Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: pawa.space

I ran this command: sudo certbot --nginx -d pawo.space

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Requesting a certificate for pawo. space

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:

Domain: pawo. space

Type: unauthorized

Detail: 2000:7060:0:1020::1: Invalid response from http://powo.space/.well-known/acme-challenge/eQYQ1gDNMxEMaeyRz2fhThzR-eFFXkC5eV7TulN4qbA: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have fatted.

Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile/var/log/letsencrypt/letsencrypt.logor re-run Certbot with -v for more details.

Preformatted text

`
And Log:

2023-12-05 17:32:00,093:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: nginx), The Certificate Authority reported these problems:
Domain: pano. space
Type: unauthorized
Detail: 2000:7060:0:1020::1: Invalid response from http://pawo.space/.well-known/acme-challenge/VP4 jEPVMtX3Bh4dSAuMMBoeEN3TJSq6ZuJcoSK6pMlyc: 404
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
2023-12-05 17:32:00,095: DEBUG: certbot._internal. error_handler: Encountered exception:
Traceback (most recent call last):
File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/snap/certbot./3462/Lib/python3.8/site-packages/certbot/_internal/auth_handler.py",line212,in_poll_authorizations
raise errors. AuthorizationError('Some challenges have failed.'
. errors. AuthorizationError: Some challenges have failed.

My web server is (include version):nginx

The operating system my web server runs on is (include version): ubuntu 22.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.7.4

2

Its my nginx settings for frontend
server {
listen 80;
server_name pawo.space;
index index.html index.htm;
access_log /var/log/nginx/pawo.space.log;
error_log /var/log/nginx/pawo.space-error.log error;

location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $http_host;
    proxy_pass http://134.209.230.247:3000;
    proxy_redirect off;
}

}

3 
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "pawo.space"
  },
  "status": "invalid",
  "expires": "2023-12-12T19:24:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "2a00:7a60:0:1020::1: Invalid response from http://pawo.space/.well-known/acme-challenge/948oAZ_zZlXRkwRzylwqLIuwJFuwneZtpCzZ34CsXvA: 404",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/290728763486/QaEk5Q",
      "token": "948oAZ_zZlXRkwRzylwqLIuwJFuwneZtpCzZ34CsXvA",
      "validationRecord": [
        {
          "url": "http://pawo.space/.well-known/acme-challenge/948oAZ_zZlXRkwRzylwqLIuwJFuwneZtpCzZ34CsXvA",
          "hostname": "pawo.space",
          "port": "80",
          "addressesResolved": [
            "134.209.230.247",
            "2a00:7a60:0:1020::1"
          ],
          "addressUsed": "2a00:7a60:0:1020::1"
        }
      ],
      "validated": "2023-12-05T19:24:14Z"
    }
  ]
}
2023-12-05 19:24:15,935:DEBUG:acme.client:Storing nonce: 65r2Q3lMuSCDKGT-RuFDGf-LVPKfVuT-0fBVjXmWw8wobWsJll4
2023-12-05 19:24:15,935:INFO:certbot._internal.auth_handler:Challenge failed for domain pawo.space
2023-12-05 19:24:15,935:INFO:certbot._internal.auth_handler:http-01 challenge for pawo.space
2023-12-05 19:24:15,935:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: pawo.space
  Type:   unauthorized
  Detail: 2a00:7a60:0:1020::1: Invalid response from http://pawo.space/.well-known/acme-challenge/948oAZ_zZlXRkwRzylwqLIuwJFuwneZtpCzZ34CsXvA: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

2023-12-05 19:24:15,937:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-12-05 19:24:15,937:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-12-05 19:24:15,937:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-12-05 19:24:17,120:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/3462/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/main.py", line 1873, in main
    return config.func(config, plugins)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/main.py", line 1450, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-12-05 19:24:17,122:ERROR:certbot._internal.log:Some challenges have failed.
4

Based on above you are missing an nginx listen statement for IPv6. Often like:

listen [::]:80;

Right now I don't see an A or an AAAA record in your DNS so it looks like you are still working on things. Let us know when you have a new result you want us to look at.

UPDATE:
I just realized your typo with your domain name. The pawo.space name has an A and AAAA record. Still, you need a listen for IPv6 in nginx.

2 Likes
6

Okay and what i need to change?

7

In that file add this

Right below the line for

2 Likes
8
  1. I added :
root@uauto-fra1-01:/etc/nginx/sites-available# cat pawo.space
server {
    listen 80;
    listen [::]:80;
    server_name pawo.space;
    index index.html index.htm;
    access_log /var/log/nginx/pawo.space.log;
    error_log /var/log/nginx/pawo.space-error.log error;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:3000;
        proxy_redirect off;
    }
}
  1. image
    image1492×226 32.3 KB

Unfortunately that's doesn't help I addition all logs, mby it helps

2023-12-05 20:25:06,333:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2023-12-05 20:25:06,649:DEBUG:certbot._internal.main:certbot version: 2.7.4
2023-12-05 20:25:06,650:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3462/bin/certbot
2023-12-05 20:25:06,650:DEBUG:certbot._internal.main:Arguments: ['--nginx', '-d', 'pawo.space', '--preconfigured-renewal']
2023-12-05 20:25:06,650:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-12-05 20:25:06,674:DEBUG:certbot._internal.log:Root logging level set at 30
2023-12-05 20:25:06,676:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2023-12-05 20:25:07,010:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='nginx', value='certbot_nginx._internal.configurator:NginxConfigurator', group='certbot.plugins')
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7fa764d19b20>
Prep: True
2023-12-05 20:25:07,011:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7fa764d19b20> and installer <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7fa764d19b20>
2023-12-05 20:25:07,012:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2023-12-05 20:25:07,093:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1449784866', new_authzr_uri=None, terms_of_service=None), 763c3ee1c013cd9519d78dadb1398eb8, Meta(creation_dt=datetime.datetime(2023, 12, 5, 16, 59, 10, tzinfo=<UTC>), creation_host='uauto-fra1-01', register_to_eff=None))>
2023-12-05 20:25:07,094:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-12-05 20:25:07,097:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2023-12-05 20:25:07,486:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2023-12-05 20:25:07,486:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 05 Dec 2023 20:25:07 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "PNLWjPtqHDk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2023-12-05 20:25:07,493:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for pawo.space
2023-12-05 20:25:07,497:DEBUG:acme.client:Requesting fresh nonce
2023-12-05 20:25:07,497:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2023-12-05 20:25:07,626:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2023-12-05 20:25:07,627:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 05 Dec 2023 20:25:07 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: V03LKs9Tf7Pii4e99uBNcOSxehrZD_7SOAQ-HjTy-j5nwIC-n5c
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2023-12-05 20:25:07,627:DEBUG:acme.client:Storing nonce: V03LKs9Tf7Pii4e99uBNcOSxehrZD_7SOAQ-HjTy-j5nwIC-n5c
2023-12-05 20:25:07,627:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "pawo.space"\n    }\n  ]\n}'
2023-12-05 20:25:07,632:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQ0OTc4NDg2NiIsICJub25jZSI6ICJWMDNMS3M5VGY3UGlpNGU5OXVCTmNPU3hlaHJaRF83U09BUS1IalR5LWo1bndJQy1uNWMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "SsZzktNw5y9uz_Dks6wqTzlK5YP0o41tLN3kfFpZklqGkq4MGeB-Y3tIra-40j0fWq6eNAmFXPUzUmdSM80hOmrOYDPpzTCU3snCQAEfgDPUYy94XpnGnnHtjSHy3EkYeB58LkhO2reL4SwF6NXokjOhK2_QyusC6sj_1gCYVuXqGjRTawxRj5LOfYjcWvI-7cueILsefPbc-V37J6f-GwgZLAsFAS42DWEsA7auPT3JbGJkGMvmFMBXkZGgDyc9vqmDQv2_GrvkMfJ3WZydW7pJZ0ft59OyJ1YZx6Z05lJg0H8gL3N0AksSLULAuq4hlsg9cvp-shoGQLpdeI39WA",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInBhd28uc3BhY2UiCiAgICB9CiAgXQp9"
}
2023-12-05 20:25:07,907:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 336
2023-12-05 20:25:07,908:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 05 Dec 2023 20:25:07 GMT
Content-Type: application/json
Content-Length: 336
Connection: keep-alive
Boulder-Requester: 1449784866
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1449784866/227113497076
Replay-Nonce: 569UJjTN28f6Q-lKQidvboOMJAh6rc-HxnCv6nCC9i3XYS55RHU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2023-12-12T20:25:07Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "pawo.space"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/290740871616"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1449784866/227113497076"
}
2023-12-05 20:25:07,908:DEBUG:acme.client:Storing nonce: 569UJjTN28f6Q-lKQidvboOMJAh6rc-HxnCv6nCC9i3XYS55RHU
2023-12-05 20:25:07,908:DEBUG:acme.client:JWS payload:
b''
2023-12-05 20:25:07,911:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/290740871616:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQ0OTc4NDg2NiIsICJub25jZSI6ICI1NjlVSmpUTjI4ZjZRLWxLUWlkdmJvT01KQWg2cmMtSHhuQ3Y2bkNDOWkzWFlTNTVSSFUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzI5MDc0MDg3MTYxNiJ9",
  "signature": "TmOpCWXVxjz38anwkgsH-TBal4tFeR3siTI0zDkDyoTfKU6kD2uq8e-87ehI46E5vYbGVainK3mlZ0_un6Ch5II7icIXLxfy-5YoZgl-D8qE67M16iyzMgb2WApER_Nti0K086Y2sSUWRNrhlY-7ZHaXzGPVFS9hu6JxsJ9wgBe2-s_eC5k1KHWij62IK---Y2y5mdr5XcVrmQZceY4ECkysuxv1ClmyOQXtiJdj_U3CSh0UoAkEKMC-mxTCY5hL7i9-OVFFL20vjQVaqP7KYUDhIRe7K04TmhjvwAZZxMkh1gEvtCefEV5Xm5kTIj1xX8dHDcDqmGtkfUbIm6AThg",
  "payload": ""
}
2023-12-05 20:25:08,046:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/290740871616 HTTP/1.1" 200 794
2023-12-05 20:25:08,046:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 05 Dec 2023 20:25:07 GMT
Content-Type: application/json
Content-Length: 794
Connection: keep-alive
Boulder-Requester: 1449784866
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 569UJjTNCRPHU8kHzBKaHO68KbSilJhhgb61VOmGWROGnWmUXe8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "pawo.space"
  },
  "status": "pending",
  "expires": "2023-12-12T20:25:07Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/290740871616/MB5lGg",
      "token": "jh8MAtcQo64G09Z3fESWWlm_Zfiv69OGnwWmUvpY950"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/290740871616/XzfPcA",
      "token": "jh8MAtcQo64G09Z3fESWWlm_Zfiv69OGnwWmUvpY950"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/290740871616/NDvUSw",
      "token": "jh8MAtcQo64G09Z3fESWWlm_Zfiv69OGnwWmUvpY950"
    }
  ]
}
2023-12-05 20:25:08,047:DEBUG:acme.client:Storing nonce: 569UJjTNCRPHU8kHzBKaHO68KbSilJhhgb61VOmGWROGnWmUXe8
2023-12-05 20:25:08,047:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-12-05 20:25:08,047:INFO:certbot._internal.auth_handler:http-01 challenge for pawo.space
2023-12-05 20:25:08,067:DEBUG:certbot_nginx._internal.http_01:Generated server block:
[]
2023-12-05 20:25:08,068:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-stream.conf
2023-12-05 20:25:08,068:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-mail.conf
2023-12-05 20:25:08,069:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/70-mod-stream-geoip2.conf
2023-12-05 20:25:08,069:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-geoip2.conf
2023-12-05 20:25:08,070:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/pawo.space
2023-12-05 20:25:08,070:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
2023-12-05 20:25:08,070:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/api.pawo.space
2023-12-05 20:25:08,070:DEBUG:certbot.reverter:Creating backup of /etc/letsencrypt/options-ssl-nginx.conf
2023-12-05 20:25:08,071:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
2023-12-05 20:25:08,071:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-image-filter.conf
2023-12-05 20:25:08,071:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf
2023-12-05 20:25:08,072:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/default
2023-12-05 20:25:08,073:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {
server_names_hash_bucket_size 128;
include /etc/letsencrypt/le_http_01_cert_challenge.conf;

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
#
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

2023-12-05 20:25:08,074:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/sites-enabled/pawo.space:
server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot


    listen 80;
    listen [::]:80;
    server_name pawo.space;
    index index.html index.htm;
    access_log /var/log/nginx/pawo.space.log;
    error_log /var/log/nginx/pawo.space-error.log error;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:3000;
        proxy_redirect off;
    }
location = /.well-known/acme-challenge/jh8MAtcQo64G09Z3fESWWlm_Zfiv69OGnwWmUvpY950{default_type text/plain;return 200 jh8MAtcQo64G09Z3fESWWlm_Zfiv69OGnwWmUvpY950.hQ5SIF3zaiUaLkLhQF72xHPPl9zoMgYYBxx0RSQX0AY;} # managed by Certbot

}

2023-12-05 20:25:09,112:DEBUG:acme.client:JWS payload:
b'{}'
2023-12-05 20:25:09,115:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/290740871616/MB5lGg:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQ0OTc4NDg2NiIsICJub25jZSI6ICI1NjlVSmpUTkNSUEhVOGtIekJLYUhPNjhLYlNpbEpoaGdiNjFWT21HV1JPR25XbVVYZTgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzI5MDc0MDg3MTYxNi9NQjVsR2cifQ",
  "signature": "Y57peIq827CKmMqRu_J8Z2qZbxpsDjFWsbOu8l9WGT2Wi376F4jjkwGAw-HYxiHk06EDrMyezPrrsrqwVIUg6DZuAyIWAeYezTtI_wpeW9nCP3YFJPs0vtdT35NX9FlwezcGyy-cp5P9q7mqFiqguHCyQvKr8pv23QqlgdTfl2SgQbv4ziSaArcNn0chRG2wpQd9rxFfTjx6cSEi6cSmAjTLFC_TLx89R9wVAove-ZL-MbmVnNc7FvE4grsJwMghKoy1hglJY7_0W3r95lC_rbU9hAT2j1rDTt8XJGupPOuyO005zIppXtQHre-Al6_Z3YiOjctK-8cM13Rx5XY6NA",
  "payload": "e30"
}
2023-12-05 20:25:09,262:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/290740871616/MB5lGg HTTP/1.1" 200 187
2023-12-05 20:25:09,263:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 05 Dec 2023 20:25:09 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1449784866
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/290740871616>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/290740871616/MB5lGg
Replay-Nonce: V03LKs9TN9in5EG-dCMO-6_GE8HZRsYsPbWSBlH8YCNViZT4Eng
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/290740871616/MB5lGg",
  "token": "jh8MAtcQo64G09Z3fESWWlm_Zfiv69OGnwWmUvpY950"
}
2023-12-05 20:25:09,263:DEBUG:acme.client:Storing nonce: V03LKs9TN9in5EG-dCMO-6_GE8HZRsYsPbWSBlH8YCNViZT4Eng
2023-12-05 20:25:09,264:INFO:certbot._internal.auth_handler:Waiting for verification...
2023-12-05 20:25:10,264:DEBUG:acme.client:JWS payload:
b''
2023-12-05 20:25:10,267:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/290740871616:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQ0OTc4NDg2NiIsICJub25jZSI6ICJWMDNMS3M5VE45aW41RUctZENNTy02X0dFOEhaUnNZc1BiV1NCbEg4WUNOVmlaVDRFbmciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzI5MDc0MDg3MTYxNiJ9",
  "signature": "Gy6SIi5a54a5m2ntC7DL_oVWHJAxLMOTpzIY7q98es3oEEV0lRd1sjkha_ijS50HZ6hvUQNi6MSYmpQWjlEfOQP66Aiv7Uw3Iv23g7JBJf4N39Lu-fyEucjZPdAtVATEdcT-aHh-tan4uq44tn0AeWCfKOXYj4aAuAbfAlczItObuay4MwCTi2f8IZrgusrenuauW5FDDo7eYvPMNLdtPBBizEgMb3FR_-kJrX-tqjT51cF0Xahq8hFPG-3DQTfYhosLiFf7KPsnXG54mjmnaho77VnOxgh7PHT75JD73HP8LbyKtTl9XeIbC1tNj3QW8Pf8j46souSre2mDiHV-JQ",
  "payload": ""
}
2023-12-05 20:25:10,399:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/290740871616 HTTP/1.1" 200 1057
2023-12-05 20:25:10,400:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 05 Dec 2023 20:25:10 GMT
Content-Type: application/json
Content-Length: 1057
Connection: keep-alive
Boulder-Requester: 1449784866
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: V03LKs9TpMTP540F5qgH8ue4myl-6qIE90fN7RRbw0Zq9bQgG68
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "pawo.space"
  },
  "status": "invalid",
  "expires": "2023-12-12T20:25:07Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "2a00:7a60:0:1020::1: Invalid response from http://pawo.space/.well-known/acme-challenge/jh8MAtcQo64G09Z3fESWWlm_Zfiv69OGnwWmUvpY950: 404",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/290740871616/MB5lGg",
      "token": "jh8MAtcQo64G09Z3fESWWlm_Zfiv69OGnwWmUvpY950",
      "validationRecord": [
        {
          "url": "http://pawo.space/.well-known/acme-challenge/jh8MAtcQo64G09Z3fESWWlm_Zfiv69OGnwWmUvpY950",
          "hostname": "pawo.space",
          "port": "80",
          "addressesResolved": [
            "134.209.230.247",
            "2a00:7a60:0:1020::1"
          ],
          "addressUsed": "2a00:7a60:0:1020::1"
        }
      ],
      "validated": "2023-12-05T20:25:09Z"
    }
  ]
}
2023-12-05 20:25:10,401:DEBUG:acme.client:Storing nonce: V03LKs9TpMTP540F5qgH8ue4myl-6qIE90fN7RRbw0Zq9bQgG68
2023-12-05 20:25:10,401:INFO:certbot._internal.auth_handler:Challenge failed for domain pawo.space
2023-12-05 20:25:10,402:INFO:certbot._internal.auth_handler:http-01 challenge for pawo.space
2023-12-05 20:25:10,402:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: pawo.space
  Type:   unauthorized
  Detail: 2a00:7a60:0:1020::1: Invalid response from http://pawo.space/.well-known/acme-challenge/jh8MAtcQo64G09Z3fESWWlm_Zfiv69OGnwWmUvpY950: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

2023-12-05 20:25:10,403:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-12-05 20:25:10,404:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-12-05 20:25:10,404:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-12-05 20:25:11,627:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/3462/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/main.py", line 1873, in main
    return config.func(config, plugins)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/main.py", line 1450, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-12-05 20:25:11,629:ERROR:certbot._internal.log:Some challenges have failed.
9

Did you restart nginx after making that change?

Also, let's check your public IP addresses. What do these show?

curl -4 https://ifconfig.io
curl -6 https://ifconfig.io
2 Likes
10

I had reloaded nginx

sudo nginx -t
sudo nginx -s reload

image

11

Oh, it looks like you do not have IPv6 working on your system (the -6 command failed)

So, you should either remove the AAAA record from your DNS (which sets the IPv6 IP address).

Or, better would be to fix the IPv6 network config.

2 Likes
12

I have a deployed backend and frontend on VPS, with different domains
1. api.pawo.space for my backend (Spring Boot) with following settings:

server {
    server_name api.pawo.space;
    index index.html index.htm;
    access_log /var/log/nginx/api.pawo.space.log;
    error_log  /var/log/nginx/api.pawo.space-error.log error;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:8081;
        proxy_redirect off;
    }
}

I entered

sudo apt install snapd
sudo snap install --classic certbot
sudo certbot --nginx -d api.pawo.space

and everything worked. API with api.pawo.space works on HTTPS good,

But for some reason there is such an error with the frontend pawo.space
I run frontend for serve
telegram-cloud-photo-size-2-5438165330112403564-x

And setting

root@uauto-fra1-01:/etc/nginx/sites-available# cat pawo.space
server {
    listen 80;
    listen [::]:80;
    server_name pawo.space;
    index index.html index.htm;
    access_log /var/log/nginx/pawo.space.log;
    error_log /var/log/nginx/pawo.space-error.log error;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:3000;
        proxy_redirect off;
    }
}
13

Your IPv4 and IPv6 are being handled by different systems. I suggest removing the AAAA record from your DNS first. See if you can get this working with IPv4. Then re-enable IPv6 and test that.

Notice below the different responses which should be identical

curl -I6 -m8 pawo.space
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 20:42:24 GMT
Content-Type: text/html
Connection: keep-alive
x-ray: p988:0.000/fp696:0.000/fpl696:0.000/

curl -I4 -m8 pawo.space
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 05 Dec 2023 20:42:33 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 396
Connection: keep-alive
Content-Disposition: inline; filename="index.html"
Accept-Ranges: bytes
ETag: "f4887cb3fe141282402b413c90d57ad33811e602"
Vary: Accept-Encoding
2 Likes
14 
root@uauto-fra1-01:~# curl -I4 -m8 pawo.space
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 05 Dec 2023 20:47:59 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 396
Connection: keep-alive
Content-Disposition: inline; filename="index.html"
Accept-Ranges: bytes
ETag: "f4887cb3fe141282402b413c90d57ad33811e602"
Vary: Accept-Encoding

but

root@uauto-fra1-01:~# curl -I6 -m8 pawo.space
curl: (7) Couldn't connect to server
15

Also I entered

root@uauto-fra1-01:~# curl -I6 -m8 pawo.space
curl: (7) Couldn't connect to server
root@uauto-fra1-01:~# curl -I4 -m8 api.pawo.space
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 05 Dec 2023 20:49:03 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://api.pawo.space/

root@uauto-fra1-01:~# curl -I6 -m8 api.pawo.space
curl: (7) Couldn't connect to server

But api.pawo.space works good on HTTPS

16

You are trying to use an HTTP Challenge to get a cert for pawo.space

You have an A and AAAA record in the DNS for that name. Let's Encrypt prefers the AAAA (IPv6) when specified.

But, yours is not working. If you remove the AAAA record LE will use IPv4 A address

Your "backend" does not really matter for these purposes. That is a different domain name. That said, the DNS for your api subdomain only has an IPv4 A record (no AAAA IPv6 record).

2 Likes
17

okey if we remove the AAAA record LE it helps to get cert and https for pawo.space?

18

Probably. Your AAAA record is wrong. We proved your IPv6 connection was broken. You either need to fix your IPv6 or remove the AAAA record.

There still may be other problems with your config. But, this is the first one to fix.

2 Likes
19

Could you please help me with them?

20

but first, perhaps, I would like to understand what the problem is in order to receive certificates at least in this form

Logs

2023-12-05 20:25:06,333:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2023-12-05 20:25:06,649:DEBUG:certbot._internal.main:certbot version: 2.7.4
2023-12-05 20:25:06,650:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3462/bin/certbot
2023-12-05 20:25:06,650:DEBUG:certbot._internal.main:Arguments: ['--nginx', '-d', 'pawo.space', '--preconfigured-renewal']
2023-12-05 20:25:06,650:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-12-05 20:25:06,674:DEBUG:certbot._internal.log:Root logging level set at 30
2023-12-05 20:25:06,676:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2023-12-05 20:25:07,010:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='nginx', value='certbot_nginx._internal.configurator:NginxConfigurator', group='certbot.plugins')
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7fa764d19b20>
Prep: True
2023-12-05 20:25:07,011:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7fa764d19b20> and installer <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7fa764d19b20>
2023-12-05 20:25:07,012:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2023-12-05 20:25:07,093:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1449784866', new_authzr_uri=None, terms_of_service=None), 763c3ee1c013cd9519d78dadb1398eb8, Meta(creation_dt=datetime.datetime(2023, 12, 5, 16, 59, 10, tzinfo=<UTC>), creation_host='uauto-fra1-01', register_to_eff=None))>
2023-12-05 20:25:07,094:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-12-05 20:25:07,097:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2023-12-05 20:25:07,486:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2023-12-05 20:25:07,486:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 05 Dec 2023 20:25:07 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "PNLWjPtqHDk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2023-12-05 20:25:07,493:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for pawo.space
2023-12-05 20:25:07,497:DEBUG:acme.client:Requesting fresh nonce
2023-12-05 20:25:07,497:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2023-12-05 20:25:07,626:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2023-12-05 20:25:07,627:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 05 Dec 2023 20:25:07 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: V03LKs9Tf7Pii4e99uBNcOSxehrZD_7SOAQ-HjTy-j5nwIC-n5c
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2023-12-05 20:25:07,627:DEBUG:acme.client:Storing nonce: V03LKs9Tf7Pii4e99uBNcOSxehrZD_7SOAQ-HjTy-j5nwIC-n5c
2023-12-05 20:25:07,627:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "pawo.space"\n    }\n  ]\n}'
2023-12-05 20:25:07,632:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQ0OTc4NDg2NiIsICJub25jZSI6ICJWMDNMS3M5VGY3UGlpNGU5OXVCTmNPU3hlaHJaRF83U09BUS1IalR5LWo1bndJQy1uNWMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "SsZzktNw5y9uz_Dks6wqTzlK5YP0o41tLN3kfFpZklqGkq4MGeB-Y3tIra-40j0fWq6eNAmFXPUzUmdSM80hOmrOYDPpzTCU3snCQAEfgDPUYy94XpnGnnHtjSHy3EkYeB58LkhO2reL4SwF6NXokjOhK2_QyusC6sj_1gCYVuXqGjRTawxRj5LOfYjcWvI-7cueILsefPbc-V37J6f-GwgZLAsFAS42DWEsA7auPT3JbGJkGMvmFMBXkZGgDyc9vqmDQv2_GrvkMfJ3WZydW7pJZ0ft59OyJ1YZx6Z05lJg0H8gL3N0AksSLULAuq4hlsg9cvp-shoGQLpdeI39WA",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInBhd28uc3BhY2UiCiAgICB9CiAgXQp9"
}
2023-12-05 20:25:07,907:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 336
2023-12-05 20:25:07,908:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 05 Dec 2023 20:25:07 GMT
Content-Type: application/json
Content-Length: 336
Connection: keep-alive
Boulder-Requester: 1449784866
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1449784866/227113497076
Replay-Nonce: 569UJjTN28f6Q-lKQidvboOMJAh6rc-HxnCv6nCC9i3XYS55RHU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2023-12-12T20:25:07Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "pawo.space"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/290740871616"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1449784866/227113497076"
}
2023-12-05 20:25:07,908:DEBUG:acme.client:Storing nonce: 569UJjTN28f6Q-lKQidvboOMJAh6rc-HxnCv6nCC9i3XYS55RHU
2023-12-05 20:25:07,908:DEBUG:acme.client:JWS payload:
b''
2023-12-05 20:25:07,911:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/290740871616:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQ0OTc4NDg2NiIsICJub25jZSI6ICI1NjlVSmpUTjI4ZjZRLWxLUWlkdmJvT01KQWg2cmMtSHhuQ3Y2bkNDOWkzWFlTNTVSSFUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzI5MDc0MDg3MTYxNiJ9",
  "signature": "TmOpCWXVxjz38anwkgsH-TBal4tFeR3siTI0zDkDyoTfKU6kD2uq8e-87ehI46E5vYbGVainK3mlZ0_un6Ch5II7icIXLxfy-5YoZgl-D8qE67M16iyzMgb2WApER_Nti0K086Y2sSUWRNrhlY-7ZHaXzGPVFS9hu6JxsJ9wgBe2-s_eC5k1KHWij62IK---Y2y5mdr5XcVrmQZceY4ECkysuxv1ClmyOQXtiJdj_U3CSh0UoAkEKMC-mxTCY5hL7i9-OVFFL20vjQVaqP7KYUDhIRe7K04TmhjvwAZZxMkh1gEvtCefEV5Xm5kTIj1xX8dHDcDqmGtkfUbIm6AThg",
  "payload": ""
}
2023-12-05 20:25:08,046:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/290740871616 HTTP/1.1" 200 794
2023-12-05 20:25:08,046:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 05 Dec 2023 20:25:07 GMT
Content-Type: application/json
Content-Length: 794
Connection: keep-alive
Boulder-Requester: 1449784866
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 569UJjTNCRPHU8kHzBKaHO68KbSilJhhgb61VOmGWROGnWmUXe8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "pawo.space"
  },
  "status": "pending",
  "expires": "2023-12-12T20:25:07Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/290740871616/MB5lGg",
      "token": "jh8MAtcQo64G09Z3fESWWlm_Zfiv69OGnwWmUvpY950"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/290740871616/XzfPcA",
      "token": "jh8MAtcQo64G09Z3fESWWlm_Zfiv69OGnwWmUvpY950"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/290740871616/NDvUSw",
      "token": "jh8MAtcQo64G09Z3fESWWlm_Zfiv69OGnwWmUvpY950"
    }
  ]
}
2023-12-05 20:25:08,047:DEBUG:acme.client:Storing nonce: 569UJjTNCRPHU8kHzBKaHO68KbSilJhhgb61VOmGWROGnWmUXe8
2023-12-05 20:25:08,047:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-12-05 20:25:08,047:INFO:certbot._internal.auth_handler:http-01 challenge for pawo.space
2023-12-05 20:25:08,067:DEBUG:certbot_nginx._internal.http_01:Generated server block:
[]
2023-12-05 20:25:08,068:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-stream.conf
2023-12-05 20:25:08,068:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-mail.conf
2023-12-05 20:25:08,069:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/70-mod-stream-geoip2.conf
2023-12-05 20:25:08,069:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-geoip2.conf
2023-12-05 20:25:08,070:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/pawo.space
2023-12-05 20:25:08,070:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
2023-12-05 20:25:08,070:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/api.pawo.space
2023-12-05 20:25:08,070:DEBUG:certbot.reverter:Creating backup of /etc/letsencrypt/options-ssl-nginx.conf
2023-12-05 20:25:08,071:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
2023-12-05 20:25:08,071:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-image-filter.conf
2023-12-05 20:25:08,071:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf
2023-12-05 20:25:08,072:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/default
2023-12-05 20:25:08,073:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {
server_names_hash_bucket_size 128;
include /etc/letsencrypt/le_http_01_cert_challenge.conf;

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
#
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

2023-12-05 20:25:08,074:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/sites-enabled/pawo.space:
server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot


    listen 80;
    listen [::]:80;
    server_name pawo.space;
    index index.html index.htm;
    access_log /var/log/nginx/pawo.space.log;
    error_log /var/log/nginx/pawo.space-error.log error;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:3000;
        proxy_redirect off;
    }
location = /.well-known/acme-challenge/jh8MAtcQo64G09Z3fESWWlm_Zfiv69OGnwWmUvpY950{default_type text/plain;return 200 jh8MAtcQo64G09Z3fESWWlm_Zfiv69OGnwWmUvpY950.hQ5SIF3zaiUaLkLhQF72xHPPl9zoMgYYBxx0RSQX0AY;} # managed by Certbot

}

2023-12-05 20:25:09,112:DEBUG:acme.client:JWS payload:
b'{}'
2023-12-05 20:25:09,115:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/290740871616/MB5lGg:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQ0OTc4NDg2NiIsICJub25jZSI6ICI1NjlVSmpUTkNSUEhVOGtIekJLYUhPNjhLYlNpbEpoaGdiNjFWT21HV1JPR25XbVVYZTgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzI5MDc0MDg3MTYxNi9NQjVsR2cifQ",
  "signature": "Y57peIq827CKmMqRu_J8Z2qZbxpsDjFWsbOu8l9WGT2Wi376F4jjkwGAw-HYxiHk06EDrMyezPrrsrqwVIUg6DZuAyIWAeYezTtI_wpeW9nCP3YFJPs0vtdT35NX9FlwezcGyy-cp5P9q7mqFiqguHCyQvKr8pv23QqlgdTfl2SgQbv4ziSaArcNn0chRG2wpQd9rxFfTjx6cSEi6cSmAjTLFC_TLx89R9wVAove-ZL-MbmVnNc7FvE4grsJwMghKoy1hglJY7_0W3r95lC_rbU9hAT2j1rDTt8XJGupPOuyO005zIppXtQHre-Al6_Z3YiOjctK-8cM13Rx5XY6NA",
  "payload": "e30"
}
2023-12-05 20:25:09,262:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/290740871616/MB5lGg HTTP/1.1" 200 187
2023-12-05 20:25:09,263:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 05 Dec 2023 20:25:09 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1449784866
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/290740871616>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/290740871616/MB5lGg
Replay-Nonce: V03LKs9TN9in5EG-dCMO-6_GE8HZRsYsPbWSBlH8YCNViZT4Eng
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/290740871616/MB5lGg",
  "token": "jh8MAtcQo64G09Z3fESWWlm_Zfiv69OGnwWmUvpY950"
}
2023-12-05 20:25:09,263:DEBUG:acme.client:Storing nonce: V03LKs9TN9in5EG-dCMO-6_GE8HZRsYsPbWSBlH8YCNViZT4Eng
2023-12-05 20:25:09,264:INFO:certbot._internal.auth_handler:Waiting for verification...
2023-12-05 20:25:10,264:DEBUG:acme.client:JWS payload:
b''
2023-12-05 20:25:10,267:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/290740871616:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQ0OTc4NDg2NiIsICJub25jZSI6ICJWMDNMS3M5VE45aW41RUctZENNTy02X0dFOEhaUnNZc1BiV1NCbEg4WUNOVmlaVDRFbmciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzI5MDc0MDg3MTYxNiJ9",
  "signature": "Gy6SIi5a54a5m2ntC7DL_oVWHJAxLMOTpzIY7q98es3oEEV0lRd1sjkha_ijS50HZ6hvUQNi6MSYmpQWjlEfOQP66Aiv7Uw3Iv23g7JBJf4N39Lu-fyEucjZPdAtVATEdcT-aHh-tan4uq44tn0AeWCfKOXYj4aAuAbfAlczItObuay4MwCTi2f8IZrgusrenuauW5FDDo7eYvPMNLdtPBBizEgMb3FR_-kJrX-tqjT51cF0Xahq8hFPG-3DQTfYhosLiFf7KPsnXG54mjmnaho77VnOxgh7PHT75JD73HP8LbyKtTl9XeIbC1tNj3QW8Pf8j46souSre2mDiHV-JQ",
  "payload": ""
}
2023-12-05 20:25:10,399:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/290740871616 HTTP/1.1" 200 1057
2023-12-05 20:25:10,400:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 05 Dec 2023 20:25:10 GMT
Content-Type: application/json
Content-Length: 1057
Connection: keep-alive
Boulder-Requester: 1449784866
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: V03LKs9TpMTP540F5qgH8ue4myl-6qIE90fN7RRbw0Zq9bQgG68
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "pawo.space"
  },
  "status": "invalid",
  "expires": "2023-12-12T20:25:07Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "2a00:7a60:0:1020::1: Invalid response from http://pawo.space/.well-known/acme-challenge/jh8MAtcQo64G09Z3fESWWlm_Zfiv69OGnwWmUvpY950: 404",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/290740871616/MB5lGg",
      "token": "jh8MAtcQo64G09Z3fESWWlm_Zfiv69OGnwWmUvpY950",
      "validationRecord": [
        {
          "url": "http://pawo.space/.well-known/acme-challenge/jh8MAtcQo64G09Z3fESWWlm_Zfiv69OGnwWmUvpY950",
          "hostname": "pawo.space",
          "port": "80",
          "addressesResolved": [
            "134.209.230.247",
            "2a00:7a60:0:1020::1"
          ],
          "addressUsed": "2a00:7a60:0:1020::1"
        }
      ],
      "validated": "2023-12-05T20:25:09Z"
    }
  ]
}
2023-12-05 20:25:10,401:DEBUG:acme.client:Storing nonce: V03LKs9TpMTP540F5qgH8ue4myl-6qIE90fN7RRbw0Zq9bQgG68
2023-12-05 20:25:10,401:INFO:certbot._internal.auth_handler:Challenge failed for domain pawo.space
2023-12-05 20:25:10,402:INFO:certbot._internal.auth_handler:http-01 challenge for pawo.space
2023-12-05 20:25:10,402:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: pawo.space
  Type:   unauthorized
  Detail: 2a00:7a60:0:1020::1: Invalid response from http://pawo.space/.well-known/acme-challenge/jh8MAtcQo64G09Z3fESWWlm_Zfiv69OGnwWmUvpY950: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

2023-12-05 20:25:10,403:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-12-05 20:25:10,404:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-12-05 20:25:10,404:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-12-05 20:25:11,627:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/3462/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/main.py", line 1873, in main
    return config.func(config, plugins)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/main.py", line 1450, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3462/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-12-05 20:25:11,629:ERROR:certbot._internal.log:Some challenges have failed.
21

If your site didn't work before you got a certificate, getting a certificate isn't going to fix that problem.
This is not a forum for web server configuration help.

That said, I see two similar, but different, IPv6 addresses:

2 Likes