Certbot couldn't add ssl


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
sldev11.com

I ran this command:
sudo ./certbot-auto certonly --manual --preferred-challenges=http --apache-challenge-location=/etc/apache2/conf.d/ --apache-server-root=/etc/apache2

The cert didn’t add to the site, I notice that, in the header: “X-Frame-Options: DENY”

Here is output of the letencrypted.log

text/x-log le.log ( ASCII English text, with very long lines )
2018-12-10 21:47:33,151:DEBUG:certbot.main:certbot version: 0.29.1
2018-12-10 21:47:33,152:DEBUG:certbot.main:Arguments: [’–manual’, ‘–preferred-challenges=http’, ‘–apache-challenge-location=/etc/apache2/conf.d/’, ‘–apache-server-root=/etc/apache2’]
2018-12-10 21:47:33,152:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-12-10 21:47:33,192:DEBUG:certbot.log:Root logging level set at 20
2018-12-10 21:47:33,193:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-12-10 21:47:33,195:DEBUG:certbot.plugins.selection:Requested authenticator manual and installer None
2018-12-10 21:47:33,207:DEBUG:certbot.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: IAuthenticator, IPlugin
Entry point: manual = certbot.plugins.manual:Authenticator
Initialized: <certbot.plugins.manual.Authenticator object at 0x7f47ad25b198>
Prep: True
2018-12-10 21:47:33,209:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.manual.Authenticator object at 0x7f47ad25b198> and installer None
2018-12-10 21:47:33,209:INFO:certbot.plugins.selection:Plugins selected: Authenticator manual, Installer None
2018-12-10 21:47:33,216:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(new_authzr_uri=None, terms_of_service=None, body=Registration(status=None, external_account_binding=None, agreement=None, key=None, only_return_existing=None, terms_of_service_agreed=None, contact=()), uri=‘https://acme-v02.api.letsencrypt.org/acme/acct/47427381’), 9d8d620183ed123414a1fde91ca64bd1, Meta(creation_host=‘sit.sitelockdev.com’, creation_dt=datetime.datetime(2018, 12, 10, 16, 8, tzinfo=)))>
2018-12-10 21:47:33,220:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2018-12-10 21:47:33,226:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2018-12-10 21:47:33,422:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 658
2018-12-10 21:47:33,424:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 658
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 10 Dec 2018 21:47:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 10 Dec 2018 21:47:33 GMT
Connection: keep-alive

{
“5QYiKq8MJug”: “Adding random entries to the directory”,
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
letsencrypt.org
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert
}
2018-12-10 21:47:33,425:DEBUG:certbot.display.ops:No installer, picking names manually
2018-12-10 21:47:43,580:INFO:certbot.main:Obtaining a new certificate
2018-12-10 21:47:43,984:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0004_key-certbot.pem
2018-12-10 21:47:43,988:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0004_csr-certbot.pem
2018-12-10 21:47:43,990:DEBUG:acme.client:Requesting fresh nonce
2018-12-10 21:47:43,990:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2018-12-10 21:47:44,040:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “HEAD /acme/new-nonce HTTP/1.1” 204 0
2018-12-10 21:47:44,041:DEBUG:acme.client:Received response:
HTTP 204
Server: nginx
Replay-Nonce: pED3SJ-_f28cJrP0vp9LliJK6_QZjRnNBJt4zY4njKg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 10 Dec 2018 21:47:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 10 Dec 2018 21:47:44 GMT
Connection: keep-alive

2018-12-10 21:47:44,042:DEBUG:acme.client:Storing nonce: pED3SJ-_f28cJrP0vp9LliJK6_QZjRnNBJt4zY4njKg
2018-12-10 21:47:44,043:DEBUG:acme.client:JWS payload:
b’{\n “identifiers”: [\n {\n “type”: “dns”,\n “value”: “sldev11.com”\n },\n {\n “type”: “dns”,\n “value”: “www.sldev11.com”\n }\n ]\n}’
2018-12-10 21:47:44,048:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“signature”: “xxx”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNsZGV2MTEuY29tIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5zbGRldjExLmNvbSIKICAgIH0KICBdCn0”,
“protected”: “eyJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAicEVEM1NKLV9mMjhjSnJQMHZwOUxsaUpLNl9RWmpSbk5CSnQ0elk0bmpLZyIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NzQyNzM4MSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0”
}
2018-12-10 21:47:44,121:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 534
2018-12-10 21:47:44,123:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 534
Boulder-Requester: 47427381
Location: https://acme-v02.api.letsencrypt.org/acme/order/47427381/215065384
Replay-Nonce: PI4PNEY6uXCehikPBWnf1H8s6eo98ULtZk1qYOKf6g0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 10 Dec 2018 21:47:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 10 Dec 2018 21:47:44 GMT
Connection: keep-alive

{
“status”: “ready”,
“expires”: “2018-12-17T21:47:44.090165612Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “sldev11.com
},
{
“type”: “dns”,
“value”: “www.sldev11.com
}
],
“authorizations”: [
https://acme-v02.api.letsencrypt.org/acme/authz/STB7yhoMjKoKZtzK2zFCxDk2_tDgS8sl5rX3fYq_e-Y”,
https://acme-v02.api.letsencrypt.org/acme/authz/AHemNluvnfAegWuRG-RoQ9dwDd6wII0fKC_vuwvorJY
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/47427381/215065384
}
2018-12-10 21:47:44,124:DEBUG:acme.client:Storing nonce: PI4PNEY6uXCehikPBWnf1H8s6eo98ULtZk1qYOKf6g0
2018-12-10 21:47:44,125:DEBUG:acme.client:JWS payload:
b’’
2018-12-10 21:47:44,130:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/STB7yhoMjKoKZtzK2zFCxDk2_tDgS8sl5rX3fYq_e-Y:
{
“signature”: “xxx”,
“payload”: “”,
“protected”: “eyJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAiUEk0UE5FWTZ1WENlaGlrUEJXbmYxSDhzNmVvOThVTHRaazFxWU9LZjZnMCIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NzQyNzM4MSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovU1RCN3lob01qS29LWnR6SzJ6RkN4RGsyX3REZ1M4c2w1clgzZllxX2UtWSJ9”
}
2018-12-10 21:47:44,185:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/authz/STB7yhoMjKoKZtzK2zFCxDk2_tDgS8sl5rX3fYq_e-Y HTTP/1.1” 200 1243
2018-12-10 21:47:44,187:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1243
Boulder-Requester: 47427381
Replay-Nonce: 3Oe7wt41n-AaOQ83AWlnKGtMCo0jtA_i5pGMj595kEQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 10 Dec 2018 21:47:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 10 Dec 2018 21:47:44 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “sldev11.com
},
“status”: “valid”,
“expires”: “2019-01-09T20:50:44Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “valid”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/STB7yhoMjKoKZtzK2zFCxDk2_tDgS8sl5rX3fYq_e-Y/10183195838”,
“token”: “3hGYXyoQ_TTqANkuchZmFXV16fr7t4Va_B3qOK0HH-Y”,
“validationRecord”: [
{
“url”: “http://sldev11.com/.well-known/acme-challenge/3hGYXyoQ_TTqANkuchZmFXV16fr7t4Va_B3qOK0HH-Y”,
“hostname”: “sldev11.com”,
“port”: “80”,
“addressesResolved”: [
“50.116.73.85”
],
“addressUsed”: “50.116.73.85”
}
]
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/STB7yhoMjKoKZtzK2zFCxDk2_tDgS8sl5rX3fYq_e-Y/10183195841”,
“token”: “wOfgJ1S1eL4gDdLKzpb9l6scY-93ATcSJYquAXGdSio”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/STB7yhoMjKoKZtzK2zFCxDk2_tDgS8sl5rX3fYq_e-Y/10183195843”,
“token”: “rvHXRZ3XFnxH_4IeZDy_dLiGxmdKox2KnJzf_U_r6WE”
}
]
}
2018-12-10 21:47:44,187:DEBUG:acme.client:Storing nonce: 3Oe7wt41n-AaOQ83AWlnKGtMCo0jtA_i5pGMj595kEQ
2018-12-10 21:47:44,188:DEBUG:acme.client:JWS payload:
b’’
2018-12-10 21:47:44,192:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/AHemNluvnfAegWuRG-RoQ9dwDd6wII0fKC_vuwvorJY:
{
“signature”: “xxx”,
“payload”: “”,
“protected”: “eyJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAiM09lN3d0NDFuLUFhT1E4M0FXbG5LR3RNQ28wanRBX2k1cEdNajU5NWtFUSIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NzQyNzM4MSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovQUhlbU5sdXZuZkFlZ1d1UkctUm9ROWR3RGQ2d0lJMGZLQ192dXd2b3JKWSJ9”
}
2018-12-10 21:47:44,253:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/authz/AHemNluvnfAegWuRG-RoQ9dwDd6wII0fKC_vuwvorJY HTTP/1.1” 200 1255
2018-12-10 21:47:44,256:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1255
Boulder-Requester: 47427381
Replay-Nonce: y1M0w5WHxlb7oZJ0Jn494EIdnfneoYaCQsAx51if4MY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 10 Dec 2018 21:47:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 10 Dec 2018 21:47:44 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “www.sldev11.com
},
“status”: “valid”,
“expires”: “2019-01-09T20:50:44Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/AHemNluvnfAegWuRG-RoQ9dwDd6wII0fKC_vuwvorJY/10183195849”,
“token”: “tmDmA97H992lbWI8dK4N-M0pbjRSCie-WBMJwPF1oi4”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/AHemNluvnfAegWuRG-RoQ9dwDd6wII0fKC_vuwvorJY/10183195850”,
“token”: “_g_a8dwZLpMYOZHx-dqVue5l3x0IxxeaTmwTlsmEFjY”
},
{
“type”: “http-01”,
“status”: “valid”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/AHemNluvnfAegWuRG-RoQ9dwDd6wII0fKC_vuwvorJY/10183195851”,
“token”: “LKgHggdN23OzRLsHXXaLhUz1m9mXcXE0SBPUIrp0C3U”,
“validationRecord”: [
{
“url”: “http://www.sldev11.com/.well-known/acme-challenge/LKgHggdN23OzRLsHXXaLhUz1m9mXcXE0SBPUIrp0C3U”,
“hostname”: “www.sldev11.com”,
“port”: “80”,
“addressesResolved”: [
“50.116.73.85”
],
“addressUsed”: “50.116.73.85”
}
]
}
]
}
2018-12-10 21:47:44,257:DEBUG:acme.client:Storing nonce: y1M0w5WHxlb7oZJ0Jn494EIdnfneoYaCQsAx51if4MY
2018-12-10 21:47:44,258:INFO:certbot.auth_handler:Performing the following challenges:
2018-12-10 21:47:44,259:INFO:certbot.auth_handler:http-01 challenge for sldev11.com
2018-12-10 21:47:44,259:INFO:certbot.auth_handler:http-01 challenge for www.sldev11.com
2018-12-10 21:48:17,759:INFO:certbot.auth_handler:Waiting for verification…
2018-12-10 21:48:17,759:DEBUG:acme.client:JWS payload:
b’{\n “keyAuthorization”: “3hGYXyoQ_TTqANkuchZmFXV16fr7t4Va_B3qOK0HH-Y.M9dtIguRpihZHxPSHAuQTypqXYZ7haosC3FG1Wdqj2c”,\n “type”: “http-01”,\n “resource”: “challenge”\n}’
2018-12-10 21:48:17,762:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/challenge/STB7yhoMjKoKZtzK2zFCxDk2_tDgS8sl5rX3fYq_e-Y/10183195838:
{
“signature”: “xxx”,
“payload”: “xxx”,
“protected”: “eyJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAieTFNMHc1V0h4bGI3b1pKMEpuNDk0RUlkbmZuZW9ZYUNRc0F4NTFpZjRNWSIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NzQyNzM4MSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL1NUQjd5aG9NaktvS1p0eksyekZDeERrMl90RGdTOHNsNXJYM2ZZcV9lLVkvMTAxODMxOTU4MzgifQ”
}
2018-12-10 21:48:17,857:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/challenge/STB7yhoMjKoKZtzK2zFCxDk2_tDgS8sl5rX3fYq_e-Y/10183195838 HTTP/1.1” 200 519
2018-12-10 21:48:17,859:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 519
Boulder-Requester: 47427381
Link: https://acme-v02.api.letsencrypt.org/acme/authz/STB7yhoMjKoKZtzK2zFCxDk2_tDgS8sl5rX3fYq_e-Y;rel=“up”
Location: https://acme-v02.api.letsencrypt.org/acme/challenge/STB7yhoMjKoKZtzK2zFCxDk2_tDgS8sl5rX3fYq_e-Y/10183195838
Replay-Nonce: A12xxDcyPS53Xt-8Shs4_5WvuKSJqrzIYT6nbUQNrRk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 10 Dec 2018 21:48:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 10 Dec 2018 21:48:17 GMT
Connection: keep-alive

{
“type”: “http-01”,
“status”: “valid”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/STB7yhoMjKoKZtzK2zFCxDk2_tDgS8sl5rX3fYq_e-Y/10183195838”,
“token”: “3hGYXyoQ_TTqANkuchZmFXV16fr7t4Va_B3qOK0HH-Y”,
“validationRecord”: [
{
“url”: “http://sldev11.com/.well-known/acme-challenge/3hGYXyoQ_TTqANkuchZmFXV16fr7t4Va_B3qOK0HH-Y”,
“hostname”: “sldev11.com”,
“port”: “80”,
“addressesResolved”: [
“50.116.73.85”
],
“addressUsed”: “50.116.73.85”
}
]
}
2018-12-10 21:48:17,859:DEBUG:acme.client:Storing nonce: A12xxDcyPS53Xt-8Shs4_5WvuKSJqrzIYT6nbUQNrRk
2018-12-10 21:48:17,860:DEBUG:acme.client:JWS payload:
b’{\n “keyAuthorization”: “LKgHggdN23OzRLsHXXaLhUz1m9mXcXE0SBPUIrp0C3U.M9dtIguRpihZHxPSHAuQTypqXYZ7haosC3FG1Wdqj2c”,\n “type”: “http-01”,\n “resource”: “challenge”\n}’
2018-12-10 21:48:17,863:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/challenge/AHemNluvnfAegWuRG-RoQ9dwDd6wII0fKC_vuwvorJY/10183195851:
{
“signature”: “xxx”,
“payload”: “xxx”,
“protected”: “eyJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAiQTEyeHhEY3lQUzUzWHQtOFNoczRfNVd2dUtTSnFyeklZVDZuYlVRTnJSayIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NzQyNzM4MSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL0FIZW1ObHV2bmZBZWdXdVJHLVJvUTlkd0RkNndJSTBmS0NfdnV3dm9ySlkvMTAxODMxOTU4NTEifQ”
}
2018-12-10 21:48:17,945:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/challenge/AHemNluvnfAegWuRG-RoQ9dwDd6wII0fKC_vuwvorJY/10183195851 HTTP/1.1” 200 527
2018-12-10 21:48:17,947:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 527
Boulder-Requester: 47427381
Link: https://acme-v02.api.letsencrypt.org/acme/authz/AHemNluvnfAegWuRG-RoQ9dwDd6wII0fKC_vuwvorJY;rel=“up”
Location: https://acme-v02.api.letsencrypt.org/acme/challenge/AHemNluvnfAegWuRG-RoQ9dwDd6wII0fKC_vuwvorJY/10183195851
Replay-Nonce: 0WjsnESoYLbOH2tQDcQdwI9QojbpiqO2DAxb8qfDgfc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 10 Dec 2018 21:48:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 10 Dec 2018 21:48:17 GMT
Connection: keep-alive

{
“type”: “http-01”,
“status”: “valid”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/AHemNluvnfAegWuRG-RoQ9dwDd6wII0fKC_vuwvorJY/10183195851”,
“token”: “LKgHggdN23OzRLsHXXaLhUz1m9mXcXE0SBPUIrp0C3U”,
“validationRecord”: [
{
“url”: “http://www.sldev11.com/.well-known/acme-challenge/LKgHggdN23OzRLsHXXaLhUz1m9mXcXE0SBPUIrp0C3U”,
“hostname”: “www.sldev11.com”,
“port”: “80”,
“addressesResolved”: [
“50.116.73.85”
],
“addressUsed”: “50.116.73.85”
}
]
}
2018-12-10 21:48:17,948:DEBUG:acme.client:Storing nonce: 0WjsnESoYLbOH2tQDcQdwI9QojbpiqO2DAxb8qfDgfc
2018-12-10 21:48:20,951:DEBUG:acme.client:JWS payload:
b’’
2018-12-10 21:48:20,957:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/STB7yhoMjKoKZtzK2zFCxDk2_tDgS8sl5rX3fYq_e-Y:
{
“signature”: “xxx”,
“payload”: “”,
“protected”: “eyJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAiMFdqc25FU29ZTGJPSDJ0UURjUWR3STlRb2picGlxTzJEQXhiOHFmRGdmYyIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NzQyNzM4MSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovU1RCN3lob01qS29LWnR6SzJ6RkN4RGsyX3REZ1M4c2w1clgzZllxX2UtWSJ9”
}
2018-12-10 21:48:21,014:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/authz/STB7yhoMjKoKZtzK2zFCxDk2_tDgS8sl5rX3fYq_e-Y HTTP/1.1” 200 1243
2018-12-10 21:48:21,017:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1243
Boulder-Requester: 47427381
Replay-Nonce: 6p0hibhrnSv0fDyYw-f35XZXMMc0dr4a3VwGMv_UitI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 10 Dec 2018 21:48:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 10 Dec 2018 21:48:21 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “sldev11.com
},
“status”: “valid”,
“expires”: “2019-01-09T20:50:44Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “valid”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/STB7yhoMjKoKZtzK2zFCxDk2_tDgS8sl5rX3fYq_e-Y/10183195838”,
“token”: “3hGYXyoQ_TTqANkuchZmFXV16fr7t4Va_B3qOK0HH-Y”,
“validationRecord”: [
{
“url”: “http://sldev11.com/.well-known/acme-challenge/3hGYXyoQ_TTqANkuchZmFXV16fr7t4Va_B3qOK0HH-Y”,
“hostname”: “sldev11.com”,
“port”: “80”,
“addressesResolved”: [
“50.116.73.85”
],
“addressUsed”: “50.116.73.85”
}
]
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/STB7yhoMjKoKZtzK2zFCxDk2_tDgS8sl5rX3fYq_e-Y/10183195841”,
“token”: “wOfgJ1S1eL4gDdLKzpb9l6scY-93ATcSJYquAXGdSio”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/STB7yhoMjKoKZtzK2zFCxDk2_tDgS8sl5rX3fYq_e-Y/10183195843”,
“token”: “rvHXRZ3XFnxH_4IeZDy_dLiGxmdKox2KnJzf_U_r6WE”
}
]
}
2018-12-10 21:48:21,017:DEBUG:acme.client:Storing nonce: 6p0hibhrnSv0fDyYw-f35XZXMMc0dr4a3VwGMv_UitI
2018-12-10 21:48:21,019:DEBUG:acme.client:JWS payload:
b’’
2018-12-10 21:48:21,023:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/AHemNluvnfAegWuRG-RoQ9dwDd6wII0fKC_vuwvorJY:
{
“signature”: “xxx”,
“payload”: “”,
“protected”: “eyJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAiNnAwaGliaHJuU3YwZkR5WXctZjM1WFpYTU1jMGRyNGEzVndHTXZfVWl0SSIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NzQyNzM4MSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovQUhlbU5sdXZuZkFlZ1d1UkctUm9ROWR3RGQ2d0lJMGZLQ192dXd2b3JKWSJ9”
}
2018-12-10 21:48:21,166:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/authz/AHemNluvnfAegWuRG-RoQ9dwDd6wII0fKC_vuwvorJY HTTP/1.1” 200 1255
2018-12-10 21:48:21,168:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1255
Boulder-Requester: 47427381
Replay-Nonce: Ek19h_YAFHrLnxdsEOq4SGuPX3giyLhA6fIqbWaBd7E
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 10 Dec 2018 21:48:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 10 Dec 2018 21:48:21 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “www.sldev11.com
},
“status”: “valid”,
“expires”: “2019-01-09T20:50:44Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/AHemNluvnfAegWuRG-RoQ9dwDd6wII0fKC_vuwvorJY/10183195849”,
“token”: “tmDmA97H992lbWI8dK4N-M0pbjRSCie-WBMJwPF1oi4”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/AHemNluvnfAegWuRG-RoQ9dwDd6wII0fKC_vuwvorJY/10183195850”,
“token”: “_g_a8dwZLpMYOZHx-dqVue5l3x0IxxeaTmwTlsmEFjY”
},
{
“type”: “http-01”,
“status”: “valid”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/AHemNluvnfAegWuRG-RoQ9dwDd6wII0fKC_vuwvorJY/10183195851”,
“token”: “LKgHggdN23OzRLsHXXaLhUz1m9mXcXE0SBPUIrp0C3U”,
“validationRecord”: [
{
“url”: “http://www.sldev11.com/.well-known/acme-challenge/LKgHggdN23OzRLsHXXaLhUz1m9mXcXE0SBPUIrp0C3U”,
“hostname”: “www.sldev11.com”,
“port”: “80”,
“addressesResolved”: [
“50.116.73.85”
],
“addressUsed”: “50.116.73.85”
}
]
}
]
}
2018-12-10 21:48:21,169:DEBUG:acme.client:Storing nonce: Ek19h_YAFHrLnxdsEOq4SGuPX3giyLhA6fIqbWaBd7E
2018-12-10 21:48:21,170:DEBUG:certbot.error_handler:Calling registered functions
2018-12-10 21:48:21,171:INFO:certbot.auth_handler:Cleaning up challenges
2018-12-10 21:48:21,171:DEBUG:certbot.client:CSR: CSR(file=’/etc/letsencrypt/csr/0004_csr-certbot.pem’, data=b’-----BEGIN CERTIFICATE REQUEST-----\n
….
==\n-----END CERTIFICATE REQUEST-----\n’, form=‘pem’)
2018-12-10 21:48:21,174:DEBUG:acme.client:JWS payload:
b’{\n “csr”: “xxx”,\n “resource”: “new-cert”\n}’
2018-12-10 21:48:21,177:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/finalize/47427381/215065384:
{
“signature”: “xxx”,
“payload”: “xxx”,
“protected”: “eyJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAiRWsxOWhfWUFGSHJMbnhkc0VPcTRTR3VQWDNnaXlMaEE2ZklxYldhQmQ3RSIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NzQyNzM4MSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvZmluYWxpemUvNDc0MjczODEvMjE1MDY1Mzg0In0”
}
2018-12-10 21:48:22,273:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/finalize/47427381/215065384 HTTP/1.1” 200 628
2018-12-10 21:48:22,275:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 628
Boulder-Requester: 47427381
Location: https://acme-v02.api.letsencrypt.org/acme/order/47427381/215065384
Replay-Nonce: x6Bhu_IhOm49rOYsQpOXBDoPFwn8xMr3x1WsufBQyUw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 10 Dec 2018 21:48:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 10 Dec 2018 21:48:22 GMT
Connection: keep-alive

{
“status”: “valid”,
“expires”: “2018-12-17T21:47:44Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “sldev11.com
},
{
“type”: “dns”,
“value”: “www.sldev11.com
}
],
“authorizations”: [
https://acme-v02.api.letsencrypt.org/acme/authz/AHemNluvnfAegWuRG-RoQ9dwDd6wII0fKC_vuwvorJY”,
https://acme-v02.api.letsencrypt.org/acme/authz/STB7yhoMjKoKZtzK2zFCxDk2_tDgS8sl5rX3fYq_e-Y
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/47427381/215065384”,
“certificate”: “https://acme-v02.api.letsencrypt.org/acme/cert/0316ade8207f63ffe7d08e1f7f1626c9866a
}
2018-12-10 21:48:22,276:DEBUG:acme.client:Storing nonce: x6Bhu_IhOm49rOYsQpOXBDoPFwn8xMr3x1WsufBQyUw
2018-12-10 21:48:23,276:DEBUG:acme.client:JWS payload:
b’’
2018-12-10 21:48:23,280:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/order/47427381/215065384:
{
“signature”: “xxx”,
“payload”: “”,
“protected”: “eyJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAieDZCaHVfSWhPbTQ5ck9Zc1FwT1hCRG9QRnduOHhNcjN4MVdzdWZCUXlVdyIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NzQyNzM4MSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvb3JkZXIvNDc0MjczODEvMjE1MDY1Mzg0In0”
}
2018-12-10 21:48:23,397:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/order/47427381/215065384 HTTP/1.1” 200 628
2018-12-10 21:48:23,399:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 628
Replay-Nonce: KFUKhKOsprdPVt-eNC7oEvxb0qqkIhMRu70KcR4LHlM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 10 Dec 2018 21:48:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 10 Dec 2018 21:48:23 GMT
Connection: keep-alive

{
“status”: “valid”,
“expires”: “2018-12-17T21:47:44Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “sldev11.com
},
{
“type”: “dns”,
“value”: “www.sldev11.com
}
],
“authorizations”: [
https://acme-v02.api.letsencrypt.org/acme/authz/AHemNluvnfAegWuRG-RoQ9dwDd6wII0fKC_vuwvorJY”,
https://acme-v02.api.letsencrypt.org/acme/authz/STB7yhoMjKoKZtzK2zFCxDk2_tDgS8sl5rX3fYq_e-Y
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/47427381/215065384”,
“certificate”: “https://acme-v02.api.letsencrypt.org/acme/cert/0316ade8207f63ffe7d08e1f7f1626c9866a
}
2018-12-10 21:48:23,400:DEBUG:acme.client:Storing nonce: KFUKhKOsprdPVt-eNC7oEvxb0qqkIhMRu70KcR4LHlM
2018-12-10 21:48:23,400:DEBUG:acme.client:JWS payload:
b’’
2018-12-10 21:48:23,404:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/cert/0316ade8207f63ffe7d08e1f7f1626c9866a:
{
“signature”: “xxx”,
“payload”: “”,
“protected”: “eyJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAiS0ZVS2hLT3NwcmRQVnQtZU5DN29FdnhiMHFxa0loTVJ1NzBLY1I0TEhsTSIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NzQyNzM4MSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2VydC8wMzE2YWRlODIwN2Y2M2ZmZTdkMDhlMWY3ZjE2MjZjOTg2NmEifQ”
}
2018-12-10 21:48:23,468:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/cert/0316ade8207f63ffe7d08e1f7f1626c9866a HTTP/1.1” 415 168
2018-12-10 21:48:23,474:DEBUG:acme.client:Received response:
HTTP 415
Server: nginx
Content-Type: application/problem+json
Content-Length: 168
Replay-Nonce: r1pUWwEKKYnqIj-ZQqN15kI5FbmOfmHdgQ0YYFInlB0
Expires: Mon, 10 Dec 2018 21:48:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 10 Dec 2018 21:48:23 GMT
Connection: close

{
“type”: “urn:ietf:params:acme:error:malformed”,
“detail”: “Invalid Content-Type header on POST. Content-Type must be “application/jose+json””,
“status”: 415
}
2018-12-10 21:48:23,475:DEBUG:acme.client:Error during a POST-as-GET request, your ACME CA may not support it:
urn:ietf:params:acme:error:malformed :: The request message was malformed :: Invalid Content-Type header on POST. Content-Type must be “application/jose+json”
2018-12-10 21:48:23,475:DEBUG:acme.client:Retrying request with GET.
2018-12-10 21:48:23,476:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/cert/0316ade8207f63ffe7d08e1f7f1626c9866a.
2018-12-10 21:48:23,478:DEBUG:urllib3.connectionpool:Resetting dropped connection: acme-v02.api.letsencrypt.org
2018-12-10 21:48:23,650:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “GET /acme/cert/0316ade8207f63ffe7d08e1f7f1626c9866a HTTP/1.1” 200 3571
2018-12-10 21:48:23,651:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/pem-certificate-chain
Content-Length: 3571
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 10 Dec 2018 21:48:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 10 Dec 2018 21:48:23 GMT
Connection: keep-alive

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

——END CERTIFICATE-----

2018-12-10 21:48:23,653:DEBUG:certbot.storage:Archive directory /etc/letsencrypt/archive/sldev11.com and live directory /etc/letsencrypt/live/sldev11.com created.
2018-12-10 21:48:23,653:DEBUG:certbot.storage:Writing certificate to /etc/letsencrypt/live/sldev11.com/cert.pem.
2018-12-10 21:48:23,654:DEBUG:certbot.storage:Writing private key to /etc/letsencrypt/live/sldev11.com/privkey.pem.
2018-12-10 21:48:23,654:DEBUG:certbot.storage:Writing chain to /etc/letsencrypt/live/sldev11.com/chain.pem.
2018-12-10 21:48:23,654:DEBUG:certbot.storage:Writing full chain to /etc/letsencrypt/live/sldev11.com/fullchain.pem.
2018-12-10 21:48:23,655:DEBUG:certbot.storage:Writing README to /etc/letsencrypt/live/sldev11.com/README.
2018-12-10 21:48:23,791:DEBUG:certbot.plugins.selection:Requested authenticator manual and installer <certbot.cli._Default object at 0x7f47acfa9978>
2018-12-10 21:48:23,792:DEBUG:certbot.cli:Var pref_challs=http (set by user).
2018-12-10 21:48:27,450:DEBUG:certbot.cli:Var authenticator=manual (set by user).
2018-12-10 21:48:28,165:DEBUG:certbot.cli:Var apache_challenge_location=/etc/apache2/conf.d/ (set by user).
2018-12-10 21:48:29,832:DEBUG:certbot.cli:Var apache_server_root=/etc/apache2 (set by user).
2018-12-10 21:48:30,313:DEBUG:certbot.storage:Writing new config /etc/letsencrypt/renewal/sldev11.com.conf.
2018-12-10 21:48:30,317:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/sldev11.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/sldev11.com/privkey.pem
Your cert will expire on 2019-03-10. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew all of your certificates, run “certbot-auto renew”
2018-12-10 21:48:30,317:DEBUG:certbot.reporter:Reporting to user: If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le


#2

certonly means “only issue the certificate, I’ll install it to the webserver myself”.

The certificate issuance itself was successful, but you’ll need to configure Apache to use your private key and certificate from /etc/letsencrypt/live/ .

You can use https://mozilla.github.io/server-side-tls/ssl-config-generator/ as a guide.

Alternatively, run Certbot again, and Certbot can do all the installation for you:

sudo ./certbot-auto --apache

#3

Thanks _az, I want to install it in a manual mode. Last month, I was able to use this command to install a cert. I’m not sure if anything changed


#4

certbot certonly has never installed the certificate, throughout the whole history of the project. :slight_smile:


#5

I used the --apache option, now i got this error message:
File:

  • Could not be found to be deleted /etc/httpd/conf.d/le_http_01_challenge_pre.conf - Certbot probably shut down unexpectedly

File:

  • Could not be found to be deleted /etc/httpd/conf.d/le_http_01_challenge_post.conf - Certbot probably shut down unexpectedly

Error while running apachectl graceful.

httpd not running, trying to start

How do I restore my apacge conf file?


#6

Run apachectl -t and comment out whatever lines are causing problems.

You might also be able to find backups of your Apache configuration in /var/lib/letsencrypt/backups/.


#7

Thanks much everyone.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.