Certbot-auto Renew Not Working on Apache on Centos Hosted in RackSpace

Help
1

I’ve been able to renew without issue previously. Now I’m getting these errors. Any idea what’s going on? Does it have anything to do with using Python 2.6? Thank you.

Please fill out the fields below so we can help you better.

My domain is:
twoside.hearppc.com

I ran this command:
sudo ./certbot-auto renew

It produced this output:
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/init.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/twoside.hearppc.com.conf

Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for twoside.hearppc.com
tls-sni-01 challenge for hearppcs.com
tls-sni-01 challenge for my.hearppc.com
tls-sni-01 challenge for server.hearppc.com
tls-sni-01 challenge for www.hearppcs.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/twoside.hearppc.com.conf produced an unexpected error: Failed authorization procedure. twoside.hearppc.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge, server.hearppc.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge, www.hearppcs.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge, my.hearppc.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge, hearppcs.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge. Skipping.

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/twoside.hearppc.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: twoside.hearppc.com
    Type: connection
    Detail: Failed to connect to 198.101.242.177:443 for TLS-SNI-01
    challenge

    Domain: server.hearppc.com
    Type: connection
    Detail: Failed to connect to 198.101.242.177:443 for TLS-SNI-01
    challenge

    Domain: www.hearppcs.com
    Type: connection
    Detail: Failed to connect to 198.101.242.177:443 for TLS-SNI-01
    challenge

    Domain: my.hearppc.com
    Type: connection
    Detail: Failed to connect to 198.101.242.177:443 for TLS-SNI-01
    challenge

    Domain: hearppcs.com
    Type: connection
    Detail: Failed to connect to 198.101.242.177:443 for TLS-SNI-01
    challenge

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My operating system is (include version): CentOS release 6.8 (Final)

My web server is (include version): httpd-2.2.15-56.el6.centos.3.x86_64

My hosting provider, if applicable, is: Rackspace

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

2

Hi @Hipp04, do you have the command that you originally used to obtain the certificates? Do you know which Certbot plugin is used for authentication?

3

It’s been a while, but I would assume Apache. I get the same output when using --apache.

4

Do you think you could post the contents of this file here? It will show what the authentication method is.

5

Sure. Looks like it is indeed apache.

# renew_before_expiry = 30 days
version = 0.9.3
cert = /etc/letsencrypt/live/twoside.hearppc.com/cert.pem
privkey = /etc/letsencrypt/live/twoside.hearppc.com/privkey.pem
chain = /etc/letsencrypt/live/twoside.hearppc.com/chain.pem
fullchain = /etc/letsencrypt/live/twoside.hearppc.com/fullchain.pem

# Options used in the renewal process
[renewalparams]
authenticator = apache
installer = apache
account = 07b13aee0e22ad6414cc841853c606e5

6

Does this happen consistently if you run the command again? I can normally connect to that site so it seems strange to think that Certbot is actually breaking the site somehow and then unbreaking it afterward.

7

Yes. I’ve run it several times, same output. Any ideas?

8

Not really! Could we see the log file from /var/log/letsencrypt/letsencrypt.log?

9

Had to split it up. Here is part 1:

2017-03-22 22:55:26,892:DEBUG:certbot.main:Root logging level set at 20
2017-03-22 22:55:26,892:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-03-22 22:55:26,893:DEBUG:certbot.main:certbot version: 0.12.0
2017-03-22 22:55:26,893:DEBUG:certbot.main:Arguments: [’–apache’]
2017-03-22 22:55:26,893:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#nginx,PluginEntryPoint#standalone,PluginEntryPoint#manual,PluginEntryPoint#webroot,PluginEntryPoint#apache,PluginEntryPoint#null)
2017-03-22 22:55:26,913:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2017-03-31 21:44:00 UTC.
2017-03-22 22:55:26,914:INFO:certbot.renewal:Cert is due for renewal, auto-renewing…
2017-03-22 22:55:26,962:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2017-03-22 22:55:27,496:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.configurator:ApacheConfigurator
Initialized: <certbot_apache.configurator.ApacheConfigurator object at 0x42bebd0>
Prep: True
2017-03-22 22:55:27,498:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.configurator:ApacheConfigurator
Initialized: <certbot_apache.configurator.ApacheConfigurator object at 0x42bebd0>
Prep: True
2017-03-22 22:55:27,498:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.configurator.ApacheConfigurator object at 0x42bebd0> and installer <certbot_apache.configurator.ApacheConfigurator object at 0x42bebd0>
2017-03-22 22:55:27,509:DEBUG:certbot.main:Picked account: <Account(07b13aee0e22ad6414cc841853c606e5)>
2017-03-22 22:55:27,511:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2017-03-22 22:55:27,531:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-03-22 22:55:27,646:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 352
2017-03-22 22:55:27,647:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 352
Boulder-Request-Id: t87EzOLy0o-oWeheayT2QKHQVXTA8Ue27YPWMQysMto
Replay-Nonce: ngX5ZDvnM5B2oKnf2_D-MXAmuqMtbgg-uDneFKf_R7c
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 22 Mar 2017 22:47:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 22 Mar 2017 22:47:46 GMT
Connection: keep-alive

{
“key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”,
“new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”,
“new-cert”: “https://acme-v01.api.letsencrypt.org/acme/new-cert”,
“new-reg”: “https://acme-v01.api.letsencrypt.org/acme/new-reg”,
“revoke-cert”: “https://acme-v01.api.letsencrypt.org/acme/revoke-cert
}
2017-03-22 22:55:27,648:INFO:certbot.main:Renewing an existing certificate
2017-03-22 22:55:27,651:DEBUG:acme.client:Requesting fresh nonce
2017-03-22 22:55:27,651:DEBUG:acme.client:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
2017-03-22 22:55:27,712:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “HEAD /acme/new-authz HTTP/1.1” 405 0
2017-03-22 22:55:27,713:DEBUG:acme.client:Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Boulder-Request-Id: pJ4VpoZ4FXMoq5-HT-9-6TSmZe2dOueIcE6-htbkfVE
Replay-Nonce: NxGFSStoO1Obi51hKbjuust0wvvip_gZhDoTVEvBk2I
Expires: Wed, 22 Mar 2017 22:47:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 22 Mar 2017 22:47:46 GMT
Connection: keep-alive

2017-03-22 22:55:27,713:DEBUG:acme.client:Storing nonce: NxGFSStoO1Obi51hKbjuust0wvvip_gZhDoTVEvBk2I
2017-03-22 22:55:27,714:DEBUG:acme.client:JWS payload:
{
“identifier”: {
“type”: “dns”,
“value”: “twoside.hearppc.com
},
“resource”: “new-authz”
}
2017-03-22 22:55:27,719:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
“header”: {
“alg”: “RS256”,
“jwk”: {
“e”: “AQAB”,
“kty”: “RSA”,
“n”: “3UJ2rOZPi1Id87yLRabETvIFNocVSPnF-Ge7k6mruemr96MmMGZJhAx5SxLPVUGVY2JVzWLqGxIW6lTXl1do1IPfwhR7ZQ2xvyyUlF5B1EBbOiTY9ZU9276djZauaC-GPRuCZcod6AY0MfZlQHTHzytPSFxlABYePVwwsImcBtpHrPcAd5zQIUsAW8Or-9KoyuUVNvio_p0QUX6oEZm0_Af0EQGFH6c9Qz_oeS4nFAKTRzr173KRoxo9meIDcYqa2xQIyeMnCMQPfqOvz2aYFrOotZYJjjCgEUOwIg38jwP4rynzo0mOz2gAklp2gqgBByOXK6joIjkMK9KX7TRHzQ”
}
},
“protected”: “eyJub25jZSI6ICJOeEdGU1N0b08xT2JpNTFoS2JqdXVzdDB3dnZpcF9nWmhEb1RWRXZCazJJIn0”,
“payload”: “ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAidHdvc2lkZS5oZWFycHBjLmNvbSIKICB9LCAKICAicmVzb3VyY2UiOiAibmV3LWF1dGh6Igp9”,
“signature”: “h28bwNyi3OSPDfV3qLrLnAOsWH8xtNtVoaHLOedFgX2ndBQLArK1Vc5CN3_k607jSJuBQVbmm7mE2YSfz3dT7fikWy9bBRe7S3k_8B0D4pX8JbmUYX0EpR4qM04kSytpHx_G1RCzyeqd6bj8vduwK8hl4JEBfA45mZlxnsdMuvCQ4212Jm-kFDG36Y73rMiwiicmz0emHhQSPiPaHyVLgt0txKhf-gnR-gnhiOLEcjzMQzhX1vAT2IC_cw4ZJiH4IcKwJdLs2RVSOaTqhjdkjEK4xWEebiMBbbwRf4jrXnCroOfenZs3cNnYkG-4zkwXoCXMthw-eTtp2ALJM8OKFA”
}
2017-03-22 22:55:27,800:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “POST /acme/new-authz HTTP/1.1” 201 1004
2017-03-22 22:55:27,802:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 1004
Boulder-Request-Id: ylForGEsTdV0trT5v4H25EMeaapgK0bSbk_B3GPnI_M
Boulder-Requester: 4855187
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/EDv7cP6qthFQhGUQZmBXqbDa2kxiiLzVN2khE7x3gFw
Replay-Nonce: LP5qXg0ZHzX_mHW0On60D7Aavp2i5VM37X3qdB15bCc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 22 Mar 2017 22:47:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 22 Mar 2017 22:47:46 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “twoside.hearppc.com
},
“status”: “pending”,
“expires”: “2017-03-29T22:47:46.502002245Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/EDv7cP6qthFQhGUQZmBXqbDa2kxiiLzVN2khE7x3gFw/855265275”,
“token”: “P_NbgDpoxrBakGv-fHJBEzHjNCaaxryXjzcsaYFIeTE”
},
{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/EDv7cP6qthFQhGUQZmBXqbDa2kxiiLzVN2khE7x3gFw/855265276”,
“token”: “W4CYhUvizVzgNNZ269TrVtNHendQnbEIctPyMKNYx0M”
},
{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/EDv7cP6qthFQhGUQZmBXqbDa2kxiiLzVN2khE7x3gFw/855265277”,
“token”: “lohXW_QRxOEMMX7adrx9U66r_tWtTUu-TlzJQteya1c”
}
],
“combinations”: [
[
0
],
[
1
],
[
2
]
]
}
2017-03-22 22:55:27,802:DEBUG:acme.client:Storing nonce: LP5qXg0ZHzX_mHW0On60D7Aavp2i5VM37X3qdB15bCc
2017-03-22 22:55:27,805:DEBUG:acme.client:JWS payload:
{
“identifier”: {
“type”: “dns”,
“value”: “hearppcs.com
},
“resource”: “new-authz”
}
2017-03-22 22:55:27,810:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
“header”: {
“alg”: “RS256”,
“jwk”: {
“e”: “AQAB”,
“kty”: “RSA”,
“n”: “3UJ2rOZPi1Id87yLRabETvIFNocVSPnF-Ge7k6mruemr96MmMGZJhAx5SxLPVUGVY2JVzWLqGxIW6lTXl1do1IPfwhR7ZQ2xvyyUlF5B1EBbOiTY9ZU9276djZauaC-GPRuCZcod6AY0MfZlQHTHzytPSFxlABYePVwwsImcBtpHrPcAd5zQIUsAW8Or-9KoyuUVNvio_p0QUX6oEZm0_Af0EQGFH6c9Qz_oeS4nFAKTRzr173KRoxo9meIDcYqa2xQIyeMnCMQPfqOvz2aYFrOotZYJjjCgEUOwIg38jwP4rynzo0mOz2gAklp2gqgBByOXK6joIjkMK9KX7TRHzQ”
}
},
“protected”: “eyJub25jZSI6ICJMUDVxWGcwWkh6WF9tSFcwT242MEQ3QWF2cDJpNVZNMzdYM3FkQjE1YkNjIn0”,
“payload”: “ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAiaGVhcnBwY3MuY29tIgogIH0sIAogICJyZXNvdXJjZSI6ICJuZXctYXV0aHoiCn0”,
“signature”: “zjPEQ_M_zX_03qsD5PLky9J7OHyfha2plxxwwhGbrGaTLoQYdZ-DFELzon9kw_Nkg4I63jDSTrtqUpmPXrubAl9IGa-4VkyN8SA30Pyw–GNsXoZVIBX3vpd0eKgM2hAtLgOItOEqD9oBF0qC0uvnx1084HcjyynG13n7_niEtKmsOulUpKBTbdkbA793q8TuVdKReLMCYKl3X0KNPUw7vnpICWmvaWTQiA9tizlSPGJ_BHbqlMUSH4MDV0gR6ksOvf-YiUfbANppahEgUbrgi0rs6H8xr1BQdB_JoK-Lu2DVn5C4nuraO_8NLCxfxLMIbxXDIfVvCv97hxlQ3fCsg”
}
2017-03-22 22:55:27,885:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “POST /acme/new-authz HTTP/1.1” 201 997
2017-03-22 22:55:27,886:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 997
Boulder-Request-Id: Hgo8sfw_4TENdXCs5DEA0_jAiRJpOOW8Qlb1VcbBIs0
Boulder-Requester: 4855187
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/j9uBDdBol3EbDYPUwKe6iaJUPwQT0MlrBb2PmnAAFB8
Replay-Nonce: WOQ-d9WJUbg5mFX9YCUz5wDwR4GRGyEjTuPIz7dNLfI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 22 Mar 2017 22:47:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 22 Mar 2017 22:47:46 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “hearppcs.com
},
“status”: “pending”,
“expires”: “2017-03-29T22:47:46.595014258Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/j9uBDdBol3EbDYPUwKe6iaJUPwQT0MlrBb2PmnAAFB8/855265278”,
“token”: “59a6PjpM_l7VQncn9C5JG_hMCwZ8wQnF4-7o4oTqFCA”
},
{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/j9uBDdBol3EbDYPUwKe6iaJUPwQT0MlrBb2PmnAAFB8/855265279”,
“token”: “SZCJgMW6hBEFKy7pe83t83ip2rOyiv0BgSM0J1Y5wTc”
},
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/j9uBDdBol3EbDYPUwKe6iaJUPwQT0MlrBb2PmnAAFB8/855265280”,
“token”: “x2H0Ui9ifeTJ524DB0rdSNFlLFGoWM18gmCZ6B6hI_A”
}
],
“combinations”: [
[
0
],
[
1
],
[
2
]
]
}
2017-03-22 22:55:27,886:DEBUG:acme.client:Storing nonce: WOQ-d9WJUbg5mFX9YCUz5wDwR4GRGyEjTuPIz7dNLfI
2017-03-22 22:55:27,888:DEBUG:acme.client:JWS payload:
{
“identifier”: {
“type”: “dns”,
“value”: “my.hearppc.com
},
“resource”: “new-authz”
}
2017-03-22 22:55:27,893:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
“header”: {
“alg”: “RS256”,
“jwk”: {
“e”: “AQAB”,
“kty”: “RSA”,
“n”: “3UJ2rOZPi1Id87yLRabETvIFNocVSPnF-Ge7k6mruemr96MmMGZJhAx5SxLPVUGVY2JVzWLqGxIW6lTXl1do1IPfwhR7ZQ2xvyyUlF5B1EBbOiTY9ZU9276djZauaC-GPRuCZcod6AY0MfZlQHTHzytPSFxlABYePVwwsImcBtpHrPcAd5zQIUsAW8Or-9KoyuUVNvio_p0QUX6oEZm0_Af0EQGFH6c9Qz_oeS4nFAKTRzr173KRoxo9meIDcYqa2xQIyeMnCMQPfqOvz2aYFrOotZYJjjCgEUOwIg38jwP4rynzo0mOz2gAklp2gqgBByOXK6joIjkMK9KX7TRHzQ”
}
},
“protected”: “eyJub25jZSI6ICJXT1EtZDlXSlViZzVtRlg5WUNVejV3RHdSNEdSR3lFalR1UEl6N2ROTGZJIn0”,
“payload”: “ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAibXkuaGVhcnBwYy5jb20iCiAgfSwgCiAgInJlc291cmNlIjogIm5ldy1hdXRoeiIKfQ”,
“signature”: “mBG9Jfrz4EOcRdSttXilQ3BxWandtKE4DiEYYqC4-T_Az3WYHsV0YR2FfCu1CtynLmJA8wrgTVf5eqyez9vr6oPu9e3z2zTzOdYERMeJwTJVt8fHlAtQz3PRoseCfrTgN2glIiAe0q1MV9ZTITyfjJYU8DmffoSVmS76H6nNVdvRs4nnKjz5fhHXCAKIUjTWc1gQhfdhItdDRhHuc-bX0VRqNcoTVdBDuxXFrMxCgOtklsl3BlUxyD3rCq78J4StPN_mZGwdYseDtm52hQNdqlvZkGwo-zIbRelZDD55GWh9qxzPVd1NYtfafu4IU7s1NXi6H2LcSFCLPMb8h60xPg”
}
2017-03-22 22:55:27,971:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “POST /acme/new-authz HTTP/1.1” 201 999
2017-03-22 22:55:27,972:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 999
Boulder-Request-Id: A83IfmaEzJc_DZ5u-vED9s6lXlAT9Kdo4r9bGIxsLM4
Boulder-Requester: 4855187
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/Wg5h-Y_v8LwTLCWvSNxsMzFAV1NYfxjKVL8SE-DsW3Y
Replay-Nonce: dNBX6YQIufVviCCrecNMxU4hUGoZhU4ABt2tLZHSKOw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 22 Mar 2017 22:47:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 22 Mar 2017 22:47:46 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “my.hearppc.com
},
“status”: “pending”,
“expires”: “2017-03-29T22:47:46.679868601Z”,
“challenges”: [
{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/Wg5h-Y_v8LwTLCWvSNxsMzFAV1NYfxjKVL8SE-DsW3Y/855265288”,
“token”: “ZkjVtnf2QvqIwaa2IspV7PY9v7K5WOVoOwomQFzlTKQ”
},
{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/Wg5h-Y_v8LwTLCWvSNxsMzFAV1NYfxjKVL8SE-DsW3Y/855265290”,
“token”: “6vmVXqtsZgY7TB3kaFWm43dZjSyHLgJ7TmRda31No5c”
},
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/Wg5h-Y_v8LwTLCWvSNxsMzFAV1NYfxjKVL8SE-DsW3Y/855265292”,
“token”: “bPkCGW0XCbyyKGa1mSZkNyw6ShAeZqsK3QpJll8tJB8”
}
],
“combinations”: [
[
0
],
[
1
],
[
2
]
]
}
2017-03-22 22:55:27,973:DEBUG:acme.client:Storing nonce: dNBX6YQIufVviCCrecNMxU4hUGoZhU4ABt2tLZHSKOw
2017-03-22 22:55:27,975:DEBUG:acme.client:JWS payload:
{
“identifier”: {
“type”: “dns”,
“value”: “server.hearppc.com
},
“resource”: “new-authz”
}
2017-03-22 22:55:27,980:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
“header”: {
“alg”: “RS256”,
“jwk”: {
“e”: “AQAB”,
“kty”: “RSA”,
“n”: “3UJ2rOZPi1Id87yLRabETvIFNocVSPnF-Ge7k6mruemr96MmMGZJhAx5SxLPVUGVY2JVzWLqGxIW6lTXl1do1IPfwhR7ZQ2xvyyUlF5B1EBbOiTY9ZU9276djZauaC-GPRuCZcod6AY0MfZlQHTHzytPSFxlABYePVwwsImcBtpHrPcAd5zQIUsAW8Or-9KoyuUVNvio_p0QUX6oEZm0_Af0EQGFH6c9Qz_oeS4nFAKTRzr173KRoxo9meIDcYqa2xQIyeMnCMQPfqOvz2aYFrOotZYJjjCgEUOwIg38jwP4rynzo0mOz2gAklp2gqgBByOXK6joIjkMK9KX7TRHzQ”
}
},
“protected”: “eyJub25jZSI6ICJkTkJYNllRSXVmVnZpQ0NyZWNOTXhVNGhVR29aaFU0QUJ0MnRMWkhTS093In0”,
“payload”: “ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAic2VydmVyLmhlYXJwcGMuY29tIgogIH0sIAogICJyZXNvdXJjZSI6ICJuZXctYXV0aHoiCn0”,
“signature”: “2DJlWvDiTkiTpjM5W2eANO4vVzyqExJ-luKfY61F6IChVlnYi6ilfESnrf_E-dEsGVFfVp4b7PtjYxlZY8pQ6FxNp2pGU1WNRvz93Fq2n_sKNpTUFCqqHakaY0aKanzpUAD0EgKChdVMjeb1W9QRQXJTdjbHLCsfFodI2LNVVSjUHUlqtLBRyXPFhBru-RNOpyPb5HXwT2ZSrEVLcAIoHtdPrMIfTVwXLseOnfLtqoIWoQCiX_hNiAd1ixYzcKXrr3ezZZA0q7Ko-7Lb38nYUB5aeQsVdhjT3RfekEBhyYt1WQNR3XVTbCmraNb_Q7gweQL-co0gpegaiw1m5ysZyA”
}
2017-03-22 22:55:28,053:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “POST /acme/new-authz HTTP/1.1” 201 1003
2017-03-22 22:55:28,054:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 1003
Boulder-Request-Id: G3pD_RRMuyQrZoyI2faBFD9UdRQ8AZB-oVn9Fb-y47Y
Boulder-Requester: 4855187
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/bBkO3ceQ_x-YkzPFxPuxgGOt3GRYH1fhnnsp9ZqKdAw
Replay-Nonce: DTSx567RV3j-Kd5tCvzcHfuhN0-GNnSgGP1Oc-lCppU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 22 Mar 2017 22:47:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 22 Mar 2017 22:47:46 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “server.hearppc.com
},
“status”: “pending”,
“expires”: “2017-03-29T22:47:46.760739317Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/bBkO3ceQ_x-YkzPFxPuxgGOt3GRYH1fhnnsp9ZqKdAw/855265299”,
“token”: “-4tKfzVFDDfxO96xX_Q6XeIzBuDEwp19yzPtuwpb920”
},
{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/bBkO3ceQ_x-YkzPFxPuxgGOt3GRYH1fhnnsp9ZqKdAw/855265300”,
“token”: “onBWK4KLnQpraavi7dguKBW86aeZK7drE0BJPgvDTP4”
},
{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/bBkO3ceQ_x-YkzPFxPuxgGOt3GRYH1fhnnsp9ZqKdAw/855265301”,
“token”: “I_KGVkOmZPkTRr8va5EeH6YxEHomgemAWT6nI8sQ3Ec”
}
],
“combinations”: [
[
0
],
[
2
],
[
1
]
]
}
2017-03-22 22:55:28,054:DEBUG:acme.client:Storing nonce: DTSx567RV3j-Kd5tCvzcHfuhN0-GNnSgGP1Oc-lCppU
2017-03-22 22:55:28,056:DEBUG:acme.client:JWS payload:
{
“identifier”: {
“type”: “dns”,
“value”: “www.hearppcs.com
},
“resource”: “new-authz”
}
2017-03-22 22:55:28,062:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
“header”: {
“alg”: “RS256”,
“jwk”: {
“e”: “AQAB”,
“kty”: “RSA”,
“n”: “3UJ2rOZPi1Id87yLRabETvIFNocVSPnF-Ge7k6mruemr96MmMGZJhAx5SxLPVUGVY2JVzWLqGxIW6lTXl1do1IPfwhR7ZQ2xvyyUlF5B1EBbOiTY9ZU9276djZauaC-GPRuCZcod6AY0MfZlQHTHzytPSFxlABYePVwwsImcBtpHrPcAd5zQIUsAW8Or-9KoyuUVNvio_p0QUX6oEZm0_Af0EQGFH6c9Qz_oeS4nFAKTRzr173KRoxo9meIDcYqa2xQIyeMnCMQPfqOvz2aYFrOotZYJjjCgEUOwIg38jwP4rynzo0mOz2gAklp2gqgBByOXK6joIjkMK9KX7TRHzQ”
}
},
“protected”: “eyJub25jZSI6ICJEVFN4NTY3UlYzai1LZDV0Q3Z6Y0hmdWhOMC1HTm5TZ0dQMU9jLWxDcHBVIn0”,
“payload”: “ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAid3d3LmhlYXJwcGNzLmNvbSIKICB9LCAKICAicmVzb3VyY2UiOiAibmV3LWF1dGh6Igp9”,
“signature”: “GAqb6ij8afhbeoZecnwf78gcXDsdND0c8EIruigk6SHM6GxtlYeykEfNSLD5i-fWlJGufcHkd_ervD7zPfQk7QyzlFvcH2_ZimB_s792lDFqLRTlivsBew7rgFgRzXazibWIqzgdj45qmXW6r2uL_DYITJmpZJqcaKuSFA6kRuIdI66R7-OQx95zdpTfUh-cHbWy6Ebi9kD7xEM8TwyM57emQCobYGej0u0TieaeikUw2VzCXKogc9h4BojezU-jJaR7PYd0YH2wkyC0EmAdNXXgnEanCZjaWFpiy1Qdjl3zLrWgcWpqeCCVhH5sNM0q0Qsd2jPu607s9aRJI_ct2w”
}
2017-03-22 22:55:28,151:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “POST /acme/new-authz HTTP/1.1” 201 1001
2017-03-22 22:55:28,152:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 1001
Boulder-Request-Id: bc7ltIC6loTwJNykVuWBePZ2HslT-UZPAOo4wLlAp3E
Boulder-Requester: 4855187
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/JzyjKi5Wne8uxp0zavFuK-VamIOgC8C1MywAAIAsMns
Replay-Nonce: rgOauQ8PtJp5ypP0shn3VeR_0qC5nDVppZsiQ5Bb-SI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 22 Mar 2017 22:47:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 22 Mar 2017 22:47:46 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “www.hearppcs.com
},
“status”: “pending”,
“expires”: “2017-03-29T22:47:46.854423283Z”,
“challenges”: [
{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/JzyjKi5Wne8uxp0zavFuK-VamIOgC8C1MywAAIAsMns/855265308”,
“token”: “tB6ORLDLAUHsGu9-qhZHp3NK5DOhCW98M9VP4y78HII”
},
{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/JzyjKi5Wne8uxp0zavFuK-VamIOgC8C1MywAAIAsMns/855265309”,
“token”: “1SRu_5MUfkMjUbGflI2swjpFub1YRaQrpWQvC68U2JU”
},
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/JzyjKi5Wne8uxp0zavFuK-VamIOgC8C1MywAAIAsMns/855265310”,
“token”: “uE0IqZaXHxRf9rK6fXFtKPXWvGe8klIHd2w4HNhaBtw”
}
],
“combinations”: [
[
0
],
[
1
],
[
2
]
]
}

10

And part 2:

2017-03-22 22:55:28,153:DEBUG:acme.client:Storing nonce: rgOauQ8PtJp5ypP0shn3VeR_0qC5nDVppZsiQ5Bb-SI
2017-03-22 22:55:28,155:INFO:certbot.auth_handler:Performing the following challenges:
2017-03-22 22:55:28,155:INFO:certbot.auth_handler:tls-sni-01 challenge for twoside.hearppc.com
2017-03-22 22:55:28,156:INFO:certbot.auth_handler:tls-sni-01 challenge for hearppcs.com
2017-03-22 22:55:28,156:INFO:certbot.auth_handler:tls-sni-01 challenge for my.hearppc.com
2017-03-22 22:55:28,156:INFO:certbot.auth_handler:tls-sni-01 challenge for server.hearppc.com
2017-03-22 22:55:28,156:INFO:certbot.auth_handler:tls-sni-01 challenge for www.hearppcs.com
2017-03-22 22:55:29,543:DEBUG:certbot_apache.tls_sni_01:Adding Include /etc/httpd/conf.d/le_tls_sni_01_cert_challenge.conf to /files/etc/httpd/conf/httpd.conf
2017-03-22 22:55:29,559:DEBUG:certbot_apache.tls_sni_01:writing a config file with text:

<VirtualHost *:443>
ServerName a72a2c0b16c7c7647038ac8410d447bb.0a481d4aea19c048c5891312efc167d2.acme.invalid
UseCanonicalName on
SSLStrictSNIVHostCheck on

LimitRequestBody 1048576

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /var/lib/letsencrypt/lohXW_QRxOEMMX7adrx9U66r_tWtTUu-TlzJQteya1c.crt
SSLCertificateKeyFile /var/lib/letsencrypt/lohXW_QRxOEMMX7adrx9U66r_tWtTUu-TlzJQteya1c.pem

DocumentRoot /var/lib/letsencrypt/tls_sni_01_page/

<VirtualHost *:443>
ServerName 217e86fc7220aac52e22663ee3550798.50afe3d35afd9b1096e3f99c8a5b6b3f.acme.invalid
UseCanonicalName on
SSLStrictSNIVHostCheck on

LimitRequestBody 1048576

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /var/lib/letsencrypt/SZCJgMW6hBEFKy7pe83t83ip2rOyiv0BgSM0J1Y5wTc.crt
SSLCertificateKeyFile /var/lib/letsencrypt/SZCJgMW6hBEFKy7pe83t83ip2rOyiv0BgSM0J1Y5wTc.pem

DocumentRoot /var/lib/letsencrypt/tls_sni_01_page/

<VirtualHost *:443>
ServerName 2c3926a5ff43f604eea0ab842cd031e4.1e635199838720e5541d19eeae60b667.acme.invalid
UseCanonicalName on
SSLStrictSNIVHostCheck on

LimitRequestBody 1048576

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /var/lib/letsencrypt/ZkjVtnf2QvqIwaa2IspV7PY9v7K5WOVoOwomQFzlTKQ.crt
SSLCertificateKeyFile /var/lib/letsencrypt/ZkjVtnf2QvqIwaa2IspV7PY9v7K5WOVoOwomQFzlTKQ.pem

DocumentRoot /var/lib/letsencrypt/tls_sni_01_page/

<VirtualHost *:443>
ServerName 37e6e3ee251fe84ec51d31997e572257.cde66da6a0276cb5f1f752a49ca524d8.acme.invalid
UseCanonicalName on
SSLStrictSNIVHostCheck on

LimitRequestBody 1048576

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /var/lib/letsencrypt/onBWK4KLnQpraavi7dguKBW86aeZK7drE0BJPgvDTP4.crt
SSLCertificateKeyFile /var/lib/letsencrypt/onBWK4KLnQpraavi7dguKBW86aeZK7drE0BJPgvDTP4.pem

DocumentRoot /var/lib/letsencrypt/tls_sni_01_page/

<VirtualHost *:443>
ServerName 7321768616562eebf17eba81083ee400.46809223d4393561b41190a9158fc3b8.acme.invalid
UseCanonicalName on
SSLStrictSNIVHostCheck on

LimitRequestBody 1048576

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /var/lib/letsencrypt/tB6ORLDLAUHsGu9-qhZHp3NK5DOhCW98M9VP4y78HII.crt
SSLCertificateKeyFile /var/lib/letsencrypt/tB6ORLDLAUHsGu9-qhZHp3NK5DOhCW98M9VP4y78HII.pem

DocumentRoot /var/lib/letsencrypt/tls_sni_01_page/

2017-03-22 22:55:29,590:DEBUG:certbot.reverter:Creating backup of /etc/httpd/conf/httpd.conf
2017-03-22 22:55:33,221:INFO:certbot.auth_handler:Waiting for verification…
2017-03-22 22:55:33,224:DEBUG:acme.client:JWS payload:
{
“keyAuthorization”: “lohXW_QRxOEMMX7adrx9U66r_tWtTUu-TlzJQteya1c.35fKjqZAZjpV5d8ALvW83YNUcGfCxQShhD_GZ-PpQb4”,
“type”: “tls-sni-01”,
“resource”: “challenge”
}
2017-03-22 22:55:33,231:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/EDv7cP6qthFQhGUQZmBXqbDa2kxiiLzVN2khE7x3gFw/855265277:
{
“header”: {
“alg”: “RS256”,
“jwk”: {
“e”: “AQAB”,
“kty”: “RSA”,
“n”: “3UJ2rOZPi1Id87yLRabETvIFNocVSPnF-Ge7k6mruemr96MmMGZJhAx5SxLPVUGVY2JVzWLqGxIW6lTXl1do1IPfwhR7ZQ2xvyyUlF5B1EBbOiTY9ZU9276djZauaC-GPRuCZcod6AY0MfZlQHTHzytPSFxlABYePVwwsImcBtpHrPcAd5zQIUsAW8Or-9KoyuUVNvio_p0QUX6oEZm0_Af0EQGFH6c9Qz_oeS4nFAKTRzr173KRoxo9meIDcYqa2xQIyeMnCMQPfqOvz2aYFrOotZYJjjCgEUOwIg38jwP4rynzo0mOz2gAklp2gqgBByOXK6joIjkMK9KX7TRHzQ”
}
},
“protected”: “eyJub25jZSI6ICJyZ09hdVE4UHRKcDV5cFAwc2huM1ZlUl8wcUM1bkRWcHBac2lRNUJiLVNJIn0”,
“payload”: “ewogICJrZXlBdXRob3JpemF0aW9uIjogImxvaFhXX1FSeE9FTU1YN2Fkcng5VTY2cl90V3RUVXUtVGx6SlF0ZXlhMWMuMzVmS2pxWkFaanBWNWQ4QUx2VzgzWU5VY0dmQ3hRU2hoRF9HWi1QcFFiNCIsIAogICJ0eXBlIjogInRscy1zbmktMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9”,
“signature”: “vz7PJKz3LmaTA4WEWQIp1I6PRUnSC1AN4OFyzhuTlGx5v0yJisCVEmewd4FrkEXbRsgt5-eBk0M3yr2FCbh3FjEL0uRzVhgiA0UOE1rQR8n7OZzgRkFH4KqEwcEIw0oN7iyuM73N7j0mRg_ZeNnuh8CsOqd_LhwgrNdUOnpDT6a0wmEhua7JA9EaXQmX8tik56tBMTrSE6HtBMfl3vpB6SJa2d1nYdWoBzOom0bECyyqrsQXE4hw9nCgeo4NdFfBYLvxyOZtNANPWm81LuDzJasUZI1fkPkiqiWr_6Z4AiJo7oKFkBzRo1boSIBYIZgKQBI9re7hWi-_Y-xu0Tf2Fw”
}
2017-03-22 22:55:33,331:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “POST /acme/challenge/EDv7cP6qthFQhGUQZmBXqbDa2kxiiLzVN2khE7x3gFw/855265277 HTTP/1.1” 202 338
2017-03-22 22:55:33,333:DEBUG:acme.client:Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 338
Boulder-Request-Id: lDsuM8iy-472hYeL0CVKQH7GwMGGyKcz0NGWWisKw7g
Boulder-Requester: 4855187
Link: https://acme-v01.api.letsencrypt.org/acme/authz/EDv7cP6qthFQhGUQZmBXqbDa2kxiiLzVN2khE7x3gFw;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/EDv7cP6qthFQhGUQZmBXqbDa2kxiiLzVN2khE7x3gFw/855265277
Replay-Nonce: eJVMSrEkshNV5JVRKRD38SLH1sQBG-6HKCGwsfJJkKU
Expires: Wed, 22 Mar 2017 22:47:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 22 Mar 2017 22:47:52 GMT
Connection: keep-alive

{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/EDv7cP6qthFQhGUQZmBXqbDa2kxiiLzVN2khE7x3gFw/855265277”,
“token”: “lohXW_QRxOEMMX7adrx9U66r_tWtTUu-TlzJQteya1c”,
“keyAuthorization”: “lohXW_QRxOEMMX7adrx9U66r_tWtTUu-TlzJQteya1c.35fKjqZAZjpV5d8ALvW83YNUcGfCxQShhD_GZ-PpQb4”
}
2017-03-22 22:55:33,333:DEBUG:acme.client:Storing nonce: eJVMSrEkshNV5JVRKRD38SLH1sQBG-6HKCGwsfJJkKU
2017-03-22 22:55:33,334:DEBUG:acme.client:JWS payload:
{
“keyAuthorization”: “SZCJgMW6hBEFKy7pe83t83ip2rOyiv0BgSM0J1Y5wTc.35fKjqZAZjpV5d8ALvW83YNUcGfCxQShhD_GZ-PpQb4”,
“type”: “tls-sni-01”,
“resource”: “challenge”
}
2017-03-22 22:55:33,340:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/j9uBDdBol3EbDYPUwKe6iaJUPwQT0MlrBb2PmnAAFB8/855265279:
{
“header”: {
“alg”: “RS256”,
“jwk”: {
“e”: “AQAB”,
“kty”: “RSA”,
“n”: “3UJ2rOZPi1Id87yLRabETvIFNocVSPnF-Ge7k6mruemr96MmMGZJhAx5SxLPVUGVY2JVzWLqGxIW6lTXl1do1IPfwhR7ZQ2xvyyUlF5B1EBbOiTY9ZU9276djZauaC-GPRuCZcod6AY0MfZlQHTHzytPSFxlABYePVwwsImcBtpHrPcAd5zQIUsAW8Or-9KoyuUVNvio_p0QUX6oEZm0_Af0EQGFH6c9Qz_oeS4nFAKTRzr173KRoxo9meIDcYqa2xQIyeMnCMQPfqOvz2aYFrOotZYJjjCgEUOwIg38jwP4rynzo0mOz2gAklp2gqgBByOXK6joIjkMK9KX7TRHzQ”
}
},
“protected”: “eyJub25jZSI6ICJlSlZNU3JFa3NoTlY1SlZSS1JEMzhTTEgxc1FCRy02SEtDR3dzZkpKa0tVIn0”,
“payload”: “ewogICJrZXlBdXRob3JpemF0aW9uIjogIlNaQ0pnTVc2aEJFRkt5N3BlODN0ODNpcDJyT3lpdjBCZ1NNMEoxWTV3VGMuMzVmS2pxWkFaanBWNWQ4QUx2VzgzWU5VY0dmQ3hRU2hoRF9HWi1QcFFiNCIsIAogICJ0eXBlIjogInRscy1zbmktMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9”,
“signature”: “zaJEwGPOCCDbnxSMXGOOGAu506h5Kd8CwvO2gyeGx591baMt9YjtpT3qTQMOlK_aLf_VF-OyrLQSejunJATGNUmYb6CWfu7ZbpvtU_q1u3tFLGkaSwjgk0RJym2pE8h1mBgyNH9pwzEEqXApucqZwMWy1S3iJuRk6DQE_51iMIjVEyGCEHVVf8T9gzLuZNN17x-eCbzhjihLtRqKcXUFmgurL4k6wvc9a7JAFyyQSI4O0UPCOhbRSM54V6N5xcuzRvXXRjxANLegToJfr3Hwq2BmwNQm8eOXC_09xcHXpoecYeaSuoFxwjws-slVoxjzZ8zA1nPTqky7Q3UiYmw7vg”
}
2017-03-22 22:55:33,428:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “POST /acme/challenge/j9uBDdBol3EbDYPUwKe6iaJUPwQT0MlrBb2PmnAAFB8/855265279 HTTP/1.1” 202 338
2017-03-22 22:55:33,430:DEBUG:acme.client:Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 338
Boulder-Request-Id: UkNsKtFzvFlncrz9vuWaBb0zuzmg2rI5qgwCPvmee_Y
Boulder-Requester: 4855187
Link: https://acme-v01.api.letsencrypt.org/acme/authz/j9uBDdBol3EbDYPUwKe6iaJUPwQT0MlrBb2PmnAAFB8;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/j9uBDdBol3EbDYPUwKe6iaJUPwQT0MlrBb2PmnAAFB8/855265279
Replay-Nonce: z-BCifklp_CYszVwQfVfGqF-v7dJM6wUe65ac4GrOwY
Expires: Wed, 22 Mar 2017 22:47:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 22 Mar 2017 22:47:52 GMT
Connection: keep-alive

{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/j9uBDdBol3EbDYPUwKe6iaJUPwQT0MlrBb2PmnAAFB8/855265279”,
“token”: “SZCJgMW6hBEFKy7pe83t83ip2rOyiv0BgSM0J1Y5wTc”,
“keyAuthorization”: “SZCJgMW6hBEFKy7pe83t83ip2rOyiv0BgSM0J1Y5wTc.35fKjqZAZjpV5d8ALvW83YNUcGfCxQShhD_GZ-PpQb4”
}
2017-03-22 22:55:33,430:DEBUG:acme.client:Storing nonce: z-BCifklp_CYszVwQfVfGqF-v7dJM6wUe65ac4GrOwY
2017-03-22 22:55:33,431:DEBUG:acme.client:JWS payload:
{
“keyAuthorization”: “ZkjVtnf2QvqIwaa2IspV7PY9v7K5WOVoOwomQFzlTKQ.35fKjqZAZjpV5d8ALvW83YNUcGfCxQShhD_GZ-PpQb4”,
“type”: “tls-sni-01”,
“resource”: “challenge”
}
2017-03-22 22:55:33,436:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/Wg5h-Y_v8LwTLCWvSNxsMzFAV1NYfxjKVL8SE-DsW3Y/855265288:
{
“header”: {
“alg”: “RS256”,
“jwk”: {
“e”: “AQAB”,
“kty”: “RSA”,
“n”: “3UJ2rOZPi1Id87yLRabETvIFNocVSPnF-Ge7k6mruemr96MmMGZJhAx5SxLPVUGVY2JVzWLqGxIW6lTXl1do1IPfwhR7ZQ2xvyyUlF5B1EBbOiTY9ZU9276djZauaC-GPRuCZcod6AY0MfZlQHTHzytPSFxlABYePVwwsImcBtpHrPcAd5zQIUsAW8Or-9KoyuUVNvio_p0QUX6oEZm0_Af0EQGFH6c9Qz_oeS4nFAKTRzr173KRoxo9meIDcYqa2xQIyeMnCMQPfqOvz2aYFrOotZYJjjCgEUOwIg38jwP4rynzo0mOz2gAklp2gqgBByOXK6joIjkMK9KX7TRHzQ”
}
},
“protected”: “eyJub25jZSI6ICJ6LUJDaWZrbHBfQ1lzelZ3UWZWZkdxRi12N2RKTTZ3VWU2NWFjNEdyT3dZIn0”,
“payload”: “ewogICJrZXlBdXRob3JpemF0aW9uIjogIlpralZ0bmYyUXZxSXdhYTJJc3BWN1BZOXY3SzVXT1ZvT3dvbVFGemxUS1EuMzVmS2pxWkFaanBWNWQ4QUx2VzgzWU5VY0dmQ3hRU2hoRF9HWi1QcFFiNCIsIAogICJ0eXBlIjogInRscy1zbmktMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9”,
“signature”: “HnnhY-ibPWrA9dGMJzidFlydZPX8VszP5e6nD3CMriqK_EywT6bp4M1HyJEw-ftvM3KPVR75Dnf8TaJiN6-CJ8AFEo3LmihUR99xAfPJU-x5Z4W5_WyUk5UzJTDmOQQTHEJPOkUpvfmrvwVQz-TidhUaBCySEkdocuUzfq9yODkv_sWQ4r4I_4vGfU5NgeA3qeYh6g8Vlk9emOzY165Zje1zxkhRPd_gewhs-LXVuovNC-Y8Z_8P_rqNlIjj0zrYWZr88g5bGhLlgJbst0UxGJVKNlBcS6Vtulj5uiL_8kl7wd2r1zll-PGcY4xFpl8NhXiLtqQTLNFz-r83_vUWQw”
}
2017-03-22 22:55:33,512:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “POST /acme/challenge/Wg5h-Y_v8LwTLCWvSNxsMzFAV1NYfxjKVL8SE-DsW3Y/855265288 HTTP/1.1” 202 338
2017-03-22 22:55:33,513:DEBUG:acme.client:Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 338
Boulder-Request-Id: dZFaILdSnr2NcFXfPCDwa9-mWLBGXC9AB9KZUDtmTbk
Boulder-Requester: 4855187
Link: https://acme-v01.api.letsencrypt.org/acme/authz/Wg5h-Y_v8LwTLCWvSNxsMzFAV1NYfxjKVL8SE-DsW3Y;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/Wg5h-Y_v8LwTLCWvSNxsMzFAV1NYfxjKVL8SE-DsW3Y/855265288
Replay-Nonce: i2g4045LmaMtFeODOeUmR-mtnygExhEmodc-Grmk5tQ
Expires: Wed, 22 Mar 2017 22:47:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 22 Mar 2017 22:47:52 GMT
Connection: keep-alive

{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/Wg5h-Y_v8LwTLCWvSNxsMzFAV1NYfxjKVL8SE-DsW3Y/855265288”,
“token”: “ZkjVtnf2QvqIwaa2IspV7PY9v7K5WOVoOwomQFzlTKQ”,
“keyAuthorization”: “ZkjVtnf2QvqIwaa2IspV7PY9v7K5WOVoOwomQFzlTKQ.35fKjqZAZjpV5d8ALvW83YNUcGfCxQShhD_GZ-PpQb4”
}
2017-03-22 22:55:33,514:DEBUG:acme.client:Storing nonce: i2g4045LmaMtFeODOeUmR-mtnygExhEmodc-Grmk5tQ
2017-03-22 22:55:33,514:DEBUG:acme.client:JWS payload:
{
“keyAuthorization”: “onBWK4KLnQpraavi7dguKBW86aeZK7drE0BJPgvDTP4.35fKjqZAZjpV5d8ALvW83YNUcGfCxQShhD_GZ-PpQb4”,
“type”: “tls-sni-01”,
“resource”: “challenge”
}
2017-03-22 22:55:33,520:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/bBkO3ceQ_x-YkzPFxPuxgGOt3GRYH1fhnnsp9ZqKdAw/855265300:
{
“header”: {
“alg”: “RS256”,
“jwk”: {
“e”: “AQAB”,
“kty”: “RSA”,
“n”: “3UJ2rOZPi1Id87yLRabETvIFNocVSPnF-Ge7k6mruemr96MmMGZJhAx5SxLPVUGVY2JVzWLqGxIW6lTXl1do1IPfwhR7ZQ2xvyyUlF5B1EBbOiTY9ZU9276djZauaC-GPRuCZcod6AY0MfZlQHTHzytPSFxlABYePVwwsImcBtpHrPcAd5zQIUsAW8Or-9KoyuUVNvio_p0QUX6oEZm0_Af0EQGFH6c9Qz_oeS4nFAKTRzr173KRoxo9meIDcYqa2xQIyeMnCMQPfqOvz2aYFrOotZYJjjCgEUOwIg38jwP4rynzo0mOz2gAklp2gqgBByOXK6joIjkMK9KX7TRHzQ”
}
},
“protected”: “eyJub25jZSI6ICJpMmc0MDQ1TG1hTXRGZU9ET2VVbVItbXRueWdFeGhFbW9kYy1Hcm1rNXRRIn0”,
“payload”: “ewogICJrZXlBdXRob3JpemF0aW9uIjogIm9uQldLNEtMblFwcmFhdmk3ZGd1S0JXODZhZVpLN2RyRTBCSlBndkRUUDQuMzVmS2pxWkFaanBWNWQ4QUx2VzgzWU5VY0dmQ3hRU2hoRF9HWi1QcFFiNCIsIAogICJ0eXBlIjogInRscy1zbmktMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9”,
“signature”: “kEZk9P4PCpZpBjpQ71RJOjJDAPKz5dpSjXx45BAIGr-bEP33ow8L_FTWV-EgTtF6lUSIDWLhd55i3yeDK8V7-jUUTdlAjhlUwKdEc56RYvSlLajDA0-pNy7eXr2eOl2qsEEOjLtqFxDBnoeYMHt4KJ8xqlOWOffSqosSLO9GVCnbTO5YYSWEXPCadoPcfCHrR0SDkf99gRMdDxJW6GJZK5bV3zk09ZC3rURLxiYYGWKB2VkRQuU_pngcVFyCcTdZixxKn-V4xQTkon-VADq8bwg1WEwOEuEhRcJgkb3S0d1E4DoK9YGqSR59MCAJIKQpYRw1KWa3GF1IWNke6MClTg”
}
2017-03-22 22:55:33,602:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “POST /acme/challenge/bBkO3ceQ_x-YkzPFxPuxgGOt3GRYH1fhnnsp9ZqKdAw/855265300 HTTP/1.1” 202 338
2017-03-22 22:55:33,604:DEBUG:acme.client:Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 338
Boulder-Request-Id: sy5jKe0gEc7bP_wJ8EXBLSvl8XzuR9atDZ_LEUXq3ME
Boulder-Requester: 4855187
Link: https://acme-v01.api.letsencrypt.org/acme/authz/bBkO3ceQ_x-YkzPFxPuxgGOt3GRYH1fhnnsp9ZqKdAw;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/bBkO3ceQ_x-YkzPFxPuxgGOt3GRYH1fhnnsp9ZqKdAw/855265300
Replay-Nonce: vthIzKV7cMiVKKN1cnT4a1s_KFI_fP3IBaLA3Hlrn2c
Expires: Wed, 22 Mar 2017 22:47:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 22 Mar 2017 22:47:52 GMT
Connection: keep-alive

{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/bBkO3ceQ_x-YkzPFxPuxgGOt3GRYH1fhnnsp9ZqKdAw/855265300”,
“token”: “onBWK4KLnQpraavi7dguKBW86aeZK7drE0BJPgvDTP4”,
“keyAuthorization”: “onBWK4KLnQpraavi7dguKBW86aeZK7drE0BJPgvDTP4.35fKjqZAZjpV5d8ALvW83YNUcGfCxQShhD_GZ-PpQb4”
}
2017-03-22 22:55:33,604:DEBUG:acme.client:Storing nonce: vthIzKV7cMiVKKN1cnT4a1s_KFI_fP3IBaLA3Hlrn2c
2017-03-22 22:55:33,605:DEBUG:acme.client:JWS payload:
{
“keyAuthorization”: “tB6ORLDLAUHsGu9-qhZHp3NK5DOhCW98M9VP4y78HII.35fKjqZAZjpV5d8ALvW83YNUcGfCxQShhD_GZ-PpQb4”,
“type”: “tls-sni-01”,
“resource”: “challenge”
}
2017-03-22 22:55:33,610:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/JzyjKi5Wne8uxp0zavFuK-VamIOgC8C1MywAAIAsMns/855265308:
{
“header”: {
“alg”: “RS256”,
“jwk”: {
“e”: “AQAB”,
“kty”: “RSA”,
“n”: “3UJ2rOZPi1Id87yLRabETvIFNocVSPnF-Ge7k6mruemr96MmMGZJhAx5SxLPVUGVY2JVzWLqGxIW6lTXl1do1IPfwhR7ZQ2xvyyUlF5B1EBbOiTY9ZU9276djZauaC-GPRuCZcod6AY0MfZlQHTHzytPSFxlABYePVwwsImcBtpHrPcAd5zQIUsAW8Or-9KoyuUVNvio_p0QUX6oEZm0_Af0EQGFH6c9Qz_oeS4nFAKTRzr173KRoxo9meIDcYqa2xQIyeMnCMQPfqOvz2aYFrOotZYJjjCgEUOwIg38jwP4rynzo0mOz2gAklp2gqgBByOXK6joIjkMK9KX7TRHzQ”
}
},
“protected”: “eyJub25jZSI6ICJ2dGhJektWN2NNaVZLS04xY25UNGExc19LRklfZlAzSUJhTEEzSGxybjJjIn0”,
“payload”: “ewogICJrZXlBdXRob3JpemF0aW9uIjogInRCNk9STERMQVVIc0d1OS1xaFpIcDNOSzVET2hDVzk4TTlWUDR5NzhISUkuMzVmS2pxWkFaanBWNWQ4QUx2VzgzWU5VY0dmQ3hRU2hoRF9HWi1QcFFiNCIsIAogICJ0eXBlIjogInRscy1zbmktMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9”,
“signature”: “iPex8m1D5Pk6HREP0OHMqt63VcvuGEGdrnNGPliyBFklqTvBUgKOwKMHV084wWng1I3Mg2DDdoOiBsebVthdI9saeZGEkzyQBndKK_B8iJO-Jb3zMEbHAWpL7HabvJw97QXPOnIS6SWXbybkMemepsjM7G56nuwF7OYC5-4igeSKsh0rgu0QTK_7zSzJuwaNiffQDkrUUuHtxOUhWo-LSqZQ_FyD4Byaxl-5GkgVgCGN0GnjkY8oCGqUHbBrpokHREkuPULTe03ibqW0yZoMFLRgKl6s1t5BTqOhQG9wNcInPt2EA0ifGhflXKBV37FL96A7qasbWTa3Ajqh6OMfoQ”
}
2017-03-22 22:55:33,707:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “POST /acme/challenge/JzyjKi5Wne8uxp0zavFuK-VamIOgC8C1MywAAIAsMns/855265308 HTTP/1.1” 202 338
2017-03-22 22:55:33,708:DEBUG:acme.client:Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 338
Boulder-Request-Id: UF1e7bNMY4rLM4NdnqUz2932buSBSmTsayEFRBnhwmQ
Boulder-Requester: 4855187
Link: https://acme-v01.api.letsencrypt.org/acme/authz/JzyjKi5Wne8uxp0zavFuK-VamIOgC8C1MywAAIAsMns;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/JzyjKi5Wne8uxp0zavFuK-VamIOgC8C1MywAAIAsMns/855265308
Replay-Nonce: ocZb3Kbddm9QZRxaMn8DpcTafFDpfJSqAJ0rBTXgpNo
Expires: Wed, 22 Mar 2017 22:47:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 22 Mar 2017 22:47:52 GMT
Connection: keep-alive

{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/JzyjKi5Wne8uxp0zavFuK-VamIOgC8C1MywAAIAsMns/855265308”,
“token”: “tB6ORLDLAUHsGu9-qhZHp3NK5DOhCW98M9VP4y78HII”,
“keyAuthorization”: “tB6ORLDLAUHsGu9-qhZHp3NK5DOhCW98M9VP4y78HII.35fKjqZAZjpV5d8ALvW83YNUcGfCxQShhD_GZ-PpQb4”
}
2017-03-22 22:55:33,709:DEBUG:acme.client:Storing nonce: ocZb3Kbddm9QZRxaMn8DpcTafFDpfJSqAJ0rBTXgpNo
2017-03-22 22:55:36,713:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/EDv7cP6qthFQhGUQZmBXqbDa2kxiiLzVN2khE7x3gFw.
2017-03-22 22:55:36,767:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “GET /acme/authz/EDv7cP6qthFQhGUQZmBXqbDa2kxiiLzVN2khE7x3gFw HTTP/1.1” 200 1537
2017-03-22 22:55:36,768:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1537
Boulder-Request-Id: CjuwYRsx5-jiMcWQyZ-c3F2MrXkaOS6cZy4zGwMfjp4
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Replay-Nonce: EPmWoZHMU_LWBmfunqKI2KfB8KoOMWQx4zvTU-o5JCY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 22 Mar 2017 22:47:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 22 Mar 2017 22:47:55 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “twoside.hearppc.com
},
“status”: “invalid”,
“expires”: “2017-03-29T22:47:46Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/EDv7cP6qthFQhGUQZmBXqbDa2kxiiLzVN2khE7x3gFw/855265275”,
“token”: “P_NbgDpoxrBakGv-fHJBEzHjNCaaxryXjzcsaYFIeTE”
},
{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/EDv7cP6qthFQhGUQZmBXqbDa2kxiiLzVN2khE7x3gFw/855265276”,
“token”: “W4CYhUvizVzgNNZ269TrVtNHendQnbEIctPyMKNYx0M”
},
{
“type”: “tls-sni-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:connection”,
“detail”: “Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge”,
“status”: 400
},
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/EDv7cP6qthFQhGUQZmBXqbDa2kxiiLzVN2khE7x3gFw/855265277”,
“token”: “lohXW_QRxOEMMX7adrx9U66r_tWtTUu-TlzJQteya1c”,
“keyAuthorization”: “lohXW_QRxOEMMX7adrx9U66r_tWtTUu-TlzJQteya1c.35fKjqZAZjpV5d8ALvW83YNUcGfCxQShhD_GZ-PpQb4”,
“validationRecord”: [
{
“hostname”: “twoside.hearppc.com”,
“port”: “443”,
“addressesResolved”: [
“198.101.242.177”
],
“addressUsed”: “198.101.242.177”
}
]
}
],
“combinations”: [
[
0
],
[
1
],
[
2
]
]
}

11

Part 3:

2017-03-22 22:55:36,772:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/Wg5h-Y_v8LwTLCWvSNxsMzFAV1NYfxjKVL8SE-DsW3Y.
2017-03-22 22:55:36,841:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “GET /acme/authz/Wg5h-Y_v8LwTLCWvSNxsMzFAV1NYfxjKVL8SE-DsW3Y HTTP/1.1” 200 1527
2017-03-22 22:55:36,842:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1527
Boulder-Request-Id: lad9yKhQoV8_S8j_R3zcYsTrlaxL9x_Dep5CaEG5ONI
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Replay-Nonce: N4D54z6Lusv5MSyVaUM2GroABlLW-hwYMeEAJHmlRTw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 22 Mar 2017 22:47:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 22 Mar 2017 22:47:55 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “my.hearppc.com
},
“status”: “invalid”,
“expires”: “2017-03-29T22:47:46Z”,
“challenges”: [
{
“type”: “tls-sni-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:connection”,
“detail”: “Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge”,
“status”: 400
},
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/Wg5h-Y_v8LwTLCWvSNxsMzFAV1NYfxjKVL8SE-DsW3Y/855265288”,
“token”: “ZkjVtnf2QvqIwaa2IspV7PY9v7K5WOVoOwomQFzlTKQ”,
“keyAuthorization”: “ZkjVtnf2QvqIwaa2IspV7PY9v7K5WOVoOwomQFzlTKQ.35fKjqZAZjpV5d8ALvW83YNUcGfCxQShhD_GZ-PpQb4”,
“validationRecord”: [
{
“hostname”: “my.hearppc.com”,
“port”: “443”,
“addressesResolved”: [
“198.101.242.177”
],
“addressUsed”: “198.101.242.177”
}
]
},
{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/Wg5h-Y_v8LwTLCWvSNxsMzFAV1NYfxjKVL8SE-DsW3Y/855265290”,
“token”: “6vmVXqtsZgY7TB3kaFWm43dZjSyHLgJ7TmRda31No5c”
},
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/Wg5h-Y_v8LwTLCWvSNxsMzFAV1NYfxjKVL8SE-DsW3Y/855265292”,
“token”: “bPkCGW0XCbyyKGa1mSZkNyw6ShAeZqsK3QpJll8tJB8”
}
],
“combinations”: [
[
0
],
[
1
],
[
2
]
]
}
2017-03-22 22:55:36,845:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/JzyjKi5Wne8uxp0zavFuK-VamIOgC8C1MywAAIAsMns.
2017-03-22 22:55:36,906:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “GET /acme/authz/JzyjKi5Wne8uxp0zavFuK-VamIOgC8C1MywAAIAsMns HTTP/1.1” 200 1531
2017-03-22 22:55:36,907:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1531
Boulder-Request-Id: jSsy14_v0200UbFfD1DhRRDf37h_JdgaAa39xtxbv7k
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Replay-Nonce: 1_R10aweA2_klK-cVTvIAR8qdxFwujhE49cD4ivsMxI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 22 Mar 2017 22:47:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 22 Mar 2017 22:47:55 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “www.hearppcs.com
},
“status”: “invalid”,
“expires”: “2017-03-29T22:47:46Z”,
“challenges”: [
{
“type”: “tls-sni-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:connection”,
“detail”: “Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge”,
“status”: 400
},
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/JzyjKi5Wne8uxp0zavFuK-VamIOgC8C1MywAAIAsMns/855265308”,
“token”: “tB6ORLDLAUHsGu9-qhZHp3NK5DOhCW98M9VP4y78HII”,
“keyAuthorization”: “tB6ORLDLAUHsGu9-qhZHp3NK5DOhCW98M9VP4y78HII.35fKjqZAZjpV5d8ALvW83YNUcGfCxQShhD_GZ-PpQb4”,
“validationRecord”: [
{
“hostname”: “www.hearppcs.com”,
“port”: “443”,
“addressesResolved”: [
“198.101.242.177”
],
“addressUsed”: “198.101.242.177”
}
]
},
{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/JzyjKi5Wne8uxp0zavFuK-VamIOgC8C1MywAAIAsMns/855265309”,
“token”: “1SRu_5MUfkMjUbGflI2swjpFub1YRaQrpWQvC68U2JU”
},
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/JzyjKi5Wne8uxp0zavFuK-VamIOgC8C1MywAAIAsMns/855265310”,
“token”: “uE0IqZaXHxRf9rK6fXFtKPXWvGe8klIHd2w4HNhaBtw”
}
],
“combinations”: [
[
0
],
[
1
],
[
2
]
]
}
2017-03-22 22:55:36,909:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/j9uBDdBol3EbDYPUwKe6iaJUPwQT0MlrBb2PmnAAFB8.
2017-03-22 22:55:36,981:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “GET /acme/authz/j9uBDdBol3EbDYPUwKe6iaJUPwQT0MlrBb2PmnAAFB8 HTTP/1.1” 200 1523
2017-03-22 22:55:36,982:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1523
Boulder-Request-Id: f4YMua5dlI1-KIBKk0DaLvvmc4-OOZFhbTdt5d-CJzI
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Replay-Nonce: tt-mEV0g-d9Tu4CL5xheZWEZnNk_jfcMbYhGaD6LygA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 22 Mar 2017 22:47:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 22 Mar 2017 22:47:55 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “hearppcs.com
},
“status”: “invalid”,
“expires”: “2017-03-29T22:47:46Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/j9uBDdBol3EbDYPUwKe6iaJUPwQT0MlrBb2PmnAAFB8/855265278”,
“token”: “59a6PjpM_l7VQncn9C5JG_hMCwZ8wQnF4-7o4oTqFCA”
},
{
“type”: “tls-sni-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:connection”,
“detail”: “Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge”,
“status”: 400
},
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/j9uBDdBol3EbDYPUwKe6iaJUPwQT0MlrBb2PmnAAFB8/855265279”,
“token”: “SZCJgMW6hBEFKy7pe83t83ip2rOyiv0BgSM0J1Y5wTc”,
“keyAuthorization”: “SZCJgMW6hBEFKy7pe83t83ip2rOyiv0BgSM0J1Y5wTc.35fKjqZAZjpV5d8ALvW83YNUcGfCxQShhD_GZ-PpQb4”,
“validationRecord”: [
{
“hostname”: “hearppcs.com”,
“port”: “443”,
“addressesResolved”: [
“198.101.242.177”
],
“addressUsed”: “198.101.242.177”
}
]
},
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/j9uBDdBol3EbDYPUwKe6iaJUPwQT0MlrBb2PmnAAFB8/855265280”,
“token”: “x2H0Ui9ifeTJ524DB0rdSNFlLFGoWM18gmCZ6B6hI_A”
}
],
“combinations”: [
[
0
],
[
1
],
[
2
]
]
}
2017-03-22 22:55:36,985:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/bBkO3ceQ_x-YkzPFxPuxgGOt3GRYH1fhnnsp9ZqKdAw.
2017-03-22 22:55:37,052:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “GET /acme/authz/bBkO3ceQ_x-YkzPFxPuxgGOt3GRYH1fhnnsp9ZqKdAw HTTP/1.1” 200 1535
2017-03-22 22:55:37,054:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1535
Boulder-Request-Id: JYEG-FhtNPF-lmR8k4ezNpRGszAlEh-slb39jAkJ0yc
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Replay-Nonce: Sl-60o85c9M4k4EF18kcBoEY2cXqN8K1ltqKxt7rH6s
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 22 Mar 2017 22:47:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 22 Mar 2017 22:47:55 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “server.hearppc.com
},
“status”: “invalid”,
“expires”: “2017-03-29T22:47:46Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/bBkO3ceQ_x-YkzPFxPuxgGOt3GRYH1fhnnsp9ZqKdAw/855265299”,
“token”: “-4tKfzVFDDfxO96xX_Q6XeIzBuDEwp19yzPtuwpb920”
},
{
“type”: “tls-sni-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:connection”,
“detail”: “Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge”,
“status”: 400
},
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/bBkO3ceQ_x-YkzPFxPuxgGOt3GRYH1fhnnsp9ZqKdAw/855265300”,
“token”: “onBWK4KLnQpraavi7dguKBW86aeZK7drE0BJPgvDTP4”,
“keyAuthorization”: “onBWK4KLnQpraavi7dguKBW86aeZK7drE0BJPgvDTP4.35fKjqZAZjpV5d8ALvW83YNUcGfCxQShhD_GZ-PpQb4”,
“validationRecord”: [
{
“hostname”: “server.hearppc.com”,
“port”: “443”,
“addressesResolved”: [
“198.101.242.177”
],
“addressUsed”: “198.101.242.177”
}
]
},
{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/bBkO3ceQ_x-YkzPFxPuxgGOt3GRYH1fhnnsp9ZqKdAw/855265301”,
“token”: “I_KGVkOmZPkTRr8va5EeH6YxEHomgemAWT6nI8sQ3Ec”
}
],
“combinations”: [
[
0
],
[
2
],
[
1
]
]
}
2017-03-22 22:55:37,057:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: twoside.hearppc.com
Type: connection
Detail: Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge

Domain: hearppcs.com
Type: connection
Detail: Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge

Domain: my.hearppc.com
Type: connection
Detail: Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge

Domain: www.hearppcs.com
Type: connection
Detail: Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge

Domain: server.hearppc.com
Type: connection
Detail: Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you’re using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2017-03-22 22:55:37,057:INFO:certbot.auth_handler:Cleaning up challenges
2017-03-22 22:55:37,667:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/twoside.hearppc.com.conf produced an unexpected error: Failed authorization procedure. twoside.hearppc.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge, hearppcs.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge, my.hearppc.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge, www.hearppcs.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge, server.hearppc.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge. Skipping.
2017-03-22 22:55:37,673:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/renewal.py”, line 418, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py”, line 650, in renew_cert
_get_and_save_cert(le_client, config, lineage=lineage)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py”, line 87, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/renewal.py”, line 296, in renew_cert
new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/client.py”, line 265, in obtain_certificate
self.config.allow_subset_of_names)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/auth_handler.py”, line 77, in get_authorizations
self._respond(resp, best_effort)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/auth_handler.py”, line 134, in _respond
self._poll_challenges(chall_update, best_effort)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/auth_handler.py”, line 198, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. twoside.hearppc.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge, hearppcs.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge, my.hearppc.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge, www.hearppcs.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge, server.hearppc.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 198.101.242.177:443 for TLS-SNI-01 challenge

2017-03-22 22:55:37,676:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py”, line 896, in main
return config.func(config, plugins)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py”, line 702, in renew
renewal.handle_renewal_request(config)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/renewal.py”, line 435, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)

12

Thanks, I’m hoping a colleague can look this over. Another question would be if there’s anything interesting in the /var/log/apache2/error.log or anywhere that you might have set your Apache error logs to go, for example indicating that it couldn’t start properly after Certbot tried to modify its configuration?

13

Here’s what’s added to the log for each run:

[Wed Mar 22 23:34:09 2017] [notice] Graceful restart requested, doing restart
[Wed Mar 22 23:34:09 2017] [warn] module php5_module is already loaded, skipping
Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
[Wed Mar 22 23:34:09 2017] [notice] Digest: generating secret for digest authentication …
[Wed Mar 22 23:34:09 2017] [notice] Digest: done
[Wed Mar 22 23:34:09 2017] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Mar 22 23:34:09 2017] [warn] RSA server certificate CommonName (CN) dummy' does NOT match server name!? [Wed Mar 22 23:34:09 2017] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Mar 22 23:34:09 2017] [warn] RSA server certificate CommonName (CN)dummy’ does NOT match server name!?
[Wed Mar 22 23:34:09 2017] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Mar 22 23:34:09 2017] [warn] RSA server certificate CommonName (CN) dummy' does NOT match server name!? [Wed Mar 22 23:34:09 2017] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Mar 22 23:34:09 2017] [warn] RSA server certificate CommonName (CN)dummy’ does NOT match server name!?
[Wed Mar 22 23:34:09 2017] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Mar 22 23:34:09 2017] [warn] RSA server certificate CommonName (CN) dummy' does NOT match server name!? [Wed Mar 22 23:34:09 2017] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Mar 22 23:34:09 2017] [warn] RSA server certificate CommonName (CN)dummy’ does NOT match server name!?
[Wed Mar 22 23:34:09 2017] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Mar 22 23:34:09 2017] [warn] RSA server certificate CommonName (CN) dummy' does NOT match server name!? [Wed Mar 22 23:34:09 2017] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Mar 22 23:34:09 2017] [warn] RSA server certificate CommonName (CN)dummy’ does NOT match server name!?
[Wed Mar 22 23:34:09 2017] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Mar 22 23:34:09 2017] [warn] RSA server certificate CommonName (CN) dummy' does NOT match server name!? [Wed Mar 22 23:34:09 2017] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Mar 22 23:34:09 2017] [warn] RSA server certificate CommonName (CN)dummy’ does NOT match server name!?
[Wed Mar 22 23:34:09 2017] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Mar 22 23:34:09 2017] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured – resuming normal operations
[Wed Mar 22 23:34:16 2017] [notice] Graceful restart requested, doing restart
[Wed Mar 22 23:34:16 2017] [warn] module php5_module is already loaded, skipping
[Wed Mar 22 23:34:16 2017] [notice] Digest: generating secret for digest authentication …
[Wed Mar 22 23:34:16 2017] [notice] Digest: done
[Wed Mar 22 23:34:17 2017] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Mar 22 23:34:17 2017] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured – resuming normal operations

14

@schoen Not sure what happened, but I tried again this morning and it seems to have gone through successfully. Thank you for your help.

15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.