I'm developing on CentOS 7 and compiled Apache (currently 2.4.41) myself. I have multiple domains with each having a virtual host.
I have a simple static website I'm trying to add https to but the .well-known dir is not being created.
To test the websites and apache in a browser on my development machine I typed at the command line:
echo "10.0.2.15 example.com" >> /etc/hosts
echo "10.0.2.15 www.example.com" >> /etc/hosts
For http websites this setup has worked perfectly. I skip the echo step when staging or releasing the website into production.
If I type the following command at the command line, the .well-known directory is not created and adding the certificate fails:
certbot --test-cert -d example.com -d www.example.com --webroot --webroot-path /home/tst/public_html -i apache --apache-server-root /usr/local/apache --apache-challenge-location /usr/local/apache/conf.d --debug-challenges
If I look in the log file, I don't see any errors about creating the webroot.
Here is what my virtual host:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /home/tst/public_html
ServerAdmin webmaster@example.com
UseCanonicalName Off
DocumentRoot "/home/tst/public_html"
DirectoryIndex index.html
<Directory /home/tst/public_html>
Options Indexes FollowSymLinks MultiViews ExecCGI
AllowOverride all
Require all granted
</Directory>
ErrorLog /home/tst/logs/error.log
CustomLog /home/tst/logs/access.log combined
I change the directory permission to 777 and still have the same problem.
I've made two substitutions from the actual env:
- I replaced my domain name with "example.com"
- I replaced the beginning of the path to DocumentRoot on my server with /home/tst
How do I get certbot to create the .well-known dir? Am I missing something? Or is there a better dev setup for certbot?
Here is certbot log:
2021-01-29 10:39:35,517:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2021-01-29 10:39:35,981:DEBUG:certbot._internal.main:certbot version: 1.11.0
2021-01-29 10:39:35,982:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/889/bin/certbot
2021-01-29 10:39:35,982:DEBUG:certbot._internal.main:Arguments: ['--test-cert', '-d', 'example.com', '-d', 'www.example.com', '--webroot', '--webroot-path', '/home/tst/public_html', '-i', 'apache', '--apache-server-root', '/usr/local/apache', '--apache-challenge-location', '/usr/local/apache/conf.d', '--debug-challenges', '--preconfigured-renewal']
2021-01-29 10:39:35,982:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-01-29 10:39:36,017:DEBUG:certbot._internal.log:Root logging level set at 20
2021-01-29 10:39:36,017:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-01-29 10:39:36,030:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer apache
2021-01-29 10:39:36,325:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.41
2021-01-29 10:39:37,238:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f00913f85b0>
Prep: True
2021-01-29 10:39:37,244:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f00913f8550>
Prep: True
2021-01-29 10:39:37,245:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f00913f8550> and installer <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f00913f85b0>
2021-01-29 10:39:37,245:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer apache
2021-01-29 10:39:37,450:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/17778314', new_authzr_uri=None, terms_of_service=None), 5e13be7cb11a420b94e921fcf2286697, Meta(creation_dt=datetime.datetime(2021, 1, 28, 14, 28, 54, tzinfo=), creation_host='mymemphismma.com', register_to_eff=None))>
2021-01-29 10:39:37,451:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2021-01-29 10:39:37,453:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2021-01-29 10:39:37,941:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 724
2021-01-29 10:39:37,944:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 29 Jan 2021 15:39:45 GMT
Content-Type: application/json
Content-Length: 724
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"4Ckh1VXVG2A": "Adding random entries to the directory",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "Staging Environment - Let's Encrypt - Free SSL/TLS Certificates"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-01-29 10:39:37,946:DEBUG:certbot.display.util:Notifying user: Requesting a certificate for example.com and www.example.com
2021-01-29 10:39:37,976:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0012_key-certbot.pem
2021-01-29 10:39:38,015:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0012_csr-certbot.pem
2021-01-29 10:39:38,016:DEBUG:acme.client:Requesting fresh nonce
2021-01-29 10:39:38,016:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2021-01-29 10:39:38,098:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-01-29 10:39:38,100:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 29 Jan 2021 15:39:46 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0003CPQv3uIa0OOZ0tKdvPUeXwDxv7d-XbbO4atHEaYar0k
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2021-01-29 10:39:38,101:DEBUG:acme.client:Storing nonce: 0003CPQv3uIa0OOZ0tKdvPUeXwDxv7d-XbbO4atHEaYar0k
2021-01-29 10:39:38,102:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "example.com"\n },\n {\n "type": "dns",\n "value": "www.example.com"\n }\n ]\n}'
2021-01-29 10:39:38,106:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNzc3ODMxNCIsICJub25jZSI6ICIwMDAzQ1BRdjN1SWEwT09aMHRLZHZQVWVYd0R4djdkLVhiYk80YXRIRWFZYXIwayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "ify-QRT2q3sGNV3_Ep6_Z_9yfN5rmMQrq6mprFwJCDcbGD6jD2H2Fo5M9gmn6i1uJ_jPpqws1nX69FQo8TlVp5fplTfpuGs1XosXbczTAgxqdchey-MDrdIByPP9yILCpW2GphL7QEvyIaw8xru54SsKp8tezr4EnJrNf4j-lT_w8wN56TXFc4GjWNL5azWemwv_UgkuNL7iNs3Dcs99xLAJl9liGz6ZsNO7gZwoEJWQY5f0ukH8f2Q_BJ9RQSVQhDg1jyTpFKLf11DpVFw5DOSZSYewAvxWVal5xSgXndmKiCeEOd_Hi9VEAE3EpvEGp8bNDVNwfXmqKfiJtHw8eA",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInN0ZWxsYXJwYXRlbnQuY29tIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5zdGVsbGFycGF0ZW50LmNvbSIKICAgIH0KICBdCn0"
}
2021-01-29 10:39:38,227:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 500
2021-01-29 10:39:38,229:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 29 Jan 2021 15:39:46 GMT
Content-Type: application/json
Content-Length: 500
Connection: keep-alive
Boulder-Requester: 17778314
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/17778314/230935723
Replay-Nonce: 0004UrbkuUpANfaZZqmbLhQV8Pf9MMHMoYiQTZ81p5pQSfk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2021-02-05T15:39:46Z",
"identifiers": [
{
"type": "dns",
"value": "example.com"
},
{
"type": "dns",
"value": "www.example.com"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/200389382",
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/200389383"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/17778314/230935723"
}
2021-01-29 10:39:38,230:DEBUG:acme.client:Storing nonce: 0004UrbkuUpANfaZZqmbLhQV8Pf9MMHMoYiQTZ81p5pQSfk
2021-01-29 10:39:38,231:DEBUG:acme.client:JWS payload:
b''
2021-01-29 10:39:38,238:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/200389382:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNzc3ODMxNCIsICJub25jZSI6ICIwMDA0VXJia3VVcEFOZmFaWnFtYkxoUVY4UGY5TU1ITW9ZaVFUWjgxcDVwUVNmayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yMDAzODkzODIifQ",
"signature": "mhbzJQ9uC1N1rUtC7JlbYSZtVaOS8vCxsfLbgcHbOznslgBT3eJD5fC2tbMnXiMA93Vct50igA4qsRZo_808miBOSxYux7NIZeJluhlMmJPJSj410bqRCYIzFMG6-9JUJaRMS0wj8aeo41ykN_hJRkTxesXg5MElJMyujURsxKCFdnSDG-zNoi5ntk3tB9LLxnL3ZlONyBYmEbRVysx_xOT-o7PdOyxbmfD7UabUhNGdw0ehvyr7EfNslpIoLhDJ5syv19rVaOkESgMffkBIVF15Q-PYPOASU1mcofRhYSP7plbNTOal4UlxwrWeYihZwmKgp1vjnhgrtdlt-z_x_Q",
"payload": ""
}
2021-01-29 10:39:38,334:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/200389382 HTTP/1.1" 200 816
2021-01-29 10:39:38,336:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 29 Jan 2021 15:39:46 GMT
Content-Type: application/json
Content-Length: 816
Connection: keep-alive
Boulder-Requester: 17778314
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0004X_AWz2-3H4hSolLQlZFn4necg6wOBuWllkn_Dl_aobY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "example.com"
},
"status": "pending",
"expires": "2021-02-05T15:39:46Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/200389382/DoVPEg",
"token": "U-WoSrjA4mJcpszgtRhsroCO5GvXJzpjdzX7KK-jbyU"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/200389382/ViUc8A",
"token": "U-WoSrjA4mJcpszgtRhsroCO5GvXJzpjdzX7KK-jbyU"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/200389382/IHeSIA",
"token": "U-WoSrjA4mJcpszgtRhsroCO5GvXJzpjdzX7KK-jbyU"
}
]
}
2021-01-29 10:39:38,337:DEBUG:acme.client:Storing nonce: 0004X_AWz2-3H4hSolLQlZFn4necg6wOBuWllkn_Dl_aobY
2021-01-29 10:39:38,338:DEBUG:acme.client:JWS payload:
b''
2021-01-29 10:39:38,344:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/200389383:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNzc3ODMxNCIsICJub25jZSI6ICIwMDA0WF9BV3oyLTNINGhTb2xMUWxaRm40bmVjZzZ3T0J1V2xsa25fRGxfYW9iWSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yMDAzODkzODMifQ",
"signature": "MuhdBMlalUFd5PHCHnUpMdkFBMAY0T8IC2aO4wQzHOVjbPBBAEOgQBVEfNBSxqJ_nc7uR4VTRxAnYALBkyWWq29fVmsvvX9Aq-C9PoOm2LQyDh4K9tk9yYpwDIb1mU_uil4OQjPx8dwZSO2n4bEIyNZn_C_gf6xnm4-Gaip_2vPaoORazfbq5M0OKyIr7meUM5ZsUSWfazFOBDAb9xxcYpFBFnVEaYUexe6RnfxRDN9IU7E2XPhHuuIUhbwrwZ39Nl5XDHb7esuHbLKHcHTch7RAR5dlHt7kcrGI744goJlo1EJIAzP9pB09A5O7LAWtHYLq2rzG9oIN6wMYtiFfQA",
"payload": ""
}
2021-01-29 10:39:38,438:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/200389383 HTTP/1.1" 200 820
2021-01-29 10:39:38,440:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 29 Jan 2021 15:39:46 GMT
Content-Type: application/json
Content-Length: 820
Connection: keep-alive
Boulder-Requester: 17778314
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0003x1vi0whzG-ryE0AcqrYMK3SdNv9FnkxAkTI6-YKLQ8o
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "www.example.com"
},
"status": "pending",
"expires": "2021-02-05T15:39:46Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/200389383/OxYgmw",
"token": "jcxE8v2YawfrKvtE7Kurkz5OUJh417yQpRBZ96ys2jI"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/200389383/Th7YPg",
"token": "jcxE8v2YawfrKvtE7Kurkz5OUJh417yQpRBZ96ys2jI"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/200389383/rj5B0Q",
"token": "jcxE8v2YawfrKvtE7Kurkz5OUJh417yQpRBZ96ys2jI"
}
]
}
2021-01-29 10:39:38,441:DEBUG:acme.client:Storing nonce: 0003x1vi0whzG-ryE0AcqrYMK3SdNv9FnkxAkTI6-YKLQ8o
2021-01-29 10:39:38,443:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-01-29 10:39:38,443:INFO:certbot._internal.auth_handler:http-01 challenge for example.com
2021-01-29 10:39:38,444:INFO:certbot._internal.auth_handler:http-01 challenge for www.example.com
2021-01-29 10:39:38,444:INFO:certbot._internal.plugins.webroot:Using the webroot path /home/tst/public_html for all unmatched domains.
2021-01-29 10:39:38,444:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /home/tst/public_html/.well-known/acme-challenge
2021-01-29 10:39:38,445:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /home/tst/public_html/.well-known/acme-challenge
2021-01-29 10:39:38,447:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /home/tst/public_html/.well-known/acme-challenge/U-WoSrjA4mJcpszgtRhsroCO5GvXJzpjdzX7KK-jbyU
2021-01-29 10:39:38,450:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /home/tst/public_html/.well-known/acme-challenge/jcxE8v2YawfrKvtE7Kurkz5OUJh417yQpRBZ96ys2jI
2021-01-29 10:39:38,450:INFO:certbot._internal.auth_handler:Waiting for verification...
2021-01-29 10:39:38,451:DEBUG:certbot.display.util:Notifying user: Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about
challenges.
2021-01-29 10:39:43,937:DEBUG:acme.client:JWS payload:
b'{}'
2021-01-29 10:39:43,939:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/200389382/DoVPEg:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNzc3ODMxNCIsICJub25jZSI6ICIwMDAzeDF2aTB3aHpHLXJ5RTBBY3FyWU1LM1NkTnY5Rm5reEFrVEk2LVlLTFE4byIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8yMDAzODkzODIvRG9WUEVnIn0",
"signature": "Bf8swjNj7uWfucakxmN36OR2oTzZ5cFEhMiMAE66__RvWwn75lrZQbreuiVoMEtHe8yIqghH_e1Ws3To1H54AeDLLHvpeDJVbXz1u_nsQIND5cBblqSk0z8GDBHR6yJMERYKt6EPA9geUeOZIbmregXyYyGuh61-AUGKwRjM6aGIoVqpiy5ZVJ00PcNAP6XSHsUANRMDjx_wlUH-fl-8e5uf5EMauhskYOez6rZ8C1FjLkGK7_zUENxQpT3tbZoK6sRYPlNjPzl1M6XS3ZO1k9ge72bgMBNw5RQW463WOChb048vWG3UUzdJbI11MiQ2Exi6TuhCy6veMG9O1GbglQ",
"payload": "e30"
}
2021-01-29 10:39:44,034:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/200389382/DoVPEg HTTP/1.1" 200 192
2021-01-29 10:39:44,036:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 29 Jan 2021 15:39:52 GMT
Content-Type: application/json
Content-Length: 192
Connection: keep-alive
Boulder-Requester: 17778314
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index", https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/200389382;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/200389382/DoVPEg
Replay-Nonce: 0003bCHsLyfXtEp5C5QZ-agyoCG6BrrF9V6YXAtfpaVG1vs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/200389382/DoVPEg",
"token": "U-WoSrjA4mJcpszgtRhsroCO5GvXJzpjdzX7KK-jbyU"
}
2021-01-29 10:39:44,036:DEBUG:acme.client:Storing nonce: 0003bCHsLyfXtEp5C5QZ-agyoCG6BrrF9V6YXAtfpaVG1vs
2021-01-29 10:39:44,038:DEBUG:acme.client:JWS payload:
b'{}'
2021-01-29 10:39:44,042:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/200389383/OxYgmw:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNzc3ODMxNCIsICJub25jZSI6ICIwMDAzYkNIc0x5Zlh0RXA1QzVRWi1hZ3lvQ0c2QnJyRjlWNllYQXRmcGFWRzF2cyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8yMDAzODkzODMvT3hZZ213In0",
"signature": "wZoCBaGQjkJSWK0s4TugKVlR_PbtrL-pLaHkO6_O7n22NC21f8T6lISWdLvlHj5b-PFoxOvA81OxY9_gLwo6t-miZdV6Cy-cwjbJTWgauUVBzqZu3w8LQkqLtyCLjUlFPTinHbGVEFMDkRevTbrVs504fXqUDjSy6YehZzr0gmjRFYPP_WyJXCMh8kmtl6RdCh_OWXrwG9XIsDz0txiaBWx9uNk-nyGjUAg2l1fEzXjFJo7qopZ6bA9xC2vO-1k8lK0q8CqSIVJCpBq7CVTChC9r08B8EtjJzLZAlLpOyeOFtZKCHHmDkYFCxxJpVpJ020Emx3KSagO1Ogeqqi74tA",
"payload": "e30"
}
2021-01-29 10:39:44,136:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/200389383/OxYgmw HTTP/1.1" 200 192
2021-01-29 10:39:44,138:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 29 Jan 2021 15:39:52 GMT
Content-Type: application/json
Content-Length: 192
Connection: keep-alive
Boulder-Requester: 17778314
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index", https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/200389383;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/200389383/OxYgmw
Replay-Nonce: 0004CrQm0Fh8monqrgE1Y7DkFdndxQ-Sr--bdcxBZ70pbEU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/200389383/OxYgmw",
"token": "jcxE8v2YawfrKvtE7Kurkz5OUJh417yQpRBZ96ys2jI"
}
2021-01-29 10:39:44,139:DEBUG:acme.client:Storing nonce: 0004CrQm0Fh8monqrgE1Y7DkFdndxQ-Sr--bdcxBZ70pbEU
2021-01-29 10:39:45,141:DEBUG:acme.client:JWS payload:
b''
2021-01-29 10:39:45,149:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/200389382:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNzc3ODMxNCIsICJub25jZSI6ICIwMDA0Q3JRbTBGaDhtb25xcmdFMVk3RGtGZG5keFEtU3ItLWJkY3hCWjcwcGJFVSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yMDAzODkzODIifQ",
"signature": "Os6mwj6m8KDp7Gzi0nI1EkWpYBoS8g2UoJT0gggpHGL2nXo859YjiI21Ka5cUz1ZtoryYIBLK2EY-rF35SRlDSRTQXEJaJi74S3ynH8T3f8vqY52q_QBuhiDNAm1R4qRohTIpCJ8wqLcS7dHMHiT0omfnXdXMfEfFQY1ajDxx3BotZfV9bR5BdJIQw8ls-hdyAVUQ8Gt8InHT3AoyNLTuPdPywYGZbQ6cjE8iihMuG1iumcfVh5g0Qo8G-3VNJYLiyg-Hv5zsW7bOQsFyU3jbdcArP2QMTBndrffvKjgrb0wA6CZfRS6AwSbWpQxlNrc9U3dnD5afqv9jAfjkbGCVw",
"payload": ""
}
2021-01-29 10:39:45,244:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/200389382 HTTP/1.1" 200 1233
2021-01-29 10:39:45,246:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 29 Jan 2021 15:39:53 GMT
Content-Type: application/json
Content-Length: 1233
Connection: keep-alive
Boulder-Requester: 17778314
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0003KK8U8jFyRYCjGwTaWIbaILv7ABTrtWDPlMKU3t9fXQ0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "example.com"
},
"status": "invalid",
"expires": "2021-02-05T15:39:46Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://example.com/.well-known/acme-challenge/U-WoSrjA4mJcpszgtRhsroCO5GvXJzpjdzX7KK-jbyU [3.218.36.80]: "\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e404 Not Found\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eNot Found\u003c/h1\u003e\n\u003cp"",
"status": 403
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/200389382/DoVPEg",
"token": "U-WoSrjA4mJcpszgtRhsroCO5GvXJzpjdzX7KK-jbyU",
"validationRecord": [
{
"url": "http://example.com/.well-known/acme-challenge/U-WoSrjA4mJcpszgtRhsroCO5GvXJzpjdzX7KK-jbyU",
"hostname": "example.com",
"port": "80",
"addressesResolved": [
"3.218.36.80"
],
"addressUsed": "3.218.36.80"
}
]
}
]
}
2021-01-29 10:39:45,247:DEBUG:acme.client:Storing nonce: 0003KK8U8jFyRYCjGwTaWIbaILv7ABTrtWDPlMKU3t9fXQ0
2021-01-29 10:39:45,249:DEBUG:acme.client:JWS payload:
b''
2021-01-29 10:39:45,252:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/200389383:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNzc3ODMxNCIsICJub25jZSI6ICIwMDAzS0s4VThqRnlSWUNqR3dUYVdJYmFJTHY3QUJUcnRXRFBsTUtVM3Q5ZlhRMCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yMDAzODkzODMifQ",
"signature": "A36b5Bo-xsbRn8Gl3zG1Vaft0UtB0Wvw5LPhpGnZ5RvNAvzzQySXYc-a0Wm6f7XYTK5Nmi1as9UCFDatWyBJ_LPqxoSBZvTtQ4n_dSSRPkcB0tmpNUheSIxRceYLmq92XD_taF0yFM0O0xqDUBZuUmBLF9lUah3c3-4JO6zXzOn19_fKPat5-1UYRMFQU3rNNvyIp6psmaea9C-DF3V8f3X-duS_IAttSpUDfr9hKtekBjgUMEQ7OHxvzCJC_5o0LARkd4Pz1QLbaL0waud7ym1HuZdBhAdpSyA1Oox56-LA6wa_Nbl2j80auM4Lsbr3OLQWfhjuWqF9bUSHo_jgiA",
"payload": ""
}
2021-01-29 10:39:45,345:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/200389383 HTTP/1.1" 200 1249
2021-01-29 10:39:45,347:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 29 Jan 2021 15:39:53 GMT
Content-Type: application/json
Content-Length: 1249
Connection: keep-alive
Boulder-Requester: 17778314
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 00030zx4ukT7xPBaW7E4Q7z6e-Q5xW_bU21sZGYNdNRPwwo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "www.example.com"
},
"status": "invalid",
"expires": "2021-02-05T15:39:46Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://www.example.com/.well-known/acme-challenge/jcxE8v2YawfrKvtE7Kurkz5OUJh417yQpRBZ96ys2jI [3.218.36.80]: "\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e404 Not Found\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eNot Found\u003c/h1\u003e\n\u003cp"",
"status": 403
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/200389383/OxYgmw",
"token": "jcxE8v2YawfrKvtE7Kurkz5OUJh417yQpRBZ96ys2jI",
"validationRecord": [
{
"url": "http://www.example.com/.well-known/acme-challenge/jcxE8v2YawfrKvtE7Kurkz5OUJh417yQpRBZ96ys2jI",
"hostname": "www.example.com",
"port": "80",
"addressesResolved": [
"3.218.36.80"
],
"addressUsed": "3.218.36.80"
}
]
}
]
}
2021-01-29 10:39:45,348:DEBUG:acme.client:Storing nonce: 00030zx4ukT7xPBaW7E4Q7z6e-Q5xW_bU21sZGYNdNRPwwo
2021-01-29 10:39:45,350:WARNING:certbot._internal.auth_handler:Challenge failed for domain example.com
2021-01-29 10:39:45,350:WARNING:certbot._internal.auth_handler:Challenge failed for domain www.example.com
2021-01-29 10:39:45,350:INFO:certbot._internal.auth_handler:http-01 challenge for example.com
2021-01-29 10:39:45,350:INFO:certbot._internal.auth_handler:http-01 challenge for www.example.com
2021-01-29 10:39:45,351:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:
Domain: example.com
Type: unauthorized
Detail: Invalid response from http://example.com/.well-known/acme-challenge/U-WoSrjA4mJcpszgtRhsroCO5GvXJzpjdzX7KK-jbyU [3.218.36.80]: "\n\n404 Not Found\n\n
Not Found
\n<p"Domain: www.example.com
Type: unauthorized
Detail: Invalid response from http://www.example.com/.well-known/acme-challenge/jcxE8v2YawfrKvtE7Kurkz5OUJh417yQpRBZ96ys2jI [3.218.36.80]: "\n\n404 Not Found\n\n
Not Found
\n<p"To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2021-01-29 10:39:45,352:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/var/lib/snapd/snap/certbot/889/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/var/lib/snapd/snap/certbot/889/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-01-29 10:39:45,352:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-01-29 10:39:45,353:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-01-29 10:39:45,353:DEBUG:certbot._internal.plugins.webroot:Removing /home/tst/public_html/.well-known/acme-challenge/U-WoSrjA4mJcpszgtRhsroCO5GvXJzpjdzX7KK-jbyU
2021-01-29 10:39:45,353:DEBUG:certbot._internal.plugins.webroot:Removing /home/tst/public_html/.well-known/acme-challenge/jcxE8v2YawfrKvtE7Kurkz5OUJh417yQpRBZ96ys2jI
2021-01-29 10:39:45,353:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2021-01-29 10:39:45,354:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/889/bin/certbot", line 8, in
sys.exit(main())
File "/var/lib/snapd/snap/certbot/889/lib/python3.8/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/var/lib/snapd/snap/certbot/889/lib/python3.8/site-packages/certbot/_internal/main.py", line 1421, in main
return config.func(config, plugins)
File "/var/lib/snapd/snap/certbot/889/lib/python3.8/site-packages/certbot/_internal/main.py", line 1155, in run
new_lineage = _get_and_save_cert(le_client, config, domains,
File "/var/lib/snapd/snap/certbot/889/lib/python3.8/site-packages/certbot/_internal/main.py", line 135, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/var/lib/snapd/snap/certbot/889/lib/python3.8/site-packages/certbot/_internal/client.py", line 441, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/var/lib/snapd/snap/certbot/889/lib/python3.8/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/var/lib/snapd/snap/certbot/889/lib/python3.8/site-packages/certbot/_internal/client.py", line 421, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/var/lib/snapd/snap/certbot/889/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/var/lib/snapd/snap/certbot/889/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-01-29 10:39:45,358:ERROR:certbot._internal.log:Some challenges have failed.
