Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
xn--emas-sra.es
I ran this command:
certbot certonly --expand -d javierin.com -d mamaexperta.es -d xn--emas-sra.es -w /var/www/blogs/ --standalone -vv
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator standalone and installer None
Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: Authenticator, Plugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x7fceaac17f10>
Prep: True
Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x7fceaac17f10> and installer None
Plugins selected: Authenticator standalone, Installer None
Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7fceaab01150>)>), contact=('mailto:admin@javierin.com',), agreement='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf', status='valid', terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v01.api.letsencrypt.org/acme/reg/28029843', new_authzr_uri='https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'), 8875e21cc828b19522c3c5d182adcb22, Meta(creation_dt=datetime.datetime(2018, 1, 22, 9, 1, 48, tzinfo=), creation_host='fr1', register_to_eff=None))>
Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 995
Received response:
HTTP 200
Server: nginx
Date: Mon, 21 Jul 2025 22:47:36 GMT
Content-Type: application/json
Content-Length: 995
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"LdD_NlMYfKk": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"profiles": {
"classic": "Profiles - Let's Encrypt",
"shortlived": "Profiles - Let's Encrypt (not yet generally available)",
"tlsserver": "Profiles - Let's Encrypt"
},
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
Notifying user: Requesting a certificate for javierin.com and 2 more domains
Requesting a certificate for javierin.com and 2 more domains
Generating ECDSA key (2048 bits): /etc/letsencrypt/keys/1936_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/1936_csr-certbot.pem
Requesting fresh nonce
Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Server: nginx
Date: Mon, 21 Jul 2025 22:47:36 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: Nq7ba1piZknCPiGVdb6mChiiKsxkevocFVFQd-HVtCO0KnkTcbI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Storing nonce: Nq7ba1piZknCPiGVdb6mChiiKsxkevocFVFQd-HVtCO0KnkTcbI
JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "javierin.com"\n },\n {\n "type": "dns",\n "value": "mamaexperta.es"\n },\n {\n "type": "dns",\n "value": "xn--emas-sra.es"\n }\n ]\n}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8yODAyOTg0MyIsICJub25jZSI6ICJOcTdiYTFwaVprbkNQaUdWZGI2bUNoaWlLc3hrZXZvY0ZWRlFkLUhWdENPMEtua1RjYkkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "YW7iOBoRYQe0Q4MiSOUGUPJZeZWFOO37NJAUIo0dNNDcBdHs9RbbUjMQY8ocHaF2CWXDVrH8UVT_NasSjq4C_OV59PuQi0LJ1GTOW07NVI0vDrmYfEpY6wvc5wfFlG8N-Bpdd3WZkInrVW5lEtR8xpD08l6hnTbpDxPq9B4C9llujgW4rVAVBKoWf6YZAOMD-HDFHg6rjJ5ooV40a3ezrne9XV-4qXQ_FosTmlM2ZTSimgvmhTK9nshi1qDYS8g2PBrndTtDKWxEsF_PFyvNGaugfSfCt9c4E-7A3sbff1wkCrb44WyS5tezjKk9FR4ljzgWWLrQUAJPIUBgtTWaUw",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImphdmllcmluLmNvbSIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJtYW1hZXhwZXJ0YS5lcyIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJ4bi0tZW1hcy1zcmEuZXMiCiAgICB9CiAgXQp9"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 629
Received response:
HTTP 201
Server: nginx
Date: Mon, 21 Jul 2025 22:47:37 GMT
Content-Type: application/json
Content-Length: 629
Connection: keep-alive
Boulder-Requester: 28029843
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/28029843/409416853131
Replay-Nonce: Nq7ba1pit36deH5zCJf0NWo1c67DFqffyK9jqQDsDAWEftqH48I
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2025-07-24T04:49:35Z",
"identifiers": [
{
"type": "dns",
"value": "javierin.com"
},
{
"type": "dns",
"value": "mamaexperta.es"
},
{
"type": "dns",
"value": "xn--emas-sra.es"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/28029843/541274393311",
"https://acme-v02.api.letsencrypt.org/acme/authz/28029843/541274393351",
"https://acme-v02.api.letsencrypt.org/acme/authz/28029843/556778211221"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/28029843/409416853131"
}
Storing nonce: Nq7ba1pit36deH5zCJf0NWo1c67DFqffyK9jqQDsDAWEftqH48I
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/28029843/541274393311:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8yODAyOTg0MyIsICJub25jZSI6ICJOcTdiYTFwaXQzNmRlSDV6Q0pmME5XbzFjNjdERnFmZnlLOWpxUURzREFXRWZ0cUg0OEkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzI4MDI5ODQzLzU0MTI3NDM5MzMxMSJ9",
"signature": "j8mxZYXRoBrdHMgOsg80ATnRiXDpk6MwvFheGvG1Solixgz076m6i8ojKNiIPm6TczNjM4oDgHIqlh6HmAxxAlNC3cJj00AqEv20sn3O0ulq6zvzzOuZlLMIIorxKuyNHaQyPHHncY1JqVx6NTflXNFWXRtbls-_GLtvaxlGBsORnHTBBUhq8ORsdI_T_OlHXoL3R7uwzwPbXWxCrCgBrh9RagUKHFE3S5ZXfgZSpYKjZ1w6OHgv3bzeBiExI4EXYXQlq7-pWBgVfso_urvVtZCIdzmSgyFoqeIr7KmhLlfGGqF7Z-Ysn2Yclc-f5zqrlwMVBnvUaX3n5T41K-_E3A",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/28029843/541274393311 HTTP/1.1" 200 757
Received response:
HTTP 200
Server: nginx
Date: Mon, 21 Jul 2025 22:47:37 GMT
Content-Type: application/json
Content-Length: 757
Connection: keep-alive
Boulder-Requester: 28029843
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: Nq7ba1piu4LBzpDfBf1vLeA1LMCq1oKLh7MXTq71pabv9O4VAiY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "javierin.com"
},
"status": "valid",
"expires": "2025-07-24T04:49:35Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/28029843/541274393311/5UF0AA",
"status": "valid",
"validated": "2025-06-24T04:49:34Z",
"token": "LU5xaCHAqpdxtIU5w4Gxvw9UHnk8fCwInbd4MbuOEFw",
"validationRecord": [
{
"url": "http://javierin.com/.well-known/acme-challenge/LU5xaCHAqpdxtIU5w4Gxvw9UHnk8fCwInbd4MbuOEFw",
"hostname": "javierin.com",
"port": "80",
"addressesResolved": [
"141.94.247.85"
],
"addressUsed": "141.94.247.85"
}
]
}
]
}
Storing nonce: Nq7ba1piu4LBzpDfBf1vLeA1LMCq1oKLh7MXTq71pabv9O4VAiY
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/28029843/541274393351:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8yODAyOTg0MyIsICJub25jZSI6ICJOcTdiYTFwaXU0TEJ6cERmQmYxdkxlQTFMTUNxMW9LTGg3TVhUcTcxcGFidjlPNFZBaVkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzI4MDI5ODQzLzU0MTI3NDM5MzM1MSJ9",
"signature": "XO5-1eMezwdbLAaYGCtvQ636rDd7RhazY8lL3EV839lR2T2FqQdsk_8ujMY8TUSQc5l4g8zIHP3SXKiXK5xFaZVAJPNiimUWg8w20Ni1auXcOd-23MsS0Dcr_n40A7a-OANYKGpB3VBOuzC5m-BTAbt6P2bhnJoKE6ZqQBz_bg2zUyJaZUiqwraeC31xWd1cANpuOrL-6pb5j0nd71qrBR6ojEWP42dymY6FozQHhiQrIeI4Fxr9-8wbhaEx3jBG1j_i8jHPXiK_j_fz6oK6jeskhkTWr8BHn7aAudu6BZ5Cgal221lsbgRL-nwmisPgx8GAblnn8ZvAhnwIiwJFow",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/28029843/541274393351 HTTP/1.1" 200 763
Received response:
HTTP 200
Server: nginx
Date: Mon, 21 Jul 2025 22:47:37 GMT
Content-Type: application/json
Content-Length: 763
Connection: keep-alive
Boulder-Requester: 28029843
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: Nq7ba1pimMryJHCOmLYLuOQ9nqgkFLYhcY71uUsKQLoqB1MZq-g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "mamaexperta.es"
},
"status": "valid",
"expires": "2025-07-24T04:49:36Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/28029843/541274393351/jJ-68g",
"status": "valid",
"validated": "2025-06-24T04:49:34Z",
"token": "QukoXe6rMgffoW6nin7zpJdE4kpeSkATvtn-tPQbcic",
"validationRecord": [
{
"url": "http://mamaexperta.es/.well-known/acme-challenge/QukoXe6rMgffoW6nin7zpJdE4kpeSkATvtn-tPQbcic",
"hostname": "mamaexperta.es",
"port": "80",
"addressesResolved": [
"141.94.247.85"
],
"addressUsed": "141.94.247.85"
}
]
}
]
}
Storing nonce: Nq7ba1pimMryJHCOmLYLuOQ9nqgkFLYhcY71uUsKQLoqB1MZq-g
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/28029843/556778211221:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8yODAyOTg0MyIsICJub25jZSI6ICJOcTdiYTFwaW1NcnlKSENPbUxZTHVPUTlucWdrRkxZaGNZNzF1VXNLUUxvcUIxTVpxLWciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzI4MDI5ODQzLzU1Njc3ODIxMTIyMSJ9",
"signature": "S_Gvyfw2t-F1Ln6tHhRfeo7E-mA8nhie2EMMZlGxx13gH-PSCUaV6FtiMO1JroE9rjnS7WEj-WhfIJj9i0nef3b155TF5P1K3AVh6S0LG4r8RatcZ3l6p7BGFc_FA1--rxe0cze9YmEyJK4kadXrW6AdcPqfWgGGmXYrRs5K5_E-LtzXLbz0WHCXDx0DLgE2FCXRhQdvQVSWTgq4u8fto9C0maLRuS78YRMZ6cKb7tXud0UByw3EeAbcww_PMx7tc5dnb59x--J0t5VqkfzHD7BvWfODsikP_wQPu1LiUap_s7KGc8Tpcuq83OOJ8lCllfb2GGJif-TDcm3_NUoJqQ",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/28029843/556778211221 HTTP/1.1" 200 817
Received response:
HTTP 200
Server: nginx
Date: Mon, 21 Jul 2025 22:47:37 GMT
Content-Type: application/json
Content-Length: 817
Connection: keep-alive
Boulder-Requester: 28029843
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: wXtwBRDtu0Bi6yGk3iUQOXU7KkR0yA713Pm-XqHdx13Fs6Dr6mo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "xn--emas-sra.es"
},
"status": "pending",
"expires": "2025-07-28T22:47:36Z",
"challenges": [
{
"type": "tls-alpn-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/28029843/556778211221/ZU9QcA",
"status": "pending",
"token": "LAwwpa60zlL0p17xXWvbnuLXdwscO68loq4dhAMxu_c"
},
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/28029843/556778211221/Mp037g",
"status": "pending",
"token": "LAwwpa60zlL0p17xXWvbnuLXdwscO68loq4dhAMxu_c"
},
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/28029843/556778211221/yV-DBg",
"status": "pending",
"token": "LAwwpa60zlL0p17xXWvbnuLXdwscO68loq4dhAMxu_c"
}
]
}
Storing nonce: wXtwBRDtu0Bi6yGk3iUQOXU7KkR0yA713Pm-XqHdx13Fs6Dr6mo
Performing the following challenges:
http-01 challenge for xn--emas-sra.es
Successfully bound to :80 using IPv6
Certbot wasn't able to bind to :80 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
JWS payload:
b'{}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/28029843/556778211221/yV-DBg:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8yODAyOTg0MyIsICJub25jZSI6ICJ3WHR3QlJEdHUwQmk2eUdrM2lVUU9YVTdLa1IweUE3MTNQbS1YcUhkeDEzRnM2RHI2bW8iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzI4MDI5ODQzLzU1Njc3ODIxMTIyMS95Vi1EQmcifQ",
"signature": "fnbPF41yKIFe1era8KNIQVsHOLPDkMqx22ShQA0YGvG2q_9JHfblP9kYTGZblV59DffSbwD5Gi0-6tP6kuUUgDuSb7NrXWjYdkcKYWXOx2d4H1adQWDyPesi6pkOllAB3zP_YPOJAl8YvdJiOrM8510uDUbbMieWl-qvxdfuh1dbnBFgqHH2Eezqr-ECbP7t0yktq66gMLStwfQQitadzzCopG2ZlRqfnONxC1e-JbfXTKwuoJMQJfnhR-j1oEQ7hyIwAb9e4f4qglua0-wxUj7guAFNjeZWJh40NSZq_UBw0zCtVM60I67X9lsLNz8QUvz2M0qzyHvPvOzxBllGgw",
"payload": "e30"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/28029843/556778211221/yV-DBg HTTP/1.1" 200 193
Received response:
HTTP 200
Server: nginx
Date: Mon, 21 Jul 2025 22:47:37 GMT
Content-Type: application/json
Content-Length: 193
Connection: keep-alive
Boulder-Requester: 28029843
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz/28029843/556778211221;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/28029843/556778211221/yV-DBg
Replay-Nonce: Nq7ba1piv74bBft6CEPgDs0vF-wS7Axo8ICyY8pUgNKXxsu821Q
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/28029843/556778211221/yV-DBg",
"status": "pending",
"token": "LAwwpa60zlL0p17xXWvbnuLXdwscO68loq4dhAMxu_c"
}
Storing nonce: Nq7ba1piv74bBft6CEPgDs0vF-wS7Axo8ICyY8pUgNKXxsu821Q
Waiting for verification...
::ffff:23.178.112.105 - - Incoming request
::ffff:23.178.112.105 - - Serving HTTP01 with token 'LAwwpa60zlL0p17xXWvbnuLXdwscO68loq4dhAMxu_c'
::ffff:23.178.112.105 - - "GET /.well-known/acme-challenge/LAwwpa60zlL0p17xXWvbnuLXdwscO68loq4dhAMxu_c HTTP/1.1" 200 -
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/28029843/541274393311:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8yODAyOTg0MyIsICJub25jZSI6ICJOcTdiYTFwaXY3NGJCZnQ2Q0VQZ0RzMHZGLXdTN0F4bzhJQ3lZOHBVZ05LWHhzdTgyMVEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzI4MDI5ODQzLzU0MTI3NDM5MzMxMSJ9",
"signature": "TW1nHSWQh3ZnjscdyYR1Fve5ZuvhbyAKktXPG4Z53rHXubCgx-LOzn9bpwjirg5nNeHVGpPGuOrenveHfdoaAZ-fGt7ZJtBYafdyTKn58bpYrnMQXS27n1cL-wFmSQy3J568pz5IposKhsme4skhem3NIOD7dbK5noX9YrQ6n8yETrG9-N_HCDJRBX3OStZo9ABb6dsSyNjnYNKEmolZw4nB6rUjbjzCuxL3-K0r5x5GIq0l6jRvjtQL1AqhhM9RznUaYp96uSxilcemry2lcLFyqbTUL8aepy_X1y3IohUYKDJUqIVEPOdRXiaJICeEikOrNI1dp-EADNDChMoicA",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/28029843/541274393311 HTTP/1.1" 200 757
Received response:
HTTP 200
Server: nginx
Date: Mon, 21 Jul 2025 22:47:38 GMT
Content-Type: application/json
Content-Length: 757
Connection: keep-alive
Boulder-Requester: 28029843
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: wXtwBRDt2gFvqkNNHaIb_BF2y0-X3klxcBQpKU3QhV5aMThQq_8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "javierin.com"
},
"status": "valid",
"expires": "2025-07-24T04:49:35Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/28029843/541274393311/5UF0AA",
"status": "valid",
"validated": "2025-06-24T04:49:34Z",
"token": "LU5xaCHAqpdxtIU5w4Gxvw9UHnk8fCwInbd4MbuOEFw",
"validationRecord": [
{
"url": "http://javierin.com/.well-known/acme-challenge/LU5xaCHAqpdxtIU5w4Gxvw9UHnk8fCwInbd4MbuOEFw",
"hostname": "javierin.com",
"port": "80",
"addressesResolved": [
"141.94.247.85"
],
"addressUsed": "141.94.247.85"
}
]
}
]
}
Storing nonce: wXtwBRDt2gFvqkNNHaIb_BF2y0-X3klxcBQpKU3QhV5aMThQq_8
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/28029843/541274393351:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8yODAyOTg0MyIsICJub25jZSI6ICJ3WHR3QlJEdDJnRnZxa05OSGFJYl9CRjJ5MC1YM2tseGNCUXBLVTNRaFY1YU1UaFFxXzgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzI4MDI5ODQzLzU0MTI3NDM5MzM1MSJ9",
"signature": "blKDzZTFx0I-LFajM7sLy1T0VBvFqK_umLwNrlRT-1qoyIesEIHqTcG9HtWnl-vHAnQmxWVOuUZ1XVBYhB4YnCXKz6ClxmoDkcUrhg8_n8DoQ_7QXfqqOm9Afurhk6vnKoBQ5XeD6Q9guV1GVM1HuH92Y4wa5-9tNKNE8tC5d8nCFjR8fvpeHL26XpLFnEvZxoXMqn5iZ6pSs_doBWm_H0UW6Uyf6DWQJ1s1VPETQok6XD0DpYbQ7gKj6lAwMSBq69zrJKF_1K3V8JxvXEyOrdutLSwx_00iuXnTv5iTxrgMB3V5IpM3lCfWJ5KUhWFWPg5xsqLXnRbOkTpjYI6mig",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/28029843/541274393351 HTTP/1.1" 200 763
Received response:
HTTP 200
Server: nginx
Date: Mon, 21 Jul 2025 22:47:38 GMT
Content-Type: application/json
Content-Length: 763
Connection: keep-alive
Boulder-Requester: 28029843
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: Nq7ba1pioe4hsz30ugbDXJonzqsd2MkKtvTF2u9dwhFL7zn9bys
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "mamaexperta.es"
},
"status": "valid",
"expires": "2025-07-24T04:49:36Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/28029843/541274393351/jJ-68g",
"status": "valid",
"validated": "2025-06-24T04:49:34Z",
"token": "QukoXe6rMgffoW6nin7zpJdE4kpeSkATvtn-tPQbcic",
"validationRecord": [
{
"url": "http://mamaexperta.es/.well-known/acme-challenge/QukoXe6rMgffoW6nin7zpJdE4kpeSkATvtn-tPQbcic",
"hostname": "mamaexperta.es",
"port": "80",
"addressesResolved": [
"141.94.247.85"
],
"addressUsed": "141.94.247.85"
}
]
}
]
}
Storing nonce: Nq7ba1pioe4hsz30ugbDXJonzqsd2MkKtvTF2u9dwhFL7zn9bys
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/28029843/556778211221:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8yODAyOTg0MyIsICJub25jZSI6ICJOcTdiYTFwaW9lNGhzejMwdWdiRFhKb256cXNkMk1rS3R2VEYydTlkd2hGTDd6bjlieXMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzI4MDI5ODQzLzU1Njc3ODIxMTIyMSJ9",
"signature": "VyM6KbaPBdyfEaCSXtusaY0JXCKxZIsED49lgiajOsoE--s3xcZ1y4Sl9EmOVsIrr2Btf6RLwR5NMQYa6pdbbKgFTYuCyFN97Ot3CQ6rs5N1wCMj6-jJzXkpSaTEGmgBwRUQ0JroLgcrSp0LssKyKVXHiGMkbZch8fIqJs-8bnjcK46FR8uC5QzE179ya5B6kZOiM5CiXHYxP83VGP8DfBM-IeJV6BMn9usXMVovkNxs3w8eXM-Z5PUy8MRJhJIB4itIm04TYGw1ppPLmozR664n6vsb0mMT-otwO7jzkpGs56U4qj3Q-yhjXWsbdxI3F9KpPMUMMmiU4fNtEo8Xeg",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/28029843/556778211221 HTTP/1.1" 200 961
Received response:
HTTP 200
Server: nginx
Date: Mon, 21 Jul 2025 22:47:39 GMT
Content-Type: application/json
Content-Length: 961
Connection: keep-alive
Boulder-Requester: 28029843
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: wXtwBRDtkUukggZu5K6TiGnRCeVormHrIqKnZ3OEq5sUM4Sd6tE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "xn--emas-sra.es"
},
"status": "invalid",
"expires": "2025-07-28T22:47:36Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/28029843/556778211221/yV-DBg",
"status": "invalid",
"validated": "2025-07-21T22:47:37Z",
"error": {
"type": "urn:ietf:params:acme:error:serverInternal",
"detail": "During secondary validation: Secondary validation RPC failed",
"status": 500
},
"token": "LAwwpa60zlL0p17xXWvbnuLXdwscO68loq4dhAMxu_c",
"validationRecord": [
{
"url": "http://emaús.es/.well-known/acme-challenge/LAwwpa60zlL0p17xXWvbnuLXdwscO68loq4dhAMxu_c",
"hostname": "xn--emas-sra.es",
"port": "80",
"addressesResolved": [
"141.94.247.85"
],
"addressUsed": "141.94.247.85"
}
]
}
]
}
Storing nonce: wXtwBRDtkUukggZu5K6TiGnRCeVormHrIqKnZ3OEq5sUM4Sd6tE
Challenge failed for domain xn--emas-sra.es
http-01 challenge for xn--emas-sra.es
Notifying user:
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: xn--emas-sra.es
Type: serverInternal
Detail: During secondary validation: Secondary validation RPC failed
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: xn--emas-sra.es
Type: serverInternal
Detail: During secondary validation: Secondary validation RPC failed
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
Calling registered functions
Cleaning up challenges
Stopping server at :::80...
Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in
sys.exit(load_entry_point('certbot==2.1.0', 'console_scripts', 'certbot')())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1736, in main
return config.func(config, plugins)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1590, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 138, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 516, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 428, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
Some challenges have failed.
My web server is (include version):
standalone server for validation
issues as well with nginx 1.22.1
The operating system my web server runs on is (include version):
Debian 12.11
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
2.1.0
I tried using nginx plugin as well as option 3 for entering webroot manually. The acme challenge is served but I always receive the same error in that second phase, and it is only happening for that specific domain containing international characters such as a tilde.