certbot 2.11.0
# apachectl -v
Server version: Apache/2.4.62 (Unix)
Operating system NetBSD 10.0
I admin the machine and have ssh access.
Can curl -L -k
from a remote host to the files saved at the /var/letsencrypt/http_challenge
directory.
$ httpd -S
VirtualHost configuration:
*:80 myserver.tld (/usr/pkg/etc/httpd/httpd-vhosts.conf:23)
*:443 myserver.tld (/usr/pkg/etc/httpd/httpd-vhosts.conf:42)
ServerRoot: "/usr/pkg"
Main DocumentRoot: "/var/www/htdocs"
Main ErrorLog: "/var/log/httpd/error_log"
Mutex default: dir="/var/run/" mechanism=default
Mutex ssl-stapling-refresh: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
PidFile: "/var/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www" id=1100 not_used
Group: name="www" id=1100 not_used
The apache virtual hosts section:
<VirtualHost *:80>
ServerName mydomain.tld
ServerAlias www.mydomain.tld
ServerAdmin webmaster@mydomain.tld
DocumentRoot "/var/www/wordpress"
Redirect permanent / https://mydomain.tld/
</VirtualHost>
<VirtualHost *:443>
ServerName mydomain.tld
ServerAlias www.mydomain.tld
ServerAdmin webmaster@mydomain.tld
DocumentRoot "/var/www/wordpress"
ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:///var/run/php-fpm/mydomain.tld.sock|fcgi://127.0.0.1:9000/var/www/wordpress timeout=300
DirectoryIndex index.html index.php
ErrorLog "/var/log/httpd/mydomain.tld-error_log"
CustomLog "/var/log/httpd/mydomain.tld-access_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
AliasMatch /.well-known/acme-challenge/(.*)$ /var/letsencrypt/http_challenges/$1
<directory /var/letsencrypt/http_challenges>
AllowOverride None
Require all granted
</directory>
<If "%{HTTP_HOST} == 'www.mydomain.tld'">
Redirect permanent / https://mydomain.tld/
</If>
<Directory /var/www/wordpress>
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
I ran several comands either with --apache
or --webroot
.
Last one:
certbot-3.12 certonly --webroot --agree-tos --no-eff-email --webroot-path /var/letsencrypt/http_challenges -d mydomain.tld -d www.mydomain.tld --dry-run
It produced this output:
Root logging level set at 10
Saving debug log to /var/letsencrypt/log/letsencrypt.log
Requested authenticator webroot and installer None
Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A seperate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x76a6704ea0c0>
Prep: True
Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x76a6704ea0c0> and installer None
Plugins selected: Authenticator webroot, Installer None
Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/159537723', new_authzr_uri=None, terms_of_service=None), b387f4f0299c2f78e158aa03526ee71f, Meta(creation_dt=datetime.datetime(2024, 8, 15, 15, 43, 53, tzinfo=<UTC>), creation_host='loja.mydomain.tld', register_to_eff=None))>
Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/11" 200 820
Received response:
HTTP 200
Server: nginx
Date: Tue, 19 Nov 2024 22:35:52 GMT
Content-Type: application/json
Content-Length: 820
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"l4sj4VUCPRQ": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
"website": "https://letsencrypt.org/docs/staging-environment/"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
Should renew, less than 30 days before certificate expiry 2024-11-13 14:35:31 UTC.
Certificate is due for renewal, auto-renewing...
Notifying user: Simulating renewal of an existing certificate for mydomain.tld and www.mydomain.tld
Simulating renewal of an existing certificate for mydomain.tld and www.mydomain.tld
Requesting fresh nonce
Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/11" 200 0
Received response:
HTTP 200
Server: nginx
Date: Tue, 19 Nov 2024 22:35:52 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: FW9SwLSL_8auA4SJhidK542D6X_0-hsguAB35A13qn-8hcoN9cE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Storing nonce: FW9SwLSL_8auA4SJhidK542D6X_0-hsguAB35A13qn-8hcoN9cE
JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "mydomain.tld"\n },\n {\n "type": "dns",\n "value": "www.mydomain.tld"\n }\n ]\n}'
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTk1Mzc3MjMiLCAibm9uY2UiOiAiRlc5U3dMU0xfOGF1QTRTSmhpZEs1NDJENlhfMC1oc2d1QUIzNUExM3FuLThoY29OOWNFIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "ZD_2MLV43KPonVKAlxiTuhiO61V6wscWsvOdpEQzqbdHWIdNO2cZg_dMJRZsq9qF-V_9qd_PJYmatPfDxyrUNviQHqCIRJxSCfKDWi2JwB5MWSoaFpHJK4fS3bLk3zmWF6rW9O43vOxErm1WwPFoXm4JcSKrOM6_JN-3Uh1aA43f88iNY4SWEFWj3TV2tEmXPgb38KzW-X_LoKmExeI7_dXirnJzgwy_dXHH6RSX-jqqj4AbUmMxfO1QNocPt6Q7faA9zyC6Mi2z7KmLniv9e0JTmzrDNgxFU-3epW2VjCQNe6iKHnYrf15jae2tZlCsrIUI_Nucr9-NIl_7vuvgTw",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNhdWRlcmVub3ZhZGEucHQiCiAgICB9LAogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAid3d3LnNhdWRlcmVub3ZhZGEucHQiCiAgICB9CiAgXQp9"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/11" 201 519
Received response:
HTTP 201
Server: nginx
Date: Tue, 19 Nov 2024 22:35:52 GMT
Content-Type: application/json
Content-Length: 519
Connection: keep-alive
Boulder-Requester: 159537723
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/159537723/20630789153
Replay-Nonce: jDZhkUVkBxRKPKJt2EE7nWCJXUai1yDwVHfAIpnx9D38hIfEuss
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2024-11-26T22:35:52Z",
"identifiers": [
{
"type": "dns",
"value": "mydomain.tld"
},
{
"type": "dns",
"value": "www.mydomain.tld"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz/159537723/14993140323",
"https://acme-staging-v02.api.letsencrypt.org/acme/authz/159537723/14993140333"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/159537723/20630789153"
}
Storing nonce: jDZhkUVkBxRKPKJt2EE7nWCJXUai1yDwVHfAIpnx9D38hIfEuss
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/159537723/14993140323:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTk1Mzc3MjMiLCAibm9uY2UiOiAiakRaaGtVVmtCeFJLUEtKdDJFRTduV0NKWFVhaTF5RHdWSGZBSXBueDlEMzhoSWZFdXNzIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzE1OTUzNzcyMy8xNDk5MzE0MDMyMyJ9",
"signature": "I-1aKdO1kxlM6N9o6liM4bC5qSVuKVgAhJFyN3McAEfZ0COFbb5U9cKtR-2MxTrqvUuzL6JPIS9AjG2T-t1ipZr_eQuGYCqYSQ5N6aRfTHldzrCl7N3ijp-UVdh0yItne5hdW8YRrAezZl4dtLrHRWmbFv5FKggxc_pWwpyr3MUlVtbU3VDoC0iRIsVw5dZNLCSEcDS5eZRklbciBnuwpX7FrRT4_RpAYgAQXUNs8lmkGc49b94co-fqoNH0upfPZOQro2GXMKRh84LD2BOYzU9Le2vXHA4jRGnPDOiPMX3sybmZOTfQ8bscJ_-lzw4nLDPzqpfE8huW4m0NugDHSA",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/159537723/14993140323 HTTP/11" 200 842
Received response:
HTTP 200
Server: nginx
Date: Tue, 19 Nov 2024 22:35:52 GMT
Content-Type: application/json
Content-Length: 842
Connection: keep-alive
Boulder-Requester: 159537723
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: jDZhkUVk79OhTMzdzjEMfV8FfoiwgWoDkf1GTyfo1d-IQxaKlX4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "mydomain.tld"
},
"status": "pending",
"expires": "2024-11-26T22:35:52Z",
"challenges": [
{
"type": "tls-alpn-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/159537723/14993140323/1DVPeg",
"status": "pending",
"token": "mehmFbD37afIy0wZT1QXiAjbB7CTywl_q4PCnTpCSM8"
},
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/159537723/14993140323/5mrWAQ",
"status": "pending",
"token": "mehmFbD37afIy0wZT1QXiAjbB7CTywl_q4PCnTpCSM8"
},
{
"type": "dns-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/159537723/14993140323/GycccQ",
"status": "pending",
"token": "mehmFbD37afIy0wZT1QXiAjbB7CTywl_q4PCnTpCSM8"
}
]
}
Storing nonce: jDZhkUVk79OhTMzdzjEMfV8FfoiwgWoDkf1GTyfo1d-IQxaKlX4
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/159537723/14993140333:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTk1Mzc3MjMiLCAibm9uY2UiOiAiakRaaGtVVms3OU9oVE16ZHpqRU1mVjhGZm9pd2dXb0RrZjFHVHlmbzFkLUlReGFLbFg0IiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzE1OTUzNzcyMy8xNDk5MzE0MDMzMyJ9",
"signature": "DgavIDmMtmAiMXX-Kj9UNSOgBYZcm0tRsZJ4AGkUHg3A-avjk1Gp6MM4oHhwYivyjPmHqRuHQeT4CsMn3SQkiIsK_LJmNUqc_wrhXhBStTJ8IcoODvuDEU5Em_KXK0G_ULl48NaIr4XBnVBUMdKY5skBShYJqy3Hhz8_5V58iKEuApHzw9AuYOWesa9cflQoBvieiHkuggWbWGpQut5-fg14IYf_ZrWgKXP1Ajn0VNk8BhCCGX_KhEGNS9PF7398DUh9ctpwR_pgkeI9noFoGPha66jPMNtkRBK5ScW13C3U4EL-Dinvp_izI0yIZFzIugmNzonXsx0rdCqprZku6g",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/159537723/14993140333 HTTP/11" 200 846
Received response:
HTTP 200
Server: nginx
Date: Tue, 19 Nov 2024 22:35:52 GMT
Content-Type: application/json
Content-Length: 846
Connection: keep-alive
Boulder-Requester: 159537723
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: jDZhkUVkxetYDgh0zYvDsRW8V_qqqFqgeek2TLdPcazK_9qeFhk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "www.mydomain.tld"
},
"status": "pending",
"expires": "2024-11-26T22:35:52Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/159537723/14993140333/5scdNQ",
"status": "pending",
"token": "hkrZYgfXS9i4glS59oJPf8VNa_rEksCCkRul8PVCHC8"
},
{
"type": "dns-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/159537723/14993140333/EsCHHw",
"status": "pending",
"token": "hkrZYgfXS9i4glS59oJPf8VNa_rEksCCkRul8PVCHC8"
},
{
"type": "tls-alpn-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/159537723/14993140333/DwN7hg",
"status": "pending",
"token": "hkrZYgfXS9i4glS59oJPf8VNa_rEksCCkRul8PVCHC8"
}
]
}
Storing nonce: jDZhkUVkxetYDgh0zYvDsRW8V_qqqFqgeek2TLdPcazK_9qeFhk
Performing the following challenges:
http-01 challenge for mydomain.tld
http-01 challenge for www.mydomain.tld
Using the webroot path /var/letsencrypt/http_challenges for all unmatched domains.
Creating root challenges validation dir at /var/letsencrypt/http_challenges/.well-known/acme-challenge
Creating root challenges validation dir at /var/letsencrypt/http_challenges/.well-known/acme-challenge
Attempting to save validation to /var/letsencrypt/http_challenges/.well-known/acme-challenge/mehmFbD37afIy0wZT1QXiAjbB7CTywl_q4PCnTpCSM8
Attempting to save validation to /var/letsencrypt/http_challenges/.well-known/acme-challenge/hkrZYgfXS9i4glS59oJPf8VNa_rEksCCkRul8PVCHC8
JWS payload:
b'{}'
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall/159537723/14993140323/5mrWAQ:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTk1Mzc3MjMiLCAibm9uY2UiOiAiakRaaGtVVmt4ZXRZRGdoMHpZdkRzUlc4Vl9xcXFGcWdlZWsyVExkUGNhektfOXFlRmhrIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzE1OTUzNzcyMy8xNDk5MzE0MDMyMy81bXJXQVEifQ",
"signature": "bBBySmfB1YBEOv3U9p_jIcmGz-_Q9RA_ivGmthpTtEgJYAZEEZ07nKsBUfIMnk0j60YToMI1dH4Eml196ZvK2EmJnfUn7OD6IxNSH5HqXHsqlTGdnBlbUZQGq1Q1Jb_U1On0wBfLY25dJMIoyippPoxNaH7h6XNGTMpp49O8BAvtU1R_maMjQCXnpk_FGqsE6lNibuq6Kzn_gGXzUg8IPbr202lCMldc8hcLxv-8IIa2B-SrPdQn9IKCdiXU-F_8qyQWHxDNz65djC2d15m9VvZ5FM1YwHzv_1HorckAghi0xQNMlG6iE-to-u0PjkAB_ucOaZh9EztnLKm19fMnGw",
"payload": "e30"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall/159537723/14993140323/5mrWAQ HTTP/11" 200 201
Received response:
HTTP 200
Server: nginx
Date: Tue, 19 Nov 2024 22:35:52 GMT
Content-Type: application/json
Content-Length: 201
Connection: keep-alive
Boulder-Requester: 159537723
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz/159537723/14993140323>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall/159537723/14993140323/5mrWAQ
Replay-Nonce: FW9SwLSLRSpt28OxfKKZ8icHZN6dDuUzr9X25Hc5CHOEaUw9S8A
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/159537723/14993140323/5mrWAQ",
"status": "pending",
"token": "mehmFbD37afIy0wZT1QXiAjbB7CTywl_q4PCnTpCSM8"
}
Storing nonce: FW9SwLSLRSpt28OxfKKZ8icHZN6dDuUzr9X25Hc5CHOEaUw9S8A
JWS payload:
b'{}'
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall/159537723/14993140333/5scdNQ:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTk1Mzc3MjMiLCAibm9uY2UiOiAiRlc5U3dMU0xSU3B0MjhPeGZLS1o4aWNIWk42ZER1VXpyOVgyNUhjNUNIT0VhVXc5UzhBIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzE1OTUzNzcyMy8xNDk5MzE0MDMzMy81c2NkTlEifQ",
"signature": "Blj9ofsYSNyncyM8pFPOkCbf8gk_L71k0tYxOTkaH6Kk5GsJHAi09RpakXLFak0wYuEYRWCFustuVf8myrvKIoD7Qbw63AP-qjUh1XGoPAvyBmHwDDT4o4dvZvxSWzQW_9iQxYJ7k69tglgDSY8BWWpCogP52IeHcxOTyYD0U34Z7-O6DCeeHnV8mSpSW3cd77Ho0nASV00xOSai3Vf3MrfrDjxABqDZwz0TUgE0NuizPIXWigPGalMQNW3tHmWuwMo-GCtBmp_ebnOyMCV8xfiCRqe58UWG6h10rVsW6yZ7ux5CKbjixF_43jvSmt9ZiP1Ub9_DY_zioC1giXaVUQ",
"payload": "e30"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall/159537723/14993140333/5scdNQ HTTP/11" 200 201
Received response:
HTTP 200
Server: nginx
Date: Tue, 19 Nov 2024 22:35:53 GMT
Content-Type: application/json
Content-Length: 201
Connection: keep-alive
Boulder-Requester: 159537723
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz/159537723/14993140333>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall/159537723/14993140333/5scdNQ
Replay-Nonce: jDZhkUVkXIMKWaWB6Q0vi82j_Q3imHxYB6c83kfmaFatd5318rg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/159537723/14993140333/5scdNQ",
"status": "pending",
"token": "hkrZYgfXS9i4glS59oJPf8VNa_rEksCCkRul8PVCHC8"
}
Storing nonce: jDZhkUVkXIMKWaWB6Q0vi82j_Q3imHxYB6c83kfmaFatd5318rg
Waiting for verification...
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/159537723/14993140323:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTk1Mzc3MjMiLCAibm9uY2UiOiAiakRaaGtVVmtYSU1LV2FXQjZRMHZpODJqX1EzaW1IeFlCNmM4M2tmbWFGYXRkNTMxOHJnIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzE1OTUzNzcyMy8xNDk5MzE0MDMyMyJ9",
"signature": "HXuuyTMqkilqdWePsCvPGyA9EsknilyXQeG2duny6H-rIgSy7H32LA3XAWEYH9eAMWxMacvQt9fs9go0QJIVLs8isa_GSFJt8eMljJHSjC4yAEddKnjbfL2auFL_U5rmtv-HBaifnbgeXTkA_1U5N3-CnhfgsnB3MGj9yRfCKFKOkyOLXejdK4uUjc744tCB6ppHgG31sc4xGlidtCo66nZ8dq9XfEMJUfIbU3-ETHYUNDMYuj0z7_IaTqNhi05sR8epioEeZfD4HRRDzEBGCPlrar1_eOX4sgh74Jsr9VoEVGP9o5_JlNyBvlwVQ6KrNWXeEyJxLGnVWc0q1o4pkw",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/159537723/14993140323 HTTP/11" 200 1372
Received response:
HTTP 200
Server: nginx
Date: Tue, 19 Nov 2024 22:35:54 GMT
Content-Type: application/json
Content-Length: 1372
Connection: keep-alive
Boulder-Requester: 159537723
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: jDZhkUVk_kw4V440Ehno7LLvgLIrV63ZP2LKip_TmxXeIFsFc4E
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "mydomain.tld"
},
"status": "invalid",
"expires": "2024-11-26T22:35:52Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/159537723/14993140323/5mrWAQ",
"status": "invalid",
"validated": "2024-11-19T22:35:52Z",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "45.54.45.54: Fetching https://mydomain.tld/.well-known/acme-challenge/mehmFbD37afIy0wZT1QXiAjbB7CTywl_q4PCnTpCSM8: Error getting validation data",
"status": 400
},
"token": "mehmFbD37afIy0wZT1QXiAjbB7CTywl_q4PCnTpCSM8",
"validationRecord": [
{
"url": "http://mydomain.tld/.well-known/acme-challenge/mehmFbD37afIy0wZT1QXiAjbB7CTywl_q4PCnTpCSM8",
"hostname": "mydomain.tld",
"port": "80",
"addressesResolved": [
"45.54.45.54"
],
"addressUsed": "45.54.45.54"
},
{
"url": "https://mydomain.tld/.well-known/acme-challenge/mehmFbD37afIy0wZT1QXiAjbB7CTywl_q4PCnTpCSM8",
"hostname": "mydomain.tld",
"port": "443",
"addressesResolved": [
"45.54.45.54"
],
"addressUsed": "45.54.45.54"
}
]
}
]
}
Storing nonce: jDZhkUVk_kw4V440Ehno7LLvgLIrV63ZP2LKip_TmxXeIFsFc4E
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/159537723/14993140333:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTk1Mzc3MjMiLCAibm9uY2UiOiAiakRaaGtVVmtfa3c0VjQ0MEVobm83TEx2Z0xJclY2M1pQMkxLaXBfVG14WGVJRnNGYzRFIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzE1OTUzNzcyMy8xNDk5MzE0MDMzMyJ9",
"signature": "atxs2ZH1LqFZ4lkxlpS9F6JyGqrx4MxWi5YDiXj_Z5NqFBBX9IUd1D-rxMSjE3op92LzPFvJiHVX6uGpU4BJmBCRurnB3oEydX3cU_RPkS_FQb_4BPsjOK4DRVoHHCBb7S6UKGYJKNVhzCLckagC82jUlDKp7IrxFYfTIvFurFqRJub2arBx5zFnwp0tZeJ6JTHwdI20yberTtnNWcLON70y40DbGsAH503mRmxXztzF9co1nv7CsBKf9Ya7dpu-SLCaz3Ww7sZTRfyYaCEW1DD5ABYz2SUjGFvryKOD6-intwwHcfv8EnTUIMBZ2fpSQ_ssHYiz-e_bzk70bcOrhA",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/159537723/14993140333 HTTP/11" 200 846
Received response:
HTTP 200
Server: nginx
Date: Tue, 19 Nov 2024 22:35:54 GMT
Content-Type: application/json
Content-Length: 846
Connection: keep-alive
Boulder-Requester: 159537723
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: jDZhkUVkI8KAYI4AXbhhPif4LTv5cfbTv-T7RPBHAk_yM6PhQk0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "www.mydomain.tld"
},
"status": "pending",
"expires": "2024-11-26T22:35:52Z",
"challenges": [
{
"type": "tls-alpn-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/159537723/14993140333/DwN7hg",
"status": "pending",
"token": "hkrZYgfXS9i4glS59oJPf8VNa_rEksCCkRul8PVCHC8"
},
{
"type": "dns-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/159537723/14993140333/EsCHHw",
"status": "pending",
"token": "hkrZYgfXS9i4glS59oJPf8VNa_rEksCCkRul8PVCHC8"
},
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/159537723/14993140333/5scdNQ",
"status": "pending",
"token": "hkrZYgfXS9i4glS59oJPf8VNa_rEksCCkRul8PVCHC8"
}
]
}
Storing nonce: jDZhkUVkI8KAYI4AXbhhPif4LTv5cfbTv-T7RPBHAk_yM6PhQk0
Challenge failed for domain mydomain.tld
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/159537723/14993140333:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTk1Mzc3MjMiLCAibm9uY2UiOiAiakRaaGtVVmtJOEtBWUk0QVhiaGhQaWY0TFR2NWNmYlR2LVQ3UlBCSEFrX3lNNlBoUWswIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzE1OTUzNzcyMy8xNDk5MzE0MDMzMyJ9",
"signature": "fMBx4Y9-DCPRELDmn9DD9xbz7okfxlzqWsf9tdC307duE78gOUpXptN3MILI0rEifwJq5UEHXh5d-C81khHQibfdlhYLrpRtHHI_Tyoiv7SIp0hBGpZgoUoNS5CmYBrryl1M_AotvJTWvUgqInOyWzlk2XXCO2hcwTVk54quAyh4o-1_IPGZm5wH1OXOgEumMC4UnDoUVV-rHGNwfkS7c1MkAAouklSUFubCjyngb6jLhoChYFt8HiIdlhReFvYWFvOAHYkf6HKIm-EuMLh00lRRuj3Tai4WIYd0UslH8MoiIT2JdQJSlq29IEUde2DMudSUnzex3i9YNFmBMK-QbA",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/159537723/14993140333 HTTP/11" 200 1384
Received response:
HTTP 200
Server: nginx
Date: Tue, 19 Nov 2024 22:35:57 GMT
Content-Type: application/json
Content-Length: 1384
Connection: keep-alive
Boulder-Requester: 159537723
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: jDZhkUVkiK4x_xbEq9JLTH1kNHNMo5cPHj0xYIP8CVKb7K8MWHU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "www.mydomain.tld"
},
"status": "invalid",
"expires": "2024-11-26T22:35:52Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/159537723/14993140333/5scdNQ",
"status": "invalid",
"validated": "2024-11-19T22:35:53Z",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "45.54.45.54: Fetching https://mydomain.tld/.well-known/acme-challenge/hkrZYgfXS9i4glS59oJPf8VNa_rEksCCkRul8PVCHC8: Error getting validation data",
"status": 400
},
"token": "hkrZYgfXS9i4glS59oJPf8VNa_rEksCCkRul8PVCHC8",
"validationRecord": [
{
"url": "http://www.mydomain.tld/.well-known/acme-challenge/hkrZYgfXS9i4glS59oJPf8VNa_rEksCCkRul8PVCHC8",
"hostname": "www.mydomain.tld",
"port": "80",
"addressesResolved": [
"45.54.45.54"
],
"addressUsed": "45.54.45.54"
},
{
"url": "https://mydomain.tld/.well-known/acme-challenge/hkrZYgfXS9i4glS59oJPf8VNa_rEksCCkRul8PVCHC8",
"hostname": "mydomain.tld",
"port": "443",
"addressesResolved": [
"45.54.45.54"
],
"addressUsed": "45.54.45.54"
}
]
}
]
}
Storing nonce: jDZhkUVkiK4x_xbEq9JLTH1kNHNMo5cPHj0xYIP8CVKb7K8MWHU
Challenge failed for domain www.mydomain.tld
http-01 challenge for mydomain.tld
http-01 challenge for www.mydomain.tld
Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: mydomain.tld
Type: connection
Detail: 45.54.45.54: Fetching https://mydomain.tld/.well-known/acme-challenge/mehmFbD37afIy0wZT1QXiAjbB7CTywl_q4PCnTpCSM8: Error getting validation data
Domain: www.mydomain.tld
Type: connection
Detail: 45.54.45.54: Fetching https://mydomain.tld/.well-known/acme-challenge/hkrZYgfXS9i4glS59oJPf8VNa_rEksCCkRul8PVCHC8: Error getting validation data
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: mydomain.tld
Type: connection
Detail: 45.54.45.54: Fetching https://mydomain.tld/.well-known/acme-challenge/mehmFbD37afIy0wZT1QXiAjbB7CTywl_q4PCnTpCSM8: Error getting validation data
Domain: www.mydomain.tld
Type: connection
Detail: 45.54.45.54: Fetching https://mydomain.tld/.well-known/acme-challenge/hkrZYgfXS9i4glS59oJPf8VNa_rEksCCkRul8PVCHC8: Error getting validation data
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Encountered exception:
Traceback (most recent call last):
File "/usr/pkg/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/usr/pkg/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
Calling registered functions
Cleaning up challenges
Removing /var/letsencrypt/http_challenges/.well-known/acme-challenge/mehmFbD37afIy0wZT1QXiAjbB7CTywl_q4PCnTpCSM8
Removing /var/letsencrypt/http_challenges/.well-known/acme-challenge/hkrZYgfXS9i4glS59oJPf8VNa_rEksCCkRul8PVCHC8
All challenges cleaned up
Exiting abnormally:
Traceback (most recent call last):
File "/usr/pkg/bin/certbot-3.12", line 8, in <module>
sys.exit(main())
^^^^^^
File "/usr/pkg/lib/python3.12/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/pkg/lib/python3.12/site-packages/certbot/_internal/main.py", line 1894, in main
return config.func(config, plugins)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/pkg/lib/python3.12/site-packages/certbot/_internal/main.py", line 1600, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/pkg/lib/python3.12/site-packages/certbot/_internal/main.py", line 131, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/pkg/lib/python3.12/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/pkg/lib/python3.12/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/pkg/lib/python3.12/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/pkg/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/usr/pkg/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/letsencrypt/log/letsencrypt.log or re-run Certbot with -v for more details.
Really, cannot understand what's wrong.
Three months ago the certificates could be installed, but cannot renew them now. They are expired since a couple days ago.