Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: bereskapi-ha.duckdns.org
I ran this command: ./certbot-auto certonly -vvv --standalone --preferred-challenges http-01 --email bereskapi@gmail.com -d bereskapi-ha.duckdns.org
It produced this output:
Requesting to rerun ./certbot-auto with root privileges…
./certbot-auto has insecure permissions!
To learn how to fix them, visit Certbot-auto deployment best practices
Root logging level set at -10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator standalone and installer None
Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x75979d10>
Prep: True
Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x75979d10> and installer None
Plugins selected: Authenticator standalone, Installer None
Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None, external_account_binding=None), uri=u’https://acme-v02.api.letsencrypt.org/acme/acct/44402660’, new_authzr_uri=None, terms_of_service=None), 56e254422c558155b2484ad91dfd16bb, Meta(creation_host=u’bereskapi-ha’, creation_dt=datetime.datetime(2018, 10, 24, 5, 26, 42, tzinfo=)))>
Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
https://acme-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 658
Received response:
HTTP 200
Server: nginx
Date: Tue, 11 Feb 2020 10:46:09 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
“letsencrypt.org”
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org”
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert”,
“xsmBB0P3OUc”: “Adding random entries to the directory”
}
Renewal conf file /etc/letsencrypt/renewal/btcpay.bereskapi-ha.duckdns.org.conf is broken. Skipping.
Traceback was:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/cert_manager.py”, line 381, in _search_lineages
candidate_lineage = storage.RenewableCert(renewal_file, cli_config)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/storage.py”, line 465, in init
self._check_symlinks()
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/storage.py”, line 532, in _check_symlinks
“expected {0} to be a symlink”.format(link))
CertStorageError: expected /etc/letsencrypt/live/btcpay.bereskapi-ha.duckdns.org/cert.pem to be a symlink
Should renew, less than 30 days before certificate expiry 2020-02-28 20:12:31 UTC.
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Generating key (2048 bits): /etc/letsencrypt/keys/0082_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0082_csr-certbot.pem
Requesting fresh nonce
Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-v02.api.letsencrypt.org:443 “HEAD /acme/new-nonce HTTP/1.1” 200 0
Received response:
HTTP 200
Server: nginx
Date: Tue, 11 Feb 2020 10:46:12 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0001XGbgOLXZs8oI74GbgR6urnjMS9Mx5nLWyyddJQGWR9I
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Storing nonce: 0001XGbgOLXZs8oI74GbgR6urnjMS9Mx5nLWyyddJQGWR9I
JWS payload:
{
“identifiers”: [
{
“type”: “dns”,
“value”: “bereskapi-ha.duckdns.org”
}
]
}
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJub25jZSI6ICIwMDAxWEdiZ09MWFpzOG9JNzRHYmdSNnVybmpNUzlNeDVuTFd5eWRkSlFHV1I5SSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzQ0NDAyNjYwIiwgImFsZyI6ICJSUzI1NiJ9”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICJiZXJlc2thcGktaGEuZHVja2Rucy5vcmciCiAgICB9CiAgXQp9”,
“signature”: “bddWkBQmJzTod8bL_OJVOXIdl0bhG-tCxeivkKURKaWNlHEXoK-YGKbmNHpMK4iTvxcoajDY0fAmwZCbs0CITrRo8So48Cc-TlKR2bdGJdAVk8YF_sk4zlEm2TwetcoCQJSLIqVAjmpyVRY9IGp3S87qC6OOBDJjZN7lOqEicJPa-eXkD4cfpTN9pT-wL1Otkni7TFV5Kxu-sGp_syipbJItg7rAr1HG63qU5tkM2s71u0lQiX0oBPJ–WVQSn5WPudcLfusdCf06ZkfdrGurn5KaV_psg_cWuaiohQU3nrvTlX249yr_m3n29q1gFvcRV4Fc68oo9iLI0GlF_XQIA”
}
https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 354
Received response:
HTTP 201
Server: nginx
Date: Tue, 11 Feb 2020 10:46:13 GMT
Content-Type: application/json
Content-Length: 354
Connection: keep-alive
Boulder-Requester: 44402660
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Location: https://acme-v02.api.letsencrypt.org/acme/order/44402660/2298987627
Replay-Nonce: 00027uKEvQ-pUE6HlqWueQmmR_AFcmvXjzfsLNItInRpWug
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
“status”: “pending”,
“expires”: “2020-02-18T10:46:13.156600264Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “bereskapi-ha.duckdns.org”
}
],
“authorizations”: [
“https://acme-v02.api.letsencrypt.org/acme/authz-v3/2758958011”
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/44402660/2298987627”
}
Storing nonce: 00027uKEvQ-pUE6HlqWueQmmR_AFcmvXjzfsLNItInRpWug
JWS payload:
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/2758958011:
{
“protected”: “eyJub25jZSI6ICIwMDAyN3VLRXZRLXBVRTZIbHFXdWVRbW1SX0FGY212WGp6ZnNMTkl0SW5ScFd1ZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjc1ODk1ODAxMSIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NDQwMjY2MCIsICJhbGciOiAiUlMyNTYifQ”,
“payload”: “”,
“signature”: “urxvbGiqj2f4dnO9XlafuDkeb-IfbzUdayYRVZI-CR5lN_yp7fs0N5xVRArDWIcQdbTXLvRhzfPJ4WvG_CE8qBMJ9PtHr3TH7Wg79uLgkVkNKzKQmP_cSlnTFrj0ir1qoEazzX0R7E89TZdcHhSKSyKHCIDMQ-NaLPEOHxMux3ibBUCbL4UFxy64l8p_-Gj4VqCXxZ7AMUOtKm_cK7W0Q5uLr-inA8XpjR06kd1skENZfX9j7pfRh08Pac-8i8DvrlBemT7YLOrp0SyXIuJv_Mucw0dUOOVB3YdHwiTvtWN120TNY3qjwQUm2_s5ko9atr_Nfg1dhis5-tNUpbHyFw”
}
https://acme-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/2758958011 HTTP/1.1” 200 802
Received response:
HTTP 200
Server: nginx
Date: Tue, 11 Feb 2020 10:46:13 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 44402660
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0002SpjCY9dDbClV7GNK8VWpnDCfvk88DxCxb1xRH_xd7XA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
“identifier”: {
“type”: “dns”,
“value”: “bereskapi-ha.duckdns.org”
},
“status”: “pending”,
“expires”: “2020-02-18T10:46:13Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/2758958011/lVqYKQ”,
“token”: “GUIwdexIgpdIkw5wcOssWYtGw2O5Pv-UBDNhctAnZ5k”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/2758958011/K841uA”,
“token”: “GUIwdexIgpdIkw5wcOssWYtGw2O5Pv-UBDNhctAnZ5k”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/2758958011/1MqW4Q”,
“token”: “GUIwdexIgpdIkw5wcOssWYtGw2O5Pv-UBDNhctAnZ5k”
}
]
}
Storing nonce: 0002SpjCY9dDbClV7GNK8VWpnDCfvk88DxCxb1xRH_xd7XA
Performing the following challenges:
http-01 challenge for bereskapi-ha.duckdns.org
Successfully bound to :80 using IPv6
Certbot wasn’t able to bind to :80 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
Waiting for verification…
JWS payload:
{
“type”: “http-01”,
“resource”: “challenge”
}
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/2758958011/lVqYKQ:
{
“protected”: “eyJub25jZSI6ICIwMDAyU3BqQ1k5ZERiQ2xWN0dOSzhWV3BuRENmdms4OER4Q3hiMXhSSF94ZDdYQSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMjc1ODk1ODAxMS9sVnFZS1EiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDQ0MDI2NjAiLCAiYWxnIjogIlJTMjU2In0”,
“payload”: “ewogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9”,
“signature”: “OuTeKV5WiEmYUI2Toyugx29254dk2JJXp3UPu2rXU5r14ZZ1pbkHRAgSlTQYkbqZ0khuh0jX7nQjuIk8mrP60ZWnslRa4aT1BEcopaWXkoQrLnDslrWdH8_675tadG4zH-mU1C6Ej2NR_cSx8mbM5hr7NPDpPuW9cPDJjpRNVHoJ_2SBXW_npLPbVrfkvSHhbgPRDqw1mHIBnn2nsVrmUYoLRMs2-l5Pozl4h0jciRvjPTu3Vf0fVRFoD0KplBNSMJ_k75P0D5krpA3qaRenpG-nCyI1JpTpXzYNS7lX9Bv9V88vonA_vD5wScX3gQnbPe2KKYQllmBTX0EvcP480g”
}
https://acme-v02.api.letsencrypt.org:443 “POST /acme/chall-v3/2758958011/lVqYKQ HTTP/1.1” 200 185
Received response:
HTTP 200
Server: nginx
Date: Tue, 11 Feb 2020 10:46:13 GMT
Content-Type: application/json
Content-Length: 185
Connection: keep-alive
Boulder-Requester: 44402660
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”, https://acme-v02.api.letsencrypt.org/acme/authz-v3/2758958011;rel=“up”
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/2758958011/lVqYKQ
Replay-Nonce: 0001P59DSEZ9qrr1wcDUtkL1sglbIauwJC3sVdn2Jzh7-Yw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/2758958011/lVqYKQ”,
“token”: “GUIwdexIgpdIkw5wcOssWYtGw2O5Pv-UBDNhctAnZ5k”
}
Storing nonce: 0001P59DSEZ9qrr1wcDUtkL1sglbIauwJC3sVdn2Jzh7-Yw
JWS payload:
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/2758958011:
{
“protected”: “eyJub25jZSI6ICIwMDAxUDU5RFNFWjlxcnIxd2NEVXRrTDFzZ2xiSWF1d0pDM3NWZG4ySnpoNy1ZdyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjc1ODk1ODAxMSIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NDQwMjY2MCIsICJhbGciOiAiUlMyNTYifQ”,
“payload”: “”,
“signature”: “lDcv5WjHjhOMyuzDdBPWwPeJozaoAjl2P-v4XKrSXqJYB5_uFhcVih1NM_wBW1IGbQe10rUTM0amu6cnPlrzVB1BNsqDtRVZiS5pPbZysrgUFqIN-2cJpkYwVAtNgOiEnq63f32p0F2N6J8n4HSbXpKmrj8VLOTWMXpBaoUuFMAfFyCPxrCX5Tggc_MOuYb8mkay5h_Uhz30HXGc5Df6wx5CwpysY78YhssZmZfol-p5LFKkmIA5yVqOpXOxJtpwO7Vwg6EfGUkl7fo3_5u28WQ4tEGfO25YYxRnugovDuVB9KR1SWLXTQ63P7elemjen96_l2uZKUVtfftMjUvPXA”
}
https://acme-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/2758958011 HTTP/1.1” 200 1192
Received response:
HTTP 200
Server: nginx
Date: Tue, 11 Feb 2020 10:46:14 GMT
Content-Type: application/json
Content-Length: 1192
Connection: keep-alive
Boulder-Requester: 44402660
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0002Kp6qGWSZQ04-G6IbrFomRuNR6l_N_wfmh4P-hZDapLs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
“identifier”: {
“type”: “dns”,
“value”: “bereskapi-ha.duckdns.org”
},
“status”: “invalid”,
“expires”: “2020-02-18T10:46:13Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from http://bereskapi-ha.duckdns.org/.well-known/acme-challenge/GUIwdexIgpdIkw5wcOssWYtGw2O5Pv-UBDNhctAnZ5k [193.105.59.205]: “\u003c?xml version=\“1.0\” encoding=\“iso-8859-1\”?\u003e\n\u003c!DOCTYPE html PUBLIC \”-//W3C//DTD XHTML 1.0 Transitional//EN\”\n \“http://www.”",
“status”: 403
},
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/2758958011/lVqYKQ”,
“token”: “GUIwdexIgpdIkw5wcOssWYtGw2O5Pv-UBDNhctAnZ5k”,
“validationRecord”: [
{
“url”: “http://bereskapi-ha.duckdns.org/.well-known/acme-challenge/GUIwdexIgpdIkw5wcOssWYtGw2O5Pv-UBDNhctAnZ5k”,
“hostname”: “bereskapi-ha.duckdns.org”,
“port”: “80”,
“addressesResolved”: [
“193.105.59.205”
],
“addressUsed”: “193.105.59.205”
}
]
}
]
}
Storing nonce: 0002Kp6qGWSZQ04-G6IbrFomRuNR6l_N_wfmh4P-hZDapLs
Challenge failed for domain bereskapi-ha.duckdns.org
http-01 challenge for bereskapi-ha.duckdns.org
Reporting to user: The following errors were reported by the server:
Domain: bereskapi-ha.duckdns.org
Type: unauthorized
Detail: Invalid response from http://bereskapi-ha.duckdns.org/.well-known/acme-challenge/GUIwdexIgpdIkw5wcOssWYtGw2O5Pv-UBDNhctAnZ5k [193.105.59.205]: "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN”\n “http://www.”
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
Encountered exception:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.
Calling registered functions
Cleaning up challenges
Stopping server at :::80…
Exiting abnormally:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 15, in main
return internal_main.main(cli_args)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1347, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1233, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/main.py”, line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/renewal.py”, line 306, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/client.py”, line 344, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/client.py”, line 391, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.
Some challenges have failed.
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: bereskapi-ha.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://bereskapi-ha.duckdns.org/.well-known/acme-challenge/GUIwdexIgpdIkw5wcOssWYtGw2O5Pv-UBDNhctAnZ5k
[193.105.59.205]: "<?xml version=“1.0”
encoding=“iso-8859-1”?>\n<!DOCTYPE html PUBLIC “-//W3C//DTD
XHTML 1.0 Transitional//EN”\n “http://www.”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): nginx in organizr docker container
The operating system my web server runs on is (include version): Raspbian GNU/Linux 9.11 (stretch)
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): 1.2.0