Hi,
My domain is: s11made.de
I ran this command: certbot renew -v
It produced this output:
...
Processing /etc/letsencrypt/renewal/mail.s11made.de.conf
Certificate is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate for mail.s11made.de
Performing the following challenges:
http-01 challenge for mail.s11made.de
Waiting for verification...
Challenge failed for domain mail.s11made.de
http-01 challenge for mail.s11made.de
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: mail.s11made.de
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for mail.s11made.de - check that a DNS record exists for this domain
Hint: The Certificate Authority couldn't exterally verify that the standalone plugin completed the required http-01 challenges. Ensure the plugin is configured correctly and that the changes it makes are accessible from the internet.
Cleaning up challenges
Failed to renew certificate mail.s11made.de with error: Some challenges have failed.
Processing /etc/letsencrypt/renewal/s11made.de.conf
Certificate not yet due for renewal
Processing /etc/letsencrypt/renewal/shop.s11made.de.conf
Certificate not yet due for renewal
Processing /etc/letsencrypt/renewal/www.s11made.de.conf
Certificate not yet due for renewal
The following certificates are not due for renewal yet:
/etc/letsencrypt/live/cloudia.s11made.de/fullchain.pem expires on 2021-08-28 (skipped)
/etc/letsencrypt/live/ep7.s11made.de/fullchain.pem expires on 2021-09-11 (skipped)
/etc/letsencrypt/live/s11made.de/fullchain.pem expires on 2021-08-28 (skipped)
/etc/letsencrypt/live/shop.s11made.de/fullchain.pem expires on 2021-08-28 (skipped)
/etc/letsencrypt/live/www.s11made.de/fullchain.pem expires on 2021-08-28 (skipped)
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/mail.s11made.de/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version): apache 2.4
The operating system my web server runs on is (include version): centos-release-7-9.2009.1.el7.centos.x86_64
My hosting provider, if applicable, is: self host.de
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): midnight commander via ssh
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.16.0
Until April 3rd renewals of my different certs for several subdomains went ok. Before fetching the cert for my mail subdomain (mail.s11made.de) I always stopped the daemon for apache (httpd) send the command for renewal and after success started again httpd.
But since 2 days ago I received the error above. In the meantime I introduced a A-pointer and an MX record in my samba4 internal DNS. But didn't help!
I checked if port 80 is open: open!
When I check my website at Mr. Auers https://check-your-website.server-daten.de I get information under 9) that certs have expired since many days despite I renewed them yesterday or they are still valid. Hmmmm????
Output of the lets encrypt-log is as following:
....
2021-06-14 10:13:15,612:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2021-06-14 10:13:15,618:DEBUG:certbot._internal.plugins.selection:Selecting plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7fe52c4b8970>
2021-06-14 10:13:15,618:DEBUG:certbot.plugins.storage:Plugin storage file /etc/letsencrypt/.pluginstorage.json was empty, no values loaded
2021-06-14 10:13:15,618:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/mail.s11made.de.conf
2021-06-14 10:13:15,653:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2021-06-14 10:13:15,835:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2021-06-14 10:13:15,836:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/mail.s11made.de/cert26.pem is signed by the certificate's issuer.
2021-06-14 10:13:15,837:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/mail.s11made.de/cert26.pem is: OCSPCertStatus.GOOD
2021-06-14 10:13:15,838:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2021-07-02 09:41:49 UTC.
2021-06-14 10:13:15,839:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2021-06-14 10:13:15,839:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2021-06-14 10:13:15,844:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x7fe52c4bb220>
Prep: True
2021-06-14 10:13:15,844:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x7fe52c4bb220> and installer None
2021-06-14 10:13:15,844:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2021-06-14 10:13:15,892:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7fe52c4c1d30>)>), contact=('mailto:webmaster@s11made.de',), agreement='https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf', status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v01.api.letsencrypt.org/acme/reg/631995', new_authzr_uri='https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf'), 2296d400d360b319f56a7ddc93c299de, Meta(creation_dt=datetime.datetime(2016, 2, 28, 16, 19, 23, tzinfo=), creation_host='ep7.s11made.de', register_to_eff=None))>
2021-06-14 10:13:15,893:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-06-14 10:13:15,894:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-06-14 10:13:16,538:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-06-14 10:13:16,539:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 14 Jun 2021 08:13:16 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"iZo2r0uNSqE": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-06-14 10:13:16,540:DEBUG:certbot.display.util:Notifying user: Renewing an existing certificate for mail.s11made.de
2021-06-14 10:13:16,597:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0409_key-certbot.pem
2021-06-14 10:13:16,606:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0409_csr-certbot.pem
2021-06-14 10:13:16,606:DEBUG:acme.client:Requesting fresh nonce
2021-06-14 10:13:16,606:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-06-14 10:13:16,762:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-06-14 10:13:16,763:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 14 Jun 2021 08:13:16 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 00035JsIyRCA1IJ43KfaKdaeToUxtrnXc-smj44XhcizPo0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2021-06-14 10:13:16,763:DEBUG:acme.client:Storing nonce: 00035JsIyRCA1IJ43KfaKdaeToUxtrnXc-smj44XhcizPo0
2021-06-14 10:13:16,764:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "mail.s11made.de"\n }\n ]\n}'
2021-06-14 10:13:16,776:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy82MzE5OTUiLCAibm9uY2UiOiAiMDAwMzVKc0l5UkNBMUlKNDNLZmFLZGFlVG9VeHRyblhjLXNtajQ0WGhjaXpQbzAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "AC6lu4JkqrPdZ7s2_fU4nw5DSi6dTLPIWTsESeyszpJxhDdGH5Be-vrqnjo_8lx-TGJEEELLHylL0jNTjM4SdKh4L6CR5EHGaLNpzqKlhYWjxVsHZrM4wh9vNPpIoMBeJB6ZiicqW5_Kl3-B08Sda5s69DDrjMgmQ8WRkoiGISmUfrkEQmIpRZNkeVcO9uYscbU0uHbIFSMsbFx8Ic4u7J3til1t-X3kxkMC6r2VPJBzCrDmJY2aNEEzFStebYY48E-mNuZvjoySCj8LbtqvzdSWmCuUsxTFZzFmXnLaFSQu4nxU5TwOxLikshxtSnOfTXHPhwa900GgJn9hNqG43jo0vp-xWrfq1rByUne2I_JuNK0CLQe1RR_AJdMgZl5dWidVPJsOQVj3X_oifg7MJ8XgXPzB-2N1W-L7wkaqc4NIkxLIbYrtP-oGXg6qKVciAK7tUAKg8bTfiohXJn4qQnNwfiy9mKlVySO-akXslLpxCnBArLT9GQI0RzfXype6X1T23KnarFFLaRTorGSAAfdF2X9WxnSIm5mmIz7Wsggf6kD4Ij1ry1KN3zcyZZ3I9Ch6H0MVlPpQ86oNSRBsrybz08l5hhWkqgi4VOh8PFaf2_wbdGTRpBG-d71HYlXK0B8DCRcp2eJWjkag0bbeLE_4xc4JhnB9tmlOrmav1m4",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1haWwuczExbWFkZS5kZSIKICAgIH0KICBdCn0"
}
2021-06-14 10:13:17,127:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 335
2021-06-14 10:13:17,128:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Mon, 14 Jun 2021 08:13:17 GMT
Content-Type: application/json
Content-Length: 335
Connection: keep-alive
Boulder-Requester: 631995
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/631995/10384865995
Replay-Nonce: 0004KJ903v3J1ZZiLkc1Z_ZY2aDIeRiFaygBoEEVvjnkfq8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2021-06-21T08:13:16Z",
"identifiers": [
{
"type": "dns",
"value": "mail.s11made.de"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/13966607819"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/631995/10384865995"
}
2021-06-14 10:13:17,128:DEBUG:acme.client:Storing nonce: 0004KJ903v3J1ZZiLkc1Z_ZY2aDIeRiFaygBoEEVvjnkfq8
2021-06-14 10:13:17,128:DEBUG:acme.client:JWS payload:
b''
2021-06-14 10:13:17,140:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/13966607819:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy82MzE5OTUiLCAibm9uY2UiOiAiMDAwNEtKOTAzdjNKMVpaaUxrYzFaX1pZMmFESWVSaUZheWdCb0VFVnZqbmtmcTgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzEzOTY2NjA3ODE5In0",
"signature": "h_8bQH6ZDWwdJa4yri8er-j6TmKvoJ0IuvQ1-1zolUbA9s45Xnidcwbjje1W3Ak0lES8kzHAGZQPc5MsDpXfItY1s8m491szwKZXVzlTSqTzl-eQ92F6H76RfQrJwARfH0pim9316P8uL4A2tc1YiimjZbrQWWxaXotWlrQhxhFTPvXanZctMRZBbS8r0Tb6XarCJVKpDHf_hvFFz8cvyPelAQ9sSGSnA7rRKZTnzhToP8tvZXClHFbEufsncnUOkhI1w7Hm-VUbzO-vjgelVLjEMXWHsjUBCu-9XJ0lgoazo1yKHMwGQxGhMrM8BJnTy-xxeH4X5TrSNMqyEfqO32B7-VBMZfEAZ9ejWXmsskzlTu6JuBW1KVJJzhRl2mm0jzdqXGu2ck3vHtX0GTDaHxsh4E14HFu68RnxTVWKOSLCc04IyhqgFTFI2JirGJKSlxL6uYA0oOUdcWSZT7cl5M1vbUEGivJXiQN7w0Wlk61QiZNnkWopJw62QUK2Pr5XkGLMdMLj6YoFQb_rCmAzpuuGAJc7EejHPRuToXVjccr6O3vayjH1F_eI17p9KOtaPkuFw1LhWlpGV5byApFphK13ZQRKhJAFSGuhHHHeJB_o9RSY2QZOq-p2Im7FKLg5tAJUkwuu2b1k-YfGds-qGms3I12DtJBqehM6b6rWbGw",
"payload": ""
}
2021-06-14 10:13:17,335:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13966607819 HTTP/1.1" 200 796
2021-06-14 10:13:17,336:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 14 Jun 2021 08:13:17 GMT
Content-Type: application/json
Content-Length: 796
Connection: keep-alive
Boulder-Requester: 631995
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0004Ja5Lnm1ZmlFxZpS_pV-Kf_qSgz0DzCqZBemcoAkvU1U
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "mail.s11made.de"
},
"status": "pending",
"expires": "2021-06-21T08:13:16Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13966607819/08FReQ",
"token": "9EnMmUjqm3cdzIpwwncaQmuSOqE2F3TIPhXkOSGg1J0"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13966607819/XsyfMA",
"token": "9EnMmUjqm3cdzIpwwncaQmuSOqE2F3TIPhXkOSGg1J0"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13966607819/S7EZqg",
"token": "9EnMmUjqm3cdzIpwwncaQmuSOqE2F3TIPhXkOSGg1J0"
}
]
}
2021-06-14 10:13:17,336:DEBUG:acme.client:Storing nonce: 0004Ja5Lnm1ZmlFxZpS_pV-Kf_qSgz0DzCqZBemcoAkvU1U
2021-06-14 10:13:17,337:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-06-14 10:13:17,337:INFO:certbot._internal.auth_handler:http-01 challenge for mail.s11made.de
2021-06-14 10:13:17,337:DEBUG:acme.standalone:Successfully bound to :80 using IPv6
2021-06-14 10:13:17,338:DEBUG:acme.standalone:Certbot wasn't able to bind to :80 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
2021-06-14 10:13:17,339:DEBUG:acme.client:JWS payload:
b'{}'
2021-06-14 10:13:17,351:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/13966607819/08FReQ:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy82MzE5OTUiLCAibm9uY2UiOiAiMDAwNEphNUxubTFabWxGeFpwU19wVi1LZl9xU2d6MER6Q3FaQmVtY29Ba3ZVMVUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzEzOTY2NjA3ODE5LzA4RlJlUSJ9",
"signature": "QnRCF-MbM4GnM6CMqlle44uJ6qsZmng-9epNSnygGxnD2LmIRSH7QUXDAXfLj7SQG4RBpzxe7HT9dRqTheHeY3SxacgiNQYMeeIhz6KEkQkz6kPT7Vx9DepqshphjW90WdCFy6MrZ9mVhypQJTWVZifbyjW9VA5Ri-y3dYOqjHWzHsAOxJJw7JyINnS9_WnGmJbelDeHEVKGcsRkBRNcZ-Qw1TQRX7EnzxmpPNsZQ6RYyvWl5ItwbTAyUcioCS6xTaRo0FHL10DtAAnOUFdUpgMUKnHSoJEG1ZGhTLT4M-DBss2MJP3q5MbUwA5yMX-MvXwvzkJ2nVtEenXKuZLe-AIhcGPJKscBn2DLnxBQk3oVYd80hXkrDttdAZw7Syw-Sl6aujhVt92bbRYRnioU59q9aupGiojwqL1gsf61IEPqty9qwGCcg_IfSpzzUj-96jjiUNjHeOERYbdf8a4YP17Txy3xhTjXezl_0RkbkW2l8LXbyucl6RLpFov4czRnWzckQJzBvs5bQP-TAJZVSwRB_fqUPojzNYlV5dugrPkSEdneS0Ct2NGx3gOEQby6JUdBTMWsurmAAMXbd-IusKSb-tNjm-dm5j8AqO51wG0nzjBsD7MJYJFLwLhA-Rild-W2MBYV-FWHZocoHp9YtRrM9wZ-UBLGnRugGi4-3Z4",
"payload": "e30"
}
2021-06-14 10:13:17,574:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/13966607819/08FReQ HTTP/1.1" 200 186
2021-06-14 10:13:17,574:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 14 Jun 2021 08:13:17 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 631995
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz-v3/13966607819;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/13966607819/08FReQ
Replay-Nonce: 0004QfTwDg_J2SvAYZl4pU-_p1gqv2WH_l0SqGpWi7TN8dE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13966607819/08FReQ",
"token": "9EnMmUjqm3cdzIpwwncaQmuSOqE2F3TIPhXkOSGg1J0"
}
2021-06-14 10:13:17,574:DEBUG:acme.client:Storing nonce: 0004QfTwDg_J2SvAYZl4pU-_p1gqv2WH_l0SqGpWi7TN8dE
2021-06-14 10:13:17,575:INFO:certbot._internal.auth_handler:Waiting for verification...
2021-06-14 10:13:18,576:DEBUG:acme.client:JWS payload:
b''
2021-06-14 10:13:18,588:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/13966607819:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy82MzE5OTUiLCAibm9uY2UiOiAiMDAwNFFmVHdEZ19KMlN2QVlabDRwVS1fcDFncXYyV0hfbDBTcUdwV2k3VE44ZEUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzEzOTY2NjA3ODE5In0",
"signature": "QyKPJSdFsc_xg0_tQrWfIAgaB9O-B3eVGCQlrUEpLb_vzq1ElJihMU4A-7WA7kq7OPB6ihnUeFR2i7wUAHrfo2fpdEM59trGAq-xc8NSc0OMfxdIr9SpctWDUiYBo1mqiVroAUCOndPZQPKHa10Wbzj1UX1m99_hJpI3ENv-oFrMX7VN-Iba5iviN0Q2Lr94XIArtES0MKdNe47wrugg627i0JP9SldVMVkQS9FxEiVbcISoYW20bS13aq8t_YU5E7sLRKUgVVO62T-zOw8FGmPvvxsLfC-trUUxQpoPIWXB1cAA4DUlq_Y_iV60pH-y7pWwF32G9uS1w-TZSQGzoGA4rtZu4DdQxSkNdMYuigVc0gMC4mKGSJoWzeTwfUnWYiI6VQLySTf95E7q-7xeXwNoq3Tgi3JBp2TnW3B58XOA2TvdFhWyfdLLI8pCi6eRKNfX7h9hSKlj6DyyFdFFgWj8iLQbvapDLlGUrhjMoPGYp8vrOufPVG23WP9y15orqpH5Au5MlO5vY2kP52lhWI89S5OIumoFCcMgxhPxJbq13QFMdkhLGpei221l6854DCo_uiwnrorYeSTb_waorV-Rs2I4X1FrMmMopOzetzsRXiC8Ulp4EauRrec6AEdljvKboiBvU5M0jJetvK61PULMcpMISkzL0CiyX08xTGI",
"payload": ""
}
2021-06-14 10:13:18,776:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13966607819 HTTP/1.1" 200 635
2021-06-14 10:13:18,777:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 14 Jun 2021 08:13:18 GMT
Content-Type: application/json
Content-Length: 635
Connection: keep-alive
Boulder-Requester: 631995
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0003TMfRhtMmufMCMsMXE5Q8Bc-bxc-6aAkwRPX2vaSpwAk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "mail.s11made.de"
},
"status": "invalid",
"expires": "2021-06-21T08:13:16Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:dns",
"detail": "DNS problem: NXDOMAIN looking up A for mail.s11made.de - check that a DNS record exists for this domain",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13966607819/08FReQ",
"token": "9EnMmUjqm3cdzIpwwncaQmuSOqE2F3TIPhXkOSGg1J0",
"validated": "2021-06-14T08:13:17Z"
}
]
}
2021-06-14 10:13:18,777:DEBUG:acme.client:Storing nonce: 0003TMfRhtMmufMCMsMXE5Q8Bc-bxc-6aAkwRPX2vaSpwAk
2021-06-14 10:13:18,777:INFO:certbot._internal.auth_handler:Challenge failed for domain mail.s11made.de
2021-06-14 10:13:18,778:INFO:certbot._internal.auth_handler:http-01 challenge for mail.s11made.de
2021-06-14 10:13:18,778:DEBUG:certbot.display.util:Notifying user:
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: mail.s11made.de
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for mail.s11made.de - check that a DNS record exists for this domain
Hint: The Certificate Authority couldn't exterally verify that the standalone plugin completed the required http-01 challenges. Ensure the plugin is configured correctly and that the changes it makes are accessible from the internet.
2021-06-14 10:13:18,778:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/var/lib/snapd/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 93, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/var/lib/snapd/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 181, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-06-14 10:13:18,779:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-06-14 10:13:18,779:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-06-14 10:13:18,779:DEBUG:certbot._internal.plugins.standalone:Stopping server at :::80...
2021-06-14 10:13:18,840:ERROR:certbot._internal.renewal:Failed to renew certificate mail.s11made.de with error: Some challenges have failed.
2021-06-14 10:13:18,841:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/var/lib/snapd/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 474, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/var/lib/snapd/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 1366, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/var/lib/snapd/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 117, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/var/lib/snapd/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 333, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/var/lib/snapd/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/client.py", line 375, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/var/lib/snapd/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/client.py", line 425, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/var/lib/snapd/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 93, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/var/lib/snapd/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 181, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
...
Thanx in advance for help!
kormorix
