt/acme_tiny.py”, line 194, in main\n signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)\n File “/usr/local/letsencrypt/acme_tiny.py”, line 92, in get_crt\n raise ValueError(“Error registering: {0} {1}”.format(code, result))\nValueError: Error registering: 400 {\n “type”: “urn:acme:error:malformed”,\n “detail”: “Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]”,\n “status”: 400\n}”, “stdout_lines”: [“Generating certificate for mydomain.com”, “Error while generating certificate for mydomain.com”, “Parsing account key…”, “Parsing CSR…”, “Registering account…”, “Traceback (most recent call last):”, " File “/usr/local/letsencrypt/acme_tiny.py”, line 198, in “, " main(sys.argv[1:])”, " File “/usr/local/letsencrypt/acme_tiny.py”, line 194, in main", " signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)", " File “/usr/local/letsencrypt/acme_tiny.py”, line 92, in get_crt", " raise ValueError(“Error registering: {0} {1}”.format(code, result))", “ValueError: Error registering: 400 {”, " “type”: “urn:acme:error:malformed”,", " “detail”: “Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]”,", " “status”: 400", “}”], “warnings”: []}

Thanks in advance!

swalkinshaw · August 3, 2016, 1:33am

You’ll need to apply this update: https://github.com/roots/trellis/pull/624

deschet · August 3, 2016, 1:55am

Yep, that fixed it. Thanks again!

bladieblader · August 3, 2016, 7:48am

I still have the same licence problem. But I am using DirectAdmin (1.50.1)to request the certificate.

{ "type": "urn:acme:error:malformed", "detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]", "status": 400 }.

swalkinshaw · August 3, 2016, 5:34pm

I have no idea what DirectAdmin is. We can only help with Trellis issues.

MWDelaney · August 3, 2016, 7:51pm

Does this affect certificate renewal at all, or just the initial request? Do I need to reprovision older projects?

swalkinshaw · August 3, 2016, 8:07pm

Good question. I think it’s only during “registration” and not renewal.

MWDelaney · August 3, 2016, 8:07pm

Guess we’ll all find out in ~90 days

Jorgen · August 17, 2016, 1:25pm

@bladieblader
Edit the letsencrypt.sh. There you will find a row with:
LICENSE=
Modify that to the URL to the current license URL

And try again.

bjn · July 20, 2017, 5:41pm

This affects renewal. I just had a certificate on a production site expire with no warning.

strarsis · July 20, 2017, 5:52pm

Similar issue?:

MWDelaney · July 20, 2017, 5:59pm

I’m frantically checking some of my older servers and haven’t seen a bad cert yet. What’s going on? It’s not clear to me what’s affected or if there’s actually a problem.

swalkinshaw · July 20, 2017, 9:34pm

I replied in the other thread but I’m confused too. It doesn’t appear that the agreement has changed again since the last time in August 2016 (version 1.1.1).

mrez-ir · December 2, 2017, 7:25am

Thanks. I had same trouble on Virtualmin and your clue helped me to solve it. The source file to edit can be found on “/usr/libexec/webmin/webmin/acme_tiny.py” on Virtualmin (on Centos 7).

Just required to replace “https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf” with “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf” in “acme_tiny.py”.