Hi Juergen,
Thank you for fast reply.
both domains (mydomain.com and sub.mydomain.com) are in the same webroot and are both
reacheable over the browser. mydomain.com over https: and sub.mydomain.com over http:
command
certbot certonly --standalone --preferred-challenges http \
--http-01-port 888 -d sub.mydomain.com -d www.sub.mydomain.com \
(mydomain) was replaced with the real domain name.
letsencypt.log
2018-08-18 10:48:41,666:DEBUG:certbot.main:certbot version: 0.26.1
2018-08-18 10:48:41,666:DEBUG:certbot.main:Arguments: ['--standalone', '--preferred-challenges', 'http', '--http-01-port', '888', '-d', 'sub.mydomain.com', '-d', 'www.sub.mydomain.com']
2018-08-18 10:48:41,666:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-08-18 10:48:41,690:DEBUG:certbot.log:Root logging level set at 20
2018-08-18 10:48:41,691:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-08-18 10:48:41,694:DEBUG:certbot.plugins.selection:Requested authenticator standalone and installer None
2018-08-18 10:48:41,780:DEBUG:certbot.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0x7fbc04df4c10>
Prep: True
2018-08-18 10:48:41,780:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.standalone.Authenticator object at 0x7fbc04df4c10> and installer None
2018-08-18 10:48:41,781:INFO:certbot.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2018-08-18 10:48:41,837:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=u'valid', terms_of_service_agreed=None, agreement=u'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf', only_return_existing=None, contact=(u'mailto:sw@sarmaxx.de',), key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7fbc07bd59d0>)>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/38270158', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'), 2844170529722d9aa9fcd33fb4e7ef21, Meta(creation_host=u'myrealhost.net', creation_dt=datetime.datetime(2018, 7, 13, 12, 37, 47, tzinfo=<UTC>)))>
2018-08-18 10:48:41,838:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2018-08-18 10:48:41,844:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2018-08-18 10:48:42,086:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 658
2018-08-18 10:48:42,088:DEBUG:acme.client:Received response:
HTTP 200
content-length: 658
expires: Sat, 18 Aug 2018 08:48:42 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Sat, 18 Aug 2018 08:48:42 GMT
x-frame-options: DENY
content-type: application/json
{
"2layDnUF3X8": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2018-08-18 10:48:42,124:INFO:certbot.main:Obtaining a new certificate
2018-08-18 10:48:42,185:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0009_key-certbot.pem
2018-08-18 10:48:42,187:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0009_csr-certbot.pem
2018-08-18 10:48:42,188:DEBUG:acme.client:Requesting fresh nonce
2018-08-18 10:48:42,188:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-order.
2018-08-18 10:48:42,370:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-order HTTP/1.1" 405 0
2018-08-18 10:48:42,371:DEBUG:acme.client:Received response:
HTTP 405
content-length: 103
pragma: no-cache
expires: Sat, 18 Aug 2018 08:48:42 GMT
server: nginx
connection: keep-alive
allow: POST
cache-control: max-age=0, no-cache, no-store
date: Sat, 18 Aug 2018 08:48:42 GMT
content-type: application/problem+json
replay-nonce: 8FbwweRkLvTANe-CjKrunKGmSq4B2KOGalbJCjI9GF4
2018-08-18 10:48:42,371:DEBUG:acme.client:Storing nonce: 8FbwweRkLvTANe-CjKrunKGmSq4B2KOGalbJCjI9GF4
2018-08-18 10:48:42,372:DEBUG:acme.client:JWS payload:
{
"status": "pending",
"identifiers": [
{
"type": "dns",
"value": "sub.mydomain.com"
},
{
"type": "dns",
"value": "www.sub.mydomain.com"
}
],
"resource": "new-order"
}
2018-08-18 10:48:42,375:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJub25jZSI6ICI4RmJ3d2VSa0x2VEFOZS1DaktydW5LR21TcTRCMktPR2FsYkpDakk5R0Y0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zODI3MDE1OCIsICJhbGciOiAiUlMyNTYifQ",
"payload": "ewogICJzdGF0dXMiOiAicGVuZGluZyIsIAogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICJjYXQuc2FybWF4eC1zaG9wLmV1IgogICAgfSwgCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsIAogICAgICAidmFsdWUiOiAid3d3LmNhdC5zYXJtYXh4LXNob3AuZXUiCiAgICB9CiAgXSwgCiAgInJlc291cmNlIjogIm5ldy1vcmRlciIKfQ",
"signature": "MBHc4dQolauGGLAlZ_ISl3kz32HUCxx8JgO0xPzTpWon38CosFYZFBlUGCJvPddjq0dAye2WSAmMtla-fk17f0v-oNDWiifFdS0N8DziDgai85zPfwlxRAAEYxHkHlv-xyJUF2W6ENrNt-Sc_q9u4axlcynYpwBNA7ulmEHI0eQgPi0CD4G5ufho7-yq0bJXveNnwrVEsQ_XJJ5Jg3GWoKqS_dRmqr625z6AGk8a83SAZKnOX62RqswZo6LTCXQ2ZdaigAxia0_MxDnXQYOuhHY-GrGTaMRJ17Kg_qkvYzldiSnIuWO-n8nOb2p6yCNrDKAIduG3tn00364riopM3Q"
}
2018-08-18 10:48:42,588:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-order HTTP/1.1" 201 550
2018-08-18 10:48:42,589:DEBUG:acme.client:Received response:
HTTP 201
content-length: 550
expires: Sat, 18 Aug 2018 08:48:42 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
location: https://acme-v02.api.letsencrypt.org/acme/order/38270158/41269708
pragma: no-cache
boulder-requester: 38270158
date: Sat, 18 Aug 2018 08:48:42 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: FWCry-B3Na84oBQgjpD3fjU8bsonCuCp_NxRqx89FD0
{
"status": "pending",
"expires": "2018-08-25T08:48:42.46999164Z",
"identifiers": [
{
"type": "dns",
"value": "sub.mydomain.com"
},
{
"type": "dns",
"value": "www.sub.mydomain.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/nXwpF7Rk62yp_bCd1joTD0jFZ2ybtekX3tpkfhl1jCc",
"https://acme-v02.api.letsencrypt.org/acme/authz/EVqcZCeJD-STvfGibsG4iah1RSe_BR1dGX0lhroBHhc"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/38270158/41269708"
}
2018-08-18 10:48:42,589:DEBUG:acme.client:Storing nonce: FWCry-B3Na84oBQgjpD3fjU8bsonCuCp_NxRqx89FD0
2018-08-18 10:48:42,589:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/authz/nXwpF7Rk62yp_bCd1joTD0jFZ2ybtekX3tpkfhl1jCc.
2018-08-18 10:48:42,774:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/nXwpF7Rk62yp_bCd1joTD0jFZ2ybtekX3tpkfhl1jCc HTTP/1.1" 200 911
2018-08-18 10:48:42,775:DEBUG:acme.client:Received response:
HTTP 200
content-length: 911
expires: Sat, 18 Aug 2018 08:48:42 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Sat, 18 Aug 2018 08:48:42 GMT
x-frame-options: DENY
content-type: application/json
{
"identifier": {
"type": "dns",
"value": "sub.mydomain.com"
},
"status": "pending",
"expires": "2018-08-25T08:48:42Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/nXwpF7Rk62yp_bCd1joTD0jFZ2ybtekX3tpkfhl1jCc/6575298707",
"token": "ObNfi8fqVUxpbxjTgoKtQqZiMcnd_z2Dn1uFXOd-c5c"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/nXwpF7Rk62yp_bCd1joTD0jFZ2ybtekX3tpkfhl1jCc/6575298708",
"token": "9H3Opp5tpJsZGbY2kbmi3PBu7QIsd2pS9HRk5uwsUM8"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/nXwpF7Rk62yp_bCd1joTD0jFZ2ybtekX3tpkfhl1jCc/6575298709",
"token": "mmS6lGLx74d3IZewbTQNFUHiptIFZ2_qv0PbsO52d58"
}
]
}
2018-08-18 10:48:42,776:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/authz/EVqcZCeJD-STvfGibsG4iah1RSe_BR1dGX0lhroBHhc.
2018-08-18 10:48:42,964:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/EVqcZCeJD-STvfGibsG4iah1RSe_BR1dGX0lhroBHhc HTTP/1.1" 200 915
2018-08-18 10:48:42,965:DEBUG:acme.client:Received response:
HTTP 200
content-length: 915
expires: Sat, 18 Aug 2018 08:48:42 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Sat, 18 Aug 2018 08:48:42 GMT
x-frame-options: DENY
content-type: application/json
{
"identifier": {
"type": "dns",
"value": "www.sub.mydomain.com"
},
"status": "pending",
"expires": "2018-08-25T08:48:42Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/EVqcZCeJD-STvfGibsG4iah1RSe_BR1dGX0lhroBHhc/6575298710",
"token": "vtmVo1fyZExTVggX4lNlgsfUm5aVhnBmlbDo_NbKMKk"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/EVqcZCeJD-STvfGibsG4iah1RSe_BR1dGX0lhroBHhc/6575298711",
"token": "3P_U8gPJqa0f1teo3xYIIKy6c5UJ-6r0iAS80sU8JUw"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/EVqcZCeJD-STvfGibsG4iah1RSe_BR1dGX0lhroBHhc/6575298712",
"token": "CvgDKSFZQR7FPB3XO-08EruwnyF5-XtsRuWCQ3un288"
}
]
}
2018-08-18 10:48:42,966:INFO:certbot.auth_handler:Performing the following challenges:
2018-08-18 10:48:42,966:INFO:certbot.auth_handler:http-01 challenge for sub.mydomain.com
2018-08-18 10:48:42,967:INFO:certbot.auth_handler:http-01 challenge for www.sub.mydomain.com
2018-08-18 10:48:42,967:DEBUG:acme.standalone:Successfully bound to :888 using IPv6
2018-08-18 10:48:42,967:DEBUG:acme.standalone:Certbot wasn't able to bind to :888 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
2018-08-18 10:48:42,977:INFO:certbot.auth_handler:Waiting for verification...
2018-08-18 10:48:42,978:DEBUG:acme.client:JWS payload:
{
"keyAuthorization": "ObNfi8fqVUxpbxjTgoKtQqZiMcnd_z2Dn1uFXOd-c5c.0sbx8Zm9hGzsFJ7NRJjOumGrkulpfEuD7U97BCtyhRQ",
"type": "http-01",
"resource": "challenge"
}
2018-08-18 10:48:42,980:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/challenge/nXwpF7Rk62yp_bCd1joTD0jFZ2ybtekX3tpkfhl1jCc/6575298707:
{
"protected": "eyJub25jZSI6ICJGV0NyeS1CM05hODRvQlFnanBEM2ZqVThic29uQ3VDcF9OeFJxeDg5RkQwIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2Uvblh3cEY3Ums2MnlwX2JDZDFqb1REMGpGWjJ5YnRla1gzdHBrZmhsMWpDYy82NTc1Mjk4NzA3IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9yZWcvMzgyNzAxNTgiLCAiYWxnIjogIlJTMjU2In0",
"payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIk9iTmZpOGZxVlV4cGJ4alRnb0t0UXFaaU1jbmRfejJEbjF1RlhPZC1jNWMuMHNieDhabTloR3pzRko3TlJKak91bUdya3VscGZFdUQ3VTk3QkN0eWhSUSIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
"signature": "SCor3McpVQDafZRLAop9IQ1pOdg7JioMCJx0JEV3-HpBLrN1EvM_nLa-KNohlyLj0bHfIMFPbi2BOzOhhCDYeYympM32-Z5sHQaAqlUpsSWRLxb2OT1JWQ6W8JSQqbVrYG7vR7yMc9bmzF54wRFEFfcxlVrBETHc0Iz9cc4YbgnuWEkTfMQ0fLsb4_7ScLbholxeydkXti20AR0FC7aabre9r6btqGLWtk6210gRSFGH1ml5SokCZsQj3upfw6LYCLD3dzmQMebaXntPYML8RadZ_Yh469QVFiwuwutladVnprf1Jx4OCzGzA3RjZxAdlT6WnTcC0xBVKHi7ojuM_g"
}
2018-08-18 10:48:43,180:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/nXwpF7Rk62yp_bCd1joTD0jFZ2ybtekX3tpkfhl1jCc/6575298707 HTTP/1.1" 200 223
2018-08-18 10:48:43,181:DEBUG:acme.client:Received response:
HTTP 200
content-length: 223
expires: Sat, 18 Aug 2018 08:48:43 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/acme/authz/nXwpF7Rk62yp_bCd1joTD0jFZ2ybtekX3tpkfhl1jCc>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/challenge/nXwpF7Rk62yp_bCd1joTD0jFZ2ybtekX3tpkfhl1jCc/6575298707
pragma: no-cache
boulder-requester: 38270158
date: Sat, 18 Aug 2018 08:48:43 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: GhABXEtwelbhXcuIrrFi6Hl03QQ10vKBH6gqs-SGmVA
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/nXwpF7Rk62yp_bCd1joTD0jFZ2ybtekX3tpkfhl1jCc/6575298707",
"token": "ObNfi8fqVUxpbxjTgoKtQqZiMcnd_z2Dn1uFXOd-c5c"
}
2018-08-18 10:48:43,181:DEBUG:acme.client:Storing nonce: GhABXEtwelbhXcuIrrFi6Hl03QQ10vKBH6gqs-SGmVA
2018-08-18 10:48:43,182:DEBUG:acme.client:JWS payload:
{
"keyAuthorization": "vtmVo1fyZExTVggX4lNlgsfUm5aVhnBmlbDo_NbKMKk.0sbx8Zm9hGzsFJ7NRJjOumGrkulpfEuD7U97BCtyhRQ",
"type": "http-01",
"resource": "challenge"
}
2018-08-18 10:48:43,183:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/challenge/EVqcZCeJD-STvfGibsG4iah1RSe_BR1dGX0lhroBHhc/6575298710:
{
"protected": "eyJub25jZSI6ICJHaEFCWEV0d2VsYmhYY3VJcnJGaTZIbDAzUVExMHZLQkg2Z3FzLVNHbVZBIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvRVZxY1pDZUpELVNUdmZHaWJzRzRpYWgxUlNlX0JSMWRHWDBsaHJvQkhoYy82NTc1Mjk4NzEwIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9yZWcvMzgyNzAxNTgiLCAiYWxnIjogIlJTMjU2In0",
"payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogInZ0bVZvMWZ5WkV4VFZnZ1g0bE5sZ3NmVW01YVZobkJtbGJEb19OYktNS2suMHNieDhabTloR3pzRko3TlJKak91bUdya3VscGZFdUQ3VTk3QkN0eWhSUSIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
"signature": "Dx2_oyk4CC7Y-brwkcCOJ1U2LMguv53Zf3_0FZM9d3QGBAiR7gSwoJO6C2JaIQKrG6HoinH34cbl9WXII1vQQ89MZbkiBI4v55svaYrfzfdEX1hgKzvF9Pzoj6g6LUQJ28DVffs_BI0pHAgWKyiQzpWkqCOhbUFvaLGfHYI30pKP6ixxVIcmeZMw8k4-9OtlGY03q0AWrQPOR-loGsDvCmFat5g5lSe_lvQGYqGjRW6ruwFmqQx23ReSxq6r4FsaNB_NyqHVs5tFw4tU3IISaXgPZN30JHZJZAmrNYNcnfpoq_AUtDSAZ7-EYZm38D1-y3CbTDAYb7BVNeyRq356XQ"
}
2018-08-18 10:48:43,384:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/EVqcZCeJD-STvfGibsG4iah1RSe_BR1dGX0lhroBHhc/6575298710 HTTP/1.1" 200 223
2018-08-18 10:48:43,385:DEBUG:acme.client:Received response:
HTTP 200
content-length: 223
expires: Sat, 18 Aug 2018 08:48:43 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/acme/authz/EVqcZCeJD-STvfGibsG4iah1RSe_BR1dGX0lhroBHhc>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/challenge/EVqcZCeJD-STvfGibsG4iah1RSe_BR1dGX0lhroBHhc/6575298710
pragma: no-cache
boulder-requester: 38270158
date: Sat, 18 Aug 2018 08:48:43 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: wXKKAaKQPai2mqBEgcXV5GFRoGoQGbtq55wRmnNFY-Q
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/EVqcZCeJD-STvfGibsG4iah1RSe_BR1dGX0lhroBHhc/6575298710",
"token": "vtmVo1fyZExTVggX4lNlgsfUm5aVhnBmlbDo_NbKMKk"
}
2018-08-18 10:48:43,385:DEBUG:acme.client:Storing nonce: wXKKAaKQPai2mqBEgcXV5GFRoGoQGbtq55wRmnNFY-Q
2018-08-18 10:48:46,389:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/authz/nXwpF7Rk62yp_bCd1joTD0jFZ2ybtekX3tpkfhl1jCc.
2018-08-18 10:48:46,574:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/nXwpF7Rk62yp_bCd1joTD0jFZ2ybtekX3tpkfhl1jCc HTTP/1.1" 200 1702
2018-08-18 10:48:46,575:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1702
expires: Sat, 18 Aug 2018 08:48:46 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Sat, 18 Aug 2018 08:48:46 GMT
x-frame-options: DENY
content-type: application/json
{
"identifier": {
"type": "dns",
"value": "sub.mydomain.com"
},
"status": "invalid",
"expires": "2018-08-25T08:48:42Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://sub.mydomain.com/.well-known/acme-challenge/ObNfi8fqVUxpbxjTgoKtQqZiMcnd_z2Dn1uFXOd-c5c: \"\u003c!DOCTYPE html\u003e\n\u003chtml class=\"no-js\" lang=\"en-GB\" itemscope=\"itemscope\" itemtype=\"http://schema.org/WebPage\"\u003e\n\u003chead\u003e\n\u003cmeta charse\"",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/nXwpF7Rk62yp_bCd1joTD0jFZ2ybtekX3tpkfhl1jCc/6575298707",
"token": "ObNfi8fqVUxpbxjTgoKtQqZiMcnd_z2Dn1uFXOd-c5c",
"validationRecord": [
{
"url": "http://sub.mydomain.com/.well-known/acme-challenge/ObNfi8fqVUxpbxjTgoKtQqZiMcnd_z2Dn1uFXOd-c5c",
"hostname": "sub.mydomain.com",
"port": "80",
"addressesResolved": [
"111.222.333.111"
],
"addressUsed": "111.222.333.111"
}
]
},
{
"type": "dns-01",
"status": "invalid",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/nXwpF7Rk62yp_bCd1joTD0jFZ2ybtekX3tpkfhl1jCc/6575298708",
"token": "9H3Opp5tpJsZGbY2kbmi3PBu7QIsd2pS9HRk5uwsUM8"
},
{
"type": "tls-alpn-01",
"status": "invalid",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/nXwpF7Rk62yp_bCd1joTD0jFZ2ybtekX3tpkfhl1jCc/6575298709",
"token": "mmS6lGLx74d3IZewbTQNFUHiptIFZ2_qv0PbsO52d58"
}
]
}
2018-08-18 10:48:46,576:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/authz/EVqcZCeJD-STvfGibsG4iah1RSe_BR1dGX0lhroBHhc.
2018-08-18 10:48:46,764:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/EVqcZCeJD-STvfGibsG4iah1RSe_BR1dGX0lhroBHhc HTTP/1.1" 200 2040
2018-08-18 10:48:46,764:DEBUG:acme.client:Received response:
HTTP 200
content-length: 2040
expires: Sat, 18 Aug 2018 08:48:46 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Sat, 18 Aug 2018 08:48:46 GMT
x-frame-options: DENY
content-type: application/json
{
"identifier": {
"type": "dns",
"value": "www.sub.mydomain.com"
},
"status": "invalid",
"expires": "2018-08-25T08:48:42Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://www.sub.mydomain.com/.well-known/acme-challenge/vtmVo1fyZExTVggX4lNlgsfUm5aVhnBmlbDo_NbKMKk: \"\u003c!DOCTYPE html\u003e\n\u003chtml class=\"no-js\" lang=\"de\" itemscope=\"itemscope\" itemtype=\"http://schema.org/WebPage\"\u003e\n\u003chead\u003e\n\u003cmeta charset=\"\"",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/EVqcZCeJD-STvfGibsG4iah1RSe_BR1dGX0lhroBHhc/6575298710",
"token": "vtmVo1fyZExTVggX4lNlgsfUm5aVhnBmlbDo_NbKMKk",
"validationRecord": [
{
"url": "http://www.sub.mydomain.com/.well-known/acme-challenge/vtmVo1fyZExTVggX4lNlgsfUm5aVhnBmlbDo_NbKMKk",
"hostname": "www.sub.mydomain.com",
"port": "80",
"addressesResolved": [
"111.222.333.111"
],
"addressUsed": "111.222.333.111"
},
{
"url": "https://mydomain.com/.well-known/acme-challenge/vtmVo1fyZExTVggX4lNlgsfUm5aVhnBmlbDo_NbKMKk",
"hostname": "mydomain.com",
"port": "443",
"addressesResolved": [
"111.222.333.111"
],
"addressUsed": "111.222.333.111"
}
]
},
{
"type": "tls-alpn-01",
"status": "invalid",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/EVqcZCeJD-STvfGibsG4iah1RSe_BR1dGX0lhroBHhc/6575298711",
"token": "3P_U8gPJqa0f1teo3xYIIKy6c5UJ-6r0iAS80sU8JUw"
},
{
"type": "dns-01",
"status": "invalid",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/EVqcZCeJD-STvfGibsG4iah1RSe_BR1dGX0lhroBHhc/6575298712",
"token": "CvgDKSFZQR7FPB3XO-08EruwnyF5-XtsRuWCQ3un288"
}
]
}
2018-08-18 10:48:46,766:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: www.sub.mydomain.com
Type: unauthorized
Detail: Invalid response from http://www.sub.mydomain.com/.well-known/acme-challenge/vtmVo1fyZExTVggX4lNlgsfUm5aVhnBmlbDo_NbKMKk: "<!DOCTYPE html>
<html class="no-js" lang="de" itemscope="itemscope" itemtype="http://schema.org/WebPage">
<head>
<meta charset=""
Domain: sub.mydomain.com
Type: unauthorized
Detail: Invalid response from http://sub.mydomain.com/.well-known/acme-challenge/ObNfi8fqVUxpbxjTgoKtQqZiMcnd_z2Dn1uFXOd-c5c: "<!DOCTYPE html>
<html class="no-js" lang="en-GB" itemscope="itemscope" itemtype="http://schema.org/WebPage">
<head>
<meta charse"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2018-08-18 10:48:46,767:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 155, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 226, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. www.sub.mydomain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.sub.mydomain.com/.well-known/acme-challenge/vtmVo1fyZExTVggX4lNlgsfUm5aVhnBmlbDo_NbKMKk: "<!DOCTYPE html>
<html class="no-js" lang="de" itemscope="itemscope" itemtype="http://schema.org/WebPage">
<head>
<meta charset="", sub.mydomain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://sub.mydomain.com/.well-known/acme-challenge/ObNfi8fqVUxpbxjTgoKtQqZiMcnd_z2Dn1uFXOd-c5c: "<!DOCTYPE html>
<html class="no-js" lang="en-GB" itemscope="itemscope" itemtype="http://schema.org/WebPage">
<head>
<meta charse"
2018-08-18 10:48:46,767:DEBUG:certbot.error_handler:Calling registered functions
2018-08-18 10:48:46,767:INFO:certbot.auth_handler:Cleaning up challenges
2018-08-18 10:48:46,768:DEBUG:certbot.plugins.standalone:Stopping server at :::888...
2018-08-18 10:48:46,976:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 9, in <module>
load_entry_point('certbot==0.26.1', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1364, in main
return config.func(config, plugins)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1254, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 120, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 391, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 334, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 370, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 155, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 226, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. www.sub.mydomain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.sub.mydomain.com/.well-known/acme-challenge/vtmVo1fyZExTVggX4lNlgsfUm5aVhnBmlbDo_NbKMKk: "<!DOCTYPE html>
<html class="no-js" lang="de" itemscope="itemscope" itemtype="http://schema.org/WebPage">
<head>
<meta charset="", sub.mydomain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://sub.mydomain.com/.well-known/acme-challenge/ObNfi8fqVUxpbxjTgoKtQqZiMcnd_z2Dn1uFXOd-c5c: "<!DOCTYPE html>
<html class="no-js" lang="en-GB" itemscope="itemscope" itemtype="http://schema.org/WebPage">
<head>
<meta charse"
in the line 378 of letsencypt.log it as (Invalid response http://www.sub.mydomain.com/.well-known/acme-challenge/).
As I understood because in the webroot already mydomain.com is located?