AuthorizationError: Incomplete authorizations


#1

Hi,
I have to generate certificates on my laptop, since I do use cloud hosting openshift:
./letsencrypt-auto -a manual -d www.digrin.com -d digrin.com --server https://acme-v01.api.letsencrypt.org/directory --agree-dev-preview
I then update .well-known/acme-challenge manually as asked by installer. I am using this code:

def https_confirmation(request):
    if request.META['HTTP_HOST'] == 'www.digrin.com':
        return HttpResponse("MHeq2VNSc-0MbhrhdwFf67fNoDtmv3mxEZeUkmMVK2Q.VC8n7Wprj5evcTC-c4mHrV3h6sKIGWNBnCWroy1nFds", content_type="text/plain")
    else:
        return HttpResponse("GCY6KZkr6y3gW_pbcGs48BAqCTbMmpBkMzBKNFSPRr4.VC8n7Wprj5evcTC-c4mHrV3h6sKIGWNBnCWroy1nFds", content_type="text/plain")

this is longer error(should I share whole log file?):

2015-11-21 00:16:33,289:INFO:letsencrypt.auth_handler:Cleaning up challenges
2015-11-21 00:16:33,291:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
  File "/home/lucas03/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/home/lucas03/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 1187, in main
    return args.func(args, config, plugins)
  File "/home/lucas03/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 457, in run
    lineage = _auth_from_domains(le_client, config, domains)
  File "/home/lucas03/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 313, in _auth_from_domains
    new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
  File "/home/lucas03/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 237, in obtain_certificate
    return self._obtain_certificate(domains, csr) + (key, csr)
  File "/home/lucas03/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 195, in _obtain_certificate
    authzr = self.auth_handler.get_authorizations(domains)
  File "/home/lucas03/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 87, in get_authorizations
    self.verify_authzr_complete()
  File "/home/lucas03/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 298, in verify_authzr_complete
    raise errors.AuthorizationError("Incomplete authorizations")
AuthorizationError: Incomplete authorizations

I was able to generate certificate for www.digrin.com successfully, but when I added naked domain (digrin.com) it throws this error.


#2

// edit
The initial request to the file responds with 301 MOVED PERMANENTLY and redirects to the same URL with a trailing /.

Boulder (the CA software behind Let’s Encrypt) doesn’t follow redirects.


#3

Actually, reading this it seems that boulder does follow redirects, unless I missed something.

Please run the client with -v and include the log file in /var/log/letsencrypt/


#4

hi, thanks for help. At the moment it does redirect digrin.com to www.digrin.com, which is of course wrong. First of all I need to find out why my django app is redirecting to www (since there is different hash) and then I will post log here.
EDIT1
Hm, it only redirects if I add domain without subpage. So that should not be a problem. I will add a log soon


#5

Here is complete log

2015-11-21 14:51:50,797:DEBUG:letsencrypt.cli:Root logging level set at 20
2015-11-21 14:51:50,798:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2015-11-21 14:51:50,804:DEBUG:letsencrypt.cli:letsencrypt version: 0.0.0.dev20151114
2015-11-21 14:51:50,804:DEBUG:letsencrypt.cli:Arguments: ['-v', '-a', 'manual', '-d', 'www.digrin.com', '-d', 'digrin.com', '--server', 'https://acme-v01.api.letsencrypt.org/directory', '--agree-dev-preview']
2015-11-21 14:51:50,804:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2015-11-21 14:51:50,810:DEBUG:letsencrypt.cli:Requested authenticator manual and installer None
2015-11-21 14:51:51,112:DEBUG:letsencrypt.display.ops:Single candidate plugin: * apache
Description: Apache Web Server - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = letsencrypt_apache.configurator:ApacheConfigurator
Initialized: <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7f384a6a4990>
Prep: True
2015-11-21 14:51:51,115:DEBUG:letsencrypt.display.ops:Single candidate plugin: * manual
Description: Manually configure an HTTP server
Interfaces: IAuthenticator, IPlugin
Entry point: manual = letsencrypt.plugins.manual:Authenticator
Initialized: <letsencrypt.plugins.manual.Authenticator object at 0x7f3849a34950>
Prep: True
2015-11-21 14:51:51,115:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt.plugins.manual.Authenticator object at 0x7f3849a34950> and installer <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7f384a6a4990>
2015-11-21 14:51:51,254:DEBUG:letsencrypt.cli:Picked account: <Account(440c10987c2dbb65c48915c0b6168778)>
2015-11-21 14:51:51,254:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2015-11-21 14:51:51,274:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-11-21 14:52:00,081:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 263
2015-11-21 14:52:00,085:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '263', 'Expires': 'Sat, 21 Nov 2015 14:52:00 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sat, 21 Nov 2015 14:52:00 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'R1O7M-fbTTqPpr6jT1BR--inkAnFHfLJAn-ZxQOPfs0'}. Content: '{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}'
2015-11-21 14:52:00,087:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '263', 'Expires': 'Sat, 21 Nov 2015 14:52:00 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sat, 21 Nov 2015 14:52:00 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'R1O7M-fbTTqPpr6jT1BR--inkAnFHfLJAn-ZxQOPfs0'}): '{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}'
2015-11-21 14:52:05,779:INFO:letsencrypt.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0018_key-letsencrypt.pem
2015-11-21 14:52:05,795:INFO:letsencrypt.crypto_util:Creating CSR: /etc/letsencrypt/csr/0018_csr-letsencrypt.pem
2015-11-21 14:52:05,803:DEBUG:letsencrypt.client:CSR: CSR(file='/etc/letsencrypt/csr/0018_csr-letsencrypt.pem', data='0\x82\x02\x960\x82\x01~\x02\x01\x000\x191\x170\x15\x06\x03U\x04\x03\x0c\x0ewww.digrin.com0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xf0\xc1\x024\x8e\x8fB\xce\x8f\x8f\xbb\xa5\x1f\x84\xa6\xb9\xc540\xf4\xaadS/C\x8f`N\x93a\x02\xb6\xb40\xa1\x11\xce\xda\x1c\xf7\xff^\xb5\xf3\x9e\xad\x07\x02\xee\xdb\xdd\x0fc\x00\xf5\xd0\x1cug\x95i\xdaX\xb0\x949"<\x10\x8c\x7f\xa9\xadr\xff\x13Y\x7f\xb8\xdbvW\xfd\xb5\x7f\xfe\xba\xb7\x83\x8dT\xfd<\xe6\x88\xd1\xc2\xc1\x90\x90\xbf#\x05\xbdq\xb2%\xacQyH\\Q\x99\\\xa5e\x1dF\xc2v\\\x1f\xfb\xa9\x0e\xba\xe9\xb1\xb9qp\x1e\xaa\x84\xd0nZ\xb4-J\x1bg|\xd7\xfe\x05\xea,\x8a\x929}\xbc\xcbY\xfd\x1c\x06\xea\x9222\xb6@\xe5\xcf\xc3\xe7\xad\xed\x1e\x16\xf6\x93\x1a6\x90B[\x7f/\xd5tO\x97\xae\x8a\xef\xec\xae2\xc5\x0c\xafv\x83\xed]\x9f\x13\x08)I\x91\x11\xfe\x9f8\xceg\xe4\xaa\x8d\xb7fu\x1f\x14zFq\x1c\xe2\x85\x02\x1d\x91]\xe3\x16\x9f\xb5.k\xb7?\x15\x9a%\xa3.\xcd\x9a\xb1\x0f\xd0K\x82 \xc4\x86!\x8a\x92\xf7\x02\x03\x01\x00\x01\xa0806\x06\t*\x86H\x86\xf7\r\x01\t\x0e1)0\'0%\x06\x03U\x1d\x11\x04\x1e0\x1c\x82\x0ewww.digrin.com\x82\ndigrin.com0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\xa6\x9ah\xb6\x16Tw\xc8]\xba/\xe8A<\xe5;\x84\x19[U\xa7\x1c\x17M\xffRh\xbf\xf7(DSM\xb6\xc58\xb4\x18\x82\xfeJ\'[e\x99\xbf\x83d\x80&\xdbg\xb0\xf2\xafZ\xd3w\x99\xca\x92\xb8\x82\x8f\xdf \xc6\xd4=\xd5\x91\xbd\x88jn.\xc2T\x95\xf6\r\xa9\x14\xe0WE\x87\x9aYL2\xa3\xd6\xc0\xbce\xb0\x03\xb9`\x86%\xb4 tF\x17\x1c\xbe\xb6?\xbc\xef\xe9\x9d\xd4\x04$B\xf7\'\x0671\xc8\xd7\xe4\x17\x15T\x9bq\xf7Y\xddl\xad\xc2\x14\x1b\xdb\xb5\xe5\xba\x81\'\xe4\xf3-\xc2\x90\x9b>\r\xa1qNY\xae\xa3\xf2\x9e\xc3\x8e\xe1\x0e\xc0\x04\xbb\x11i\x17\x9f\xf2\x9e\xdd\xf5\x1c\xee\xef\xa1\x94\x1c3\xd9\\\xd7G\x1a>\xde\xd4C_\x00\xfc\xb8(BJ\xc2\x0bQ\xd47\xfc\xa5XG\x85\xca\x19\x13U!y\xc9x\xa3\xed\x08\xda#X\x11\xf6U\x93E\x0ezJ\\9E\xa9\xde\xf8\xe9\t\xc8\xeaJ\x8c\xf2\xddm\xd2\xf7e5\xb9\x8b\x0c\x8e\xe1', form='der'), domains: ['www.digrin.com', 'digrin.com']
2015-11-21 14:52:05,803:DEBUG:root:Requesting fresh nonce
2015-11-21 14:52:05,803:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2015-11-21 14:52:05,805:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-11-21 14:52:07,002:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2015-11-21 14:52:07,005:DEBUG:root:Received <Response [405]>. Headers: {'Content-Length': '0', 'Pragma': 'no-cache', 'Expires': 'Sat, 21 Nov 2015 14:52:06 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow': 'POST', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sat, 21 Nov 2015 14:52:06 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': '48iwrZHBj6ZIuWm2DPQrpOXF7Qt4DcX8MWqnYEBkDOA'}. Content: ''
2015-11-21 14:52:07,006:DEBUG:acme.client:Storing nonce: '\xe3\xc8\xb0\xad\x91\xc1\x8f\xa6H\xb9i\xb6\x0c\xf4+\xa4\xe5\xc5\xed\x0bx\r\xc5\xfc1j\xa7`@d\x0c\xe0'
2015-11-21 14:52:07,006:DEBUG:acme.jose.json_util:Omitted empty fields: expires=None, challenges=None, status=None, combinations=None
2015-11-21 14:52:07,006:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "www.digrin.com"}, "resource": "new-authz"}
2015-11-21 14:52:07,008:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, jwk=None, x5t=None, x5tS256=None, cty=None, x5u=None, typ=None, alg=None, jku=None
2015-11-21 14:52:07,012:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, nonce=None, x5tS256=None, cty=None, x5t=None, x5u=None, typ=None, jku=None
2015-11-21 14:52:07,012:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "4pPIVMIlk_gHkKRKp70k2giLXh4eBI0il9beXVIGaCykjvsRRltzLhWXzR7J8XzXTSumtKgiI-rRgcEmpx0EGjtu4moEtfjH4q6EB7-08FTmuBISXvAjmSn7Tm9iRHkbAFw7Pc1-DGTR1epWYzT8DBhxK-h-83RNcQstRIWdlCi2ayYjWqGyVCbBlqSwtP2s87FAFH5lDGlJ6aK6SNLeqWqYVA_uZlscrH2EIt_6XPNfxfAW0NJbPC576of1BTXfJxxySx0ubuzYUYjG2SIW5YH5u8_9K9Bq_FlMFrJOt-2IrDtJTWXsXCt6qAv3Po9oydLdgrCLxpuME4DGHrXV_Q"}}, "protected": "eyJub25jZSI6ICI0OGl3clpIQmo2Wkl1V20yRFBRcnBPWEY3UXQ0RGNYOE1XcW5ZRUJrRE9BIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJ3d3cuZGlncmluLmNvbSJ9LCAicmVzb3VyY2UiOiAibmV3LWF1dGh6In0", "signature": "X-EeMceumIDw22uwjh8Cz1jyNYjc2jD_jO9P4BIimAKoZILffMZZuF1y7h5nroQPU7yBFtXZi4uS9PJ373XzzSWpX7NNqGjT8tCMf7zNQwjaUj5Zc1YjSLmrat-xzV-uBGxsboIpDUYHQ0FdAParsH4aRezMZeAVAMKM9480mdH9R6UVKSTnXJOMGMPi82DcDEW42JcB3wYZj5yaWmS8jVNUNDTwKB5NEfAMG35072UYyIQeMDSgT-blEKTVs4CmGQL5PjVSKHad7helK7L3DL6IeQjWGwpshOBEklpb7LGjynPpXiavHt1SJhTJatp0DFIUurwj1ak_sDUXy9NSaw"}'}
2015-11-21 14:52:07,013:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-11-21 14:52:07,572:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 565
2015-11-21 14:52:07,575:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '565', 'Expires': 'Sat, 21 Nov 2015 14:52:07 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/DSJh6r9E4p6CmrB74SI7aYm8eGvrdwjpEeZPaE_hZNs', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sat, 21 Nov 2015 14:52:07 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'n8Jwt6jORyllTktCjBLjSXOiuFdOYQcwbBitjR-ehKE'}. Content: '{"identifier":{"type":"dns","value":"www.digrin.com"},"status":"pending","expires":"2015-11-28T14:52:07.424907787Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/DSJh6r9E4p6CmrB74SI7aYm8eGvrdwjpEeZPaE_hZNs/442283","token":"ScESV0JXOyWOGTPctXEMv01KuzaEF2CjE5mTmjjNL0M"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/DSJh6r9E4p6CmrB74SI7aYm8eGvrdwjpEeZPaE_hZNs/442284","token":"UzeksYsWQEyLhLRRD1U0rUiZsmNlC0gaH1Id-5lwMBk"}],"combinations":[[0],[1]]}'
2015-11-21 14:52:07,576:DEBUG:acme.client:Storing nonce: '\x9f\xc2p\xb7\xa8\xceG)eNKB\x8c\x12\xe3Is\xa2\xb8WNa\x070l\x18\xad\x8d\x1f\x9e\x84\xa1'
2015-11-21 14:52:07,576:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '565', 'Expires': 'Sat, 21 Nov 2015 14:52:07 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/DSJh6r9E4p6CmrB74SI7aYm8eGvrdwjpEeZPaE_hZNs', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sat, 21 Nov 2015 14:52:07 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'n8Jwt6jORyllTktCjBLjSXOiuFdOYQcwbBitjR-ehKE'}): '{"identifier":{"type":"dns","value":"www.digrin.com"},"status":"pending","expires":"2015-11-28T14:52:07.424907787Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/DSJh6r9E4p6CmrB74SI7aYm8eGvrdwjpEeZPaE_hZNs/442283","token":"ScESV0JXOyWOGTPctXEMv01KuzaEF2CjE5mTmjjNL0M"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/DSJh6r9E4p6CmrB74SI7aYm8eGvrdwjpEeZPaE_hZNs/442284","token":"UzeksYsWQEyLhLRRD1U0rUiZsmNlC0gaH1Id-5lwMBk"}],"combinations":[[0],[1]]}'
2015-11-21 14:52:07,577:DEBUG:acme.jose.json_util:Omitted empty fields: expires=None, challenges=None, status=None, combinations=None
2015-11-21 14:52:07,577:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "digrin.com"}, "resource": "new-authz"}
2015-11-21 14:52:07,578:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, jwk=None, x5t=None, x5tS256=None, cty=None, x5u=None, typ=None, alg=None, jku=None
2015-11-21 14:52:07,580:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, nonce=None, x5tS256=None, cty=None, x5t=None, x5u=None, typ=None, jku=None
2015-11-21 14:52:07,580:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "4pPIVMIlk_gHkKRKp70k2giLXh4eBI0il9beXVIGaCykjvsRRltzLhWXzR7J8XzXTSumtKgiI-rRgcEmpx0EGjtu4moEtfjH4q6EB7-08FTmuBISXvAjmSn7Tm9iRHkbAFw7Pc1-DGTR1epWYzT8DBhxK-h-83RNcQstRIWdlCi2ayYjWqGyVCbBlqSwtP2s87FAFH5lDGlJ6aK6SNLeqWqYVA_uZlscrH2EIt_6XPNfxfAW0NJbPC576of1BTXfJxxySx0ubuzYUYjG2SIW5YH5u8_9K9Bq_FlMFrJOt-2IrDtJTWXsXCt6qAv3Po9oydLdgrCLxpuME4DGHrXV_Q"}}, "protected": "eyJub25jZSI6ICJuOEp3dDZqT1J5bGxUa3RDakJMalNYT2l1RmRPWVFjd2JCaXRqUi1laEtFIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJkaWdyaW4uY29tIn0sICJyZXNvdXJjZSI6ICJuZXctYXV0aHoifQ", "signature": "GMg9ElU4CVFnBK1JRuXLPpHBL6QZuL_TuW31uVwHhcLMFRra2uWZXrom-qIQxfqejogIfApNb4G2EsA62gcjuBKm4ntEd59b6iafbz-SW3RS_vXnwtTnz6MdqijcnoyLUeKCRzXbiMMUlnWtZfQI2RBoNKdmpF-lM1xPep73_iE6-HncgHcUpyLGTNa9egX-LRxLMb0bBvRhwpb7Rs3eYZY1kH5rCzr3xeZLGDliDSx_bSdK_W2OCokf7BVo4QzvfIIxnWAPD8OTlZJzI2q5eMEAce_M2DxQP4nn2YQYYUsZl4XWICONlzmg0V44taecloKRNBjgGGMoc7BROYsBAg"}'}
2015-11-21 14:52:07,581:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-11-21 14:52:08,171:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 561
2015-11-21 14:52:08,176:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '561', 'Expires': 'Sat, 21 Nov 2015 14:52:08 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/wEa16Z6F66S29AQH-Hfa_dxBk83WPej4xqWPsMihNIE', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sat, 21 Nov 2015 14:52:08 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'hJxcqG5ffN2hRbhw5hafJn-1s2w9SqSAmxbaYzZlscM'}. Content: '{"identifier":{"type":"dns","value":"digrin.com"},"status":"pending","expires":"2015-11-28T14:52:08.018120998Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/wEa16Z6F66S29AQH-Hfa_dxBk83WPej4xqWPsMihNIE/442285","token":"qTGXvIrPsSccYGQxs-ahdjvd0NR5PIH_Vj-6ntdJrBk"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/wEa16Z6F66S29AQH-Hfa_dxBk83WPej4xqWPsMihNIE/442286","token":"LddlrpURwdNSx4hhDG9dO2xBmersGreTtXRSL04Wvfg"}],"combinations":[[0],[1]]}'
2015-11-21 14:52:08,177:DEBUG:acme.client:Storing nonce: '\x84\x9c\\\xa8n_|\xdd\xa1E\xb8p\xe6\x16\x9f&\x7f\xb5\xb3l=J\xa4\x80\x9b\x16\xdac6e\xb1\xc3'
2015-11-21 14:52:08,177:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '561', 'Expires': 'Sat, 21 Nov 2015 14:52:08 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/wEa16Z6F66S29AQH-Hfa_dxBk83WPej4xqWPsMihNIE', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sat, 21 Nov 2015 14:52:08 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'hJxcqG5ffN2hRbhw5hafJn-1s2w9SqSAmxbaYzZlscM'}): '{"identifier":{"type":"dns","value":"digrin.com"},"status":"pending","expires":"2015-11-28T14:52:08.018120998Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/wEa16Z6F66S29AQH-Hfa_dxBk83WPej4xqWPsMihNIE/442285","token":"qTGXvIrPsSccYGQxs-ahdjvd0NR5PIH_Vj-6ntdJrBk"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/wEa16Z6F66S29AQH-Hfa_dxBk83WPej4xqWPsMihNIE/442286","token":"LddlrpURwdNSx4hhDG9dO2xBmersGreTtXRSL04Wvfg"}],"combinations":[[0],[1]]}'
2015-11-21 14:52:08,178:INFO:letsencrypt.auth_handler:Performing the following challenges:
2015-11-21 14:52:08,183:INFO:letsencrypt.auth_handler:http-01 challenge for www.digrin.com
2015-11-21 14:52:08,187:INFO:letsencrypt.auth_handler:http-01 challenge for digrin.com
2015-11-21 14:53:02,331:DEBUG:acme.challenges:Verifying http-01 at http://www.digrin.com/.well-known/acme-challenge/ScESV0JXOyWOGTPctXEMv01KuzaEF2CjE5mTmjjNL0M...
2015-11-21 14:53:02,334:INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): www.digrin.com
2015-11-21 14:53:02,703:DEBUG:requests.packages.urllib3.connectionpool:"GET /.well-known/acme-challenge/ScESV0JXOyWOGTPctXEMv01KuzaEF2CjE5mTmjjNL0M HTTP/1.1" 301 0
2015-11-21 14:53:02,849:DEBUG:requests.packages.urllib3.connectionpool:"GET /.well-known/acme-challenge/ScESV0JXOyWOGTPctXEMv01KuzaEF2CjE5mTmjjNL0M/ HTTP/1.1" 200 107
2015-11-21 14:53:02,850:DEBUG:acme.challenges:Received <Response [200]>: MHeq2VNSc-0MbhrhdwFf67fNoDtmv3mxEZeUkmMVK2Q.VC8n7Wprj5evcTC-c4mHrV3h6sKIGWNBnCWroy1nFds. Headers: {'Content-Length': '107', 'Content-Encoding': 'gzip', 'Vary': 'Accept-Encoding', 'Keep-Alive': 'timeout=15, max=99', 'Server': 'Apache/2.2.15 (Red Hat)', 'Connection': 'Keep-Alive', 'Date': 'Sat, 21 Nov 2015 14:53:02 GMT', 'X-Frame-Options': 'SAMEORIGIN', 'Content-Type': 'text/plain'}
2015-11-21 14:53:02,850:DEBUG:acme.challenges:Key authorization from response (u'ScESV0JXOyWOGTPctXEMv01KuzaEF2CjE5mTmjjNL0M.VC8n7Wprj5evcTC-c4mHrV3h6sKIGWNBnCWroy1nFds') doesn't match HTTP response (u'MHeq2VNSc-0MbhrhdwFf67fNoDtmv3mxEZeUkmMVK2Q.VC8n7Wprj5evcTC-c4mHrV3h6sKIGWNBnCWroy1nFds')
2015-11-21 14:53:02,850:ERROR:letsencrypt.plugins.manual:Self-verify of challenge failed, authorization abandoned.
2015-11-21 14:55:57,922:DEBUG:acme.challenges:Verifying http-01 at http://digrin.com/.well-known/acme-challenge/qTGXvIrPsSccYGQxs-ahdjvd0NR5PIH_Vj-6ntdJrBk...
2015-11-21 14:55:57,924:INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): digrin.com
2015-11-21 14:56:04,478:DEBUG:requests.packages.urllib3.connectionpool:"GET /.well-known/acme-challenge/qTGXvIrPsSccYGQxs-ahdjvd0NR5PIH_Vj-6ntdJrBk HTTP/1.1" 301 0
2015-11-21 14:56:08,630:DEBUG:requests.packages.urllib3.connectionpool:"GET /.well-known/acme-challenge/qTGXvIrPsSccYGQxs-ahdjvd0NR5PIH_Vj-6ntdJrBk/ HTTP/1.1" 200 107
2015-11-21 14:56:08,632:DEBUG:acme.challenges:Received <Response [200]>: qTGXvIrPsSccYGQxs-ahdjvd0NR5PIH_Vj-6ntdJrBk.VC8n7Wprj5evcTC-c4mHrV3h6sKIGWNBnCWroy1nFds. Headers: {'Content-Length': '107', 'Content-Encoding': 'gzip', 'Vary': 'Accept-Encoding', 'Keep-Alive': 'timeout=15, max=99', 'Server': 'Apache/2.2.15 (Red Hat)', 'Connection': 'Keep-Alive', 'Date': 'Sat, 21 Nov 2015 14:56:04 GMT', 'X-Frame-Options': 'SAMEORIGIN', 'Content-Type': 'text/plain'}
2015-11-21 14:56:08,633:INFO:letsencrypt.auth_handler:Waiting for verification...
2015-11-21 14:56:08,644:DEBUG:acme.client:Serialized JSON: {"keyAuthorization": "qTGXvIrPsSccYGQxs-ahdjvd0NR5PIH_Vj-6ntdJrBk.VC8n7Wprj5evcTC-c4mHrV3h6sKIGWNBnCWroy1nFds", "type": "http-01", "resource": "challenge"}
2015-11-21 14:56:08,647:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, jwk=None, x5t=None, x5tS256=None, cty=None, x5u=None, typ=None, alg=None, jku=None
2015-11-21 14:56:08,653:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, nonce=None, x5tS256=None, cty=None, x5t=None, x5u=None, typ=None, jku=None
2015-11-21 14:56:08,654:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/wEa16Z6F66S29AQH-Hfa_dxBk83WPej4xqWPsMihNIE/442285. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "4pPIVMIlk_gHkKRKp70k2giLXh4eBI0il9beXVIGaCykjvsRRltzLhWXzR7J8XzXTSumtKgiI-rRgcEmpx0EGjtu4moEtfjH4q6EB7-08FTmuBISXvAjmSn7Tm9iRHkbAFw7Pc1-DGTR1epWYzT8DBhxK-h-83RNcQstRIWdlCi2ayYjWqGyVCbBlqSwtP2s87FAFH5lDGlJ6aK6SNLeqWqYVA_uZlscrH2EIt_6XPNfxfAW0NJbPC576of1BTXfJxxySx0ubuzYUYjG2SIW5YH5u8_9K9Bq_FlMFrJOt-2IrDtJTWXsXCt6qAv3Po9oydLdgrCLxpuME4DGHrXV_Q"}}, "protected": "eyJub25jZSI6ICJoSnhjcUc1ZmZOMmhSYmh3NWhhZkpuLTFzMnc5U3FTQW14YmFZelpsc2NNIn0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogInFUR1h2SXJQc1NjY1lHUXhzLWFoZGp2ZDBOUjVQSUhfVmotNm50ZEpyQmsuVkM4bjdXcHJqNWV2Y1RDLWM0bUhyVjNoNnNLSUdXTkJuQ1dyb3kxbkZkcyIsICJ0eXBlIjogImh0dHAtMDEiLCAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIn0", "signature": "unZ8dJGhD3D7FmdA7McFcH8KMzo7Ktzr6GDlrYFJwrgWt8Q5Sytuhe1eXHlvfyphR2lbcr3U7k3hEjWMt8YQC_FWgdHiU2FQGX0QLNQ3dtuu5kyyb5e37WT789Mp9XLmiuSL16JPsY4MFCeZG_I9v93WZbc4Z7YttO3eqUci8xrk7MSaryD7tlZoRhz_lV-tp6f8Iw7V3iLTXk9GcVjkXVFZVBc5pJzw3sST_OjiUrGdO6ywZWJMBrSMa1LxqY3nXY5iEbg5EKukQaDlJd9SZuDq7BpgKqpMHL4g56jXX4cmsBpkJhuN2iMVGlKvtPEFcyf64P1TyVgLYcK0QLbmWA"}'}
2015-11-21 14:56:08,657:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-11-21 14:56:09,667:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/wEa16Z6F66S29AQH-Hfa_dxBk83WPej4xqWPsMihNIE/442285 HTTP/1.1" 202 311
2015-11-21 14:56:09,672:DEBUG:root:Received <Response [202]>. Headers: {'Content-Length': '311', 'Expires': 'Sat, 21 Nov 2015 14:56:09 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/authz/wEa16Z6F66S29AQH-Hfa_dxBk83WPej4xqWPsMihNIE>;rel="up"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/challenge/wEa16Z6F66S29AQH-Hfa_dxBk83WPej4xqWPsMihNIE/442285', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sat, 21 Nov 2015 14:56:09 GMT', 'Content-Type': 'application/json', 'Replay-Nonce': 'z8n_j7oVpot930wRdGdmJrCi263iV4Sq2Uf0eHrNHEU'}. Content: '{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/wEa16Z6F66S29AQH-Hfa_dxBk83WPej4xqWPsMihNIE/442285","token":"qTGXvIrPsSccYGQxs-ahdjvd0NR5PIH_Vj-6ntdJrBk","keyAuthorization":"qTGXvIrPsSccYGQxs-ahdjvd0NR5PIH_Vj-6ntdJrBk.VC8n7Wprj5evcTC-c4mHrV3h6sKIGWNBnCWroy1nFds"}'
2015-11-21 14:56:09,673:DEBUG:acme.client:Storing nonce: '\xcf\xc9\xff\x8f\xba\x15\xa6\x8b}\xdfL\x11tgf&\xb0\xa2\xdb\xad\xe2W\x84\xaa\xd9G\xf4xz\xcd\x1cE'
2015-11-21 14:56:09,674:DEBUG:acme.client:Received response <Response [202]> (headers: {'Content-Length': '311', 'Expires': 'Sat, 21 Nov 2015 14:56:09 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/authz/wEa16Z6F66S29AQH-Hfa_dxBk83WPej4xqWPsMihNIE>;rel="up"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/challenge/wEa16Z6F66S29AQH-Hfa_dxBk83WPej4xqWPsMihNIE/442285', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sat, 21 Nov 2015 14:56:09 GMT', 'Content-Type': 'application/json', 'Replay-Nonce': 'z8n_j7oVpot930wRdGdmJrCi263iV4Sq2Uf0eHrNHEU'}): '{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/wEa16Z6F66S29AQH-Hfa_dxBk83WPej4xqWPsMihNIE/442285","token":"qTGXvIrPsSccYGQxs-ahdjvd0NR5PIH_Vj-6ntdJrBk","keyAuthorization":"qTGXvIrPsSccYGQxs-ahdjvd0NR5PIH_Vj-6ntdJrBk.VC8n7Wprj5evcTC-c4mHrV3h6sKIGWNBnCWroy1nFds"}'
2015-11-21 14:56:12,678:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/wEa16Z6F66S29AQH-Hfa_dxBk83WPej4xqWPsMihNIE. args: (), kwargs: {}
2015-11-21 14:56:12,681:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-11-21 14:56:13,215:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/wEa16Z6F66S29AQH-Hfa_dxBk83WPej4xqWPsMihNIE HTTP/1.1" 200 1084
2015-11-21 14:56:13,217:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '1084', 'Expires': 'Sat, 21 Nov 2015 14:56:13 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sat, 21 Nov 2015 14:56:13 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'ZhWcKNPj-4e0S8CMdihf1ug-SE7dudlzAplpLZGfipU'}. Content: '{"identifier":{"type":"dns","value":"digrin.com"},"status":"valid","expires":"2016-09-16T14:56:10Z","challenges":[{"type":"http-01","status":"valid","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/wEa16Z6F66S29AQH-Hfa_dxBk83WPej4xqWPsMihNIE/442285","token":"qTGXvIrPsSccYGQxs-ahdjvd0NR5PIH_Vj-6ntdJrBk","keyAuthorization":"qTGXvIrPsSccYGQxs-ahdjvd0NR5PIH_Vj-6ntdJrBk.VC8n7Wprj5evcTC-c4mHrV3h6sKIGWNBnCWroy1nFds","validationRecord":[{"url":"http://digrin.com/.well-known/acme-challenge/qTGXvIrPsSccYGQxs-ahdjvd0NR5PIH_Vj-6ntdJrBk","hostname":"digrin.com","port":"80","addressesResolved":["54.174.133.65"],"addressUsed":"54.174.133.65"},{"url":"http://digrin.com/.well-known/acme-challenge/qTGXvIrPsSccYGQxs-ahdjvd0NR5PIH_Vj-6ntdJrBk/","hostname":"digrin.com","port":"80","addressesResolved":["54.174.133.65"],"addressUsed":"54.174.133.65"}]},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/wEa16Z6F66S29AQH-Hfa_dxBk83WPej4xqWPsMihNIE/442286","token":"LddlrpURwdNSx4hhDG9dO2xBmersGreTtXRSL04Wvfg"}],"combinations":[[0],[1]]}'
2015-11-21 14:56:13,217:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '1084', 'Expires': 'Sat, 21 Nov 2015 14:56:13 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sat, 21 Nov 2015 14:56:13 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'ZhWcKNPj-4e0S8CMdihf1ug-SE7dudlzAplpLZGfipU'}): '{"identifier":{"type":"dns","value":"digrin.com"},"status":"valid","expires":"2016-09-16T14:56:10Z","challenges":[{"type":"http-01","status":"valid","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/wEa16Z6F66S29AQH-Hfa_dxBk83WPej4xqWPsMihNIE/442285","token":"qTGXvIrPsSccYGQxs-ahdjvd0NR5PIH_Vj-6ntdJrBk","keyAuthorization":"qTGXvIrPsSccYGQxs-ahdjvd0NR5PIH_Vj-6ntdJrBk.VC8n7Wprj5evcTC-c4mHrV3h6sKIGWNBnCWroy1nFds","validationRecord":[{"url":"http://digrin.com/.well-known/acme-challenge/qTGXvIrPsSccYGQxs-ahdjvd0NR5PIH_Vj-6ntdJrBk","hostname":"digrin.com","port":"80","addressesResolved":["54.174.133.65"],"addressUsed":"54.174.133.65"},{"url":"http://digrin.com/.well-known/acme-challenge/qTGXvIrPsSccYGQxs-ahdjvd0NR5PIH_Vj-6ntdJrBk/","hostname":"digrin.com","port":"80","addressesResolved":["54.174.133.65"],"addressUsed":"54.174.133.65"}]},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/wEa16Z6F66S29AQH-Hfa_dxBk83WPej4xqWPsMihNIE/442286","token":"LddlrpURwdNSx4hhDG9dO2xBmersGreTtXRSL04Wvfg"}],"combinations":[[0],[1]]}'
2015-11-21 14:56:13,218:INFO:letsencrypt.auth_handler:Cleaning up challenges
2015-11-21 14:56:13,247:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
  File "/home/lucas03/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/home/lucas03/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 1187, in main
    return args.func(args, config, plugins)
  File "/home/lucas03/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 457, in run
    lineage = _auth_from_domains(le_client, config, domains)
  File "/home/lucas03/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 313, in _auth_from_domains
    new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
  File "/home/lucas03/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 237, in obtain_certificate
    return self._obtain_certificate(domains, csr) + (key, csr)
  File "/home/lucas03/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 195, in _obtain_certificate
    authzr = self.auth_handler.get_authorizations(domains)
  File "/home/lucas03/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 87, in get_authorizations
    self.verify_authzr_complete()
  File "/home/lucas03/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 298, in verify_authzr_complete
    raise errors.AuthorizationError("Incomplete authorizations")
AuthorizationError: Incomplete authorizations

#6

Highlighted the relevant line:

Looks like .well-known/acme-challenge/ScESV0JXOyWOGTPctXEMv01KuzaEF2CjE5mTmjjNL0M is serving the following content: MHeq2VNSc-0MbhrhdwFf67fNoDtmv3mxEZeUkmMVK2Q.VC8n7Wprj5evcTC-c4mHrV3h6sKIGWNBnCWroy1nFds


#7

Great, nice. I was searching for “error” but I missed that line. There is quite a lot of output in log file.
I had to update that code for www.digrin.com, then restart server and continue with enter on letsencrypt.
Then set code for digrin.com, restart server and again continue with letsencrypt.
Before I updated codes at once and restarted server afterwards. So one code was used from previous try. Thanks for help!