Letsencrypt urlopen error [SSL: CERTIFICATE_VERIFY_FAILED]

letsencrypt

#1

Hey. The certificate has not been updated automatically. Attempting a manual update gave this error:

/usr/share/univention-letsencrypt/setup-letsencrypt

run-parts: executing /etc/univention/letsencrypt/setup.d//apache2
Setting apache2/ssl/certificatechain
Setting apache2/ssl/certificate
Setting apache2/ssl/key
Multifile: /etc/simplesamlphp/metadata/saml20-idp-hosted.php
Multifile: /etc/apache2/sites-available/default-ssl.conf
run-parts: executing /etc/univention/letsencrypt/setup.d//dovecot
run-parts: executing /etc/univention/letsencrypt/setup.d//postfix
Пт мар  1 13:00:53 MSK 2019
Refreshing certificate for following domains:
04.vpn.rozkrolik.ru
Parsing account key...
Parsing CSR...
Registering account...
Traceback (most recent call last):
  File "/usr/share/univention-letsencrypt/acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "/usr/share/univention-letsencrypt/acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
  File "/usr/share/univention-letsencrypt/acme_tiny.py", line 85, in get_crt
    "agreement": json.loads(urlopen(CA + "/directory").read().decode('utf8'))['meta']['terms-of-service'],
  File "/usr/lib/python2.7/urllib2.py", line 154, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib/python2.7/urllib2.py", line 429, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 447, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 407, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 1241, in https_open
    context=self._context)
  File "/usr/lib/python2.7/urllib2.py", line 1198, in do_open
    raise URLError(err)
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)>
Setting letsencrypt/status

#2

sorry
solution:

update-ca-certificates
service apache2 restart