Can't Make Certbot/Letsencrypt Work With NGINX HTTP-01 Challenge!?

countesscat · October 4, 2021, 9:24am

Hi! I can't make certbot issue a new certificate for a domain. Just installed WordPress and nothing fancy. I confirm the method I used to issue a certificate was working last month, but now is not. Can't make it work for over a week now. DNS is properly set. I confirm I can write and read a file from /root/.well-known/acme-challenge directory. Somehow it does not write the challenges

My domain is: teenwizards.com

I ran this command: certbot --nginx -d teenwizards.com -d www.teenwizards.com as root

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for teenwizards.com
http-01 challenge for www.teenwizards.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. teenwizards.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://teenwizards.com/.well-known/acme-challenge/wr-bSdyHlYwyyG3E3-N5MVU-S2aG-3pLP4STaDH_iL4 [79.124.52.82]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>", www.teenwizards.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.teenwizards.com/.well-known/acme-challenge/n0rem-vqIxuPBFk4HZW7g8jj7yCPa76FwhJvHSzbDrw [79.124.52.82]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: teenwizards.com
   Type:   unauthorized
   Detail: Invalid response from
   http://teenwizards.com/.well-known/acme-challenge/wr-bSdyHlYwyyG3E3-N5MVU-S2aG-3pLP4STaDH_iL4
   [79.124.52.82]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   Domain: www.teenwizards.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.teenwizards.com/.well-known/acme-challenge/n0rem-vqIxuPBFk4HZW7g8jj7yCPa76FwhJvHSzbDrw
   [79.124.52.82]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): nginx version: nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu Linux 18.04.6

My hosting provider, if applicable, is: N/A, I collocate servers

I can login to a root shell on my machine: yes

I'm using a control panel to manage my site: no

The version of my client is: certbot 0.31.0

The full log from /var/log/letsencrypt/letsencrypt.log is...

2021-10-04 09:08:58,192:DEBUG:certbot.main:certbot version: 0.31.0
2021-10-04 09:08:58,193:DEBUG:certbot.main:Arguments: ['--nginx', '-d', 'teenwizards.com', '-d', 'www.teenwizards.com']
2021-10-04 09:08:58,194:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-cloudflare,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-10-04 09:08:58,203:DEBUG:certbot.log:Root logging level set at 20
2021-10-04 09:08:58,204:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-10-04 09:08:58,205:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2021-10-04 09:09:08,903:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f8fa3d14e80>
Prep: True
2021-10-04 09:09:08,904:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7f8fa3d14e80> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7f8fa3d14e80>
2021-10-04 09:09:08,904:INFO:certbot.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2021-10-04 09:09:08,909:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f8fa3191d68>)>), contact=('mailto:director@countesscat.com',), agreement='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf', status='valid', terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v01.api.letsencrypt.org/acme/reg/37165017', new_authzr_uri='https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'), 47d2623526fa78f5f1d732225b700b06, Meta(creation_dt=datetime.datetime(2018, 6, 25, 7, 8, 49, tzinfo=<UTC>), creation_host='Wonder'))>
2021-10-04 09:09:08,910:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-10-04 09:09:08,912:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2021-10-04 09:09:09,662:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-10-04 09:09:09,663:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 04 Oct 2021 09:09:09 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "5gpyHAVJgRY": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-10-04 09:09:09,830:INFO:certbot.main:Obtaining a new certificate
2021-10-04 09:09:09,969:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/5769_key-certbot.pem
2021-10-04 09:09:10,040:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/5769_csr-certbot.pem
2021-10-04 09:09:10,041:DEBUG:acme.client:Requesting fresh nonce
2021-10-04 09:09:10,041:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-10-04 09:09:10,228:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-10-04 09:09:10,229:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 04 Oct 2021 09:09:10 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001Im50KRJ9-kB-5VCP_ZBZmgc_pu87s_wBoM0dDY9OcKs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-10-04 09:09:10,229:DEBUG:acme.client:Storing nonce: 0001Im50KRJ9-kB-5VCP_ZBZmgc_pu87s_wBoM0dDY9OcKs
2021-10-04 09:09:10,230:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "teenwizards.com"\n    },\n    {\n      "type": "dns",\n      "value": "www.teenwizards.com"\n    }\n  ]\n}'
2021-10-04 09:09:10,236:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNzE2NTAxNyIsICJub25jZSI6ICIwMDAxSW01MEtSSjkta0ItNVZDUF9aQlptZ2NfcHU4N3Nfd0JvTTBkRFk5T2NLcyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
  "signature": "Oj218IKgfVbL5_qgaZNtkt5RT-Z3Gsfpwlsu1gc1wxJbkKXVz22SAmv451Vuhf2DliKyEq1HANV9xIR6BTEp1AV9xPcEAFAx-hAU71bOYltUd4O1OpsGrJJsOIRhEkXZ5cEOGdkZwGiaUw4Z-sk6liB5SHPc0gEMmGViuu9ZI2MF0uhk7SAuiP6zjIiVhOvd3Y_0NEfSa26Atx8Ow77KPtFEsp4PmYafOMjfduqJwf8vWS6iHDJMrld_ikgT6WHH16w1r1YpsQFMKimoM5S1HiFx21ykGED5fOZ3a_VhHefF0yn65foZS2R25rHXzh7TnBtq4rYcvcE5NRIvEWK6jQ",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInRlZW53aXphcmRzLmNvbSIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJ3d3cudGVlbndpemFyZHMuY29tIgogICAgfQogIF0KfQ"
}
2021-10-04 09:09:10,638:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 478
2021-10-04 09:09:10,639:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Mon, 04 Oct 2021 09:09:10 GMT
Content-Type: application/json
Content-Length: 478
Connection: keep-alive
Boulder-Requester: 37165017
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/37165017/29341245040
Replay-Nonce: 0001pvuYUbCa4pEru8hpKCtEzpyJaQ0oVdf3nUuY-FGzmVs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-10-11T09:09:10Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "teenwizards.com"
    },
    {
      "type": "dns",
      "value": "www.teenwizards.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/36893317350",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/36893317360"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/37165017/29341245040"
}
2021-10-04 09:09:10,639:DEBUG:acme.client:Storing nonce: 0001pvuYUbCa4pEru8hpKCtEzpyJaQ0oVdf3nUuY-FGzmVs
2021-10-04 09:09:10,639:DEBUG:acme.client:JWS payload:
b''
2021-10-04 09:09:10,642:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/36893317350:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNzE2NTAxNyIsICJub25jZSI6ICIwMDAxcHZ1WVViQ2E0cEVydThocEtDdEV6cHlKYVEwb1ZkZjNuVXVZLUZHem1WcyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzY4OTMzMTczNTAifQ",
  "signature": "ZMP_K_wHRFU1640OsWdzsl1w9uPthKdA2f9pFD0OXtb2jC_Ummxayka3f0LwacfqPoKEBYcaxcsNHfX4lq7jeaZg6nLZLoN_vzeM_mYfUInK2ZTdB6R5D1HJjzDaZYC_pFKj09fQNAvSwBllHk-mWgyFL9YF6sDyNyvaObrL_rhlbkqS0aM1KlAEtZj-Jw5nl426US23YL128xMw6VbbOTrW8IMiGEWpgj0txu4CN_ebO0Hij4VaF3RR4hC4S4oaYHUdWXT6l_vJQVBpNqjhkbCUJ2RJEKOeqHpYxkqtRD6Vydqy7dMp2Vlpo92MO-31Cbrnnw_zXdDQ5wzuzHSN_A",
  "payload": ""
}
2021-10-04 09:09:10,828:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/36893317350 HTTP/1.1" 200 796
2021-10-04 09:09:10,828:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 04 Oct 2021 09:09:10 GMT
Content-Type: application/json
Content-Length: 796
Connection: keep-alive
Boulder-Requester: 37165017
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001kHhId_ynIXL9yDFATPdDewwnEskyDXNDYxHnZpo6wTY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "teenwizards.com"
  },
  "status": "pending",
  "expires": "2021-10-11T09:09:10Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/36893317350/F98keQ",
      "token": "wr-bSdyHlYwyyG3E3-N5MVU-S2aG-3pLP4STaDH_iL4"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/36893317350/iHbCJQ",
      "token": "wr-bSdyHlYwyyG3E3-N5MVU-S2aG-3pLP4STaDH_iL4"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/36893317350/YLz2CQ",
      "token": "wr-bSdyHlYwyyG3E3-N5MVU-S2aG-3pLP4STaDH_iL4"
    }
  ]
}
2021-10-04 09:09:10,828:DEBUG:acme.client:Storing nonce: 0001kHhId_ynIXL9yDFATPdDewwnEskyDXNDYxHnZpo6wTY
2021-10-04 09:09:10,829:DEBUG:acme.client:JWS payload:
b''
2021-10-04 09:09:10,832:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/36893317360:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNzE2NTAxNyIsICJub25jZSI6ICIwMDAxa0hoSWRfeW5JWEw5eURGQVRQZERld3duRXNreURYTkRZeEhuWnBvNndUWSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzY4OTMzMTczNjAifQ",
  "signature": "EynGOpXA5gVIWmkrQb6sVqfhA4atR5E3vRir74dLmyUQVswyivJ_quiO_VrEz4ceUnBDP1MOfv2NXTCAcMZeXgqDbNxkGuV4DXwR6uxpOKR59wKIYGVyFfHNK-DBujacKtWKPGiqerAXt_sQeUa2OzJ5guJifHpSEyLqgVja6uentYJF5R0PBqeWTSEKJzsxBYtbUpdpncwVSKElo700cjFB_n1S23NTxRyx0g9x3uCgd31iu0DJsx4ogrbWzVmSwzjjICPWIW34rz38cEsGwFkGKnxAU6BxwFYPsPW2O9i2-Yf_v1P9FQnMk6bvg2HNY1jafqJXjQAv365_mVjP2w",
  "payload": ""
}
2021-10-04 09:09:11,106:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/36893317360 HTTP/1.1" 200 800
2021-10-04 09:09:11,107:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 04 Oct 2021 09:09:11 GMT
Content-Type: application/json
Content-Length: 800
Connection: keep-alive
Boulder-Requester: 37165017
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002vCwZS01jL-OCCSJsUJ_C8KcPe3vX39l3_E7Ddk9tzrs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.teenwizards.com"
  },
  "status": "pending",
  "expires": "2021-10-11T09:09:10Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/36893317360/dv649A",
      "token": "n0rem-vqIxuPBFk4HZW7g8jj7yCPa76FwhJvHSzbDrw"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/36893317360/nzjD-A",
      "token": "n0rem-vqIxuPBFk4HZW7g8jj7yCPa76FwhJvHSzbDrw"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/36893317360/f6Mv9Q",
      "token": "n0rem-vqIxuPBFk4HZW7g8jj7yCPa76FwhJvHSzbDrw"
    }
  ]
}
2021-10-04 09:09:11,107:DEBUG:acme.client:Storing nonce: 0002vCwZS01jL-OCCSJsUJ_C8KcPe3vX39l3_E7Ddk9tzrs
2021-10-04 09:09:11,108:INFO:certbot.auth_handler:Performing the following challenges:
2021-10-04 09:09:11,108:INFO:certbot.auth_handler:http-01 challenge for teenwizards.com
2021-10-04 09:09:11,108:INFO:certbot.auth_handler:http-01 challenge for www.teenwizards.com
2021-10-04 09:09:14,759:DEBUG:certbot_nginx.http_01:Generated server block:
[]

2021-10-04 09:09:14,764:DEBUG:certbot.reverter:Creating backup of /etc/nginx/common/php.conf
2021-10-04 09:09:14,764:DEBUG:certbot.reverter:Creating backup of /etc/nginx/common/acl.conf
2021-10-04 09:09:14,767:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/teenwizards.com
2021-10-04 09:09:14,775:DEBUG:certbot.reverter:Creating backup of /etc/nginx/common/php7.4.conf
2021-10-04 09:09:14,780:DEBUG:certbot.reverter:Creating backup of /etc/nginx/common/wp-php7.4.conf
2021-10-04 09:09:14,782:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
2021-10-04 09:09:14,789:DEBUG:certbot.reverter:Creating backup of /etc/nginx/common/locations.conf
2021-10-04 09:09:14,791:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
2021-10-04 09:09:14,794:DEBUG:certbot.reverter:Creating backup of /etc/nginx/cloudflare-ips
2021-10-04 09:09:14,808:DEBUG:certbot.reverter:Creating backup of /etc/nginx/common/w3tc-php7.4.conf
2021-10-04 09:09:14,808:DEBUG:certbot.reverter:Creating backup of /etc/nginx/common/wpcommon.conf
2021-10-04 09:09:14,814:DEBUG:certbot.reverter:Creating backup of /etc/letsencrypt/options-ssl-nginx.conf
2021-10-04 09:09:14,817:DEBUG:certbot.reverter:Creating backup of /etc/nginx/common/php5.6.conf
2021-10-04 09:09:14,820:DEBUG:certbot_nginx.parser:Writing nginx conf tree to /etc/nginx/nginx.conf:
user superman;
worker_processes auto;
worker_rlimit_nofile 100000;
pid /run/nginx.pid;

events {
  worker_connections 10240;
        use epoll;
  multi_accept off;
}

http {
include /etc/letsencrypt/le_http_01_cert_challenge.conf;
  ##
  # Vulterability Protections
  ##
  add_header X-XSS-Protection "1; mode=block";

  ##
  # EasyEngine Settings
  ##
  #
  server_names_hash_max_size 8192;
    server_names_hash_bucket_size 1024;
  access_log off;
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 90;
  types_hash_max_size 2048;

  server_tokens off;
  reset_timedout_connection on;
  add_header X-Powered-By "God";
  add_header rt-Fastcgi-Cache $upstream_cache_status;

# CloudFlare Settings
    include /etc/nginx/cloudflare-ips;

  # Proxy Settings
  # set_real_ip_from  proxy-server-ip;
  # real_ip_header  X-Forwarded-For;

  # Limit Request
  limit_req_status 403;
  limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;

  fastcgi_read_timeout 900;
  fastcgi_connect_timeout 90;
  fastcgi_send_timeout 900;
  client_max_body_size 100m;

  ##
  # SSL Settings
  ##

  #ssl_session_cache shared:SSL:20m;
  #ssl_session_timeout 10m;
  #ssl_prefer_server_ciphers on;
  #ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHADHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!ECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
  #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  include /etc/letsencrypt/options-ssl-nginx.conf;

  ##
  # Basic Settings
  ##
  # server_names_hash_bucket_size 64;
  # server_name_in_redirect off;

  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  ##
  # Logging Settings
  ##

  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;

  # Log format Settings
  log_format rt_cache '$http_cf_connecting_ip $http_x_forwarded_for $remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
  '$http_host "$request" $status $body_bytes_sent '
  '"$http_referer" "$http_user_agent"';

  ##
  # Gzip Settings
  ##

  gzip on;
  gzip_disable "msie6";

  gzip_vary on;
  gzip_proxied any;
  gzip_comp_level 5;
    gzip_min_length 256;
  gzip_buffers 16 8k;
  gzip_http_version 1.1;
    gzip_types
    application/atom+xml
    application/javascript
    application/json
    application/ld+json
    application/manifest+json
    application/rss+xml
    application/vnd.geo+json
    application/vnd.ms-fontobject
    application/x-font-ttf
    application/x-web-app-manifest+json
    application/xhtml+xml
    application/xml
    font/opentype
    image/bmp
    image/svg+xml
    image/x-icon
    text/cache-manifest
    text/css
    text/plain
    text/vcard
    text/vnd.rim.location.xloc
    text/vtt
    text/x-component
    text/x-cross-domain-policy;

  ##
  # Virtual Host Configs
  ##

  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/sites-enabled/*;
}

#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
#   listen     localhost:110;
#   protocol   pop3;
#   proxy      on;
# }
#
# server {
#   listen     localhost:143;
#   protocol   imap;
#   proxy      on;
# }
#}

2021-10-04 09:09:14,825:DEBUG:certbot_nginx.parser:Writing nginx conf tree to /etc/nginx/sites-enabled/teenwizards.com:
server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot

rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot


    listen 79.124.52.82:80;
    server_name teenwizards.com   www.teenwizards.com;

    access_log /var/log/nginx/teenwizards.com.access.log rt_cache; 
    error_log /var/log/nginx/teenwizards.com.error.log;

    root /var/www/teenwizards.com/htdocs;

    index index.php index.html index.htm;

    include common/php.conf;      
    include common/wpcommon.conf;
    include common/locations.conf;
    include /var/www/teenwizards.com/conf/nginx/*.conf;
location = /.well-known/acme-challenge/wr-bSdyHlYwyyG3E3-N5MVU-S2aG-3pLP4STaDH_iL4{default_type text/plain;return 200 wr-bSdyHlYwyyG3E3-N5MVU-S2aG-3pLP4STaDH_iL4.LcMBkzOefO9D3NaxdHLlKj7aigcjwNvDc_eq2AH6PWQ;} # managed by Certbot

location = /.well-known/acme-challenge/n0rem-vqIxuPBFk4HZW7g8jj7yCPa76FwhJvHSzbDrw{default_type text/plain;return 200 n0rem-vqIxuPBFk4HZW7g8jj7yCPa76FwhJvHSzbDrw.LcMBkzOefO9D3NaxdHLlKj7aigcjwNvDc_eq2AH6PWQ;} # managed by Certbot

}

2021-10-04 09:09:16,216:INFO:certbot.auth_handler:Waiting for verification...
2021-10-04 09:09:16,217:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "challenge",\n  "type": "http-01"\n}'
2021-10-04 09:09:16,220:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/36893317350/F98keQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNzE2NTAxNyIsICJub25jZSI6ICIwMDAydkN3WlMwMWpMLU9DQ1NKc1VKX0M4S2NQZTN2WDM5bDNfRTdEZGs5dHpycyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMzY4OTMzMTczNTAvRjk4a2VRIn0",
  "signature": "CGmNkFNGDDBNqE56RERlId0Aq5t0fdBAREFtKk4gA4zrMICDHkXZQpJ06ZJkmKkE-wTz9Yoo0T3s8ef8II5Aa4kggAKYjYUQUUqvUvMbAhwytM5L4OFYA9CdwHRYmhmfjZxSDr_N02LYUBAFxtlsTaBpf1n9MzAHIhQZmO8d79ORXJ7nlqiyXa8HQCDTT--UcHIqKnc1zMftULQelBeF6ZgvPNjJDXBHyS85ulv4r1seVrzfZ67HZZD5ZRgkxhsJu7cVXA8u0bYDmgntHqI1gotj8GM83WkCHtmleqzIPRVUxOCDkpR4WZKoPYLGc0UyAwtpMBZiSf3bqXXfb40pfA",
  "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
2021-10-04 09:09:16,424:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/36893317350/F98keQ HTTP/1.1" 200 186
2021-10-04 09:09:16,425:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 04 Oct 2021 09:09:16 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 37165017
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/36893317350>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/36893317350/F98keQ
Replay-Nonce: 0002hmdkbqkDFbrTDnFclgPyZAPrAPiJ_b-8YDA7r5is8Pc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/36893317350/F98keQ",
  "token": "wr-bSdyHlYwyyG3E3-N5MVU-S2aG-3pLP4STaDH_iL4"
}
2021-10-04 09:09:16,425:DEBUG:acme.client:Storing nonce: 0002hmdkbqkDFbrTDnFclgPyZAPrAPiJ_b-8YDA7r5is8Pc
2021-10-04 09:09:16,426:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "challenge",\n  "type": "http-01"\n}'
2021-10-04 09:09:16,429:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/36893317360/dv649A:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNzE2NTAxNyIsICJub25jZSI6ICIwMDAyaG1ka2Jxa0RGYnJURG5GY2xnUHlaQVByQVBpSl9iLThZREE3cjVpczhQYyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMzY4OTMzMTczNjAvZHY2NDlBIn0",
  "signature": "F8sUXdsLwoi1gZ-q3i-fw-2aSkIte8_1A7Ju9HjCCzBBCNLE4ynvXTrI3pJJTlY7Cde5YPI8wzghqrGcy6f5iGlxqr6MqzbIs_4OjncdoGDq_rfZgrvLG_TVh9tYa8UOn3OUFQm8JYMp8bVEUmLSl7juZUhrDqSmwbcWhDwnRWFC2qoZKh0rOpL3r6J1A0pnsVgXr7VleGR2e5TMY7ugVsUTeoZ8ZlzBjklwrlza1kj9y8Uusj_1PSGj4aOVTh76WzZfeVz5ptVSsQ08IfX4Wjq3jNB1c2dQTYEGAc41poEUm4GLbkbMzJMWWN9HRbO3PE42xmFPDsvjQxvGOo3PSg",
  "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
2021-10-04 09:09:16,621:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/36893317360/dv649A HTTP/1.1" 200 186
2021-10-04 09:09:16,622:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 04 Oct 2021 09:09:16 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 37165017
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/36893317360>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/36893317360/dv649A
Replay-Nonce: 0001nWMCtkZ5U9BFKLCHz3cbMAaG1R3Pu76wpuL9TeX8ZFA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/36893317360/dv649A",
  "token": "n0rem-vqIxuPBFk4HZW7g8jj7yCPa76FwhJvHSzbDrw"
}
2021-10-04 09:09:16,623:DEBUG:acme.client:Storing nonce: 0001nWMCtkZ5U9BFKLCHz3cbMAaG1R3Pu76wpuL9TeX8ZFA
2021-10-04 09:09:19,626:DEBUG:acme.client:JWS payload:
b''
2021-10-04 09:09:19,629:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/36893317350:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNzE2NTAxNyIsICJub25jZSI6ICIwMDAxbldNQ3RrWjVVOUJGS0xDSHozY2JNQWFHMVIzUHU3NndwdUw5VGVYOFpGQSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzY4OTMzMTczNTAifQ",
  "signature": "TL1TvhxkOhTSxhwzkxUy35XvQwswuKmVHXmyxcTILXaF9T0ymfjGc3lWua9t1qTYSctpmxgEVLZKaRyCzwKzU5uIGxJ4yMUaB50IGQovb3QcFPeW3JrlX1XPuAOnpA3CypsbJN2mGk3QQMIcmPX9yh_0nHgw9CGqULOQg8A_Lrgxc5E7xrCDdAW88XYLCYzPqcZpIPGd7_2N1VBwWzncNZNIFdveDxOXYgKeTvFYz2ZN-fVnbd2cLi6TS0Lg8Tx_sqtABXNWzSo1W9S8gPxCPNCUBZDM7wPRlQLlVsT22CNhdc0M33BWw3RwgNOGeBgFUnal4wc8-ZXyC6aqig62yA",
  "payload": ""
}
2021-10-04 09:09:19,812:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/36893317350 HTTP/1.1" 200 1296
2021-10-04 09:09:19,813:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 04 Oct 2021 09:09:19 GMT
Content-Type: application/json
Content-Length: 1296
Connection: keep-alive
Boulder-Requester: 37165017
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002uad0n2btIn4kADIi1HbsQWmXvhsixM-pvpmxPHorZ3Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "teenwizards.com"
  },
  "status": "invalid",
  "expires": "2021-10-11T09:09:10Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "Invalid response from http://teenwizards.com/.well-known/acme-challenge/wr-bSdyHlYwyyG3E3-N5MVU-S2aG-3pLP4STaDH_iL4 [79.124.52.82]: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody bgcolor=\\\"white\\\"\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003e\"",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/36893317350/F98keQ",
      "token": "wr-bSdyHlYwyyG3E3-N5MVU-S2aG-3pLP4STaDH_iL4",
      "validationRecord": [
        {
          "url": "http://teenwizards.com/.well-known/acme-challenge/wr-bSdyHlYwyyG3E3-N5MVU-S2aG-3pLP4STaDH_iL4",
          "hostname": "teenwizards.com",
          "port": "80",
          "addressesResolved": [
            "79.124.52.82"
          ],
          "addressUsed": "79.124.52.82"
        }
      ],
      "validated": "2021-10-04T09:09:16Z"
    }
  ]
}
2021-10-04 09:09:19,813:DEBUG:acme.client:Storing nonce: 0002uad0n2btIn4kADIi1HbsQWmXvhsixM-pvpmxPHorZ3Y
2021-10-04 09:09:19,814:DEBUG:acme.client:JWS payload:
b''
2021-10-04 09:09:19,818:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/36893317360:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNzE2NTAxNyIsICJub25jZSI6ICIwMDAydWFkMG4yYnRJbjRrQURJaTFIYnNRV21YdmhzaXhNLXB2cG14UEhvclozWSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzY4OTMzMTczNjAifQ",
  "signature": "PuRf0wZjZd4m_3dtSBnSRrlOClvsB_aSMyGSydjz3Vj2ubE-5LPhLpUOH3Pvxe6KcoHk79t2YtaM92v0Px5KqsVFJt2q87GiUwW_R7ASp-TEineRWjlIm5atVfgbmpLqIFRVMlN8qpb7bOBZkgpfYEC6Sjk7MjrYn7y982bngKqH5PSaSbgq7tTsTY-7_2oH_Tz352T1Uz-fgx2wjDwsyl6qIO-IFvjUg1YI2zeIKE4ruRIEg5jwhEK8kb35A747KvhIlIzZya7GFPcc5Xayr4oTvuBjawBeVu5ISHetEjRMKedET66l4GxsuE8mvt_ykL49emdS-V5Sp9eCREzWPQ",
  "payload": ""
}
2021-10-04 09:09:20,008:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/36893317360 HTTP/1.1" 200 1312
2021-10-04 09:09:20,009:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 04 Oct 2021 09:09:19 GMT
Content-Type: application/json
Content-Length: 1312
Connection: keep-alive
Boulder-Requester: 37165017
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001JPqizOalmu93zsugQSQP1sSCDPL2DoiXnNlSEwmiTDw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.teenwizards.com"
  },
  "status": "invalid",
  "expires": "2021-10-11T09:09:10Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "Invalid response from http://www.teenwizards.com/.well-known/acme-challenge/n0rem-vqIxuPBFk4HZW7g8jj7yCPa76FwhJvHSzbDrw [79.124.52.82]: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody bgcolor=\\\"white\\\"\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003e\"",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/36893317360/dv649A",
      "token": "n0rem-vqIxuPBFk4HZW7g8jj7yCPa76FwhJvHSzbDrw",
      "validationRecord": [
        {
          "url": "http://www.teenwizards.com/.well-known/acme-challenge/n0rem-vqIxuPBFk4HZW7g8jj7yCPa76FwhJvHSzbDrw",
          "hostname": "www.teenwizards.com",
          "port": "80",
          "addressesResolved": [
            "79.124.52.82"
          ],
          "addressUsed": "79.124.52.82"
        }
      ],
      "validated": "2021-10-04T09:09:16Z"
    }
  ]
}
2021-10-04 09:09:20,009:DEBUG:acme.client:Storing nonce: 0001JPqizOalmu93zsugQSQP1sSCDPL2DoiXnNlSEwmiTDw
2021-10-04 09:09:20,010:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: teenwizards.com
Type:   unauthorized
Detail: Invalid response from http://teenwizards.com/.well-known/acme-challenge/wr-bSdyHlYwyyG3E3-N5MVU-S2aG-3pLP4STaDH_iL4 [79.124.52.82]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"

Domain: www.teenwizards.com
Type:   unauthorized
Detail: Invalid response from http://www.teenwizards.com/.well-known/acme-challenge/n0rem-vqIxuPBFk4HZW7g8jj7yCPa76FwhJvHSzbDrw [79.124.52.82]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2021-10-04 09:09:20,011:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. teenwizards.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://teenwizards.com/.well-known/acme-challenge/wr-bSdyHlYwyyG3E3-N5MVU-S2aG-3pLP4STaDH_iL4 [79.124.52.82]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>", www.teenwizards.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.teenwizards.com/.well-known/acme-challenge/n0rem-vqIxuPBFk4HZW7g8jj7yCPa76FwhJvHSzbDrw [79.124.52.82]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"

2021-10-04 09:09:20,011:DEBUG:certbot.error_handler:Calling registered functions
2021-10-04 09:09:20,011:INFO:certbot.auth_handler:Cleaning up challenges
2021-10-04 09:09:32,051:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1119, in run
    certname, lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 410, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. teenwizards.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://teenwizards.com/.well-known/acme-challenge/wr-bSdyHlYwyyG3E3-N5MVU-S2aG-3pLP4STaDH_iL4 [79.124.52.82]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>", www.teenwizards.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.teenwizards.com/.well-known/acme-challenge/n0rem-vqIxuPBFk4HZW7g8jj7yCPa76FwhJvHSzbDrw [79.124.52.82]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"

Any ideas, please?

rg305 · October 4, 2021, 9:29am

verify the IP address is as expected:

review the HTTP vhost config for that FQDN
[or post it here and we can help]
place a test file in the expected challenge location and see if it can be reach from the Internet
use the LE staging environment until all tests have been passed (before switching back to LE production environment)

countesscat · October 4, 2021, 9:37am

HI! Thanks for your reply!

It is.

It is totally fine.

server {
    listen 79.124.52.82:80;
    server_name teenwizards.com   www.teenwizards.com;

    access_log /var/log/nginx/teenwizards.com.access.log rt_cache; 
    error_log /var/log/nginx/teenwizards.com.error.log;

    root /var/www/teenwizards.com/htdocs;

    index index.php index.html index.htm;

    include common/php.conf;      
    include common/wpcommon.conf;
    include common/locations.conf;
    include /var/www/teenwizards.com/conf/nginx/*.conf;
}

The included conf files as follows:
php.conf

# PHP NGINX CONFIGURATION
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
location / {
  try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
  try_files $uri =404;
  include fastcgi_params;
  fastcgi_pass 127.0.0.1:9000;
}

wpcommon.conf

# WordPress COMMON SETTINGS
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
# Limit access to avoid brute force attack
location = /wp-login.php {
  limit_req zone=one burst=1 nodelay;
  include fastcgi_params;
  fastcgi_pass 127.0.0.1:9000;
}
# Disable wp-config.txt
location = /wp-config.txt {
  deny all;
  access_log off;
  log_not_found off;
}
# Disallow php in upload folder
location /wp-content/uploads/ {
  location ~ \.php$ {
    #Prevent Direct Access Of PHP Files From Web Browsers
    deny all;
  }
}

locations.conf

# NGINX CONFIGURATION FOR COMMON LOCATION
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
# Basic locations files
location = /favicon.ico {
  access_log off;
  log_not_found off;
  expires max;
}
location = /robots.txt {
  # Some WordPress plugin gererate robots.txt file
  # Refer #340 issue
  try_files $uri $uri/ /index.php?$args;
  access_log off;
  log_not_found off;
}
# Cache static files
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf)$ {
  add_header "Access-Control-Allow-Origin" "*";
  access_log off;
  log_not_found off;
  expires max;
}
# Security settings for better privacy
# Deny hidden files
location ~ /\.well-known {
  allow all;
}
location ~ /\. {
  deny all;
  access_log off;
  log_not_found off;
}
# Deny backup extensions & log files
location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ {
  deny all;
  access_log off;
  log_not_found off;
}
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") {
  return 403;
}
# Status pages
location = /nginx_status {
  stub_status on;
  access_log off;
  include common/acl.conf;
}
location ~ ^/(status|ping)$ {
  include fastcgi_params;
  fastcgi_pass 127.0.0.1:9000;
  include common/acl.conf;
}
# EasyEngine (ee) utilities
# phpMyAdmin settings
location = /pma {
  return 301 https://$host:22222/db/pma;
}
location = /phpMyAdmin {
  return 301 https://$host:22222/db/pma;
}
location = /phpmyadmin {
  return 301 https://$host:22222/db/pma;
}
# Adminer settings
location = /adminer {
  return 301 https://$host:22222/db/adminer;
}

    ## Block SQL injections
    set $block_sql_injections 0;
    if ($query_string ~ "union.*select.*\(") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "union.*all.*select.*") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "concat.*\(") {
        set $block_sql_injections 1;
    }
    # x3 from S start
    if ($query_string ~ "%27a=0") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "\'a=0") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "union all select") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "union\ all\ select") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "waitfor delay") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "dbms_pipe\.receive_message") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "select.*\(") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "waitfor(.*)delay") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "and.*sleep\(") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "\/etc\/passwd") {
        set $block_sql_injections 1;
    }
    #if ($query_string ~ "sample\@email\.tst") {
    #    set $block_sql_injections 1;
    #}
    #if ($query_string ~ "and.*\=.*and.*\=") {
    #    set $block_sql_injections 1;
    #}
    # x3 from S end
    if ($block_sql_injections = 1) {
        return 403;
    }

    ## Block file injections
    set $block_file_injections 0;
    if ($query_string ~ "[a-zA-Z0-9_]=http://") {
        set $block_file_injections 1;
    }
    if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {
        set $block_file_injections 1;
    }
    if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") {
        set $block_file_injections 1;
    }
    if ($block_file_injections = 1) {
        return 403;
    }

    ## Block common exploits
    set $block_common_exploits 0;
    if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "proc/self/environ") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "base64_(en|de)code\(.*\)") {
        set $block_common_exploits 1;
    }
    if ($block_common_exploits = 1) {
        return 403;
    }
    
# known hack attempts
deny 103.106.35.218;
deny 104.208.137.224;
deny 104.215.122.106;
deny 104.46.0.177;
deny 105.157.163.211;
deny 109.202.111.140;
deny 13.233.225.82;
deny 13.56.236.197;
deny 13.58.131.92;
deny 13.68.171.87;
deny 13.90.197.137;
deny 13.90.45.49;
deny 13.90.79.167;
deny 13.92.124.209;
deny 13.92.16.147;
deny 137.117.39.200;
deny 137.135.117.150;
deny 138.91.140.65;
deny 138.99.216.233;
deny 141.98.80.58;
deny 141.98.80.95;
deny 141.98.81.178;
deny 141.98.81.179;
deny 141.98.81.183;
deny 141.98.81.196;
deny 141.98.83.6;
deny 141.98.9.212;
deny 141.98.9.222;
deny 162.241.204.227;
deny 171.241.55.144;
deny 176.121.14.179;
deny 176.121.14.181;
deny 176.121.14.183;
deny 176.121.14.184;
deny 176.121.14.186;
deny 176.121.14.187;
deny 176.121.14.188;
deny 176.121.14.189;
deny 176.121.14.191;
deny 176.121.14.198;
deny 178.239.173.236;
deny 18.191.83.211;
deny 184.168.200.49;
deny 185.191.228.163;
deny 185.222.209.212;
deny 185.92.25.21;
deny 190.233.151.114;
deny 195.162.24.206;
deny 196.75.41.198;
deny 198.211.113.130;
deny 198.71.230.55;
deny 203.192.238.241;
deny 205.186.180.19;
deny 216.151.183.191;
deny 216.163.188.191;
deny 24.191.5.193;
deny 3.120.31.239;
deny 3.19.219.137;
deny 31.167.72.219;
deny 35.158.124.52;
deny 40.117.173.158;
deny 40.117.252.209;
deny 40.124.52.222;
deny 40.78.43.110;
deny 40.84.148.254;
deny 40.84.233.110;
deny 40.85.146.62;
deny 45.227.253.36;
deny 45.227.253.54;
deny 45.227.253.58;
deny 45.227.253.62;
deny 45.227.253.66;
deny 45.227.255.149;
deny 45.227.255.227;
deny 45.227.255.58;
deny 45.32.92.162;
deny 46.22.174.170;
deny 5.188.86.10;
deny 5.188.86.156;
deny 5.188.86.218;
deny 51.79.26.156;
deny 52.168.178.142;
deny 52.168.50.10;
deny 52.170.130.85;
deny 52.191.172.244;
deny 52.233.79.206;
deny 52.247.219.45;
deny 52.251.48.186;
deny 63.246.135.140;
deny 66.215.122.237;
deny 67.55.94.84;
deny 69.10.63.244;
deny 69.167.39.222;
deny 69.181.200.5;
deny 70.37.51.240;
deny 70.37.51.62;
deny 81.135.249.57;
deny 82.205.70.58;
deny 86.162.173.55;
deny 88.198.156.185;
deny 88.20.150.78;
deny 91.173.253.90;
deny 91.232.125.222;
deny 95.142.124.20;
deny 185.244.217.235;
deny 195.54.161.239;

Already stated in the original post that this is possible.

You mean --dry-run?

rg305 · October 4, 2021, 9:46am

Yes.

OK then --nginx is not going to work here.
Let's break that down into parts:

authentication
for this domain you can switch to --webroot -w /var/www/teenwizards.com/htdocs
installation
you can skip this part for now with -i null

countesscat · October 4, 2021, 9:57am

OK. And the problems begin. I modified the nginx conf for the site just like the --nginx would do. Oddly enough, it does not automatically redirect to HTTPS version and when I try to visit the HTTPS version directly, there is a warning that the certificate is for another domain, but it should not be. I entered the paths in the config correctly.

This way it issues the cert, but there is the problem above...

countesscat · October 4, 2021, 9:59am

Restarting nginx and clearing my browser cache helped solve it.
Any ideas why the --nginx is not working after all? I have to do this for other domains, too. This manual process is such a pain,,,

rg305 · October 4, 2021, 10:06am

That is an EE question.

countesscat · October 4, 2021, 10:09am

I don't think so. No config change was made on the server and it used to work with the nginx plugin last month. Will check EE logs...

rg305 · October 4, 2021, 10:17am

That's good to know.

I would have to disagree - something must have changed (or this would still be working).

countesscat · October 4, 2021, 10:29am

Maybe some update screwed it up, but not sure what to check, yet. Does the original post full log look good to you?

rg305 · October 4, 2021, 10:37am

No.
Good is when you get a cert!
LOL

countesscat · October 4, 2021, 10:52am

Right!

system · November 3, 2021, 10:53am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.