Certbot failing authentication via .well-known/acme-challenge/

__

My domain is: mailserver.rcousins.com

I ran this command:
certbot certonly --test-cert -vvvvv --webroot -w /var/www/html -d mailserver.rcousins.com

It produced this output:
See bottom of post -vvvvv is a lot. The relevant bits are probably:

Challenge failed for domain mailserver.rcousins.com
http-01 challenge for mailserver.rcousins.com
Reporting to user: The following errors were reported by the server:

Domain: mailserver.rcousins.com
Type: connection
Detail: Fetching http://mailserver.rcousins.com/.well-known/acme-challenge/caSgavbl0ifWZpcu9UXxiNqd9GTmSVUCWYifFAHKHRE: Error getting validation data

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.

My web server is (include version):
nginx -v
nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.3 LTS
Release: 20.04
Codename: focal

My hosting provider, if applicable, is:
N/A.

I can login to a root shell on my machine (yes or no, or I don't know):
Yes.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot --version
certbot 0.40.0

I'm trying to install a certificate, and I think the problem is that the certbot script isn't writing the challenge to /var/www/html/.well-known/acme-challenge/. I didn't see the directory get created, and when I created it manual I never saw the file show up.

How can I further trouble-shoot this?

Results from certbot command:
certbot certonly --test-cert -vvvvv --webroot -w /var/www/html -d mailserver.rcousins.com
Root logging level set at -30
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator webroot and installer None
Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7fa33e776130>
Prep: True
Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7fa33e776130> and installer None
Plugins selected: Authenticator webroot, Installer None
Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/37594988', new_authzr_uri=None, terms_of_service=None), f391c9a1e46a8ed05debdf88de7ea713, Meta(creation_dt=datetime.datetime(2021, 12, 19, 20, 30, 23, tzinfo=), creation_host='mailserver.rcousins.com'))>
Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 822
Received response:
HTTP 200
Server: nginx
Date: Sun, 19 Dec 2021 21:14:39 GMT
Content-Type: application/json
Content-Length: 822
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"VKXE2dMfc0s": "Adding random entries to the directory",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "Staging Environment - Let's Encrypt"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/get/draft-aaron-ari/renewalInfo/",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
Obtaining a new certificate
Generating key (2048 bits): /etc/letsencrypt/keys/0004_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0004_csr-certbot.pem
Requesting fresh nonce
Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Server: nginx
Date: Sun, 19 Dec 2021 21:14:40 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0002lkSwjTBDKRSaUY7u40gV5iEJbGg8o2SEeiQUhFSqQdM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

Storing nonce: 0002lkSwjTBDKRSaUY7u40gV5iEJbGg8o2SEeiQUhFSqQdM
JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "mailserver.rcousins.com"\n }\n ]\n}'
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8zNzU5NDk4OCIsICJub25jZSI6ICIwMDAybGtTd2pUQkRLUlNhVVk3dTQwZ1Y1aUVKYkdnOG8yU0VlaVFVaEZTcVFkTSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "ebi-xuGgt60iqHjF5NaWJ-xCkpd0oHNA4BxqG4tRc-Nzhl7ccZsNEoFqieu-g4VQxGta98JgD-liCDMbZJ9u0FQZDRgxRxyl-HfyCg0UgpdEs5Te8Vgq_e7oO5THp9kyihG5rc3SCcazm8dBj3nciweUXyD-Fx4DvYQfPhAE2CULxnWORFW7Mpm6wuxgdfZqP7UDw8K9ts3dnCJL8l45pbPBAu-xjxvdEWv08QYBBVvDyBmoWD_Wru3mXEI4rD87AHgtPZ3fOhDbVy6hEDacgyEH8HqzCckHDFS13ukL4uGZ2vxGUEVVPmTS77nNr0t0k7BTckc_WU7IHtfJLE7ung",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1haWxzZXJ2ZXIucmNvdXNpbnMuY29tIgogICAgfQogIF0KfQ"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 359
Received response:
HTTP 201
Server: nginx
Date: Sun, 19 Dec 2021 21:14:40 GMT
Content-Type: application/json
Content-Length: 359
Connection: keep-alive
Boulder-Requester: 37594988
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/37594988/1314438498
Replay-Nonce: 0002Mknh2IoVVi04iaGyrmaWzA1nkhAjJMl6VDexaflN7zc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2021-12-26T21:14:40Z",
"identifiers": [
{
"type": "dns",
"value": "mailserver.rcousins.com"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1219599018"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/37594988/1314438498"
}
Storing nonce: 0002Mknh2IoVVi04iaGyrmaWzA1nkhAjJMl6VDexaflN7zc
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1219599018:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8zNzU5NDk4OCIsICJub25jZSI6ICIwMDAyTWtuaDJJb1ZWaTA0aWFHeXJtYVd6QTFua2hBakpNbDZWRGV4YWZsTjd6YyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMjE5NTk5MDE4In0",
"signature": "HRmAV0JMF821x98eo6qdKqAj_xfLs0c205ul9cJGvGi3s-Tt-RemUNUGzjBGciUbWQeNdp42C-NzULQ77Kb6_K255sHxtWsCtHEvYzAGRnxg_7Yx90kVqdClqLDSOo72rgDCuCxImC1jnuUsdvqbooyVhkvVK30fh6Tir3ayffL6qdBlQjAr45g2BvPCjcLlh03Ttmr0LwFplz4Ghcii2haDln_eLnptoSP6PGZeTGgLG8r48hXMUjjcXFE9OtwHIupp7_f45T8l-hbOMBuRbHpbDrZN21aa7llyLWMDpmy4kbzdcmKwQ_2QvB1NcCMCMs-AmAtpubyLgESf22-1AQ",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/1219599018 HTTP/1.1" 200 825
Received response:
HTTP 200
Server: nginx
Date: Sun, 19 Dec 2021 21:14:40 GMT
Content-Type: application/json
Content-Length: 825
Connection: keep-alive
Boulder-Requester: 37594988
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0001xDhXWKSbt0-QdfpEKbBUSZo2-Z9y1dfBRTEmxCe0qQE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "mailserver.rcousins.com"
},
"status": "pending",
"expires": "2021-12-26T21:14:40Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1219599018/m53E-A",
"token": "caSgavbl0ifWZpcu9UXxiNqd9GTmSVUCWYifFAHKHRE"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1219599018/CQB1Zg",
"token": "caSgavbl0ifWZpcu9UXxiNqd9GTmSVUCWYifFAHKHRE"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1219599018/xbtQNQ",
"token": "caSgavbl0ifWZpcu9UXxiNqd9GTmSVUCWYifFAHKHRE"
}
]
}
Storing nonce: 0001xDhXWKSbt0-QdfpEKbBUSZo2-Z9y1dfBRTEmxCe0qQE
Performing the following challenges:
http-01 challenge for mailserver.rcousins.com
Using the webroot path /var/www/html for all unmatched domains.
Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
Attempting to save validation to /var/www/html/.well-known/acme-challenge/caSgavbl0ifWZpcu9UXxiNqd9GTmSVUCWYifFAHKHRE
Waiting for verification...
JWS payload:
b'{\n "resource": "challenge",\n "type": "http-01"\n}'
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1219599018/m53E-A:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8zNzU5NDk4OCIsICJub25jZSI6ICIwMDAxeERoWFdLU2J0MC1RZGZwRUtiQlVTWm8yLVo5eTFkZkJSVEVteENlMHFRRSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xMjE5NTk5MDE4L201M0UtQSJ9",
"signature": "OTajQg_zfk-JZc5fNW88U_uMT9gfelgQV1Fo1d-g0Ey6-1ti3lrspFFBg2tvumD5K7xPnKSSWyeQ4PIRavPAw_iZ7iq2PmjYzH3cg26vTbIcDXwhyrkgTgoFY7UlJzpQpU5ByV4LAj18UPvCU6iiWiV00t0nq2v7GNkXYPrgClg0fuMToRp5jiI3I0zNGXzbCXnzOzfZX0mlry8bY7d6QpkF9Ui6YDckEL_Jz-WeqM27rhyTeb9JL3NpvWjaev_gawl095z5ETrxjlEHJVm0QVKYB6DsHMCjHZcE0kRQp5ejAu9s4mFMMu4PZfcDUI356L7mN5PGbZY5l0Tfqj08Lg",
"payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/1219599018/m53E-A HTTP/1.1" 200 193
Received response:
HTTP 200
Server: nginx
Date: Sun, 19 Dec 2021 21:14:40 GMT
Content-Type: application/json
Content-Length: 193
Connection: keep-alive
Boulder-Requester: 37594988
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index", https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1219599018;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1219599018/m53E-A
Replay-Nonce: 0001bGz7gjlo59Xt3hZGn7Ltsf-ZW0UN9ID5ofywT-0q1-s
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1219599018/m53E-A",
"token": "caSgavbl0ifWZpcu9UXxiNqd9GTmSVUCWYifFAHKHRE"
}
Storing nonce: 0001bGz7gjlo59Xt3hZGn7Ltsf-ZW0UN9ID5ofywT-0q1-s
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1219599018:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8zNzU5NDk4OCIsICJub25jZSI6ICIwMDAxYkd6N2dqbG81OVh0M2haR243THRzZi1aVzBVTjlJRDVvZnl3VC0wcTEtcyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMjE5NTk5MDE4In0",
"signature": "E7-BgivL_dCpdzDbm160CETivmg-VkyzEl7eL82DjSBkP6eeJReeSThKInLFCuuhhsj1zNSNP4x6KbiG-8TKab7NIkGjKMoa0mOvJYFnK5uWanHRU1prv036nNr7yFM-_c3SJwFDT0lihdwuXQ9hy1fJVgcGrqTTNLFUqX3Emi9Dha0PB8Trqwufjf_Hk2Yxcei5c5jsDtAD7ERskmN08l-O23WP65i2WBQCwyzINaqjQWTzY3qV-2HDu-F10W6QAtwt0e78S1JHYHHSIjUpgkgwlJUn1zuMXcjjsUuczS9kT7wKfe-Bu3XJVR6DXZYA4q84y5ftVOOwdzLQEhMMfQ",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/1219599018 HTTP/1.1" 200 825
Received response:
HTTP 200
Server: nginx
Date: Sun, 19 Dec 2021 21:14:41 GMT
Content-Type: application/json
Content-Length: 825
Connection: keep-alive
Boulder-Requester: 37594988
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0001_HQpA9mrujTUQu2dhDyRmDLZ5OvqJrsJB5BadOpqHQQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "mailserver.rcousins.com"
},
"status": "pending",
"expires": "2021-12-26T21:14:40Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1219599018/m53E-A",
"token": "caSgavbl0ifWZpcu9UXxiNqd9GTmSVUCWYifFAHKHRE"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1219599018/CQB1Zg",
"token": "caSgavbl0ifWZpcu9UXxiNqd9GTmSVUCWYifFAHKHRE"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1219599018/xbtQNQ",
"token": "caSgavbl0ifWZpcu9UXxiNqd9GTmSVUCWYifFAHKHRE"
}
]
}
Storing nonce: 0001_HQpA9mrujTUQu2dhDyRmDLZ5OvqJrsJB5BadOpqHQQ
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1219599018:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8zNzU5NDk4OCIsICJub25jZSI6ICIwMDAxX0hRcEE5bXJ1alRVUXUyZGhEeVJtRExaNU92cUpyc0pCNUJhZE9wcUhRUSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMjE5NTk5MDE4In0",
"signature": "MuE7XbP6RmrqFv9fxUTcILyyeHX6xdAjdnr6wlFROqAtfdUUpub9FEvSMKr7ESflqe86b9364TkwwVOlqPB5RTkREOx02oBkgSBUgPvIqVKhCjesp37tipDqEN6FQeQxYcJ5PYcRV6I6-v3cqzy1KV5ceSOLp-7s9rLkbS8-siv1q8f81vUquJXbzwWJ3MrVo1ntCe_k0o5-C1VUaKz_u664sHIWc-ebrrnxh5BlxkJrHZaqgX7LzJVcFWJBC_alsjfTdGgFeQo9CQCCwL1eCdecw1NPcS_mUtUdpuFbx5S5Y_jDGylOfNHF1ev1-ue5V2F-KNcSQD9uVIluEDbaAw",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/1219599018 HTTP/1.1" 200 1058
Received response:
HTTP 200
Server: nginx
Date: Sun, 19 Dec 2021 21:14:44 GMT
Content-Type: application/json
Content-Length: 1058
Connection: keep-alive
Boulder-Requester: 37594988
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0002wFY0UaL0YIxjP_eygnzj_z_It5ttFZYvHzNBRMwfpxs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "mailserver.rcousins.com"
},
"status": "invalid",
"expires": "2021-12-26T21:14:40Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "Fetching http://mailserver.rcousins.com/.well-known/acme-challenge/caSgavbl0ifWZpcu9UXxiNqd9GTmSVUCWYifFAHKHRE: Error getting validation data",
"status": 400
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1219599018/m53E-A",
"token": "caSgavbl0ifWZpcu9UXxiNqd9GTmSVUCWYifFAHKHRE",
"validationRecord": [
{
"url": "http://mailserver.rcousins.com/.well-known/acme-challenge/caSgavbl0ifWZpcu9UXxiNqd9GTmSVUCWYifFAHKHRE",
"hostname": "mailserver.rcousins.com",
"port": "80",
"addressesResolved": [
"50.247.74.2"
],
"addressUsed": "50.247.74.2"
}
],
"validated": "2021-12-19T21:14:40Z"
}
]
}
Storing nonce: 0002wFY0UaL0YIxjP_eygnzj_z_It5ttFZYvHzNBRMwfpxs
Challenge failed for domain mailserver.rcousins.com
http-01 challenge for mailserver.rcousins.com
Reporting to user: The following errors were reported by the server:

Domain: mailserver.rcousins.com
Type: connection
Detail: Fetching http://mailserver.rcousins.com/.well-known/acme-challenge/caSgavbl0ifWZpcu9UXxiNqd9GTmSVUCWYifFAHKHRE: Error getting validation data

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

Calling registered functions
Cleaning up challenges
Removing /var/www/html/.well-known/acme-challenge/caSgavbl0ifWZpcu9UXxiNqd9GTmSVUCWYifFAHKHRE
All challenges cleaned up
Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1382, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1265, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 417, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 348, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 396, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: mailserver.rcousins.com
    Type: connection
    Detail: Fetching
    http://mailserver.rcousins.com/.well-known/acme-challenge/caSgavbl0ifWZpcu9UXxiNqd9GTmSVUCWYifFAHKHRE:
    Error getting validation data

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you're using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

Your host is unreachable on port 80. See for example the last few lines of a TCP traceroute on port 80:

(...)
25  c-69-181-214-52.hsd1.ca.comcast.net (69.181.214.52)  161.770 ms  167.485 ms  167.472 ms
26  lab2.rcousins.com (50.247.74.2)  171.268 ms  176.097 ms  176.086 ms
27  lab2.rcousins.com (50.247.74.2)  1596.832 ms !H  1596.820 ms !H  677.154 ms !H
1 Like

Hmm...Oh yeah. Lemme fix that.

Ok, I had missed a rule in the firewall, and now it worked.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.