Cannot create cert ->DEBUG:acme.challenges:dns-01 was not recognized

i use letsencrypt client to get a cert for my domain fool.duckdns.org, but i encounter the error “Failed authorization procedure. fool.duckdns.org (http-01): urn:acme:error:connection…”. Then i add option “–text -vv” to ./letsencrypt-auto to continue, i get the error “DEBUG:acme.challenges:dns-01 was not recognized”, i do not know why. i have access to http://fool.duckdns.org/.well-known/acme-challenge/index.html, both in wan and lan, besides i manually put a index.html file under the directory acme-challenge with nginx server.
following is my command: ./letsencrypt-auto certonly -a webroot --webroot-path=/var/www/letsencrypt --agree-tos --email byduckdns@gmail.com -d fool.duckdns.org --text -vv
i have tried many answers in the internet, but none of them seem work.

The dns-01 message is just a debug message for a challenge type the client doesn’t recognize/support; you can safely ignore it.

Could you post the full output as well as your /var/log/letsencrypt/letsencrypt.log?

[root@localhost ~]# cat /var/log/letsencrypt/letsencrypt.log
2016-05-01 02:05:18,868:DEBUG:letsencrypt.main:Root logging level set at 10
2016-05-01 02:05:18,869:INFO:letsencrypt.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-05-01 02:05:18,869:DEBUG:letsencrypt.main:letsencrypt version: 0.5.0
2016-05-01 02:05:18,869:DEBUG:letsencrypt.main:Arguments: ['-a', 'webroot', '--webroot-path=/var/www/letsencrypt', '--email', 'byduckdns@gmail.com', '-d', 'fool.duckdns.org', '--text', '-vv']
2016-05-01 02:05:18,869:DEBUG:letsencrypt.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-05-01 02:05:18,870:DEBUG:letsencrypt.plugins.selection:Requested authenticator webroot and installer None
2016-05-01 02:05:18,874:DEBUG:letsencrypt.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = letsencrypt.plugins.webroot:Authenticator
Initialized: <letsencrypt.plugins.webroot.Authenticator object at 0x27156d0>
Prep: True
2016-05-01 02:05:18,874:DEBUG:letsencrypt.plugins.selection:Selected authenticator <letsencrypt.plugins.webroot.Authenticator object at 0x27156d0> and installer None
2016-05-01 02:05:19,062:DEBUG:letsencrypt.main:Picked account: <Account(c0a7fbb0ee8810ae7b38ae679b30b144)>
2016-05-01 02:05:19,062:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2016-05-01 02:05:19,067:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-05-01 02:05:24,694:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 263
2016-05-01 02:05:24,697:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '263', 'Expires': 'Sun, 01 May 2016 02:05:24 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 01 May 2016 02:05:24 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'yHpaPGzr5Uk5IQOl7iZuXgVbKe7gTm7W1QZdXP2Z-mg'}. Content: '{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}'
2016-05-01 02:05:24,699:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '263', 'Expires': 'Sun, 01 May 2016 02:05:24 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 01 May 2016 02:05:24 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'yHpaPGzr5Uk5IQOl7iZuXgVbKe7gTm7W1QZdXP2Z-mg'}): '{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}'
2016-05-01 02:05:24,701:DEBUG:root:Requesting fresh nonce
2016-05-01 02:05:24,701:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2016-05-01 02:05:24,703:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-05-01 02:05:25,684:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2016-05-01 02:05:25,687:DEBUG:root:Received <Response [405]>. Headers: {'Content-Length': '78', 'Pragma': 'no-cache', 'Expires': 'Sun, 01 May 2016 02:05:25 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow': 'POST', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 01 May 2016 02:05:25 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'QEQhNvntY2OoMBIYkdTwiW79d4vxibgyo6QFWNzJM3o'}. Content: ''
2016-05-01 02:05:25,689:DEBUG:acme.client:Storing nonce: '@D!6\xf9\xedcc\xa80\x12\x18\x91\xd4\xf0\x89n\xfdw\x8b\xf1\x89\xb82\xa3\xa4\x05X\xdc\xc93z'
2016-05-01 02:05:25,689:DEBUG:acme.jose.json_util:Omitted empty fields: expires=None, challenges=None, combinations=None, status=None
2016-05-01 02:05:25,690:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "fool.duckdns.org"}, "resource": "new-authz"}
2016-05-01 02:05:25,692:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jwk=None, x5u=None, kid=None, alg=None, cty=None, x5tS256=None, jku=None, x5t=None
2016-05-01 02:05:25,698:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, x5u=None, kid=None, cty=None, x5tS256=None, jku=None, x5t=None, nonce=None
2016-05-01 02:05:25,698:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "t00RHgCnuY4RIoRQ7FVmwiRxzMI_RW3AzfT68N5_5UrnnMz2lDR6_Qef6gcZPzaOjjaCdc1BI8GEbBixoBQiFEHXklBhA9JjQXRTxa_okqe-u2vSPrCopTL_vMgyO6j64754j9DcOCbkacEmo6FPTDvIKuVNSzvrfypH7CstpoSa__SrjJvYsYFuwexlaQ65omyyVXiLGbdRkUpvZ7MsZMDB5swwWwHO5DF0_GJ83vxXj-op8NVq0_NI7vrQ4F9oWoGrIsMg5Q7L7CAoa8TQKBvDXNjNHqqcGmKA7jIBZbW7B6DqYUOZc4VFLLKN8Bq295uOc7rG7kjXfOPJjeoUXQ"}}, "protected": "eyJub25jZSI6ICJRRVFoTnZudFkyT29NQklZa2RUd2lXNzlkNHZ4aWJneW82UUZXTnpKTTNvIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJmb29sLmR1Y2tkbnMub3JnIn0sICJyZXNvdXJjZSI6ICJuZXctYXV0aHoifQ", "signature": "MWB0YmV-OYb0qUk1HYfiL7Z1FckJ3N97-ndQseD52D0Se6C_C8fD5J95HMP9Rt41KT5WQbeCjsvpnsYrThyH089gQJfzyty4-Aw2fKYTaP4Q70SUKayLo-iPhdq03npLsgf6nIyt-q00ueM7BH2WSu-rQrJfnvrpwcATlclAhcQya96uJTJe4j_E8P-UuwtqMfOfNACxLz4OBV1ZNQDz03OU37ZRmEkNr2ybwH02GE_VESG_xCk73qjheBShHp_i62ubC1mSOWW2T5WiFETTs0kaz2nza6o1gks8IOhzRwPrAbU0ZWXSoeJNafX3lNjdbtTxdHl6qYMDPzBjDhaxRQ"}'}
2016-05-01 02:05:25,701:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-05-01 02:05:26,823:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 779
2016-05-01 02:05:26,826:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '779', 'Expires': 'Sun, 01 May 2016 02:05:26 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': 'https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 01 May 2016 02:05:26 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': '04VDRI_Ntpjqwr2sqF9y3sEJdmlH56OUfIZDWg4Dddc'}. Content: '{"identifier":{"type":"dns","value":"fool.duckdns.org"},"status":"pending","expires":"2016-05-08T02:05:26.683429815Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs/66060150","token":"Av3ik6ReUe2hPKafUdwsu8jpZBVUuo_yEQ9Cyr7epTY"},{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs/66060151","token":"dtH-JcSnUKVFtDVxHuaRbJHqwz0u0Ch4mnfwqrA4DLA"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs/66060152","token":"oh87G7f26myZ-XhGq5ijCS8yI1MSO-26lJjJQTeVLXE"}],"combinations":[[0],[1],[2]]}'
2016-05-01 02:05:26,828:DEBUG:acme.client:Storing nonce: '\xd3\x85CD\x8f\xcd\xb6\x98\xea\xc2\xbd\xac\xa8_r\xde\xc1\tviG\xe7\xa3\x94|\x86CZ\x0e\x03u\xd7'
2016-05-01 02:05:26,828:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '779', 'Expires': 'Sun, 01 May 2016 02:05:26 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': 'https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 01 May 2016 02:05:26 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': '04VDRI_Ntpjqwr2sqF9y3sEJdmlH56OUfIZDWg4Dddc'}): '{"identifier":{"type":"dns","value":"fool.duckdns.org"},"status":"pending","expires":"2016-05-08T02:05:26.683429815Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs/66060150","token":"Av3ik6ReUe2hPKafUdwsu8jpZBVUuo_yEQ9Cyr7epTY"},{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs/66060151","token":"dtH-JcSnUKVFtDVxHuaRbJHqwz0u0Ch4mnfwqrA4DLA"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs/66060152","token":"oh87G7f26myZ-XhGq5ijCS8yI1MSO-26lJjJQTeVLXE"}],"combinations":[[0],[1],[2]]}'
2016-05-01 02:05:26,830:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'dtH-JcSnUKVFtDVxHuaRbJHqwz0u0Ch4mnfwqrA4DLA', u'type': u'dns-01', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs/66060151'}
2016-05-01 02:05:26,831:INFO:letsencrypt.auth_handler:Performing the following challenges:
2016-05-01 02:05:26,831:INFO:letsencrypt.auth_handler:http-01 challenge for fool.duckdns.org
2016-05-01 02:05:26,832:INFO:letsencrypt.plugins.webroot:Using the webroot path /var/www/letsencrypt for all unmatched domains.
2016-05-01 02:05:26,832:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /var/www/letsencrypt/.well-known/acme-challenge
2016-05-01 02:05:26,842:DEBUG:letsencrypt.plugins.webroot:Attempting to save validation to /var/www/letsencrypt/.well-known/acme-challenge/Av3ik6ReUe2hPKafUdwsu8jpZBVUuo_yEQ9Cyr7epTY
2016-05-01 02:05:26,843:INFO:letsencrypt.auth_handler:Waiting for verification...
2016-05-01 02:05:26,843:DEBUG:acme.client:Serialized JSON: {"keyAuthorization": "Av3ik6ReUe2hPKafUdwsu8jpZBVUuo_yEQ9Cyr7epTY.eaK7GMQB6OhyA2oyZ73gn-RzXpooptttd-Cya31AdH0", "type": "http-01", "resource": "challenge"}
2016-05-01 02:05:26,845:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jwk=None, x5u=None, kid=None, alg=None, cty=None, x5tS256=None, jku=None, x5t=None
2016-05-01 02:05:26,850:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, x5u=None, kid=None, cty=None, x5tS256=None, jku=None, x5t=None, nonce=None
2016-05-01 02:05:26,850:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs/66060150. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "t00RHgCnuY4RIoRQ7FVmwiRxzMI_RW3AzfT68N5_5UrnnMz2lDR6_Qef6gcZPzaOjjaCdc1BI8GEbBixoBQiFEHXklBhA9JjQXRTxa_okqe-u2vSPrCopTL_vMgyO6j64754j9DcOCbkacEmo6FPTDvIKuVNSzvrfypH7CstpoSa__SrjJvYsYFuwexlaQ65omyyVXiLGbdRkUpvZ7MsZMDB5swwWwHO5DF0_GJ83vxXj-op8NVq0_NI7vrQ4F9oWoGrIsMg5Q7L7CAoa8TQKBvDXNjNHqqcGmKA7jIBZbW7B6DqYUOZc4VFLLKN8Bq295uOc7rG7kjXfOPJjeoUXQ"}}, "protected": "eyJub25jZSI6ICIwNFZEUklfTnRwanF3cjJzcUY5eTNzRUpkbWxINTZPVWZJWkRXZzREZGRjIn0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogIkF2M2lrNlJlVWUyaFBLYWZVZHdzdThqcFpCVlV1b195RVE5Q3lyN2VwVFkuZWFLN0dNUUI2T2h5QTJveVo3M2duLVJ6WHBvb3B0dHRkLUN5YTMxQWRIMCIsICJ0eXBlIjogImh0dHAtMDEiLCAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIn0", "signature": "THkR9xCWMIdpByGa9d2ID8Ro7qVGe_yEKxxyxLZ1ebjxI7RQu3SDVTX8W_Q8DKbHGjJC2Dh5mSi0ctjXjD-bHskPuRqKIFDlidNGlkvXEglAo1UDOLHvh6e3iPbBRJwpSJGxSMkaNeU07xYtWpxtnIR9HnQjAI-jLP6h8JTztQAILpnR_b3xIIrX1HFSMbbL1k3-pp1RQB9gPUuT-wUH8NAS2PPlaCiI5kCKfQO5n7fcGdOcmCFW8zQTrGEg5ieQ4jXojmLsNHjn33d8L-O6AxPJWPbfEcm48YgPkiMyJT0KfLg-qwR7Ou20oL_IXwHxGJnyWFBKV_mnorUKo8fBIQ"}'}
2016-05-01 02:05:26,852:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-05-01 02:05:27,874:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs/66060150 HTTP/1.1" 202 313
2016-05-01 02:05:27,877:DEBUG:root:Received <Response [202]>. Headers: {'Content-Length': '313', 'Expires': 'Sun, 01 May 2016 02:05:27 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': 'https://acme-v01.api.letsencrypt.org/acme/authz/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs;rel="up"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/challenge/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs/66060150', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 01 May 2016 02:05:27 GMT', 'Content-Type': 'application/json', 'Replay-Nonce': 'LKmtJc_CMKJze0b94Hm2XGO5ISnWOglPdoHNNG1ODOE'}. Content: '{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs/66060150","token":"Av3ik6ReUe2hPKafUdwsu8jpZBVUuo_yEQ9Cyr7epTY","keyAuthorization":"Av3ik6ReUe2hPKafUdwsu8jpZBVUuo_yEQ9Cyr7epTY.eaK7GMQB6OhyA2oyZ73gn-RzXpooptttd-Cya31AdH0"}'
2016-05-01 02:05:27,878:DEBUG:acme.client:Storing nonce: ',\xa9\xad%\xcf\xc20\xa2s{F\xfd\xe0y\xb6\c\xb9!)\xd6:\tOv\x81\xcd4mN\x0c\xe1'
2016-05-01 02:05:27,879:DEBUG:acme.client:Received response <Response [202]> (headers: {'Content-Length': '313', 'Expires': 'Sun, 01 May 2016 02:05:27 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': 'https://acme-v01.api.letsencrypt.org/acme/authz/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs;rel="up"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/challenge/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs/66060150', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 01 May 2016 02:05:27 GMT', 'Content-Type': 'application/json', 'Replay-Nonce': 'LKmtJc_CMKJze0b94Hm2XGO5ISnWOglPdoHNNG1ODOE'}): '{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs/66060150","token":"Av3ik6ReUe2hPKafUdwsu8jpZBVUuo_yEQ9Cyr7epTY","keyAuthorization":"Av3ik6ReUe2hPKafUdwsu8jpZBVUuo_yEQ9Cyr7epTY.eaK7GMQB6OhyA2oyZ73gn-RzXpooptttd-Cya31AdH0"}'
2016-05-01 02:05:30,883:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs. args: (), kwargs: {}
2016-05-01 02:05:30,885:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-05-01 02:05:31,878:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs HTTP/1.1" 200 1284
2016-05-01 02:05:31,881:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '1284', 'Expires': 'Sun, 01 May 2016 02:05:31 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': 'https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 01 May 2016 02:05:31 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'DWx00WYmXS3wRMYBQEVSDk9-0VxQcH2Rc1UPqrnSCrA'}. Content: '{"identifier":{"type":"dns","value":"fool.duckdns.org"},"status":"invalid","expires":"2016-05-08T02:05:26Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:connection","detail":"Could not connect to http://fool.duckdns.org/.well-known/acme-challenge/Av3ik6ReUe2hPKafUdwsu8jpZBVUuo_yEQ9Cyr7epTY"},"uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs/66060150","token":"Av3ik6ReUe2hPKafUdwsu8jpZBVUuo_yEQ9Cyr7epTY","keyAuthorization":"Av3ik6ReUe2hPKafUdwsu8jpZBVUuo_yEQ9Cyr7epTY.eaK7GMQB6OhyA2oyZ73gn-RzXpooptttd-Cya31AdH0","validationRecord":[{"url":"http://fool.duckdns.org/.well-known/acme-challenge/Av3ik6ReUe2hPKafUdwsu8jpZBVUuo_yEQ9Cyr7epTY","hostname":"fool.duckdns.org","port":"80","addressesResolved":["58.211.8.117"],"addressUsed":"58.211.8.117"}]},{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs/66060151","token":"dtH-JcSnUKVFtDVxHuaRbJHqwz0u0Ch4mnfwqrA4DLA"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs/66060152","token":"oh87G7f26myZ-XhGq5ijCS8yI1MSO-26lJjJQTeVLXE"}],"combinations":[[0],[1],[2]]}'
2016-05-01 02:05:31,882:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '1284', 'Expires': 'Sun, 01 May 2016 02:05:31 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': 'https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 01 May 2016 02:05:31 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'DWx00WYmXS3wRMYBQEVSDk9-0VxQcH2Rc1UPqrnSCrA'}): '{"identifier":{"type":"dns","value":"fool.duckdns.org"},"status":"invalid","expires":"2016-05-08T02:05:26Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:connection","detail":"Could not connect to http://fool.duckdns.org/.well-known/acme-challenge/Av3ik6ReUe2hPKafUdwsu8jpZBVUuo_yEQ9Cyr7epTY"},"uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs/66060150","token":"Av3ik6ReUe2hPKafUdwsu8jpZBVUuo_yEQ9Cyr7epTY","keyAuthorization":"Av3ik6ReUe2hPKafUdwsu8jpZBVUuo_yEQ9Cyr7epTY.eaK7GMQB6OhyA2oyZ73gn-RzXpooptttd-Cya31AdH0","validationRecord":[{"url":"http://fool.duckdns.org/.well-known/acme-challenge/Av3ik6ReUe2hPKafUdwsu8jpZBVUuo_yEQ9Cyr7epTY","hostname":"fool.duckdns.org","port":"80","addressesResolved":["58.211.8.117"],"addressUsed":"58.211.8.117"}]},{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs/66060151","token":"dtH-JcSnUKVFtDVxHuaRbJHqwz0u0Ch4mnfwqrA4DLA"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs/66060152","token":"oh87G7f26myZ-XhGq5ijCS8yI1MSO-26lJjJQTeVLXE"}],"combinations":[[0],[1],[2]]}'
2016-05-01 02:05:31,884:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'dtH-JcSnUKVFtDVxHuaRbJHqwz0u0Ch4mnfwqrA4DLA', u'type': u'dns-01', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/g70lgWevnMyqo0iVIgnOKUph_TOO2J0RVoLSKcJQ7Qs/66060151'}
2016-05-01 02:05:31,885:INFO:letsencrypt.reporter:Reporting to user: The following errors were reported by the server:

Domain: fool.duckdns.org
Type: connection
Detail: Could not connect to http://fool.duckdns.org/.well-known/acme-challenge/Av3ik6ReUe2hPKafUdwsu8jpZBVUuo_yEQ9Cyr7epTY

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2016-05-01 02:05:31,886:INFO:letsencrypt.auth_handler:Cleaning up challenges
2016-05-01 02:05:31,886:DEBUG:letsencrypt.plugins.webroot:Removing /var/www/letsencrypt/.well-known/acme-challenge/Av3ik6ReUe2hPKafUdwsu8jpZBVUuo_yEQ9Cyr7epTY
2016-05-01 02:05:31,887:DEBUG:letsencrypt.plugins.webroot:Challenges cleaned up but /var/www/letsencrypt/.well-known/acme-challenge not empty
2016-05-01 02:05:31,889:DEBUG:letsencrypt.main:Exiting abnormally:
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in
sys.exit(main())
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/main.py", line 692, in main
return config.func(config, plugins)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/main.py", line 509, in obtain_cert
_, action = _auth_from_domains(le_client, config, domains, lineage)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/main.py", line 93, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/client.py", line 274, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/client.py", line 246, in obtain_certificate
self.config.allow_subset_of_names)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 74, in get_authorizations
self._respond(resp, best_effort)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 131, in _respond
self._poll_challenges(chall_update, best_effort)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 195, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. fool.duckdns.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to http://fool.duckdns.org/.well-known/acme-challenge/Av3ik6ReUe2hPKafUdwsu8jpZBVUuo_yEQ9Cyr7epTY

[root@localhost ~]#

This looks like a general connection error - Let’s Encrypt is unable to establish a TCP connection to your IP address on port 80.

I noticed that your IP routes to China, so my best guess would be that the Great Firewall is interfering with the connection attempt. (Interestingly, it works for me, but I guess the GFW classified traffic from Let’s Encrypt as bad.) This will probably be a problem for any challenge type that requires a connection to your IP.

You could use the DNS-based challenge (dns-01) using one of the alternative bash clients or lego. You’d need to be able to create a TXT record on your domain if you want to try that. If that’s not possible with Duck DNS, you could get a [free .tk domain] and use CloudFlare’s free DNS server. The .tk domain could just be a CNAME record that points to your Duck DNS domain. Hope that helps!

okay, then i may try your solution, thx for your patience.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.