CODEWITHSUNDEEP
sslcharacter-encodingasciilets-encryptcertbot
Mathieu K.
Mathieu K.

Reputation: 933

certbot renew / certonly dash error : 'ascii' codec can't decode byte

I'm getting a weird error on lets-encrypt certbot that seems linked to the presence of a dash in my second domain name (on the real one position 8 correspond to the position of said dash).

The error occurs regardless of wether I try to renew or create a new certificate. The original (functionnal) certificate was generated using certbot no pb...

./certbot-auto certonly --nginx -d domain1 -d domain2
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for domain1
tls-sni-01 challenge for domain-2
Cleaning up challenges
An unexpected error occurred:
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 8: ordinal not in range(128)

What can I do from here?

Upvotes: 8

Views: 2428

Answers (3)

Josip Rodin
Josip Rodin

Reputation: 809

It should be noted that this can also be the result of using a non-ASCII locale to edit web server configuration files, but then certbot cron job doesn't do that, which in turn causes the automated renewal attempts to fail.

Likewise, any file that is include'd from the web server configuration files is parsed by certbot, so it may be necessary to check outside of the typical directories.

Upvotes: 1

John Greene
John Greene

Reputation: 2606

Using the following command:

grep -r -P '[^\x00-\x7f]' /etc/apache2 /etc/letsencrypt /etc/nginx

Found mine in

/etc/letsencrypt/options-ssl-nginx.conf:        # The following CSP directives don't use default-src as

Using shed, I found the offending sequence. It turned out to be an editor mistake. 00008099: C2 194 302 11000010 00008100: A0 160 240 10100000 00008101: d 64 100 144 01100100 00008102: e 65 101 145 01100101 00008103: f 66 102 146 01100110 00008104: a 61 097 141 01100001 00008105: u 75 117 165 01110101 00008106: l 6C 108 154 01101100 00008107: t 74 116 164 01110100 00008108: - 2D 045 055 00101101 00008109: s 73 115 163 01110011 00008110: r 72 114 162 01110010 00008111: c 63 099 143 01100011 00008112: C2 194 302 11000010 00008113: A0 160 240 10100000

Using an editor (i.e. vim), I edited out the offending byte sequence.

Upvotes: 1

Mathieu K.
Mathieu K.

Reputation: 933

I indeeed had a non ascii character in that file, the useful command for such problems is :

grep -nRP '[\x80-\xFF]' /etc/nginx

Where /etc/nginx is the directory/file you want to look for a non ascii character. And where [\x80-\xFF] is the range (in this case non-ascii) you want to look for.

Upvotes: 9

Related Questions