Hi all,
I have an issue and don’t know what’s went wrong.
I have 3 Server that using Lets encrypt and only one of them makes me trouble since a short time. The server is behind a Firewall (NAT and FW Policy is implemented and OK) and is in use as Reverse Proxy (but I also make a exception for .well-known).
3 Month ago I can issued certificate for this server, now I can’t nighter renew, nor issue new Certificates.
In use is Apache 2.4.38 and certbot 0.31.0.
Here is a log of the Subdomain “secure”:
root@ZH-DMZ-RVP-01:~# certbot certonly --dry-run --debug-challenges -d secure..de -v
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator None and installer None
Apache version is 2.4.38
Multiple candidate plugins: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7fa3572088d0>
Prep: True
* standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0x7fa3560d3048>
Prep: True
* webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7fa3560d32b0>
Prep: True
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Selected authenticator <certbot_apache.override_debian.DebianConfigurator object at 0x7fa3572088d0> and installer None
Plugins selected: Authenticator apache, Installer None
Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/14127352', new_authzr_uri=None, terms_of_service=None), c071935c650fe2f23814a40bb39f1d1f, Meta(creation_dt=datetime.datetime(2020, 6, 11, 18, 34, 39, tzinfo=<UTC>), creation_host='rvp.<DOMAINNAME>.de'))>
Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 724
Received response:
HTTP 200
Server: nginx
Date: Mon, 15 Jun 2020 06:49:20 GMT
Content-Type: application/json
Content-Length: 724
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"88pigZ5_XjQ": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org/docs/staging-environment/"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
Should renew, less than 30 days before certificate expiry 2020-06-30 06:46:20 UTC.
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Requesting fresh nonce
Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Server: nginx
Date: Mon, 15 Jun 2020 06:49:21 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001zrtVdfxPM-NOuSSOo-5K8ILHSs1vZY6biluw0VSTlB8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Storing nonce: 0001zrtVdfxPM-NOuSSOo-5K8ILHSs1vZY6biluw0VSTlB8
JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "secure.<DOMAINNAME>.de"\n }\n ]\n}'
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNDEyNzM1MiIsICJub25jZSI6ICIwMDAxenJ0VmRmeFBNLU5PdVNTT28tNUs4SUxIU3MxdlpZNmJpbHV3MFZTVGxCOCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "FcJwKixfCMPTAKKwobIyzkIMpSvamRpTpD80uT2DFOYIyAKDKyMsgMhFetZcn66AAHjuM8mr4mXuFaUvv05f50Ms7wtTPmWs-B1BDh41CmViJ2_b07vT-EP6A0tg5XQV8NnhiUfAYrqrof3d6S0eUg93TlW0q8Wsl3SJdqbIEjXMmvo5XorZ5g7ChFQPDP5DSRVT6o2gbUfiHBk-3W_ohizC4TV5WO9KMVFMj9huLr6DSSnCXnv7nL0_4U1yF-8rekj2ZLgsmFYLirs13L16PGCeWkMwyHirtAWyDRLV_CvNn3VuVVCU_3FMraiqUUrH7d1tI5Ty5gR19iQkO-__0g",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNlY3VyZS5jaHJpc3RpYW4tYnVyZ2VydC5kZSIKICAgIH0KICBdCn0"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 370
Received response:
HTTP 201
Server: nginx
Date: Mon, 15 Jun 2020 06:49:21 GMT
Content-Type: application/json
Content-Length: 370
Connection: keep-alive
Boulder-Requester: 14127352
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/14127352/102217913
Replay-Nonce: 00019l6XCkTcZ824Uhf2tPq_po-LScgCwXYsOGAEo_4jy90
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2020-06-22T06:49:21.490152476Z",
"identifiers": [
{
"type": "dns",
"value": "secure.<DOMAINNAME>.de"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/65568508"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/14127352/102217913"
}
Storing nonce: 00019l6XCkTcZ824Uhf2tPq_po-LScgCwXYsOGAEo_4jy90
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/65568508:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNDEyNzM1MiIsICJub25jZSI6ICIwMDAxOWw2WENrVGNaODI0VWhmMnRQcV9wby1MU2NnQ3dYWXNPR0FFb180ank5MCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My82NTU2ODUwOCJ9",
"signature": "UnPqDllcN6UWbsLTh7D66wdQoAQmAAZvC7bz3FJbb2zyfJYDFuUgeipi6VpKjneCoa-vAVvOpSQxHgXVQf-FIwNkGJII812g9tyuYhbOSqhGmtq6FLnTExlvViwfEfGazszoqQnMEEUvaHP1ou7RgUZt2_eGQAIUt7CBs0h1ZWYO_WeCz-KhoKmR7qlaqQk_vTSnftDNcpdEPMK0D4aR7l5jWvLwJPE31p2vpiXJ2DV181-DwMZibY7ky_m2PQu_X6WKvjwCYmfaDYiQ1RCLSVN6_knvDnIVbjD3vUh5oDQGIp7GSBJwXWvMYWIBnnBcRX7Q640xa1i4jw3_enTXhQ",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/65568508 HTTP/1.1" 200 823
Received response:
HTTP 200
Server: nginx
Date: Mon, 15 Jun 2020 06:49:21 GMT
Content-Type: application/json
Content-Length: 823
Connection: keep-alive
Boulder-Requester: 14127352
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001VIa0fzPsYUAVNmAFhvdUtG7rUjBeSegVnQryWS8jh7Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "secure.<DOMAINNAME>.de"
},
"status": "pending",
"expires": "2020-06-22T06:49:21Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/65568508/hatuwg",
"token": "W68ceL9AChLF3lIpZgM5BwrHyoriSyShNtH1ZojvsJM"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/65568508/4AiWJw",
"token": "W68ceL9AChLF3lIpZgM5BwrHyoriSyShNtH1ZojvsJM"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/65568508/OKzx6g",
"token": "W68ceL9AChLF3lIpZgM5BwrHyoriSyShNtH1ZojvsJM"
}
]
}
Storing nonce: 0001VIa0fzPsYUAVNmAFhvdUtG7rUjBeSegVnQryWS8jh7Y
Performing the following challenges:
http-01 challenge for secure.<DOMAINNAME>.de
Adding a temporary challenge validation Include for name: secure.<DOMAINNAME>.de in: /etc/apache2/sites-enabled/004-Reverse-GINA.conf
Adding a temporary challenge validation Include for name: secure.<DOMAINNAME>.de in: /etc/apache2/sites-enabled/004-Reverse-GINA-le-ssl.conf
writing a pre config file with text:
RewriteEngine on
RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
writing a post config file with text:
<Directory /var/lib/letsencrypt/http_challenges>
Require all granted
</Directory>
<Location /.well-known/acme-challenge>
Require all granted
</Location>
Creating backup of /etc/apache2/sites-enabled/004-Reverse-GINA.conf
Creating backup of /etc/apache2/sites-enabled/004-Reverse-GINA-le-ssl.conf
Waiting for verification...
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about
challenges.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
JWS payload:
b'{\n "resource": "challenge",\n "type": "http-01"\n}'
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/65568508/hatuwg:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNDEyNzM1MiIsICJub25jZSI6ICIwMDAxVklhMGZ6UHNZVUFWTm1BRmh2ZFV0RzdyVWpCZVNlZ1ZuUXJ5V1M4amg3WSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My82NTU2ODUwOC9oYXR1d2cifQ",
"signature": "SNmEBnMcPNRvBDzrnY1ebp-HjosyW0IlIe5bBd-_B-nJtlU90DuaLCHGoBAcszhxlsQBmjgEcJgz453tD1GATIOYCIMrwo7OdwpmbYbP1zZfDc9zxCbhUxOJCL14rzWjl7yuRH-_lKMppRFH3XNkU9I96063Nz_jkN59v0_ZMkvifqp3wnhS-SuiR14BGyvxr23y9NtEv1wEag6gTayD4xuI7sJnljzoQS1Ahq1Tp6HwSPpksqWI6Tg0TFQQS2jgamK_lYC9DEibgpONuaiVo2fM_q4EWUbVElR6EdxW_Id0D-LWIrcy1mpj5-xhK4Psg7hO8LdFUR_V2uZWPkWBsA",
"payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/65568508/hatuwg HTTP/1.1" 200 191
Received response:
HTTP 200
Server: nginx
Date: Mon, 15 Jun 2020 06:49:32 GMT
Content-Type: application/json
Content-Length: 191
Connection: keep-alive
Boulder-Requester: 14127352
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/65568508>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/65568508/hatuwg
Replay-Nonce: 0002foMa2Eq9pm7Q_iGtquFiEGN8uxbeS3tQV5OAFyZoqLg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/65568508/hatuwg",
"token": "W68ceL9AChLF3lIpZgM5BwrHyoriSyShNtH1ZojvsJM"
}
Storing nonce: 0002foMa2Eq9pm7Q_iGtquFiEGN8uxbeS3tQV5OAFyZoqLg
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/65568508:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNDEyNzM1MiIsICJub25jZSI6ICIwMDAyZm9NYTJFcTlwbTdRX2lHdHF1RmlFR044dXhiZVMzdFFWNU9BRnlab3FMZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My82NTU2ODUwOCJ9",
"signature": "jAv9G3OUFUAqoUzW9O1qZenvOWbr-h2VFL4ztQmf9g89kXdNUehz1hhg81PrlatC6nx95tTU4qNzbK1IbsCylSLaMCirWIw97yBRA9ZWyeggBw_O20NpagHVNcn3dwTbIle34g6ZdDiotOUcJBLIThFPgvVoANK2A2t2zSqwxKMngOrfY9mPBeIbhubXJxHVnjrYOtsOxF03gsw3WTyykczeFazx8CRPoxHCRPzAt7pyX3G1QQEDnICCcmLH_hxcyoErWS9eKUdmfk6Q7fQE0eYYUGlbMUUXgAWu6icG6GVkE35kF5ivB9xeMydQz3I5G00qsuKF46d58cuMD4VM1Q",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/65568508 HTTP/1.1" 200 1234
Received response:
HTTP 200
Server: nginx
Date: Mon, 15 Jun 2020 06:49:36 GMT
Content-Type: application/json
Content-Length: 1234
Connection: keep-alive
Boulder-Requester: 14127352
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002EW3UrCB2VJY6wqZBjoMaz1fegglxWk9mBsiouFql1fg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "secure.<DOMAINNAME>.de"
},
"status": "invalid",
"expires": "2020-06-22T06:49:21Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://secure.<DOMAINNAME>.de/.well-known/acme-challenge/W68ceL9AChLF3lIpZgM5BwrHyoriSyShNtH1ZojvsJM [<X.X.X.X>]: \"\u003c!DOCTYPE html\u003e\\n\u003chtml\u003e\\n\u003chead\u003e\\n\u003cmeta charset=\\\"utf-8\\\"\u003e\\n\u003cstyle\u003ebody{font-family:Arial,Helvetica,sans-serif;font-size:12px;text-alig\"",
"status": 403
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/65568508/hatuwg",
"token": "W68ceL9AChLF3lIpZgM5BwrHyoriSyShNtH1ZojvsJM",
"validationRecord": [
{
"url": "http://secure.<DOMAINNAME>.de/.well-known/acme-challenge/W68ceL9AChLF3lIpZgM5BwrHyoriSyShNtH1ZojvsJM",
"hostname": "secure.<DOMAINNAME>.de",
"port": "80",
"addressesResolved": [
"<X.X.X.X>"
],
"addressUsed": "<X.X.X.X>"
}
]
}
]
}
Storing nonce: 0002EW3UrCB2VJY6wqZBjoMaz1fegglxWk9mBsiouFql1fg
Reporting to user: The following errors were reported by the server:
Domain: secure.<DOMAINNAME>.de
Type: unauthorized
Detail: Invalid response from http://secure.<DOMAINNAME>.de/.well-known/acme-challenge/W68ceL9AChLF3lIpZgM5BwrHyoriSyShNtH1ZojvsJM [<X.X.X.X>]: "<!DOCTYPE html>\n<html>\n<head>\n<meta charset=\"utf-8\">\n<style>body{font-family:Arial,Helvetica,sans-serif;font-size:12px;text-alig"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. secure.<DOMAINNAME>.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://secure.<DOMAINNAME>.de/.well-known/acme-challenge/W68ceL9AChLF3lIpZgM5BwrHyoriSyShNtH1ZojvsJM [<X.X.X.X>]: "<!DOCTYPE html>\n<html>\n<head>\n<meta charset=\"utf-8\">\n<style>body{font-family:Arial,Helvetica,sans-serif;font-size:12px;text-alig"
Calling registered functions
Cleaning up challenges
Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1250, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 310, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. secure.<DOMAINNAME>.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://secure.<DOMAINNAME>.de/.well-known/acme-challenge/W68ceL9AChLF3lIpZgM5BwrHyoriSyShNtH1ZojvsJM [<X.X.X.X>]: "<!DOCTYPE html>\n<html>\n<head>\n<meta charset=\"utf-8\">\n<style>body{font-family:Arial,Helvetica,sans-serif;font-size:12px;text-alig"
Failed authorization procedure. secure.<DOMAINNAME>.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://secure.<DOMAINNAME>.de/.well-known/acme-challenge/W68ceL9AChLF3lIpZgM5BwrHyoriSyShNtH1ZojvsJM [<X.X.X.X>]: "<!DOCTYPE html>\n<html>\n<head>\n<meta charset=\"utf-8\">\n<style>body{font-family:Arial,Helvetica,sans-serif;font-size:12px;text-alig"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: secure.<DOMAINNAME>.de
Type: unauthorized
Detail: Invalid response from
http://secure.<DOMAINNAME>.de/.well-known/acme-challenge/W68ceL9AChLF3lIpZgM5BwrHyoriSyShNtH1ZojvsJM
[<X.X.X.X>]: "<!DOCTYPE html>\n<html>\n<head>\n<meta
charset=\"utf-8\">\n<style>body{font-family:Arial,Helvetica,sans-serif;font-size:12px;text-alig"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Additional hints:
- IP and DNS is correct.
- If I open the Challenge Site (e.g. http://secure..de/.well-known/acme-challenge/W68ceL9AChLF3lIpZgM5BwrHyoriSyShNtH1ZojvsJM) from external I can see the token.
So at all Firewall, NAT and Apache seems to be configured correctly.
Has anyone a idea?
Thanks and Regards
Christian