Cert creation fail

Help
1

My domain is:
psiapp.com.br

It produced this output:
Trying to create using nginx proxy manager: latest

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-17" --agree-tos --authenticator webroot --email "filsantos1984@gmail.com" --preferred-challenges "dns,http" --domains "psiapp.com.br"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

at ChildProcess.exithandler (node:child_process:399:12)
at ChildProcess.emit (node:events:526:28)
at maybeClose (node:internal/child_process:1092:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5)

My web server is (include version):
nginx

The operating system my web server runs on is (include version):
AWS - Ubuntu

I can login to a root shell on my machine (yes or no, or I don't know):
yes

2

Hello @FilSantos, welcome to the Let's Encrypt community. :slightly_smiling_face:

Please share the output of
nginx -v
certbot --version or certbot-auto --version
and grep VERSION /etc/os-release

3 Likes
3

Hi @FilSantos, and welcome to the LE community forum :slight_smile:

NPM can be a challenge to get working correctly.
It might help us if you also showed the entire contents of the log file:
/var/log/letsencrypt/letsencrypt.log

[along with what @Bruce5051 requested]

4 Likes
4

Also have there been recent changes? You have received certificates in the recent past, shown here: https://crt.sh/?q=psiapp.com.br

2 Likes
5 
2022-09-13 23:55:51,825:DEBUG:certbot._internal.main:certbot version: 1.25.0
2022-09-13 23:55:51,826:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2022-09-13 23:55:51,826:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-21', '--agree-tos', '--authenticator', 'webroot', '--email', 'filsantos1984@gmail.com', '--preferred-challenges', 'dns,http', '--domains', 'admin.psiapp.com.br']
2022-09-13 23:55:51,827:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-09-13 23:55:51,870:DEBUG:certbot._internal.log:Root logging level set at 30
2022-09-13 23:55:51,872:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2022-09-13 23:55:51,882:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0xffffb4d5d080>
Prep: True
2022-09-13 23:55:51,883:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0xffffb4d5d080> and installer None
2022-09-13 23:55:51,883:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2022-09-13 23:55:51,889:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/728477197', new_authzr_uri=None, terms_of_service=None), 11db833e125964061b6fb462b6914e33, Meta(creation_dt=datetime.datetime(2022, 9, 12, 15, 33, 52, tzinfo=<UTC>), creation_host='375b47e8a37e', register_to_eff=None))>
2022-09-13 23:55:51,891:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-09-13 23:55:51,895:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-09-13 23:55:52,039:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 672
2022-09-13 23:55:52,040:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 13 Sep 2022 23:55:52 GMT
Content-Type: application/json
Content-Length: 672
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "Vr7HPLRvgNk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017-w-v1.3-notice.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2022-09-13 23:55:52,041:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for admin.psiapp.com.br
2022-09-13 23:55:52,046:DEBUG:certbot.crypto_util:Generating ECDSA key (2048 bits): /etc/letsencrypt/keys/0020_key-certbot.pem
2022-09-13 23:55:52,051:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0020_csr-certbot.pem
2022-09-13 23:55:52,052:DEBUG:acme.client:Requesting fresh nonce
2022-09-13 23:55:52,052:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2022-09-13 23:55:52,101:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-09-13 23:55:52,102:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 13 Sep 2022 23:55:52 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101jByGcqUrhBD2MeoqHQBXHxBAoYwaaWGosD2ahzE-Y94
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2022-09-13 23:55:52,102:DEBUG:acme.client:Storing nonce: 0101jByGcqUrhBD2MeoqHQBXHxBAoYwaaWGosD2ahzE-Y94
2022-09-13 23:55:52,103:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "admin.psiapp.com.br"\n    }\n  ]\n}'
2022-09-13 23:55:52,108:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzI4NDc3MTk3IiwgIm5vbmNlIjogIjAxMDFqQnlHY3FVcmhCRDJNZW9xSFFCWEh4QkFvWXdhYVdHb3NEMmFoekUtWTk0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "BR3yR2KabxkynrV2U1E4tWEt1bFAA-J9qyGMFERfA_LJZSDBFdRoX17YUdufrLv4DHUFRaY9yfsZnEvRaR8JboCV0aSne5m9p0dej5r8JPfcYJZrsDPKUJOmYSKnhs-cbO8HfrlXXKjW7lGL5yfgN4t19IMCNBAA-duK1T1FmYH7_WBbVEtY_Is33Rs4_n8BOLstPe8oBcKO56TWc_HC6pFa3vaz3jOTAiHg2saOdt0tFegymQGfZ_1_hLtSG5opxxKMxc8gsvL0NnN7PNZwroh0V9jWOIFoVGmxqQVDNIqrWQ8jc8WiZRx9djHKNllrmVCDh6gH9p0LZKEss3oEBw",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImFkbWluLnBzaWFwcC5jb20uYnIiCiAgICB9CiAgXQp9"
}
2022-09-13 23:55:52,402:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 344
2022-09-13 23:55:52,403:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 13 Sep 2022 23:55:52 GMT
Content-Type: application/json
Content-Length: 344
Connection: keep-alive
Boulder-Requester: 728477197
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/728477197/125253007547
Replay-Nonce: 0101x_iOcePpNH3wMdkFBiycNDi3NxQmXizppKJa7SkZKY4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2022-09-20T23:55:52Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "admin.psiapp.com.br"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/153090474517"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/728477197/125253007547"
}
2022-09-13 23:55:52,403:DEBUG:acme.client:Storing nonce: 0101x_iOcePpNH3wMdkFBiycNDi3NxQmXizppKJa7SkZKY4
2022-09-13 23:55:52,404:DEBUG:acme.client:JWS payload:
b''
2022-09-13 23:55:52,409:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/153090474517:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzI4NDc3MTk3IiwgIm5vbmNlIjogIjAxMDF4X2lPY2VQcE5IM3dNZGtGQml5Y05EaTNOeFFtWGl6cHBLSmE3U2taS1k0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNTMwOTA0NzQ1MTcifQ",
  "signature": "QB5qjmclS2XdVx7qaBZ7xst5WaIP3EuE96LgU2Z-oHINUmbN7iifmgTz43LYRl0Ta6c6Lny5-2QxFcY_79k5GjKCSg_IWefcmhbkhM2gbLSthnlU4PVQFZre-9UN09Dfab8kErn-KnaO4t4zwxt8gAO4R29JP2MLzUckLtz7k5o4-1zoLUhN7MEKFXxjeZ6CAQHCPQagQnobxScBIoZigzxBHT57HJG2uYQvU7kzKBMu9b7PpHo0GJWLOVal7nms1FvcZFSdZuVuGRfig-Zzewa_aZPmDJRd_KcM0UR5dVqxlDO6k8jt5dPcZtx7Jy1fGI6SnCrRw0NiLzbCwgQHlA",
  "payload": ""
}
2022-09-13 23:55:52,472:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/153090474517 HTTP/1.1" 200 803
2022-09-13 23:55:52,473:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 13 Sep 2022 23:55:52 GMT
Content-Type: application/json
Content-Length: 803
Connection: keep-alive
Boulder-Requester: 728477197
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101mAqUqNUQLbpqgzBYmnLdeCkCNyDBYuCIGXMaKCIB8Jg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "admin.psiapp.com.br"
  },
  "status": "pending",
  "expires": "2022-09-20T23:55:52Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/153090474517/8s0AIA",
      "token": "Ic1fT_8dW7n-29gaFfd3vKr0tLHkWZPBkKUjkzk4GmA"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/153090474517/ywLPgQ",
      "token": "Ic1fT_8dW7n-29gaFfd3vKr0tLHkWZPBkKUjkzk4GmA"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/153090474517/70jyTw",
      "token": "Ic1fT_8dW7n-29gaFfd3vKr0tLHkWZPBkKUjkzk4GmA"
    }
  ]
}
2022-09-13 23:55:52,473:DEBUG:acme.client:Storing nonce: 0101mAqUqNUQLbpqgzBYmnLdeCkCNyDBYuCIGXMaKCIB8Jg
2022-09-13 23:55:52,474:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-09-13 23:55:52,474:INFO:certbot._internal.auth_handler:http-01 challenge for admin.psiapp.com.br
2022-09-13 23:55:52,475:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2022-09-13 23:55:52,475:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2022-09-13 23:55:52,479:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/Ic1fT_8dW7n-29gaFfd3vKr0tLHkWZPBkKUjkzk4GmA
2022-09-13 23:55:52,480:DEBUG:acme.client:JWS payload:
b'{}'
2022-09-13 23:55:52,485:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/153090474517/8s0AIA:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzI4NDc3MTk3IiwgIm5vbmNlIjogIjAxMDFtQXFVcU5VUUxicHFnekJZbW5MZGVDa0NOeURCWXVDSUdYTWFLQ0lCOEpnIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xNTMwOTA0NzQ1MTcvOHMwQUlBIn0",
  "signature": "V7N2O3OFYvNgyUQjPJPvpYoZ_pStOLN4KG9JIQdks3kz5PReYW4pn4s1PU7Tdyx-t8oXBE65yxT1ae4jcE0pqGouCX-urIlqrgYk1weEQBOwlg9Xg8Hw1NyRv9wSbwIe6fiQlO3ooLs0OR8_VtL8aXXBBZNN6G52bQDXVNkFypyLfjxESu71TzhvW-pCqUcu9lZQuD-G6ROSvMbJ2fWUYN7QnmotNWXmfEbo0cLscqL-qrvR3mzOEAen6cEmebvWbeusjk5kgUKsi-iYpQt92TUrCsP6bhQKBC5SAHCjWkP79mm1fse9XXYThEtTPZYhZ5m_qchlr8RWz6cbD6c1MA",
  "payload": "e30"
}
2022-09-13 23:55:52,577:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/153090474517/8s0AIA HTTP/1.1" 200 187
2022-09-13 23:55:52,578:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 13 Sep 2022 23:55:52 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 728477197
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/153090474517>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/153090474517/8s0AIA
Replay-Nonce: 0101qrPrhTSZ23OPfVXAlf2IR_m5m4V2hbAy8H26ry_SSXI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/153090474517/8s0AIA",
  "token": "Ic1fT_8dW7n-29gaFfd3vKr0tLHkWZPBkKUjkzk4GmA"
}
2022-09-13 23:55:52,578:DEBUG:acme.client:Storing nonce: 0101qrPrhTSZ23OPfVXAlf2IR_m5m4V2hbAy8H26ry_SSXI
2022-09-13 23:55:52,579:INFO:certbot._internal.auth_handler:Waiting for verification...
2022-09-13 23:55:53,580:DEBUG:acme.client:JWS payload:
b''
2022-09-13 23:55:53,585:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/153090474517:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzI4NDc3MTk3IiwgIm5vbmNlIjogIjAxMDFxclByaFRTWjIzT1BmVlhBbGYySVJfbTVtNFYyaGJBeThIMjZyeV9TU1hJIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNTMwOTA0NzQ1MTcifQ",
  "signature": "CQhpUDWrxxpOqj4vOCT2B1rwi0qA0WgBv4c0_3dC8DLSGfIe_6wA1Sp9phf1XLCZNg0LstP8PbnVuuuZkucx0NieZJQq1kNGTTJI_ZFDN-GTfBv3-hHpcDbKABTMkzompDxtfYJszJV-rNEUfaaOhLAQVkuni3azdL1mmjjdrTSXk-a2FjikmuSnazi55t-9qXM0pgRfp7gs-7CrkS6ynjXY2uq_FFHZ5iNxAT3K_-fKw3mNfj9Yb_GBAdLnl-_7YTuNYemzzs7zu3P-ir1fSsa4o5jzUKyZQQO46Q6-9cGk4Gj54HEAgtLd5eHjf1IWHmUvTJBL9p2mUZ7-bM0jrQ",
  "payload": ""
}
2022-09-13 23:55:53,650:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/153090474517 HTTP/1.1" 200 803
2022-09-13 23:55:53,650:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 13 Sep 2022 23:55:53 GMT
Content-Type: application/json
Content-Length: 803
Connection: keep-alive
Boulder-Requester: 728477197
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101-WJQzOG3tTzVAc3Gfi2OVvNR9DocoS-iOomjuxfqxPU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "admin.psiapp.com.br"
  },
  "status": "pending",
  "expires": "2022-09-20T23:55:52Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/153090474517/8s0AIA",
      "token": "Ic1fT_8dW7n-29gaFfd3vKr0tLHkWZPBkKUjkzk4GmA"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/153090474517/ywLPgQ",
      "token": "Ic1fT_8dW7n-29gaFfd3vKr0tLHkWZPBkKUjkzk4GmA"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/153090474517/70jyTw",
      "token": "Ic1fT_8dW7n-29gaFfd3vKr0tLHkWZPBkKUjkzk4GmA"
    }
  ]
}
2022-09-13 23:55:53,651:DEBUG:acme.client:Storing nonce: 0101-WJQzOG3tTzVAc3Gfi2OVvNR9DocoS-iOomjuxfqxPU
2022-09-13 23:55:56,655:DEBUG:acme.client:JWS payload:
b''
2022-09-13 23:55:56,660:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/153090474517:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzI4NDc3MTk3IiwgIm5vbmNlIjogIjAxMDEtV0pRek9HM3RUelZBYzNHZmkyT1Z2TlI5RG9jb1MtaU9vbWp1eGZxeFBVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNTMwOTA0NzQ1MTcifQ",
  "signature": "S0qNVABZHGfXnFd63yHeOsSDS30eH9ij7MSOABuPR2n_0RdDlnIb2Bk9tidwCzeB5MCQzEs4zjNbEuuhxVoNqhrqDHLWQHMeLxdTnGuhShoB2n7ALNfBg0aIXXrzrHn2j01oSacpPb2mykiCRNCA4hAIx2aUVHsyr4vbdyiabduQzMQQaoayPSZP1VF9IldSfn7l-RFKwcsb-mc71Yf78mSkNXk1QDoLDPI-UgK3tDvX02DvwdGoG39QECBj5Mn8am5FK3jkT2PeFkJOEXhzJq9WvEpfXbvM0eTauh1OfffWYfIomc4d0UlRS68mznuwtenhl53D3MCChOB1wx1kug",
  "payload": ""
}
2022-09-13 23:55:56,724:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/153090474517 HTTP/1.1" 200 1611
2022-09-13 23:55:56,725:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 13 Sep 2022 23:55:56 GMT
Content-Type: application/json
Content-Length: 1611
Connection: keep-alive
Boulder-Requester: 728477197
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101uPj9xYLG7E0jS_HpX6l64aEkTYir15By8HPkxIT2Ig8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "admin.psiapp.com.br"
  },
  "status": "invalid",
  "expires": "2022-09-20T23:55:52Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "54.207.226.246: Invalid response from https://admin.psiapp.com.br/.well-known/acme-challenge/Ic1fT_8dW7n-29gaFfd3vKr0tLHkWZPBkKUjkzk4GmA: \"\u003c!doctype html\u003e\\n\u003chtml lang=\\\"en\\\"\u003e\\n\\n\u003chead\u003e\\n  \u003cmeta charset=\\\"utf-8\\\"\u003e\\n  \u003ctitle\u003ePsiapp | Administrador\u003c/title\u003e\\n  \u003cbase href=\\\"/\\\"\u003e\\n  \u003cm\"",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/153090474517/8s0AIA",
      "token": "Ic1fT_8dW7n-29gaFfd3vKr0tLHkWZPBkKUjkzk4GmA",
      "validationRecord": [
        {
          "url": "http://admin.psiapp.com.br/.well-known/acme-challenge/Ic1fT_8dW7n-29gaFfd3vKr0tLHkWZPBkKUjkzk4GmA",
          "hostname": "admin.psiapp.com.br",
          "port": "80",
          "addressesResolved": [
            "54.207.226.246"
          ],
          "addressUsed": "54.207.226.246"
        },
        {
          "url": "https://admin.psiapp.com.br/.well-known/acme-challenge/Ic1fT_8dW7n-29gaFfd3vKr0tLHkWZPBkKUjkzk4GmA",
          "hostname": "admin.psiapp.com.br",
          "port": "443",
          "addressesResolved": [
            "54.207.226.246"
          ],
          "addressUsed": "54.207.226.246"
        }
      ],
      "validated": "2022-09-13T23:55:52Z"
    }
  ]
}
2022-09-13 23:55:56,725:DEBUG:acme.client:Storing nonce: 0101uPj9xYLG7E0jS_HpX6l64aEkTYir15By8HPkxIT2Ig8
2022-09-13 23:55:56,726:INFO:certbot._internal.auth_handler:Challenge failed for domain admin.psiapp.com.br
2022-09-13 23:55:56,726:INFO:certbot._internal.auth_handler:http-01 challenge for admin.psiapp.com.br
2022-09-13 23:55:56,726:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: admin.psiapp.com.br
  Type:   unauthorized
  Detail: 54.207.226.246: Invalid response from https://admin.psiapp.com.br/.well-known/acme-challenge/Ic1fT_8dW7n-29gaFfd3vKr0tLHkWZPBkKUjkzk4GmA: "<!doctype html>\n<html lang=\"en\">\n\n<head>\n  <meta charset=\"utf-8\">\n  <title>Psiapp | Administrador</title>\n  <base href=\"/\">\n  <m"

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2022-09-13 23:55:56,727:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2022-09-13 23:55:56,727:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-09-13 23:55:56,727:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-09-13 23:55:56,728:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/Ic1fT_8dW7n-29gaFfd3vKr0tLHkWZPBkKUjkzk4GmA
2022-09-13 23:55:56,728:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2022-09-13 23:55:56,729:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1715, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1574, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 139, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 513, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 441, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 493, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-09-13 23:55:56,730:ERROR:certbot._internal.log:Some challenges have failed.
6

[root@docker-375b47e8a37e:/app]****# nginx -v

nginx version: openresty/1.19.9.1

[root@docker-375b47e8a37e:/app]****# certbot --version

certbot 1.25.0

[root@docker-375b47e8a37e:/app]****# grep VERSION /etc/os-release

VERSION_ID="10"

VERSION="10 (buster)"

VERSION_CODENAME=buster

7 
"detail": "54.207.226.246: Invalid response from https://admin.psiapp.com.br/.well-known/acme-challenge/Ic1fT_8dW7n-29gaFfd3vKr0tLHkWZPBkKUjkzk4GmA: \"\u003c!doctype html\u003e\\n\u003chtml lang=\\\"en\\\"\u003e\\n\\n\u003chead\u003e\\n  \u003cmeta charset=\\\"utf-8\\\"\u003e\\n  \u003ctitle\u003ePsiapp | Administrador\u003c/title\u003e\\n  \u003cbase href=\\\"/\\\"\u003e\\n  \u003cm\"",
"status": 403

The HTTP challenge request was redirected to HTTPS and then denied access.

4 Likes
8

That looks like Debian 10.0

2 Likes
9

But I dont have resquest with challenge

10

@Bruce5051 its a docke container

1 Like
11

The challenge request is automatic (required) with each certificate request.

May we see the output of?:
nginx -T

4 Likes
12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.