Hi,
My domain is:
freesurfcamp.pt
I ran this command:
certbot --debug -v --server https://acme-v02.api.letsencrypt.org/directory certonly --webroot -w /var/local/www/fsc/ -d freesurfcamp.pt -d www.freesurfcamp.pt
It produced this output:
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator webroot and installer None
Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7fe08d9bfa90>
Prep: True
Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7fe08d9bfa90> and installer None
Plugins selected: Authenticator webroot, Installer None
Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None, external_account_binding=None), uri=u'https://acme-v02.api.letsencrypt.org/acme/acct/50217122', new_authzr_uri=None, terms_of_service=None), e8da1b4aef82e97adb361fb8b79df506, Meta(creation_host=u'ip-172-30-0-68.ec2.internal', creation_dt=datetime.datetime(2019, 1, 25, 15, 1, 54, tzinfo=<UTC>)))>
Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 659
Received response:
HTTP 200
Server: nginx
Date: Mon, 31 Oct 2022 11:33:34 GMT
Content-Type: application/json
Content-Length: 659
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"blqM3ijs8jQ": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
Obtaining a new certificate
Generating key (2048 bits): /etc/letsencrypt/keys/17743_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/17743_csr-certbot.pem
Requesting fresh nonce
Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Server: nginx
Date: Mon, 31 Oct 2022 11:34:45 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: F977XUWmjPuXOwhj3fOWSYTDGecnRi8uHKPP6NuF5gdZ2vM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Storing nonce: F977XUWmjPuXOwhj3fOWSYTDGecnRi8uHKPP6NuF5gdZ2vM
JWS payload:
{
"identifiers": [
{
"type": "dns",
"value": "freesurfcamp.pt"
},
{
"type": "dns",
"value": "www.freesurfcamp.pt"
}
]
}
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJub25jZSI6ICJGOTc3WFVXbWpQdVhPd2hqM2ZPV1NZVERHZWNuUmk4dUhLUFA2TnVGNWdkWjJ2TSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzUwMjE3MTIyIiwgImFsZyI6ICJSUzI1NiJ9",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICJmcmVlc3VyZmNhbXAucHQiCiAgICB9LCAKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICJ3d3cuZnJlZXN1cmZjYW1wLnB0IgogICAgfQogIF0KfQ",
"signature": "TZmrnn_d2h85Rx-uUscLbabDhcjT0jIxfoiCnSSGTkIVsGmV_oHlZOYtcp3QFdJyR9cNSodiHIxBYdbeJrxJIoip6WTCzrQP_KC-jtx_eCkspvgvg_32EvwHrbNKEso2iWeNzONoR09FbNJ7WfctgpickBLumUOBDs5i-_YsyfOp7BqeDQR5QaE4BC_Au9DUvW2xfR1FJQWmm4PUSJRvAMvgdptNG-3zBDNc4SQN0UE6npbDJQjyJ4q4u_Wbrlrjidbdb3_jvuuv2f2cPO1frxbOuLsCRRjRYPX7CUEitRj20cGDPKvTIdLyZzWI-en-6qDgtwjYpHQI0OAKwa8Abw"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 481
Received response:
HTTP 201
Server: nginx
Date: Mon, 31 Oct 2022 11:34:45 GMT
Content-Type: application/json
Content-Length: 481
Connection: keep-alive
Boulder-Requester: 50217122
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/50217122/139633303082
Replay-Nonce: 853Fc6OjruSg2Ln-YtAnFWuSPQbh-qEA2EdcfVa7jW0hw7w
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2022-11-07T11:34:45Z",
"identifiers": [
{
"type": "dns",
"value": "freesurfcamp.pt"
},
{
"type": "dns",
"value": "www.freesurfcamp.pt"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/170773898582",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/170773898592"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/50217122/139633303082"
}
Storing nonce: 853Fc6OjruSg2Ln-YtAnFWuSPQbh-qEA2EdcfVa7jW0hw7w
JWS payload:
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/170773898582:
{
"protected": "eyJub25jZSI6ICI4NTNGYzZPanJ1U2cyTG4tWXRBbkZXdVNQUWJoLXFFQTJFZGNmVmE3alcwaHc3dyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTcwNzczODk4NTgyIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzUwMjE3MTIyIiwgImFsZyI6ICJSUzI1NiJ9",
"payload": "",
"signature": "C2TGSCBeAUoufTiPqe_uVLUSGSLeCXqV5OQm8HqljpvsVFEy01irjUCJM7ytc7_x7EXQIvHgDMDIIC0hD10m4EjW0dFQvltTzUx9LZIcxvsHZAkyMypvdts_z6GnZljWCrWBGwc_4a6QnncZC2auAjAMHblub4a7rpzvrDQrdCCdmaoxXhW00Y6AcU1Luhg3uxfeytrdk1X8GAgovCGwWFwSeiUDPCFGtgfSVCRTxAk-0_TPhoIi1UikDIeKf0JWoYcBaEk28DjzWYPO4Le-kGNl2u3tvowSuKdGxFvkr197BqENTxlvyBNnzsgL88z8gIVTqKSp1CKSm_ETnF-AuQ"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/170773898582 HTTP/1.1" 200 799
Received response:
HTTP 200
Server: nginx
Date: Mon, 31 Oct 2022 11:34:45 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 50217122
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 853F3GhCX0gFw5ET3ahkyLSvwsAgWLQEgRlglZPlz-VIkFM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "freesurfcamp.pt"
},
"status": "pending",
"expires": "2022-11-07T11:34:45Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/170773898582/Z_kKxw",
"token": "ITmTZjLMvVSLbsihaX_q3am6D9SC-8JodMRPvxkgr1E"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/170773898582/1t0Bwg",
"token": "ITmTZjLMvVSLbsihaX_q3am6D9SC-8JodMRPvxkgr1E"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/170773898582/hRAl_w",
"token": "ITmTZjLMvVSLbsihaX_q3am6D9SC-8JodMRPvxkgr1E"
}
]
}
Storing nonce: 853F3GhCX0gFw5ET3ahkyLSvwsAgWLQEgRlglZPlz-VIkFM
JWS payload:
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/170773898592:
{
"protected": "eyJub25jZSI6ICI4NTNGM0doQ1gwZ0Z3NUVUM2Foa3lMU3Z3c0FnV0xRRWdSbGdsWlBsei1WSWtGTSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTcwNzczODk4NTkyIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzUwMjE3MTIyIiwgImFsZyI6ICJSUzI1NiJ9",
"payload": "",
"signature": "Ht52DQDXzgZeb0XCH01OlZcFeYpJnZcKW_8jI-XA_Bsps0GW_AaHjsDP36nilFI1gY-H7pcR1eMgGk2YgoeVPmNPjxYOeGzXhULjYLFMK2OsYn2sT2iS9eg9nqCX_an0caZ7r9JjO44TrHzTFWEYM0mRixolzlLB4cur0eF2b6Z7-nIm5e1U1dTvoOG-R4FXqAcE4rK-btjacN3ZeWP66GzV5cv56OGmzbQWxoI_sazcQfHqWDLxjNz37Q58wYRMxt-5eTrr7zgaIrI27S_X6Cw-VMq51RX6nOwTzYjxBEeiUh0Jp11q_v_fdVVss6AVZJLXDQCyvyS2U_Q1KvudMw"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/170773898592 HTTP/1.1" 200 803
Received response:
HTTP 200
Server: nginx
Date: Mon, 31 Oct 2022 11:34:45 GMT
Content-Type: application/json
Content-Length: 803
Connection: keep-alive
Boulder-Requester: 50217122
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: A5FEyVos8pA35TpmeSmJ2ms-QexKco9zeko_GE3J06hlqHQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "www.freesurfcamp.pt"
},
"status": "pending",
"expires": "2022-11-07T11:34:45Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/170773898592/DVuu_Q",
"token": "FoerUuyXcelAy7eSzcPzhVM60Htua9jQ3Z6pBVkJ7hM"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/170773898592/U0hmSA",
"token": "FoerUuyXcelAy7eSzcPzhVM60Htua9jQ3Z6pBVkJ7hM"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/170773898592/Pnr2NQ",
"token": "FoerUuyXcelAy7eSzcPzhVM60Htua9jQ3Z6pBVkJ7hM"
}
]
}
Storing nonce: A5FEyVos8pA35TpmeSmJ2ms-QexKco9zeko_GE3J06hlqHQ
Performing the following challenges:
http-01 challenge for freesurfcamp.pt
http-01 challenge for www.freesurfcamp.pt
Using the webroot path /var/local/www/fsc for all unmatched domains.
Creating root challenges validation dir at /var/local/www/fsc/.well-known/acme-challenge
Creating root challenges validation dir at /var/local/www/fsc/.well-known/acme-challenge
Attempting to save validation to /var/local/www/fsc/.well-known/acme-challenge/ITmTZjLMvVSLbsihaX_q3am6D9SC-8JodMRPvxkgr1E
Attempting to save validation to /var/local/www/fsc/.well-known/acme-challenge/FoerUuyXcelAy7eSzcPzhVM60Htua9jQ3Z6pBVkJ7hM
Waiting for verification...
JWS payload:
{
"keyAuthorization": "ITmTZjLMvVSLbsihaX_q3am6D9SC-8JodMRPvxkgr1E.jB-GMcShoCWIHv549N1OR0F99f0LqTriyghetQstSdE",
"type": "http-01",
"resource": "challenge"
}
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/170773898582/Z_kKxw:
{
"protected": "eyJub25jZSI6ICJBNUZFeVZvczhwQTM1VHBtZVNtSjJtcy1RZXhLY285emVrb19HRTNKMDZobHFIUSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTcwNzczODk4NTgyL1pfa0t4dyIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81MDIxNzEyMiIsICJhbGciOiAiUlMyNTYifQ",
"payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIklUbVRaakxNdlZTTGJzaWhhWF9xM2FtNkQ5U0MtOEpvZE1SUHZ4a2dyMUUuakItR01jU2hvQ1dJSHY1NDlOMU9SMEY5OWYwTHFUcml5Z2hldFFzdFNkRSIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
"signature": "F_Q49Vu4JdK2UUCLzEDkD1iRPUDIHXPwIXU0E_8QEbQTMEE3RZG5Qx4mEptfjNZIVNXvb85dFSnCUPmcqRa6yTkV07nQMOGEhv8bs5T6xdG9AH2strF8FInrhh3U4ekhpyOcMvOPOdNnABg8Bqng38TwUemXJlXGgbwzy2rsu_Pm9MO7zZjQDUNcLmv7XzHl5NQqD9E12xTT799H6oXnF0psbfKT-b5HLfr41-LmmwK0rnBv986cYJBqWw7VpskKjNK0efLm7Oog1EnHY70MX4DcHhTKhdFDesr7juQqALxO4AKl6lR8Zl6nXrzvDoWmsKA9rJKcg94y9PdioWSrfA"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/170773898582/Z_kKxw HTTP/1.1" 200 187
Received response:
HTTP 200
Server: nginx
Date: Mon, 31 Oct 2022 11:34:46 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 50217122
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/170773898582>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/170773898582/Z_kKxw
Replay-Nonce: C400NnYXLUNRSxRArR4iw4d2Mdfh7OUjNW086j9O0btlh3U
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/170773898582/Z_kKxw",
"token": "ITmTZjLMvVSLbsihaX_q3am6D9SC-8JodMRPvxkgr1E"
}
Storing nonce: C400NnYXLUNRSxRArR4iw4d2Mdfh7OUjNW086j9O0btlh3U
JWS payload:
{
"keyAuthorization": "FoerUuyXcelAy7eSzcPzhVM60Htua9jQ3Z6pBVkJ7hM.jB-GMcShoCWIHv549N1OR0F99f0LqTriyghetQstSdE",
"type": "http-01",
"resource": "challenge"
}
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/170773898592/DVuu_Q:
{
"protected": "eyJub25jZSI6ICJDNDAwTm5ZWExVTlJTeFJBclI0aXc0ZDJNZGZoN09Vak5XMDg2ajlPMGJ0bGgzVSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTcwNzczODk4NTkyL0RWdXVfUSIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81MDIxNzEyMiIsICJhbGciOiAiUlMyNTYifQ",
"payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIkZvZXJVdXlYY2VsQXk3ZVN6Y1B6aFZNNjBIdHVhOWpRM1o2cEJWa0o3aE0uakItR01jU2hvQ1dJSHY1NDlOMU9SMEY5OWYwTHFUcml5Z2hldFFzdFNkRSIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
"signature": "CMwWnt1wYQmqQgVQrwD7wn2C75d-78yYujR8TANVQ5yf4ApR01pJ5wqhnEIwN-9JFdZwDy33U42WUMrNlQjMJUqlmRbJ2XgNprEPccYixPaNFX_MCBM8E9z032ZGqAXKM80E20r_WXiFUV2xJJygL00CM1ykkkbiG8FTbkiDCaiOwaH3v2YFcs0D_DurpEWnvPd9sC4IJtR4u0ggSHHFls3jByY8mV6O88N-MfRCqhfaXaewO1lz52cImps2_GckPtDvoaM0yTuNEajcdfAjnMLIzNScNc077XpTiHdX1hRP1n7hULoNS1QNE6tk3Y44C8tNnwcceMUUdR9NIC2DEA"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/170773898592/DVuu_Q HTTP/1.1" 200 187
Received response:
HTTP 200
Server: nginx
Date: Mon, 31 Oct 2022 11:34:46 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 50217122
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/170773898592>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/170773898592/DVuu_Q
Replay-Nonce: F9772w9iQxfX9D097OksZzdmI7V1D8hVbSL1tvjvOwEnbT4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/170773898592/DVuu_Q",
"token": "FoerUuyXcelAy7eSzcPzhVM60Htua9jQ3Z6pBVkJ7hM"
}
Storing nonce: F9772w9iQxfX9D097OksZzdmI7V1D8hVbSL1tvjvOwEnbT4
JWS payload:
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/170773898582:
{
"protected": "eyJub25jZSI6ICJGOTc3Mnc5aVF4Zlg5RDA5N09rc1p6ZG1JN1YxRDhoVmJTTDF0dmp2T3dFbmJUNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTcwNzczODk4NTgyIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzUwMjE3MTIyIiwgImFsZyI6ICJSUzI1NiJ9",
"payload": "",
"signature": "BmTXSHQCq6zzlwlRmlIPHFqzd101BXdyqVXjRV_VTrTG5HZ4ByDMNHVWCQmp139v-gCtDrA9WK-pLnik22-b9Csqp4jrLDyZ8cNfs7bZE9wxqbZkukE1EF3KFSwApbfHNOHua3mibLgyTld1CzshYcemuEr0vIHeyCOvilWhGaQuuSUIMSl7gl77PFk5cPCjgzEejMHihVoXVojsdEWgu5kkDbhQEwHzWFKBDn-JBoQrkWdMTM_jAdbZPd2BIKiQfy88QBT8svxnOxyTA8BiItl1vtwhMKghAHz97kh0FVBHvAQVScUfYKx9uCViwJELbLUxXkbKDGU_ATpx7FIJGA"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/170773898582 HTTP/1.1" 200 1101
Received response:
HTTP 200
Server: nginx
Date: Mon, 31 Oct 2022 11:34:47 GMT
Content-Type: application/json
Content-Length: 1101
Connection: keep-alive
Boulder-Requester: 50217122
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: F977xyOzqXiu6D28RlZ1DbStihfSS5Rvv6Wv-VtJJs03XG8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "freesurfcamp.pt"
},
"status": "invalid",
"expires": "2022-11-07T11:34:45Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "2a02:4780:8:407:0:87a:e8bb:b: Invalid response from http://freesurfcamp.pt/.well-known/acme-challenge/ITmTZjLMvVSLbsihaX_q3am6D9SC-8JodMRPvxkgr1E: 404",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/170773898582/Z_kKxw",
"token": "ITmTZjLMvVSLbsihaX_q3am6D9SC-8JodMRPvxkgr1E",
"validationRecord": [
{
"url": "http://freesurfcamp.pt/.well-known/acme-challenge/ITmTZjLMvVSLbsihaX_q3am6D9SC-8JodMRPvxkgr1E",
"hostname": "freesurfcamp.pt",
"port": "80",
"addressesResolved": [
"34.198.92.45",
"2a02:4780:8:407:0:87a:e8bb:b"
],
"addressUsed": "2a02:4780:8:407:0:87a:e8bb:b"
}
],
"validated": "2022-10-31T11:34:46Z"
}
]
}
Storing nonce: F977xyOzqXiu6D28RlZ1DbStihfSS5Rvv6Wv-VtJJs03XG8
JWS payload:
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/170773898592:
{
"protected": "eyJub25jZSI6ICJGOTc3eHlPenFYaXU2RDI4UmxaMURiU3RpaGZTUzVSdnY2V3YtVnRKSnMwM1hHOCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTcwNzczODk4NTkyIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzUwMjE3MTIyIiwgImFsZyI6ICJSUzI1NiJ9",
"payload": "",
"signature": "Mb5iwA5Vn6LRPYKATP2XY0Jjs3s9ZzIIAD-XSf48tRF_rr1h1PLf-4TyDp6bLvZVLiQucIt2-RlWWZFkkCqnV1d3mwLzEuZhWmpuomom8aRav51vdF9IPidm8NzPLfo5KRFH7wEoUJ-agqflk63HbaSe9Afm8cfK9mGAXlQ6ME6wKRReKugHlIDx43OkUeeO3H9uQtNvaQOuvDCn4oQdXkRWTgkPhepICBfM7RwP_uhS4voqY9l_Slt47jYrM4GQjJ0g6tniCx2AK2HQxHG0Vcsj8PEO69IVgS_-o7w-8ntJgE3paAsgSFnFapYdWRGclnKU3Y7N-lehp7ATrLEK3A"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/170773898592 HTTP/1.1" 200 1117
Received response:
HTTP 200
Server: nginx
Date: Mon, 31 Oct 2022 11:34:47 GMT
Content-Type: application/json
Content-Length: 1117
Connection: keep-alive
Boulder-Requester: 50217122
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: C400mggmE55kRAiZ2QcrUlMKaJM70XkFfM-OtPnDAJlnSnY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "www.freesurfcamp.pt"
},
"status": "invalid",
"expires": "2022-11-07T11:34:45Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "2a02:4780:8:407:0:87a:e8bb:b: Invalid response from http://www.freesurfcamp.pt/.well-known/acme-challenge/FoerUuyXcelAy7eSzcPzhVM60Htua9jQ3Z6pBVkJ7hM: 404",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/170773898592/DVuu_Q",
"token": "FoerUuyXcelAy7eSzcPzhVM60Htua9jQ3Z6pBVkJ7hM",
"validationRecord": [
{
"url": "http://www.freesurfcamp.pt/.well-known/acme-challenge/FoerUuyXcelAy7eSzcPzhVM60Htua9jQ3Z6pBVkJ7hM",
"hostname": "www.freesurfcamp.pt",
"port": "80",
"addressesResolved": [
"34.198.92.45",
"2a02:4780:8:407:0:87a:e8bb:b"
],
"addressUsed": "2a02:4780:8:407:0:87a:e8bb:b"
}
],
"validated": "2022-10-31T11:34:46Z"
}
]
}
Storing nonce: C400mggmE55kRAiZ2QcrUlMKaJM70XkFfM-OtPnDAJlnSnY
Challenge failed for domain freesurfcamp.pt
Challenge failed for domain www.freesurfcamp.pt
http-01 challenge for freesurfcamp.pt
http-01 challenge for www.freesurfcamp.pt
Reporting to user: The following errors were reported by the server:
Domain: freesurfcamp.pt
Type: unauthorized
Detail: 2a02:4780:8:407:0:87a:e8bb:b: Invalid response from http://freesurfcamp.pt/.well-known/acme-challenge/ITmTZjLMvVSLbsihaX_q3am6D9SC-8JodMRPvxkgr1E: 404
Domain: www.freesurfcamp.pt
Type: unauthorized
Detail: 2a02:4780:8:407:0:87a:e8bb:b: Invalid response from http://www.freesurfcamp.pt/.well-known/acme-challenge/FoerUuyXcelAy7eSzcPzhVM60Htua9jQ3Z6pBVkJ7hM: 404
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 154, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
AuthorizationError: Some challenges have failed.
Calling registered functions
Cleaning up challenges
Removing /var/local/www/fsc/.well-known/acme-challenge/ITmTZjLMvVSLbsihaX_q3am6D9SC-8JodMRPvxkgr1E
Removing /var/local/www/fsc/.well-known/acme-challenge/FoerUuyXcelAy7eSzcPzhVM60Htua9jQ3Z6pBVkJ7hM
All challenges cleaned up
Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
sys.exit(main())
File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 1379, in main
return config.func(config, plugins)
File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 1262, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 120, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 406, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 349, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 385, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 154, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
AuthorizationError: Some challenges have failed.
Please see the logfiles in /var/log/letsencrypt for more details.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: freesurfcamp.pt
Type: unauthorized
Detail: 2a02:4780:8:407:0:87a:e8bb:b: Invalid response from
http://freesurfcamp.pt/.well-known/acme-challenge/ITmTZjLMvVSLbsihaX_q3am6D9SC-8JodMRPvxkgr1E:
404
Domain: www.freesurfcamp.pt
Type: unauthorized
Detail: 2a02:4780:8:407:0:87a:e8bb:b: Invalid response from
http://www.freesurfcamp.pt/.well-known/acme-challenge/FoerUuyXcelAy7eSzcPzhVM60Htua9jQ3Z6pBVkJ7hM:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
I have run in interactive mode and I can see the .well-known/* folder being created and I'm able to access the token through the browser (in this case FreeSurfCamp & Hostel - FreeSurfCamp & Hostel) but it always end in error 404 and I don't understand why.