sry, i'm not familiar using the boards functions or HTML
Some of the used characters affected the output.
As i remember, when getting the cert, i was asked to declare the name of the domain using the certificate, such as <sld>.<tld>. As i'm using <sub>.<sld>.<tld> i probably declared this. Maybe the problem relates to this?
letsencrypt.log:
I don't know if its needed but i replaced some output by "***************"
2021-04-30 08:21:22,847:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at ***********> and installer <certbot.cli._Default object at 0x7fb11f62b0>
2021-04-30 08:21:22,868:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2021-05-28 20:30:42 UTC.
2021-04-30 08:21:22,869:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2021-04-30 08:21:22,869:INFO:certbot.renewal:Non-interactive renewal: random delay of 389 seconds
2021-04-30 08:27:51,885:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2021-04-30 08:27:51,887:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at *****************>
Prep: True
2021-04-30 08:27:51,890:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at **************> and installer None
2021-04-30 08:27:51,891:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-04-30 08:27:51,906:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/114006195', new_authzr_uri=None, terms_of_service=None), ******************, Meta(creation_dt=datetime.datetime(2021, 2, 26, 15, 38, 14, tzinfo=<UTC>), creation_host='localhost.localadmin'))>
2021-04-30 08:27:51,911:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-04-30 08:27:51,921:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-04-30 08:27:52,557:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-04-30 08:27:52,560:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 30 Apr 2021 06:27:52 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"UeMlDg4785A": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-04-30 08:27:52,562:INFO:certbot.main:Renewing an existing certificate
2021-04-30 08:27:52,701:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0005_key-certbot.pem
2021-04-30 08:27:52,711:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0005_csr-certbot.pem
2021-04-30 08:27:52,712:DEBUG:acme.client:Requesting fresh nonce
2021-04-30 08:27:52,713:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-04-30 08:27:52,857:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-04-30 08:27:52,859:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 30 Apr 2021 06:27:52 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: **********************
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2021-04-30 08:27:52,859:DEBUG:acme.client:Storing nonce: **********************
2021-04-30 08:27:52,860:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "kenyoh.com"\n },\n {\n "type": "dns",\n "value": "paritsu.kenyoh.com"\n }\n ]\n}'
2021-04-30 08:27:52,868:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "",
"signature": "",
"payload": "**************"
}
2021-04-30 08:27:53,048:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 472
2021-04-30 08:27:53,050:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 30 Apr 2021 06:27:52 GMT
Content-Type: application/json
Content-Length: 472
Connection: keep-alive
Boulder-Requester: ****************
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/114006195/9363204501
Replay-Nonce: **************************
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2021-05-06T04:49:13Z",
"identifiers": [
{
"type": "dns",
"value": "kenyoh.com"
},
{
"type": "dns",
"value": "paritsu.kenyoh.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/12704797733",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/12704797734"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/114006195/9363204501"
}
2021-04-30 08:27:53,050:DEBUG:acme.client:Storing nonce: ***************
2021-04-30 08:27:53,051:DEBUG:acme.client:JWS payload:
b''
2021-04-30 08:27:53,058:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/12704797733:
{
"protected": "**************",
"signature": "",
"payload": ""
}
2021-04-30 08:27:53,230:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/12704797733 HTTP/1.1" 200 791
2021-04-30 08:27:53,231:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 30 Apr 2021 06:27:53 GMT
Content-Type: application/json
Content-Length: 791
Connection: keep-alive
Boulder-Requester: ***************
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: **********************************
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "kenyoh.com"
},
"status": "pending",
"expires": "2021-05-06T04:49:13Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/12704797733/qBpl7Q",
"token": ""
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/12704797733/3tO5AA",
"token": ""
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/12704797733/bPz6AA",
"token": "************"
}
]
}
2021-04-30 08:27:53,232:DEBUG:acme.client:Storing nonce: ****************************
2021-04-30 08:27:53,233:DEBUG:acme.client:JWS payload:
b''
2021-04-30 08:27:53,240:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/12704797734:
{
"protected": "",
"signature": "*************",
"payload": ""
}
2021-04-30 08:27:53,423:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/12704797734 HTTP/1.1" 200 799
2021-04-30 08:27:53,424:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 30 Apr 2021 06:27:53 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 114006195
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: ******************************
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "paritsu.kenyoh.com"
},
"status": "pending",
"expires": "2021-05-06T04:49:13Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/12704797734/RoZX4g",
"token": ""
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/12704797734/HXSTFw",
"token": ""
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/12704797734/XXkFaw",
"token": "*******************************"
}
]
}
2021-04-30 08:27:53,425:DEBUG:acme.client:Storing nonce: *********************
2021-04-30 08:27:53,426:INFO:certbot.auth_handler:Performing the following challenges:
2021-04-30 08:27:53,426:INFO:certbot.auth_handler:http-01 challenge for kenyoh.com
2021-04-30 08:27:53,427:INFO:certbot.auth_handler:http-01 challenge for paritsu.kenyoh.com
2021-04-30 08:27:53,429:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 139, in _solve_challenges
resp = self.auth.perform(all_achalls)
File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 81, in perform
self._set_webroots(achalls)
File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 99, in _set_webroots
known_webroots)
File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 115, in _prompt_for_webroot
webroot = self._prompt_with_webroot_list(domain, known_webroots)
File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 132, in _prompt_with_webroot_list
cli_flag=path_flag, force_interactive=True)
File "/usr/lib/python3/dist-packages/certbot/display/util.py", line 507, in menu
self._interaction_fail(message, cli_flag, "Choices: " + repr(choices))
File "/usr/lib/python3/dist-packages/certbot/display/util.py", line 469, in _interaction_fail
raise errors.MissingCommandlineFlag(msg)
certbot.errors.MissingCommandlineFlag: Missing command line flag or config entry for this setting:
Select the webroot for paritsu.kenyoh.com:
Choices: ['Enter a new webroot', '/var/lib/letsencrypt']
(You can set this with the --webroot-path flag)
2021-04-30 08:27:53,429:DEBUG:certbot.error_handler:Calling registered functions
2021-04-30 08:27:53,430:INFO:certbot.auth_handler:Cleaning up challenges
2021-04-30 08:27:53,430:DEBUG:certbot.plugins.webroot:All challenges cleaned up
2021-04-30 08:27:53,430:WARNING:certbot.renewal:Attempting to renew cert (kenyoh.com) from /etc/letsencrypt/renewal/kenyoh.com.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Select the webroot for paritsu.kenyoh.com:
Choices: ['Enter a new webroot', '/var/lib/letsencrypt']
(You can set this with the --webroot-path flag). Skipping.
2021-04-30 08:27:53,435:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 465, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1193, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 323, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 139, in _solve_challenges
resp = self.auth.perform(all_achalls)
File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 81, in perform
self._set_webroots(achalls)
File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 99, in _set_webroots
known_webroots)
File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 115, in _prompt_for_webroot
webroot = self._prompt_with_webroot_list(domain, known_webroots)
File "/usr/lib/python3/dist-packages/certbot/plugins/webroot.py", line 132, in _prompt_with_webroot_list
cli_flag=path_flag, force_interactive=True)
File "/usr/lib/python3/dist-packages/certbot/display/util.py", line 507, in menu
self._interaction_fail(message, cli_flag, "Choices: " + repr(choices))
File "/usr/lib/python3/dist-packages/certbot/display/util.py", line 469, in _interaction_fail
raise errors.MissingCommandlineFlag(msg)
certbot.errors.MissingCommandlineFlag: Missing command line flag or config entry for this setting:
Select the webroot for paritsu.kenyoh.com:
Choices: ['Enter a new webroot', '/var/lib/letsencrypt']
(You can set this with the --webroot-path flag)
2021-04-30 08:27:53,435:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2021-04-30 08:27:53,435:ERROR:certbot.renewal: /etc/letsencrypt/live/kenyoh.com/fullchain.pem (failure)
2021-04-30 08:27:53,436:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
renewal.handle_renewal_request(config)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 490, in handle_renewal_request
len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
thx for spending time to help me. I appreciate.