CertBot failed with error (1) - unauthorized type

Hello everyone,

I have installed my nextcloud (with DietPi) successfully and now I want to set up SSL access (initial).
For this I used certbot, but unfortunately I keep getting an error message (please check details below).

The letsencrypt.log can be found below, too.

Does anybody know, what’s the problem?
How can I solve it?

Thanks a lot in advance for your help!


My domain is:
wolkenspeck.freedynamicdns.net (dyndns)

I ran this command:
dietpi-letsencrypt

It produced this output:
[Failure] CertBot failed with error code (1), please check its terminal output. Aborting…
(letsencrypt.log is added below, too)

My web server is (include version):
Lighttpd 1.4.53

The operating system my web server runs on is (include version):
DietPi 6.28.0

My hosting provider, if applicable, is:
no hosting provider - self-hosted on RaspberryPi 4 with DietPi

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot version: 0.31.0


2020-04-16 17:02:36,196:DEBUG:certbot.main:
2020-04-16 17:02:36,196:DEBUG:certbot.main:Arguments: [’–webroot’, ‘-w’, ‘/var/www’, ‘–agree-tos’, ‘–no-eff-email’, ‘–rsa-key-size’, ‘4096’, ‘-m’, ‘nextcloud@speckmann-family.de’, ‘-d’, ‘wolkenspeck.freedynamicdns.net’]
2020-04-16 17:02:36,199:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-04-16 17:02:36,222:DEBUG:certbot.log:Root logging level set at 20
2020-04-16 17:02:36,223:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-04-16 17:02:36,230:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2020-04-16 17:02:36,231:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0xb5457df0>
Prep: True
2020-04-16 17:02:36,232:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0xb5457df0> and installer None
2020-04-16 17:02:36,232:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2020-04-16 17:02:36,254:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri=‘https://acme-v02.api.letsencrypt.org/acme/acct/83289978’, new_authzr_uri=None, terms_of_service=None), 150879601e2e6a38c28732e492de8145, Meta(creation_dt=datetime.datetime(2020, 4, 13, 12, 12, 24, tzinfo=), creation_host=‘DietPi’))>
2020-04-16 17:02:36,256:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2020-04-16 17:02:36,262:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2020-04-16 17:02:36,955:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 658
2020-04-16 17:02:36,956:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 Apr 2020 15:02:36 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
“9BgZGeRJv2s”: “Adding random entries to the directory”,
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
letsencrypt.org
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert
}
2020-04-16 17:02:36,958:INFO:certbot.main:Obtaining a new certificate
2020-04-16 17:02:48,808:DEBUG:certbot.crypto_util:Generating key (4096 bits): /etc/letsencrypt/keys/0016_key-certbot.pem
2020-04-16 17:02:48,858:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0016_csr-certbot.pem
2020-04-16 17:02:48,861:DEBUG:acme.client:Requesting fresh nonce
2020-04-16 17:02:48,861:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2020-04-16 17:02:49,025:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “HEAD /acme/new-nonce HTTP/1.1” 200 0
2020-04-16 17:02:49,026:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 Apr 2020 15:02:48 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0001E7U2opBor-IjhKQny-MgJVdYm-bvc3SQ9FSj5lOd2QQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2020-04-16 17:02:49,026:DEBUG:acme.client:Storing nonce: 0001E7U2opBor-IjhKQny-MgJVdYm-bvc3SQ9FSj5lOd2QQ
2020-04-16 17:02:49,027:DEBUG:acme.client:JWS payload:
b’{\n “identifiers”: [\n {\n “type”: “dns”,\n “value”: “wolkenspeck.freedynamicdns.net”\n }\n ]\n}’
2020-04-16 17:02:49,070:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODMyODk5NzgiLCAibm9uY2UiOiAiMDAwMUU3VTJvcEJvci1JamhLUW55LU1nSlZkWW0tYnZjM1NROUZTajVsT2QyUVEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9”,
“signature”: “Y1nON2rHG1tqz1YfrIO2HKlsSsF8rOtMOI4JRCKzdbSwt0IbyIDpPLPcua5K5SHEuSZ8y27E4rB6lbJFAIdrTXzshp8lj30bfaOFC82DgOffUYb1fqSoSJiSA_D9AGMmGnDBZHgwflyJFcEeVhTSZMEpGM2lLFxP6qmo6ZMy6Ews6QHDCE1NFOl2N0Bs4S4PUiuFanZbbnsBykTRXNSqGVcj8ArEdsINerUeV57TKOedMEJETxS_3n3Wjs77VbF4zo7rEWXRbJCoaQeFHSWLQOTEmD1xhgmE9_JvWubmJvqcR_A8FdvE3HqEenhfYXaBstcKKKXHRuBEwckQz99WE0m5d_keEBq7LveR8eIl4Gj1dg5EQ7yxZPkiPG0TuI4Cf4abJ4mVS_x_Rwd_azVtHFdXQ7tgOlzLMjnHsaQrPsO240v03rMuwNbME8CmsyvFfYqeAp_lZgDfId6ul6WQiLhp-kDibQaiKu2eQpp0Lb26FUOUBh5oMnKrxjE5rv91zVC_lszD3pl_dwyZb2X1ky9nRN3V5QSaK0YfiUzfzc3HavRUqLDsDamPdEJclz4_HuN90heUrjTJACPzxZ0WrQpGfpoaJbW1RDLkuu051bDWKubzwPlNUYDg8votDpgFn5GfceWYVSZewLueB0cbtHn2IOxOxnXbOYI86BAmDfg”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIndvbGtlbnNwZWNrLmZyZWVkeW5hbWljZG5zLm5ldCIKICAgIH0KICBdCn0”
}
2020-04-16 17:02:49,286:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 360
2020-04-16 17:02:49,287:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 16 Apr 2020 15:02:49 GMT
Content-Type: application/json
Content-Length: 360
Connection: keep-alive
Boulder-Requester: 83289978
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Location: https://acme-v02.api.letsencrypt.org/acme/order/83289978/3022488069
Replay-Nonce: 000236cZS4JrXTl23ck7pMrQsMUI9HEmZ9rr0M4AP3XNHss
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
“status”: “pending”,
“expires”: “2020-04-23T15:02:49.195563823Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “wolkenspeck.freedynamicdns.net
}
],
“authorizations”: [
https://acme-v02.api.letsencrypt.org/acme/authz-v3/3996698623
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/83289978/3022488069
}
2020-04-16 17:02:49,287:DEBUG:acme.client:Storing nonce: 000236cZS4JrXTl23ck7pMrQsMUI9HEmZ9rr0M4AP3XNHss
2020-04-16 17:02:49,288:DEBUG:acme.client:JWS payload:
b’’
2020-04-16 17:02:49,331:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/3996698623:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODMyODk5NzgiLCAibm9uY2UiOiAiMDAwMjM2Y1pTNEpyWFRsMjNjazdwTXJRc01VSTlIRW1aOXJyME00QVAzWE5Ic3MiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM5OTY2OTg2MjMifQ”,
“signature”: “sL0kH7fzbWzbspkdA_II53rhPbRyjXK5Ul1dGnBkIVmyEyzZZJbkgsJ3hbDrl7nTPLsMk49EKMeMM8s-MNNKCbGjCMMPWlmYA0K3EmajfLH31K-rDpgumjjefMLWHZiKkDDNFDZ0LC_Li4mT7DJq5jx6SpIHw2MbWu-nGOutk6parh3hnQsyGZhXg7RhrZ3OYtGRWlMaD_MuFZJto_m-AMlCZ1Y3UztDsKbupFGqcmVMrlY_1LPBW0PWZ3e5kj1EUx0IWVEm6wI4ABtekajt6rAQG-95I_s5-DLpvvNGkfut7tUqwhHtBK5BHQylS4TzIsyUC6nU9YdxBAFXqCrJbzJRzk9zH8EV-Bp12VUtKG2QRbl8BZvBrfWtnW52Fcwm5KucuAoeKsTNHH9eNUDo68TA3OQCieLHBJzGGK-FNEqgoqC6rzqQ6udl_6s3YrSL8PM75pQKimCbWkB1XDynn0MAyPeZahGrNlg_U4m1RUI3z0mGFCmxCnY7jV7S-kuaS9kyKyjr5xcQGStXhEDTNEdthK4x3bCX2x7CoG4pk632JU88iJWhdWKGThudCEdIRS1VzOzPv4pcXZ0zESoIXkvfHkMyzL_fhp8eFT6-gqr2wAlB63FgqFeWC8f030siWJsAsv-uhAM_aWq4hi-nLzcgII3All_5nfg–qaNtk8”,
“payload”: “”
}
2020-04-16 17:02:49,507:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/3996698623 HTTP/1.1” 200 808
2020-04-16 17:02:49,508:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 Apr 2020 15:02:49 GMT
Content-Type: application/json
Content-Length: 808
Connection: keep-alive
Boulder-Requester: 83289978
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0001lPtLo3Y7sixznlAnT8DDlVDp5gQyrgVTi9ScTP_LLuk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
“identifier”: {
“type”: “dns”,
“value”: “wolkenspeck.freedynamicdns.net
},
“status”: “pending”,
“expires”: “2020-04-23T15:02:49Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/3996698623/NMmQwQ”,
“token”: “5atiYDeGuIE2BL_uQvFv4HWkliWRweN-0N8Yf2gfznw”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/3996698623/xW5qzw”,
“token”: “5atiYDeGuIE2BL_uQvFv4HWkliWRweN-0N8Yf2gfznw”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/3996698623/9Jo88g”,
“token”: “5atiYDeGuIE2BL_uQvFv4HWkliWRweN-0N8Yf2gfznw”
}
]
}
2020-04-16 17:02:49,509:DEBUG:acme.client:Storing nonce: 0001lPtLo3Y7sixznlAnT8DDlVDp5gQyrgVTi9ScTP_LLuk
2020-04-16 17:02:49,510:INFO:certbot.auth_handler:Performing the following challenges:
2020-04-16 17:02:49,510:INFO:certbot.auth_handler:http-01 challenge for wolkenspeck.freedynamicdns.net
2020-04-16 17:02:49,511:INFO:certbot.plugins.webroot:Using the webroot path /var/www for all unmatched domains.
2020-04-16 17:02:49,511:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /var/www/.well-known/acme-challenge
2020-04-16 17:02:49,528:DEBUG:certbot.plugins.webroot:Attempting to save validation to /var/www/.well-known/acme-challenge/5atiYDeGuIE2BL_uQvFv4HWkliWRweN-0N8Yf2gfznw
2020-04-16 17:02:49,529:INFO:certbot.auth_handler:Waiting for verification…
2020-04-16 17:02:49,529:DEBUG:acme.client:JWS payload:
b’{\n “resource”: “challenge”,\n “type”: “http-01”\n}’
2020-04-16 17:02:49,572:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/3996698623/NMmQwQ:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODMyODk5NzgiLCAibm9uY2UiOiAiMDAwMWxQdExvM1k3c2l4em5sQW5UOEREbFZEcDVnUXlyZ1ZUaTlTY1RQX0xMdWsiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzM5OTY2OTg2MjMvTk1tUXdRIn0”,
“signature”: “GGQncbZKW5nYBMXHpo-Rn10Hj3JSIdbhRncjnyhL7IL8mTcUWei2lrfjozcKLcSPLsHq01aShLkoJMGgF2NS-FzlzC0nMjn4–yEfXjt3COrE8XfZomKXRG9ssyahw5CDm8T4tYSASmWPVYkTDaEEpO-CmaDJrRi_WlaNp8Nxi9bH8eLt-2DXaOOpF7NVDdySm11Rd9pAU9CImcxXh1Dof8-4Tbhty-xaGGzucPYrxQgZ6m5cK6F6YB-Qd9eyTkk4cbWyTSLIFPv0sz2gRW6xypmM32LbNOwy2maBxlDNxrngaX8C4k8osXP0Bynp_yaHF0LzlgDg-EaHtIqgvdW0f1Tt-q8Jvqy4DOhGRdo9C1aQQ-AXNQGAbCzXaBJRfG5XQo9YveEkSrvuMn_7CXfhw74Snla7KO_P8vj3wvwoF3H0HdXAyWXaIa7v_lhFQAdoXAR1UE_eFXpukI2tjonxbGV36cq3v-M5tQcp7xSrHHvqgKv051Exp_Jr79yLY_duwJsgmAXy-buCuDjmR8BxOUh_XsyM-oZmS183AYBw8x4MC9CQ1Di3HEtd150TY0W8z373OZiS4gauPupv9Q3d5P4aIpKLckiTAbs4_zwzHa4vyE7Mt8I3T1mYV7h_ax0wWCHwHK_RXa0HYGFqGYgA6s326wKRJmByVaN3u-hV4M”,
“payload”: “ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0”
}
2020-04-16 17:02:49,766:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/chall-v3/3996698623/NMmQwQ HTTP/1.1” 200 185
2020-04-16 17:02:49,767:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 Apr 2020 15:02:49 GMT
Content-Type: application/json
Content-Length: 185
Connection: keep-alive
Boulder-Requester: 83289978
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”, https://acme-v02.api.letsencrypt.org/acme/authz-v3/3996698623;rel=“up”
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/3996698623/NMmQwQ
Replay-Nonce: 0001jWOqgIGTInHxKpBgDwXn582gM6P4ZLKiMGkKQpcN8XA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/3996698623/NMmQwQ”,
“token”: “5atiYDeGuIE2BL_uQvFv4HWkliWRweN-0N8Yf2gfznw”
}
2020-04-16 17:02:49,768:DEBUG:acme.client:Storing nonce: 0001jWOqgIGTInHxKpBgDwXn582gM6P4ZLKiMGkKQpcN8XA
2020-04-16 17:02:52,770:DEBUG:acme.client:JWS payload:
b’’
2020-04-16 17:02:52,832:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/3996698623:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODMyODk5NzgiLCAibm9uY2UiOiAiMDAwMWpXT3FnSUdUSW5IeEtwQmdEd1huNTgyZ002UDRaTEtpTUdrS1FwY044WEEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM5OTY2OTg2MjMifQ”,
“signature”: “NwJBdY4zWhjrXbvjc_lN34-pksdnMWc6EtKAW8GZO01R7Nkn6vfUIA-GVGmZnymKOHFPHrG65R48sO75ZiUx07Jh0kiRgaQKG2yydHcB1N7FEWvGfp2eNCfw9d2dCwg0EO-UF3KpXAx6RcVzVVYvALuny491QG4mbjnGpmLXXvLctRBqgLWjVdcCMn5sr2RF0aEMm6ViPMZKRDH7Wf9N1RwQ2oAK6yRnytnhP3cN-DJqb0Y6CIHW26awhH7xkcqrfkxfOSMLJ69Poo_HYd40-VveEiiCKgydVjcdNiCFWgfGiPxf85nM2lRp8Dt2Z036jv41fdVND2EfqN-tBYnuWJZjZxhPSl3O_9ATkhXpgiDo6kOeVeCU3kRbEwXG1wcHFsn-hHr6mrmF9S-zpflAGxx22HdTcDzxTrq7GyDj6uOTME8h3Kjca79VDKwMup2EF0P8zt5nTGKyAIDyvP0K3I-l2GBFUXPD50MgxEp1ZppyO82T37SQh6aC5mX-fizve2ECPkMXR4AuwZiKV9Afq-8Oct3f6tssealLnAElyG7NpW20URzQsOPs2mYmvqmuxY_lYtUfqSRij2J9EYgi8fDjuRIfcXs-S5Cgch9m4WTiVZkPKre_-CN6wppZAwVLDXH7_cEyL-CyTlNk-qTZaBMeCjKfP-ChQhLzth5_efg”,
“payload”: “”
}
2020-04-16 17:02:53,009:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/3996698623 HTTP/1.1” 200 1216
2020-04-16 17:02:53,010:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 Apr 2020 15:02:52 GMT
Content-Type: application/json
Content-Length: 1216
Connection: keep-alive
Boulder-Requester: 83289978
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0002rBUPowJ1s_YPMSqufFcf6WarT9JqMJjvqTzQx90wx8c
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
“identifier”: {
“type”: “dns”,
“value”: “wolkenspeck.freedynamicdns.net
},
“status”: “invalid”,
“expires”: “2020-04-23T15:02:49Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from http://wolkenspeck.freedynamicdns.net/.well-known/acme-challenge/5atiYDeGuIE2BL_uQvFv4HWkliWRweN-0N8Yf2gfznw [83.135.215.139]: “\u003c?xml version=\“1.0\” encoding=\“iso-8859-1\”?\u003e\n\u003c!DOCTYPE html PUBLIC \”-//W3C//DTD XHTML 1.0 Transitional//EN\”\n \“http://www.”",
“status”: 403
},
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/3996698623/NMmQwQ”,
“token”: “5atiYDeGuIE2BL_uQvFv4HWkliWRweN-0N8Yf2gfznw”,
“validationRecord”: [
{
“url”: “http://wolkenspeck.freedynamicdns.net/.well-known/acme-challenge/5atiYDeGuIE2BL_uQvFv4HWkliWRweN-0N8Yf2gfznw”,
“hostname”: “wolkenspeck.freedynamicdns.net”,
“port”: “80”,
“addressesResolved”: [
“83.135.215.139”
],
“addressUsed”: “83.135.215.139”
}
]
}
]
}
2020-04-16 17:02:53,011:DEBUG:acme.client:Storing nonce: 0002rBUPowJ1s_YPMSqufFcf6WarT9JqMJjvqTzQx90wx8c
2020-04-16 17:02:53,012:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: wolkenspeck.freedynamicdns.net
Type: unauthorized
Detail: Invalid response from http://wolkenspeck.freedynamicdns.net/.well-known/acme-challenge/5atiYDeGuIE2BL_uQvFv4HWkliWRweN-0N8Yf2gfznw [83.135.215.139]: "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n \"http://www." 2020-04-16 17:02:53,015:DEBUG:certbot.error_handler:Calling registered functions 2020-04-16 17:02:53,015:INFO:certbot.auth_handler:Cleaning up challenges 2020-04-16 17:02:53,015:DEBUG:certbot.plugins.webroot:Removing /var/www/.well-known/acme-challenge/5atiYDeGuIE2BL_uQvFv4HWkliWRweN-0N8Yf2gfznw 2020-04-16 17:02:53,016:DEBUG:certbot.plugins.webroot:All challenges cleaned up 2020-04-16 17:02:53,017:DEBUG:certbot.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 11, in
load_entry_point(‘certbot==0.31.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1365, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1250, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 410, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. wolkenspeck.freedynamicdns.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://wolkenspeck.freedynamicdns.net/.well-known/acme-challenge/5atiYDeGuIE2BL_uQvFv4HWkliWRweN-0N8Yf2gfznw [83.135.215.139]: "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN”\n “http://www.”

Hi @oesel

if you use --webroot and if that doesn’t work, your webroot is wrong. Or you have additional definitions, so /var/www isn’t used.

What says

apachectl -S
1 Like

root@DietPi:~# apachectl -S
bash: apachectl: Kommando nicht gefunden.

Sorry, wrong read.

That’s

your webserver, not Apache. Then check the documentation of that webserver to find your correct webroot.

1 Like

HI,

I installed Apache2, uninstalled Lighttpd and tried letsencrypt/certbot again.
Now it works without any problem and I could certificate my cloud.
So it seems to be a problem with lighttpd…

Here is the report:

root@DietPi:~# apachectl -S
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
VirtualHost configuration:
*:443 wolkenspeck.freedynamicdns.net (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80 is a NameVirtualHost
default server qkzehvaxk94blhnq.myfritz.net (/etc/apache2/sites-enabled/000-default-le-ssl.conf:17)
port 80 namevhost qkzehvaxk94blhnq.myfritz.net (/etc/apache2/sites-enabled/000-default-le-ssl.conf:17)
port 80 namevhost wolkenspeck.freedynamicdns.net (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

While checking the log, I recognized, that some parts added to *:443 and others are added to *:80
Is it standard are does anything went wrong?

The most important thing is, that I can reach my cloud over qkzehvaxk94blhnq.myfritz.net, so I’m fine with it… :grinning: :hugs: :+1:

1 Like

May be a redirect http -> https.

And if it is your first certificate, a new port 443 vHost is created.

Happy to read that it works :+1:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.