Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
webshare.sxces.com

I ran this command:
certbot -v renew --dry-run

It produced this output:
Failed to renew certificate webshare.sxces.com with error: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))

My web server is (include version):
Custom web server, switched off for renew

The operating system my web server runs on is (include version):
Debian 12 with python 3.11.2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 3.10

It worked for several month with automated renews.

Ports 80 and 443 are open, the web server is reachable.
Web server is stopped for renew.

The complete certbot output :

certbot -v renew --dry-run

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/webshare.sxces.com.conf

Certificate is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Simulating renewal of an existing certificate for webshare.sxces.com
Performing the following challenges:
http-01 challenge for webshare.sxces.com
Waiting for verification...
Cleaning up challenges
Failed to renew certificate webshare.sxces.com with error: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))

All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/webshare.sxces.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

I can provide the debug log, if requested.

So far I understand, python 11 should work.

Thanks a lot

Yeah, uploading the log would be helpful thanks. Mostly just to check which connection is being disconnected. I am not sure if it is an outbound problem with your ACME Client reaching the Let's Encrypt API or the Let's Encrypt ACME Server reaching your domain (Certbot --standalone server).

I can also reach your domain right now (the WebObjects server) so it seems like comms routing to you is fine. At least now.

If was an API connection problem that likely was a quirk and should not repeat. Debugging --standalone is a little harder. Below is my standard advice for that.

But, if you want to upload a log or have questions let us know.

========================

The --standalone method is difficult to debug because you need to keep Certbot running to test connection from the public internet.

A way to test this easier is to use these command options

certbot certonly --standalone --dry-run --debug-challenges -v -d (domain)

This command will show you the challenge URL to try from the public internet and the proper response. After showing you this it will say "Press Enter to Continue". DO NOT PRESS ENTER.

Leave it paused like that and use a different device to test connection. You can use a mobile phone with wifi disabled to use your carrier's network.

You do not have to use the full URL. Just try http://(yourdomain)

If the connection works this shorter URL should see a response like below.

ACME client standalone challenge solver

Hello,
I tried your requested challenge-debug:

certbot certonly --standalone --dry-run --debug-challenges -v -d webshare.sxces.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None

An RSA certificate named webshare.sxces.com already exists. Do you want to
update its key type to ECDSA?

(U)pdate key type/(K)eep existing key type: u
Simulating renewal of an existing certificate for webshare.sxces.com
Performing the following challenges:
http-01 challenge for webshare.sxces.com

Challenges loaded. Press continue to submit to CA.
The following URLs should be accessible from the internet and return the value
mentioned:
URL:
http://webshare.sxces.com/.well-known/acme-challenge/3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew
Expected value:
3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew.yLECcovyMH9a8nEfb_NUSCcF89nn-FFC1WfuvcYWjro

Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Dry run: skipping deploy hook command: /etc/letsencrypt/renewal-hooks/deploy/ntpsec
The dry run was successful.

But the renew still failed:

certbot -v renew --dry-run --debug-challenges

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/webshare.sxces.com.conf

Certificate is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Simulating renewal of an existing certificate for webshare.sxces.com
Performing the following challenges:
http-01 challenge for webshare.sxces.com

Challenges loaded. Press continue to submit to CA.
The following URLs should be accessible from the internet and return the value
mentioned:
URL:
http://webshare.sxces.com/.well-known/acme-challenge/s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI
Expected value:
s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI.yLECcovyMH9a8nEfb_NUSCcF89nn-FFC1WfuvcYWjro

Waiting for verification...
Challenge failed for domain webshare.sxces.com
http-01 challenge for webshare.sxces.com
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: webshare.sxces.com
Type: connection
Detail: During secondary validation: 87.129.184.91: Fetching http://webshare.sxces.com/.well-known/acme-challenge/s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Cleaning up challenges
Failed to renew certificate webshare.sxces.com with error: Some challenges have failed.

All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/webshare.sxces.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

Debug log is send next reply!

Here is the debug log of both sessions:

Succesful with challenge-debug:

2025-01-28 08:47:46,227:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2025-01-28 08:47:46,338:DEBUG:certbot._internal.main:certbot version: 3.1.0
2025-01-28 08:47:46,338:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/4325/bin/certbot
2025-01-28 08:47:46,338:DEBUG:certbot._internal.main:Arguments: ['--standalone', '--dry-run', '--debug-challenges', '-v', '-d', 'webshare.sxces.com', '--preconfigured-renewal']
2025-01-28 08:47:46,338:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-01-28 08:47:46,344:DEBUG:certbot._internal.log:Root logging level set at 20
2025-01-28 08:47:46,345:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2025-01-28 08:47:46,345:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
Description: Runs an HTTP server locally which serves the necessary validation files under the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP server already running. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='standalone', value='certbot._internal.plugins.standalone:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x7f813cd02de0>
Prep: True
2025-01-28 08:47:46,346:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x7f813cd02de0> and installer None
2025-01-28 08:47:46,346:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2025-01-28 08:47:46,389:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/63794024', new_authzr_uri=None, terms_of_service=None), f5971f0c27297836c3bf94494f476440, Meta(creation_dt=datetime.datetime(2022, 8, 8, 20, 40, 47, tzinfo=datetime.timezone.utc), creation_host='webshare', register_to_eff=None))>
2025-01-28 08:47:46,389:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2025-01-28 08:47:46,390:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2025-01-28 08:48:32,315:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 974
2025-01-28 08:48:32,316:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 07:48:32 GMT
Content-Type: application/json
Content-Length: 974
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"joO5Qh65q9Q": "Adding random entries to the directory",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"profiles": {
"classic": "The same profile you're accustomed to",
"tlsserver": "Announcing Certificate Profile Selection - Let's Encrypt"
},
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
"website": "Staging Environment - Let's Encrypt"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-01-28 08:48:44,575:DEBUG:certbot._internal.display.obj:Notifying user: Simulating renewal of an existing certificate for webshare.sxces.com
2025-01-28 08:48:44,611:DEBUG:acme.client:Requesting fresh nonce
2025-01-28 08:48:44,611:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2025-01-28 08:48:44,753:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-01-28 08:48:44,754:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 07:48:44 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: _vkPb5srPd7VHkXNM1N85LH_twBHQFxNsoggsV-46vDhvO2USBA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2025-01-28 08:48:44,754:DEBUG:acme.client:Storing nonce: _vkPb5srPd7VHkXNM1N85LH_twBHQFxNsoggsV-46vDhvO2USBA
2025-01-28 08:48:44,755:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "webshare.sxces.com"\n }\n ]\n}'
2025-01-28 08:48:44,761:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Mzc5NDAyNCIsICJub25jZSI6ICJfdmtQYjVzclBkN1ZIa1hOTTFOODVMSF90d0JIUUZ4TnNvZ2dzVi00NnZEaHZPMlVTQkEiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
"signature": "OJt4s_f8R6rMOtI69zcCflyD08Wb5WcXEWQpvOjC8qCnUNL-r7O76KuirDUeBJp4c_kwS19Y8Mckr5BSWvKiG-fvC_3Fx6cGgtzOPe9w1qGHe9lrJ76JbRyzjWvd0-ms0PE6z-BmHWE0dE8HescJ0AoAHzJ1ZpC5sWs8WvBvp8tF-oEHEJJYtWCuIzYjx_0aoEQId7DBxB_e-KtwXuc3BxlMIIoCQy7ndul1yuUg_upg3on1iiKZI0oO23txtmGgVup5tDF41aOHKufZdZeMrFhaK1OLemiRrQtk4Hgp2-LmAMREDVliL8LgI39wOYPrw6hMVOtd2v2CtFZmUODo2g",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIndlYnNoYXJlLnN4Y2VzLmNvbSIKICAgIH0KICBdCn0"
}
2025-01-28 08:48:44,958:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 360
2025-01-28 08:48:44,959:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 28 Jan 2025 07:48:44 GMT
Content-Type: application/json
Content-Length: 360
Connection: keep-alive
Boulder-Requester: 63794024
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/63794024/22262355594
Replay-Nonce: _vkPb5srUnVaqlZjaDGJjw_jcy4C4B97JnjMrlLSxL-LER84-7g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "ready",
"expires": "2025-02-04T07:48:44Z",
"identifiers": [
{
"type": "dns",
"value": "webshare.sxces.com"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz/63794024/15854476814"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/63794024/22262355594"
}
2025-01-28 08:48:44,959:DEBUG:acme.client:Storing nonce: _vkPb5srUnVaqlZjaDGJjw_jcy4C4B97JnjMrlLSxL-LER84-7g
2025-01-28 08:48:44,960:DEBUG:acme.client:JWS payload:
b''
2025-01-28 08:48:44,964:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/63794024/15854476814:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Mzc5NDAyNCIsICJub25jZSI6ICJfdmtQYjVzclVuVmFxbFpqYURHSmp3X2pjeTRDNEI5N0puak1ybExTeEwtTEVSODQtN2ciLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovNjM3OTQwMjQvMTU4NTQ0NzY4MTQifQ",
"signature": "h1l2bykU00i6wjmo1IC__iaD_QLeXrp10GLWieCXB_Cb3BE8Zn7sfXznJ8FE9eOUC4CyCtzamrhtmtacRr4NjA8ruhw9peYav0T47wyOuvoiqNobK1NZcdZQG3eNozLqzK902RMzRnivT90ukpQxDnGVlm_IUPLHk9GILTZmBjt_H1A1SqETo55Z3b7BhGCsvxkqDgbuZmCQ8OpMtuFtB3YsFcPD7rIZCsMid9-vqLbiPjqQeI6yHF3gGzCgi-3c0T7_1sXiBMlutX2_Paz1BpwMEVxI-s2Rg_QJExp5Lj0J7PZwBdR5FwgAaHaL2a1Oo34HKJ0Rhwd62mZatP_e3A",
"payload": ""
}
2025-01-28 08:48:45,118:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/63794024/15854476814 HTTP/1.1" 200 782
2025-01-28 08:48:45,119:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 07:48:45 GMT
Content-Type: application/json
Content-Length: 782
Connection: keep-alive
Boulder-Requester: 63794024
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: _vkPb5sr7pwqNd4REtDr1crqmthbauSZ7C3dNwK3jS3Q-ntOPcI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "webshare.sxces.com"
},
"status": "valid",
"expires": "2025-02-26T19:38:38Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15854476814/u56Lnw",
"status": "valid",
"validated": "2025-01-27T19:38:36Z",
"token": "UqkpGrfRoxPZofXEhMhdDeyze_5liSCfH_aOitu5SD0",
"validationRecord": [
{
"url": "http://webshare.sxces.com/.well-known/acme-challenge/UqkpGrfRoxPZofXEhMhdDeyze_5liSCfH_aOitu5SD0",
"hostname": "webshare.sxces.com",
"port": "80",
"addressesResolved": [
"87.129.184.91"
],
"addressUsed": "87.129.184.91"
}
]
}
]
}
2025-01-28 08:48:45,119:DEBUG:acme.client:Storing nonce: _vkPb5sr7pwqNd4REtDr1crqmthbauSZ7C3dNwK3jS3Q-ntOPcI
2025-01-28 08:48:45,120:DEBUG:acme.client:JWS payload:
b'{\n "status": "deactivated"\n}'
2025-01-28 08:48:45,124:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/63794024/15854476814:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Mzc5NDAyNCIsICJub25jZSI6ICJfdmtQYjVzcjdwd3FOZDRSRXREcjFjcnFtdGhiYXVTWjdDM2ROd0szalMzUS1udE9QY0kiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovNjM3OTQwMjQvMTU4NTQ0NzY4MTQifQ",
"signature": "cfgeKrIbOIL1tksimI0A9enLYfx4vKJpo-FL_03dab9xffqRAdKcNqUU3wdGPtiE2ucMvmCbcUYUtfhDJEDdU3_nuIpeTl7huK7F2vAV3vOyS9hJPtpmNVqwxzVMqaf0HQQp1WQhrcQMtRFzZrVmzcNZFfueXGHIz6afg6SwPl4uuEBWA8y_UPqooEHSAijk7U2mc37W2JI_XLwXBZeLoS_KnDx2rY8LdnNTLKcDDWaLHwwYT-dsgsurlmBNrHEr3Tdvtha0pDvrGFutg1C8vLqYkkUTjT6aboupa2sFBQohmc7GgqVBBx4XLugGNaA0UWVVjQpKrD11NAQFeAnTjQ",
"payload": "ewogICJzdGF0dXMiOiAiZGVhY3RpdmF0ZWQiCn0"
}
2025-01-28 08:48:45,281:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/63794024/15854476814 HTTP/1.1" 200 788
2025-01-28 08:48:45,282:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 07:48:45 GMT
Content-Type: application/json
Content-Length: 788
Connection: keep-alive
Boulder-Requester: 63794024
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: _vkPb5srJ0L0x97L_JpI7J5Cye5aaOPdnh28x8UZbcRgSBW5_So
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "webshare.sxces.com"
},
"status": "deactivated",
"expires": "2025-02-26T19:38:38Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15854476814/u56Lnw",
"status": "valid",
"validated": "2025-01-27T19:38:36Z",
"token": "UqkpGrfRoxPZofXEhMhdDeyze_5liSCfH_aOitu5SD0",
"validationRecord": [
{
"url": "http://webshare.sxces.com/.well-known/acme-challenge/UqkpGrfRoxPZofXEhMhdDeyze_5liSCfH_aOitu5SD0",
"hostname": "webshare.sxces.com",
"port": "80",
"addressesResolved": [
"87.129.184.91"
],
"addressUsed": "87.129.184.91"
}
]
}
]
}
2025-01-28 08:48:45,282:DEBUG:acme.client:Storing nonce: _vkPb5srJ0L0x97L_JpI7J5Cye5aaOPdnh28x8UZbcRgSBW5_So
2025-01-28 08:48:45,283:DEBUG:certbot._internal.client:Recreating order after authz deactivations
2025-01-28 08:48:45,283:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "webshare.sxces.com"\n }\n ]\n}'
2025-01-28 08:48:45,287:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Mzc5NDAyNCIsICJub25jZSI6ICJfdmtQYjVzckowTDB4OTdMX0pwSTdKNUN5ZTVhYU9QZG5oMjh4OFVaYmNSZ1NCVzVfU28iLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
"signature": "YkNuB8baFt-nxxkm8oEUlBFQszcW402RgYA0RQsNgfedEMF-x9zihthZFBULnGmjgtI5ZDeseWQiM5zkKULfuwyQYDS7Z9JdDOmF7oMT1VUwLyJdhAj99-BxNXS6WWeWr97vpPm53JwKl3TwFH9nh_mKwhE8ekNO_RUVnVPiOrej7gx4jukGKw5AmlVTKz8qXE2jaZ6xbNglTkq-ubHQkBeWPK2h4ov5jshu1kGKtcIHiklDdoLDNBsR6LABPnwt-Uv8HLB_lS9FasvrHyxK99S_N-PRjV7vGFflVELl6VEJF8cPmoYYk21eUyTxWZRhkJFkSzHtyL2vYnvhLQMQRQ",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIndlYnNoYXJlLnN4Y2VzLmNvbSIKICAgIH0KICBdCn0"
}
2025-01-28 08:48:45,481:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 362
2025-01-28 08:48:45,482:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 28 Jan 2025 07:48:45 GMT
Content-Type: application/json
Content-Length: 362
Connection: keep-alive
Boulder-Requester: 63794024
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/63794024/22262355694
Replay-Nonce: _vkPb5srFNvn2ml0PUoyuZJebpSK_Ts0ZPLsb6foEhNzLC5V3Ok
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2025-02-04T07:48:45Z",
"identifiers": [
{
"type": "dns",
"value": "webshare.sxces.com"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz/63794024/15860077864"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/63794024/22262355694"
}
2025-01-28 08:48:45,482:DEBUG:acme.client:Storing nonce: _vkPb5srFNvn2ml0PUoyuZJebpSK_Ts0ZPLsb6foEhNzLC5V3Ok
2025-01-28 08:48:45,483:DEBUG:acme.client:JWS payload:
b''
2025-01-28 08:48:45,486:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/63794024/15860077864:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Mzc5NDAyNCIsICJub25jZSI6ICJfdmtQYjVzckZOdm4ybWwwUFVveXVaSmVicFNLX1RzMFpQTHNiNmZvRWhOekxDNVYzT2siLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovNjM3OTQwMjQvMTU4NjAwNzc4NjQifQ",
"signature": "OnV94OkHGZ7DjT6iiF2THAjTOJW5U04ka4NgCDuPE5xd8SDHc0Ujy6IHJli6BdxtOQw4nQQQAGFVw05fX61kE6kqed4ucT58MO4GWO77l8AQCAvGDAJ0GWC35DOQpmYH5VoaXXmo5x1D0wR4e6InzaGUQmrEDhYiuZOslIndmmjc6-Cn57sjmA-oyDxteLB4Aytf8i1Ur7lEw3aWFDQLaqXX28q0abVO3bQeym7r8uhP1T9c8DTWblaOcJnZjjrWdsyAkVG8cDgaJA59G3PPzYhtuNeEao4mJ97FxZj8LpihsSrOZIb2urEFoqZDkk535CcX9TxLjdJnGVN29QDpdQ",
"payload": ""
}
2025-01-28 08:48:45,635:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/63794024/15860077864 HTTP/1.1" 200 841
2025-01-28 08:48:45,636:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 07:48:45 GMT
Content-Type: application/json
Content-Length: 841
Connection: keep-alive
Boulder-Requester: 63794024
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: _vkPb5srF_UGzX2ChcuxmTTOXO8SjaUTuX1RApSp920xuQaOcEA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "webshare.sxces.com"
},
"status": "pending",
"expires": "2025-02-04T07:48:45Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860077864/SRpfsQ",
"status": "pending",
"token": "3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew"
},
{
"type": "tls-alpn-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860077864/cCX30w",
"status": "pending",
"token": "3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew"
},
{
"type": "dns-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860077864/6KvdBA",
"status": "pending",
"token": "3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew"
}
]
}
2025-01-28 08:48:45,637:DEBUG:acme.client:Storing nonce: _vkPb5srF_UGzX2ChcuxmTTOXO8SjaUTuX1RApSp920xuQaOcEA
2025-01-28 08:48:45,637:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-01-28 08:48:45,639:INFO:certbot._internal.auth_handler:http-01 challenge for webshare.sxces.com
2025-01-28 08:48:45,641:DEBUG:acme.standalone:Successfully bound to :80 using IPv6
2025-01-28 08:48:45,641:DEBUG:acme.standalone:Certbot wasn't able to bind to :80 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
2025-01-28 08:48:45,645:DEBUG:certbot._internal.display.obj:Notifying user: Challenges loaded. Press continue to submit to CA.

The following URLs should be accessible from the internet and return the value
mentioned:

URL:
http://webshare.sxces.com/.well-known/acme-challenge/3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew
Expected value:
3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew.yLECcovyMH9a8nEfb_NUSCcF89nn-FFC1WfuvcYWjro
2025-01-28 08:49:07,835:DEBUG:acme.client:JWS payload:
b'{}'
2025-01-28 08:49:07,838:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860077864/SRpfsQ:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Mzc5NDAyNCIsICJub25jZSI6ICJfdmtQYjVzckZfVUd6WDJDaGN1eG1UVE9YTzhTamFVVHVYMVJBcFNwOTIweHVRYU9jRUEiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwvNjM3OTQwMjQvMTU4NjAwNzc4NjQvU1JwZnNRIn0",
"signature": "otuBonwCgDw9lV3GSCh4Tndf5lsFLmOrGeMvJB4Es49zv8W0H2dTfuo4ezOKku8s0K8LVRKxje-1YDu2s6Ey3n1alyOlYIZzH97HJ8iIR297fWwT6_DWzfgjDmDz4Qr9-zaizX4kiSCtrTiu9H_7K51YZbuRolDDmJItW1JRDulC1PmnyDkHQRqmUZDzZ5tfxUIT-5Ci7V-l3vJicJy9EPff_S5dWNFXqrvOi2z8mqyDBa0s_-HKPoKl2m39y1WVHWfMkLEM6sS1MYGumUBfdaHxbKzC_fSfhhAH0FjdRfHFZS5NoEeEmii2SskAoqgsdBKob_1xw08qNV2di0sTjw",
"payload": "e30"
}
2025-01-28 08:49:07,992:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall/63794024/15860077864/SRpfsQ HTTP/1.1" 200 200
2025-01-28 08:49:07,993:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 07:49:07 GMT
Content-Type: application/json
Content-Length: 200
Connection: keep-alive
Boulder-Requester: 63794024
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index", https://acme-staging-v02.api.letsencrypt.org/acme/authz/63794024/15860077864;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860077864/SRpfsQ
Replay-Nonce: _vkPb5srs73923BPhOf50Ircrd-A_ro-YMHSaiMLLSrMR6WsmN4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860077864/SRpfsQ",
"status": "pending",
"token": "3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew"
}
2025-01-28 08:49:07,993:DEBUG:acme.client:Storing nonce: _vkPb5srs73923BPhOf50Ircrd-A_ro-YMHSaiMLLSrMR6WsmN4
2025-01-28 08:49:07,994:INFO:certbot._internal.auth_handler:Waiting for verification...
2025-01-28 08:49:08,111:DEBUG:acme.standalone:::ffff:66.133.109.36 - - Incoming request
2025-01-28 08:49:08,278:DEBUG:acme.standalone:::ffff:66.133.109.36 - - Serving HTTP01 with token '3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew'
2025-01-28 08:49:08,278:DEBUG:acme.standalone:::ffff:66.133.109.36 - - "GET /.well-known/acme-challenge/3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew HTTP/1.1" 200 -
2025-01-28 08:49:08,558:DEBUG:acme.standalone:::ffff:13.53.43.250 - - Incoming request
2025-01-28 08:49:08,582:DEBUG:acme.standalone:::ffff:13.53.43.250 - - Serving HTTP01 with token '3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew'
2025-01-28 08:49:08,583:DEBUG:acme.standalone:::ffff:13.53.43.250 - - "GET /.well-known/acme-challenge/3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew HTTP/1.1" 200 -
2025-01-28 08:49:08,669:DEBUG:acme.standalone:::ffff:13.58.129.180 - - Incoming request
2025-01-28 08:49:08,783:DEBUG:acme.standalone:::ffff:13.58.129.180 - - Serving HTTP01 with token '3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew'
2025-01-28 08:49:08,784:DEBUG:acme.standalone:::ffff:13.58.129.180 - - "GET /.well-known/acme-challenge/3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew HTTP/1.1" 200 -
2025-01-28 08:49:08,784:DEBUG:acme.standalone:::ffff:34.219.62.209 - - Incoming request
2025-01-28 08:49:08,928:DEBUG:acme.standalone:::ffff:34.219.62.209 - - Serving HTTP01 with token '3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew'
2025-01-28 08:49:08,928:DEBUG:acme.standalone:::ffff:34.219.62.209 - - "GET /.well-known/acme-challenge/3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew HTTP/1.1" 200 -
2025-01-28 08:49:08,994:DEBUG:acme.client:JWS payload:
b''
2025-01-28 08:49:08,998:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/63794024/15860077864:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Mzc5NDAyNCIsICJub25jZSI6ICJfdmtQYjVzcnM3MzkyM0JQaE9mNTBJcmNyZC1BX3JvLVlNSFNhaU1MTFNyTVI2V3NtTjQiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovNjM3OTQwMjQvMTU4NjAwNzc4NjQifQ",
"signature": "P6NxtYC1JwU42t0u6B4l1PtoREsn-qFHVy1bsdqX5-haxG8u92pCCuE-39p8plYJLD0MkFxPR7kLRwiCqhXBBCzLMwO42gmijIkBW7UYTw40mq0WXC7zpgull2s31cZuF7ZP9RBHEVdSPFqRH1VkofK92NtV3ZDfJvZnLutuOZuXNnjaG2bh5zHi0Ldbkjgb-bkYZJDrZYqfJu2yDJn9rye7D246FirlMW9_6BDcMn3E0UWkTb4C6iZ7NLrQu5k70iSJcEh3P65E_MI_ANQO8G2sFhkQ6kQiS6WMSiGGvW35mYaabIZcpsAS8YUJQ-HfdGWOopHgJiqbLIFsqm7w0A",
"payload": ""
}
2025-01-28 08:49:09,147:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/63794024/15860077864 HTTP/1.1" 200 841
2025-01-28 08:49:09,148:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 07:49:09 GMT
Content-Type: application/json
Content-Length: 841
Connection: keep-alive
Boulder-Requester: 63794024
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: _vkPb5sr0TlRMvm7bFwpYT8PCisiQBcCQvSEd0eXLvLNIfooBE0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "webshare.sxces.com"
},
"status": "pending",
"expires": "2025-02-04T07:48:45Z",
"challenges": [
{
"type": "dns-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860077864/6KvdBA",
"status": "pending",
"token": "3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew"
},
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860077864/SRpfsQ",
"status": "pending",
"token": "3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew"
},
{
"type": "tls-alpn-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860077864/cCX30w",
"status": "pending",
"token": "3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew"
}
]
}
2025-01-28 08:49:09,148:DEBUG:acme.client:Storing nonce: _vkPb5sr0TlRMvm7bFwpYT8PCisiQBcCQvSEd0eXLvLNIfooBE0
2025-01-28 08:49:12,149:DEBUG:acme.client:JWS payload:
b''
2025-01-28 08:49:12,153:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/63794024/15860077864:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Mzc5NDAyNCIsICJub25jZSI6ICJfdmtQYjVzcjBUbFJNdm03YkZ3cFlUOFBDaXNpUUJjQ1F2U0VkMGVYTHZMTklmb29CRTAiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovNjM3OTQwMjQvMTU4NjAwNzc4NjQifQ",
"signature": "GWf0KjdhYExcROQzXFCjHoa0rF2C3fVuz9WaviwCkByE9boI78O_kky8IZLvzFHlBICJMVu2tz16UhhsKg3CLg8SztUXVKkZV3nweLAdj6Kd81MDNGBHWmYCrUB3czzMOZWUg64uirk1cvoXvMXyIMX7Q-tVicesPbIbX6Pu7DGGCNEp5BUsOPT8GmQ4srb8FqDV4tq8sp4a2aQxaqJnAMMSymMjzpiWDm_ZyJIEiG10mnSVYDTtOeh7BvJQ9lgmMpxiekYyE3bDSMsiRr8JOEo9wOIhfDAyWIQxpqVSrCXfaynkwOY0sRl35aIm_K0NenXZ4aIDgMwXXWa6V7pLKA",
"payload": ""
}
2025-01-28 08:49:12,302:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/63794024/15860077864 HTTP/1.1" 200 782
2025-01-28 08:49:12,303:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 07:49:12 GMT
Content-Type: application/json
Content-Length: 782
Connection: keep-alive
Boulder-Requester: 63794024
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: h8qLw8hs83fCMAec-14_zKFkbiJPhSZL8uOvbVQQlhDfA85oG5o
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "webshare.sxces.com"
},
"status": "valid",
"expires": "2025-02-27T07:49:09Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860077864/SRpfsQ",
"status": "valid",
"validated": "2025-01-28T07:49:07Z",
"token": "3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew",
"validationRecord": [
{
"url": "http://webshare.sxces.com/.well-known/acme-challenge/3xQZLemFltwdUJLp__VPcTvjPOSKB73Cxv9SHwUNbew",
"hostname": "webshare.sxces.com",
"port": "80",
"addressesResolved": [
"87.129.184.91"
],
"addressUsed": "87.129.184.91"
}
]
}
]
}
2025-01-28 08:49:12,303:DEBUG:acme.client:Storing nonce: h8qLw8hs83fCMAec-14_zKFkbiJPhSZL8uOvbVQQlhDfA85oG5o
2025-01-28 08:49:12,304:DEBUG:certbot._internal.error_handler:Calling registered functions
2025-01-28 08:49:12,304:INFO:certbot._internal.auth_handler:Cleaning up challenges
2025-01-28 08:49:12,305:DEBUG:certbot._internal.plugins.standalone:Stopping server at :::80...
2025-01-28 08:49:12,436:DEBUG:certbot._internal.client:CSR: CSR(file=None, data=b'-----BEGIN CERTIFICATE REQUEST-----\nMIHqMIGSAgEAMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARwSuluDLZWGjgH\nB7HwgTvsyJXwsm2KahZazt3Xs3OOxGS/RWnUDJ8LFF+w2pqQh2TjkbopkkUVgTAe\n6l4Z4guAoDAwLgYJKoZIhvcNAQkOMSEwHzAdBgNVHREEFjAUghJ3ZWJzaGFyZS5z\neGNlcy5jb20wCgYIKoZIzj0EAwIDRwAwRAIgYXacu8uutR+FXlRqUtQtysGdRvAM\nbdfas4XFF0sG+0QCIAw2j1gztTmK8J3Q0fDOBqFnqbpkvqF39Pd+bBxn/cEf\n-----END CERTIFICATE REQUEST-----\n', form='pem')
2025-01-28 08:49:12,437:DEBUG:certbot._internal.client:Will poll for certificate issuance until 2025-01-28 08:50:42.437456
2025-01-28 08:49:12,452:DEBUG:acme.client:JWS payload:
b'{\n "csr": "MIHqMIGSAgEAMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARwSuluDLZWGjgHB7HwgTvsyJXwsm2KahZazt3Xs3OOxGS_RWnUDJ8LFF-w2pqQh2TjkbopkkUVgTAe6l4Z4guAoDAwLgYJKoZIhvcNAQkOMSEwHzAdBgNVHREEFjAUghJ3ZWJzaGFyZS5zeGNlcy5jb20wCgYIKoZIzj0EAwIDRwAwRAIgYXacu8uutR-FXlRqUtQtysGdRvAMbdfas4XFF0sG-0QCIAw2j1gztTmK8J3Q0fDOBqFnqbpkvqF39Pd-bBxn_cEf"\n}'
2025-01-28 08:49:12,454:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/finalize/63794024/22262355694:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Mzc5NDAyNCIsICJub25jZSI6ICJoOHFMdzhoczgzZkNNQWVjLTE0X3pLRmtiaUpQaFNaTDh1T3ZiVlFRbGhEZkE4NW9HNW8iLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvZmluYWxpemUvNjM3OTQwMjQvMjIyNjIzNTU2OTQifQ",
"signature": "wro_iLIa2SnWqhDgAWWG-HdLkK-2VOg5scTZNrpBUN-glbPQovQx4OOt2YYKLUH96IXlli1vev8VgdJSh9tstQqfmffmN_gipAjzPAROVusSfuFGSqJU91ThUFXkH-btkn-Wr_y8_bJImHl9OXFOu5sQu5NnbzPwOSB8Ijpag1eXz5FPVH5mIaN-_5i0A53zzyQTt3RvrlVpOZketZ8SiIfboka4YwLGQBWVFsB2lR1-vj3hFbKs4Ay46ZAkqTatyknydOGvqwSPw7I0PjJhHeyppP4wkuuxq_UM5eMA2pLfNlTmPR_msaFEbB853Yj9udrZfOrchsLu6kUmUotisQ",
"payload": "ewogICJjc3IiOiAiTUlIcU1JR1NBZ0VBTUFBd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFSd1N1bHVETFpXR2pnSEI3SHdnVHZzeUpYd3NtMkthaFphenQzWHMzT094R1NfUlduVURKOExGRi13MnBxUWgyVGprYm9wa2tVVmdUQWU2bDRaNGd1QW9EQXdMZ1lKS29aSWh2Y05BUWtPTVNFd0h6QWRCZ05WSFJFRUZqQVVnaEozWldKemFHRnlaUzV6ZUdObGN5NWpiMjB3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnWVhhY3U4dXV0Ui1GWGxScVV0UXR5c0dkUnZBTWJkZmFzNFhGRjBzRy0wUUNJQXcyajFnenRUbUs4SjNRMGZET0JxRm5xYnBrdnFGMzlQZC1iQnhuX2NFZiIKfQ"
}
2025-01-28 08:49:12,621:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/finalize/63794024/22262355694 HTTP/1.1" 200 365
2025-01-28 08:49:12,622:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 07:49:12 GMT
Content-Type: application/json
Content-Length: 365
Connection: keep-alive
Boulder-Requester: 63794024
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/63794024/22262355694
Replay-Nonce: _vkPb5srCu2QGweBDWOROMBmUaZmzp8BLzfnkhjPxbfxZ6S4y7U
Retry-After: 3
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "processing",
"expires": "2025-02-04T07:48:45Z",
"identifiers": [
{
"type": "dns",
"value": "webshare.sxces.com"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz/63794024/15860077864"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/63794024/22262355694"
}
2025-01-28 08:49:12,622:DEBUG:acme.client:Storing nonce: _vkPb5srCu2QGweBDWOROMBmUaZmzp8BLzfnkhjPxbfxZ6S4y7U
2025-01-28 08:49:13,623:DEBUG:acme.client:JWS payload:
b''
2025-01-28 08:49:13,627:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/order/63794024/22262355694:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Mzc5NDAyNCIsICJub25jZSI6ICJfdmtQYjVzckN1MlFHd2VCRFdPUk9NQm1VYVptenA4Qkx6Zm5raGpQeGJmeFo2UzR5N1UiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvb3JkZXIvNjM3OTQwMjQvMjIyNjIzNTU2OTQifQ",
"signature": "ZcTshC-1YN7Xsu_i32FCvT3J7Vvp2_Wfi7Z-EZrraBu_dUOQBjtjwFtEHk3lPER98tgSkfTu41ivY5LM6a9HHh-SmP-2LyKd-nCyLa840rHM-iOn96mLP7_VejdSSAyPlhcl1IT6ERLVhW6jx6UANxhXmnFsuArE89A0yZQ0PzRxhN4bbjVG0Zj1Dscba2M10hAN3751yq8ptedc38O9wOGAo8a9mKsudr1cTlsmwNWQw0J7soFu06ERadCCpnwrKpzAiHeRsivEkQUgAgNNJVzgvt5NyWD5eK9te-EE6m_ZM7HMB6QYbFXkso2JVmNclZKkNHLE-VTcZWsrnNnoww",
"payload": ""
}
2025-01-28 08:49:13,777:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/order/63794024/22262355694 HTTP/1.1" 200 472
2025-01-28 08:49:13,778:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 07:49:13 GMT
Content-Type: application/json
Content-Length: 472
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: _vkPb5srWUDUbEaAwYZh8Kx9VLofArXnViRNun15CIpR__kN2F8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "valid",
"expires": "2025-02-04T07:48:45Z",
"identifiers": [
{
"type": "dns",
"value": "webshare.sxces.com"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz/63794024/15860077864"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/63794024/22262355694",
"certificate": "https://acme-staging-v02.api.letsencrypt.org/acme/cert/2bfd24f107cfa38afec364fda7eaeaed367f"
}
2025-01-28 08:49:13,778:DEBUG:acme.client:Storing nonce: _vkPb5srWUDUbEaAwYZh8Kx9VLofArXnViRNun15CIpR__kN2F8
2025-01-28 08:49:13,779:DEBUG:acme.client:JWS payload:
b''
2025-01-28 08:49:13,783:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/cert/2bfd24f107cfa38afec364fda7eaeaed367f:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Mzc5NDAyNCIsICJub25jZSI6ICJfdmtQYjVzcldVRFViRWFBd1laaDhLeDlWTG9mQXJYblZpUk51bjE1Q0lwUl9fa04yRjgiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2VydC8yYmZkMjRmMTA3Y2ZhMzhhZmVjMzY0ZmRhN2VhZWFlZDM2N2YifQ",
"signature": "WcfYkEi48rfHpMOf6ROkq72tk5pnedDxjmNhBcVkaTTCNNyqylcUFjZ63No69A-NlJQIRBfNDLqyJLZI7q8gtzsCZVNXA7mtUVnHJDsDwYF9A4Ef0WFgpKbPiOArTdqphlJpbC_XHz2sJ7Q73iLuoVt8VCFOwNUn9mPsoYNO5mwWTxvRuLz53wdQGoumCE0qVXNwawdh3CunEyjwtQqBQdmT3iszw24sK0Skl5mAAowdCrQAVGZxJOt258NuP4VYpLwnlMvuNjptRy4EAkvaSbtV1G6K1qhoXTOZ8FtA11ysUB2LRazweLOyDeYXseSAMZv-3y9bFiDj4ufFXkfcBg",
"payload": ""
}
2025-01-28 08:49:13,933:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/cert/2bfd24f107cfa38afec364fda7eaeaed367f HTTP/1.1" 200 2998
2025-01-28 08:49:13,934:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 07:49:13 GMT
Content-Type: application/pem-certificate-chain
Content-Length: 2998
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index", https://acme-staging-v02.api.letsencrypt.org/acme/cert/2bfd24f107cfa38afec364fda7eaeaed367f/1;rel="alternate"
Replay-Nonce: _vkPb5sr7S3ph0qWrIrLhjuR51U7pNlKQUspcDLYmt-oHQdbyzA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

-----BEGIN CERTIFICATE-----
MIIDtjCCAzygAwIBAgISK/0k8QfPo4r+w2T9p+rq7TZ/MAoGCCqGSM49BAMDMFIx
CzAJBgNVBAYTAlVTMSAwHgYDVQQKExcoU1RBR0lORykgTGV0J3MgRW5jcnlwdDEh
MB8GA1UEAxMYKFNUQUdJTkcpIFBzZXVkbyBQbHVtIEU1MB4XDTI1MDEyODA2NTA0
MloXDTI1MDQyODA2NTA0MVowHTEbMBkGA1UEAxMSd2Vic2hhcmUuc3hjZXMuY29t
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEcErpbgy2Vho4Bwex8IE77MiV8LJt
imoWWs7d17NzjsRkv0Vp1AyfCxRfsNqakIdk45G6KZJFFYEwHupeGeILgKOCAiUw
ggIhMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU8r2V/hsKgO3c+Itcc80STj71X48w
HwYDVR0jBBgwFoAU/EbRAUNfu3umPTBorhG64LxtydMwXQYIKwYBBQUHAQEEUTBP
MCUGCCsGAQUFBzABhhlodHRwOi8vc3RnLWU1Lm8ubGVuY3Iub3JnMCYGCCsGAQUF
BzAChhpodHRwOi8vc3RnLWU1LmkubGVuY3Iub3JnLzAdBgNVHREEFjAUghJ3ZWJz
aGFyZS5zeGNlcy5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggENBgorBgEEAdZ5
AgQCBIH+BIH7APkAdwAh5RpE2LnnVA6n++C613c2FWBmhNFa6zPmRbTpVfOIgwAA
AZSr4sMnAAAEAwBIMEYCIQDrHia3rwnk4ja7x5mDmYqFN36rOgbggl/tc/K7+Wx+
YAIhAIWze6jB0sj1szzRZ4vUi9fAAf2X93kgiUuBYfT4tsM2AH4AlZC9hfLPxQZJ
mKurW7JsLnoXZwKRHBO2i0gF4euUJ+8AAAGUq+LElQAIAAAFAFjisgYEAwBHMEUC
IBRG1nOfwlEbgyG3EONyijQdJ6oF0CBzhIDHUlv6oI12AiEAp1VtdOhE1QV9ugFU
l1ijgxfpg9sIWfbYNw5l1mBOBVcwCgYIKoZIzj0EAwMDaAAwZQIwPXS2m3bUTehX
k9fCUEbckOdGO3PJt7700WSRR6BNM06dVZSiAcdxENbmOld0Z6oOAjEA2PXG4ssW
84srXGH65OLwA6WXannCF3PftSxnwUyNV4kTBu8Kgg5aunBlbtVAP1SK
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIEljCCAn6gAwIBAgIQRzEp1D1mDiVVv4b1zlB56jANBgkqhkiG9w0BAQsFADBm
MQswCQYDVQQGEwJVUzEzMDEGA1UEChMqKFNUQUdJTkcpIEludGVybmV0IFNlY3Vy
aXR5IFJlc2VhcmNoIEdyb3VwMSIwIAYDVQQDExkoU1RBR0lORykgUHJldGVuZCBQ
ZWFyIFgxMB4XDTI0MDMxMzAwMDAwMFoXDTI3MDMxMjIzNTk1OVowUjELMAkGA1UE
BhMCVVMxIDAeBgNVBAoTFyhTVEFHSU5HKSBMZXQncyBFbmNyeXB0MSEwHwYDVQQD
ExgoU1RBR0lORykgUHNldWRvIFBsdW0gRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
AATljbbcV+mqWZa3g+z0bDOuBpZOtbi48iK9rjLtPdRU0WsgVp53MW3nXFU6qVYV
zEYaYd6PSmec0Tj3R5zEp5/F+cuOjTdh3AkTMzYm1tkflocPBN5APHYZ+76WxZad
q+WjggEAMIH9MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAgYI
KwYBBQUHAwEwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU/EbRAUNfu3um
PTBorhG64LxtydMwHwYDVR0jBBgwFoAUtfNl8v6wCpIf+zx980SgrGMlwxQwNgYI
KwYBBQUHAQEEKjAoMCYGCCsGAQUFBzAChhpodHRwOi8vc3RnLXgxLmkubGVuY3Iu
b3JnLzATBgNVHSAEDDAKMAgGBmeBDAECATArBgNVHR8EJDAiMCCgHqAchhpodHRw
Oi8vc3RnLXgxLmMubGVuY3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAAtCGn4iG
cupruhkCTcoDqSIVTFgVR8JJ3GvGL7SYwIc4Fn0As66nQgnkATIzF5+gFb+CXEQD
qR2Jo+R38OeT7lQ1rNDcaJcbY6hL8cNRku3QlcfdYODZ5pgTVH04gTZUJISZKLjD
kMMcQIDZlF7iYqTvmHbn2ISSKorsJ3QKAvWhHwMoJtocSz3VeDJIep5QtbHnoXh1
/dyDx7sp8RuhC0eO9ElTgDtiA2V6JxigLPzqcnibBBR4bFLGtMNE4EvOOD/Fkd0L
hdGDbAMNd+O06n+b0rgmDvg75IgOV6fpDrdZFoiNfCckOEJh9v10uYt4pTc3B6lf
zI/X3EWP1H4VJmsYuy+OA29jPeP831sAObZtd3RWv0LQPrMfx6FCmy4AaeYEMvul
FrF6OX+JbssE+bn83F+sGEMZu/eVBwwKh3db7+2UduMdTOb8DePE3Aqlg9zofS8X
9fJXrrp+PPrdQyvM3e8DxuioWa9GLG30yD9WD6WTlSiiOrdWGOzisWpW4shFoL8u
0EfmeLVU4JVbauhOYZASQXABNeXewe9lqJWwfqaARYpRjyf+jRibn22H5NVK4Vog
l55Iq1rUgjc8r493NaNrlNwG7va7Ztkch5lJ3oL/FEVlVSK4snTbgb0b5qjQz3SA
i7rA/8QRZvOLnKNtdEUlDZNrzkZwHNluLGw=
-----END CERTIFICATE-----

2025-01-28 08:49:13,934:DEBUG:acme.client:Storing nonce: _vkPb5sr7S3ph0qWrIrLhjuR51U7pNlKQUspcDLYmt-oHQdbyzA
2025-01-28 08:49:13,935:DEBUG:certbot._internal.renewal:Dry run: skipping updating lineage at /etc/letsencrypt/live/webshare.sxces.com
2025-01-28 08:49:13,937:INFO:certbot._internal.hooks:Dry run: skipping deploy hook command: /etc/letsencrypt/renewal-hooks/deploy/ntpsec
2025-01-28 08:49:13,938:DEBUG:certbot._internal.display.obj:Notifying user: The dry run was successful.

Failed with renew:

2025-01-28 09:03:50,270:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2025-01-28 09:03:50,390:DEBUG:certbot._internal.main:certbot version: 3.1.0
2025-01-28 09:03:50,391:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/4325/bin/certbot
2025-01-28 09:03:50,391:DEBUG:certbot._internal.main:Arguments: ['-v', '--dry-run', '--debug-challenges', '--preconfigured-renewal']
2025-01-28 09:03:50,391:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-01-28 09:03:50,398:DEBUG:certbot._internal.log:Root logging level set at 20
2025-01-28 09:03:50,398:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/webshare.sxces.com.conf
2025-01-28 09:03:50,399:DEBUG:certbot.configuration:Var server=https://acme-staging-v02.api.letsencrypt.org/directory (set by user).
2025-01-28 09:03:50,399:DEBUG:certbot.configuration:Var account=None (set by user).
2025-01-28 09:03:50,400:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2025-01-28 09:03:50,408:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r10.o.lencr.org:80
2025-01-28 09:04:10,801:DEBUG:urllib3.connectionpool:http://r10.o.lencr.org:80 "POST / HTTP/1.1" 200 504
2025-01-28 09:04:10,803:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/webshare.sxces.com/cert14.pem is signed by the certificate's issuer.
2025-01-28 09:04:10,805:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/webshare.sxces.com/cert14.pem is: OCSPCertStatus.GOOD
2025-01-28 09:04:10,813:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2025-01-31 22:02:11 UTC.
2025-01-28 09:04:10,813:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2025-01-28 09:04:10,813:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2025-01-28 09:04:10,814:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
Description: Runs an HTTP server locally which serves the necessary validation files under the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP server already running. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='standalone', value='certbot._internal.plugins.standalone:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x7f5705643e00>
Prep: True
2025-01-28 09:04:10,814:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x7f5705643e00> and installer None
2025-01-28 09:04:10,814:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2025-01-28 09:04:10,859:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/63794024', new_authzr_uri=None, terms_of_service=None), f5971f0c27297836c3bf94494f476440, Meta(creation_dt=datetime.datetime(2022, 8, 8, 20, 40, 47, tzinfo=datetime.timezone.utc), creation_host='webshare', register_to_eff=None))>
2025-01-28 09:04:10,859:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2025-01-28 09:04:10,860:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2025-01-28 09:04:56,820:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 974
2025-01-28 09:04:56,821:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 08:04:56 GMT
Content-Type: application/json
Content-Length: 974
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"h1jm1pLCwNc": "Adding random entries to the directory",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"profiles": {
"classic": "The same profile you're accustomed to",
"tlsserver": "Announcing Certificate Profile Selection - Let's Encrypt"
},
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
"website": "Staging Environment - Let's Encrypt"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-01-28 09:04:56,823:DEBUG:certbot._internal.display.obj:Notifying user: Simulating renewal of an existing certificate for webshare.sxces.com
2025-01-28 09:04:56,933:DEBUG:acme.client:Requesting fresh nonce
2025-01-28 09:04:56,933:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2025-01-28 09:04:57,080:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-01-28 09:04:57,081:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 08:04:57 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: _vkPb5srxKieGcreGX6kkV1R26wgNUVizHFdz8nAeMzkX-jO-xg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2025-01-28 09:04:57,081:DEBUG:acme.client:Storing nonce: _vkPb5srxKieGcreGX6kkV1R26wgNUVizHFdz8nAeMzkX-jO-xg
2025-01-28 09:04:57,082:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "webshare.sxces.com"\n }\n ]\n}'
2025-01-28 09:04:57,088:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Mzc5NDAyNCIsICJub25jZSI6ICJfdmtQYjVzcnhLaWVHY3JlR1g2a2tWMVIyNndnTlVWaXpIRmR6OG5BZU16a1gtak8teGciLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
"signature": "mBeGdVwJbTCjerHvPlY-Mgt8e4nEo8mG-jrkTviqOGoxPyc9okDmnYru0Ot8i24d6yXMK0UmdGGSFcpY5eIcvqB6l2SOMKV_YBOSzM8DaeUd0NnexY5vO5hbP_VHzBT4rLI6I_Kqum7qTMh5qq4g-oGy9D4U-xGFFQfzaE6ul0rPvHNowD58z2Hb5XvDOURI0VVuuIRucFYrRadkEdgaWA466E2rsGKFSYm511cXFwJ6qjNYmgLWa81UzGx3c13X7u1hP5ZoQagLWjYwuC0ENwf6DqK3XT5jRhkKzDVGLR4ukrV9Nca8IJsLlW0bHGJYVGV_X5Y6PdCWgv7GR49avQ",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIndlYnNoYXJlLnN4Y2VzLmNvbSIKICAgIH0KICBdCn0"
}
2025-01-28 09:04:57,273:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 362
2025-01-28 09:04:57,274:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 28 Jan 2025 08:04:57 GMT
Content-Type: application/json
Content-Length: 362
Connection: keep-alive
Boulder-Requester: 63794024
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/63794024/22262570074
Replay-Nonce: h8qLw8hs4rnMN3wPnu7d3xMJBxz_Nxf2_fPMqPsPZibxG0hEyVo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2025-02-04T08:04:57Z",
"identifiers": [
{
"type": "dns",
"value": "webshare.sxces.com"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz/63794024/15860194724"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/63794024/22262570074"
}
2025-01-28 09:04:57,274:DEBUG:acme.client:Storing nonce: h8qLw8hs4rnMN3wPnu7d3xMJBxz_Nxf2_fPMqPsPZibxG0hEyVo
2025-01-28 09:04:57,275:DEBUG:acme.client:JWS payload:
b''
2025-01-28 09:04:57,278:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/63794024/15860194724:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Mzc5NDAyNCIsICJub25jZSI6ICJoOHFMdzhoczRybk1OM3dQbnU3ZDN4TUpCeHpfTnhmMl9mUE1xUHNQWmlieEcwaEV5Vm8iLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovNjM3OTQwMjQvMTU4NjAxOTQ3MjQifQ",
"signature": "Vid6WS8yZG5kIRbWzQ49WbFZVmNLYI2KcX0Xa9VtOB2sRoffSltkYdrWA9CsJPo8DuPG8ebzdz8HzcYwEiAcQ99fiaBwNXEDioC8lVk_w0CZFyhIP0jP_IyGBq3URUmNo33UF9dj1C5XI1NuotcW27d_6hSvGGF1xJNMbcd-c7m9Nm7wLyx4yAjXUB_At2VBcyzzmZCzKjREFRiMf1d8eBZJnWTEPaKKUXIoEdw2YfQz8eOD0E0zEUrdyUP7MYHZ951oIzkoCoYTRhHTLwhZqnJeRFyvnkZ0XKCJGOOfoW9BAe1g_nOECp7GsrpwCv2JycXsZg9_Gi3MrlNMAZaZ5g",
"payload": ""
}
2025-01-28 09:04:57,434:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/63794024/15860194724 HTTP/1.1" 200 841
2025-01-28 09:04:57,435:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 08:04:57 GMT
Content-Type: application/json
Content-Length: 841
Connection: keep-alive
Boulder-Requester: 63794024
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: h8qLw8hsbzNvzRshpw72RMQq9FtTCB7DwGVqz3DgYwPDhPmhnOg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "webshare.sxces.com"
},
"status": "pending",
"expires": "2025-02-04T08:04:57Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860194724/RXGVYg",
"status": "pending",
"token": "s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI"
},
{
"type": "dns-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860194724/Hw82MA",
"status": "pending",
"token": "s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI"
},
{
"type": "tls-alpn-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860194724/avXrlw",
"status": "pending",
"token": "s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI"
}
]
}
2025-01-28 09:04:57,435:DEBUG:acme.client:Storing nonce: h8qLw8hsbzNvzRshpw72RMQq9FtTCB7DwGVqz3DgYwPDhPmhnOg
2025-01-28 09:04:57,436:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-01-28 09:04:57,437:INFO:certbot._internal.auth_handler:http-01 challenge for webshare.sxces.com
2025-01-28 09:04:57,439:DEBUG:acme.standalone:Successfully bound to :80 using IPv6
2025-01-28 09:04:57,439:DEBUG:acme.standalone:Certbot wasn't able to bind to :80 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
2025-01-28 09:04:57,442:DEBUG:certbot._internal.display.obj:Notifying user: Challenges loaded. Press continue to submit to CA.

The following URLs should be accessible from the internet and return the value
mentioned:

URL:
http://webshare.sxces.com/.well-known/acme-challenge/s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI
Expected value:
s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI.yLECcovyMH9a8nEfb_NUSCcF89nn-FFC1WfuvcYWjro
2025-01-28 09:04:57,442:DEBUG:acme.client:JWS payload:
b'{}'
2025-01-28 09:04:57,445:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860194724/RXGVYg:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Mzc5NDAyNCIsICJub25jZSI6ICJoOHFMdzhoc2J6TnZ6UnNocHc3MlJNUXE5RnRUQ0I3RHdHVnF6M0RnWXdQRGhQbWhuT2ciLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwvNjM3OTQwMjQvMTU4NjAxOTQ3MjQvUlhHVllnIn0",
"signature": "WYCdCrKHHZ96XGP93HgKhODDyevq-113TV_EM3GIDZBRfoeoe_tzegLFunso5LpPMDzrxZ1jRhjtGxkEZRFElXRKpAhu77DxkF7-HLSqLzV7CfPwOU7K-R3-qhJnVsBGtK-uVJ6elTy_MpleXpTkI6O5sxYHf7HcIQHRskfxm-ABf-pnujBvvZ1kHP2R1qbfZpjtWcp0MmNt9E3LQOOcBkmE0LjYBZ8sMcle8HlvsVGzr8_nHH-S6etSF4SjgjFky6NGErxJreoYx97K_hydHbSLQs4OG1O68O7JP9-ioEBi6SjdGM1PNfOukjwbyTyn7_H7OxolSh_xTeMs5m4gcw",
"payload": "e30"
}
2025-01-28 09:04:57,603:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall/63794024/15860194724/RXGVYg HTTP/1.1" 200 200
2025-01-28 09:04:57,604:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 08:04:57 GMT
Content-Type: application/json
Content-Length: 200
Connection: keep-alive
Boulder-Requester: 63794024
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index", https://acme-staging-v02.api.letsencrypt.org/acme/authz/63794024/15860194724;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860194724/RXGVYg
Replay-Nonce: _vkPb5srUEVFvQ9YPtUKPlPwy4tv22iCR5uqMVCyyV4oLy9h3BI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860194724/RXGVYg",
"status": "pending",
"token": "s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI"
}
2025-01-28 09:04:57,604:DEBUG:acme.client:Storing nonce: _vkPb5srUEVFvQ9YPtUKPlPwy4tv22iCR5uqMVCyyV4oLy9h3BI
2025-01-28 09:04:57,605:INFO:certbot._internal.auth_handler:Waiting for verification...
2025-01-28 09:04:57,714:DEBUG:acme.standalone:::ffff:66.133.109.36 - - Incoming request
2025-01-28 09:04:57,884:DEBUG:acme.standalone:::ffff:66.133.109.36 - - Serving HTTP01 with token 's4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI'
2025-01-28 09:04:57,885:DEBUG:acme.standalone:::ffff:66.133.109.36 - - "GET /.well-known/acme-challenge/s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI HTTP/1.1" 200 -
2025-01-28 09:04:58,606:DEBUG:acme.client:JWS payload:
b''
2025-01-28 09:04:58,610:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/63794024/15860194724:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Mzc5NDAyNCIsICJub25jZSI6ICJfdmtQYjVzclVFVkZ2UTlZUHRVS1BsUHd5NHR2MjJpQ1I1dXFNVkN5eVY0b0x5OWgzQkkiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovNjM3OTQwMjQvMTU4NjAxOTQ3MjQifQ",
"signature": "KA9ZXAXZ8Vrk9dtVC5l-ShGDV-ZElFwGnQk9XZZ0cOuJd0HjbIMSgxkdre28Q2P1D6HSly1KhCFdDMVR-DTjtkZMdNwFJ1h3DZzaI45wCL3Moz7JSRfC_BMlAdmwY--0kvn-A_oSjzQEJCkzZsMaubzA00TSgi6rcR6esjHllrWwO7_u_RCwZVOTsV3lamQDLMndLCBeWEn7K0c4Z0Ojdd7CysO9V4ahfbsQ8VGfhDsdqCB_DQac7x6yLf7NhJSx_V9S-GfFfKGI3-vqb2fOnGv3qA74HY8mk_zbJ0aOzgwo0uG0bo2HhSdMSpwZK0Vn5y_mlTOMxoffRC5kK7vssw",
"payload": ""
}
2025-01-28 09:04:58,761:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/63794024/15860194724 HTTP/1.1" 200 841
2025-01-28 09:04:58,762:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 08:04:58 GMT
Content-Type: application/json
Content-Length: 841
Connection: keep-alive
Boulder-Requester: 63794024
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: _vkPb5srmDRCDdRUVxJ2dNdCUCLhw4qEkuJWSUdOfXU--Ee7kgo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "webshare.sxces.com"
},
"status": "pending",
"expires": "2025-02-04T08:04:57Z",
"challenges": [
{
"type": "dns-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860194724/Hw82MA",
"status": "pending",
"token": "s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI"
},
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860194724/RXGVYg",
"status": "pending",
"token": "s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI"
},
{
"type": "tls-alpn-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860194724/avXrlw",
"status": "pending",
"token": "s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI"
}
]
}
2025-01-28 09:04:58,763:DEBUG:acme.client:Storing nonce: _vkPb5srmDRCDdRUVxJ2dNdCUCLhw4qEkuJWSUdOfXU--Ee7kgo
2025-01-28 09:05:01,764:DEBUG:acme.client:JWS payload:
b''
2025-01-28 09:05:01,768:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/63794024/15860194724:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Mzc5NDAyNCIsICJub25jZSI6ICJfdmtQYjVzcm1EUkNEZFJVVnhKMmROZENVQ0xodzRxRWt1SldTVWRPZlhVLS1FZTdrZ28iLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovNjM3OTQwMjQvMTU4NjAxOTQ3MjQifQ",
"signature": "kYWeF5drimklYuHoADMNelGW-Em9TWw9IXnKzUDOtnBQzYqrZyQrmkFUwRocFMNgqesuMhzaRu96RqHTUhuv21OjSpg_uMjh_TLTAuKaigldn-XRJGI4N3fqFPERHJUXx1BfkNxvo14j4EU4zOIfGZktgCpfsJLfizqXNyiURXpHOnENdCVLT_LNKdh3dLFBceHuSPqwUTYEX2Whw7_b66v3XlGpu3Ox-7CpZF9fX-MURdaDxb2VJIbflFF0LvjmaoO23AfUvGz8dDmGcEXtzPNKUl87HViaFg8a4mqM4usJy1fuT26NSYAoxbmhTFNM7f7bPqThmIq7rPY2I4f3ig",
"payload": ""
}
2025-01-28 09:05:01,921:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/63794024/15860194724 HTTP/1.1" 200 841
2025-01-28 09:05:01,922:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 08:05:01 GMT
Content-Type: application/json
Content-Length: 841
Connection: keep-alive
Boulder-Requester: 63794024
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: h8qLw8hsxRk38tzgC1fwXZj9AmkyN80OBjGmiwcsB9DkeXzZUJU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "webshare.sxces.com"
},
"status": "pending",
"expires": "2025-02-04T08:04:57Z",
"challenges": [
{
"type": "tls-alpn-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860194724/avXrlw",
"status": "pending",
"token": "s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI"
},
{
"type": "dns-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860194724/Hw82MA",
"status": "pending",
"token": "s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI"
},
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860194724/RXGVYg",
"status": "pending",
"token": "s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI"
}
]
}
2025-01-28 09:05:01,923:DEBUG:acme.client:Storing nonce: h8qLw8hsxRk38tzgC1fwXZj9AmkyN80OBjGmiwcsB9DkeXzZUJU
2025-01-28 09:05:04,924:DEBUG:acme.client:JWS payload:
b''
2025-01-28 09:05:04,928:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/63794024/15860194724:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Mzc5NDAyNCIsICJub25jZSI6ICJoOHFMdzhoc3hSazM4dHpnQzFmd1haajlBbWt5TjgwT0JqR21pd2NzQjlEa2VYelpVSlUiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovNjM3OTQwMjQvMTU4NjAxOTQ3MjQifQ",
"signature": "lEfRlDFItgMl8YUH5qUoYdP5J0b72cME-gMQYe1SD0tS1GO6EI89FrjXs-BxvAj8NhQmyuxrXwnczDj5FVUAWTmS0cHb4Rb6f2S_MoyC-9fnMq4ac4fUSuOf83ZBI8yk6BRzLyk6QE8kfFSo5tGR8atvuFsL3UGiS94XVGN5SJZltERqfOOR7zI64Mv5GzQj0SIJANL9BCaWSGVOpi0Pkvy8_FDZz8fMX66tkHDzntn_CI49S5LKE7YvKoZAs80frv7X1nK2Hu66JeeVkQfAr2o5ilH6BtCJuW-c2_rBAyuZEeSOwAZHFDxMFH9ujGk33fGG7Sv2Uob0MnX3d-4HmA",
"payload": ""
}
2025-01-28 09:05:05,082:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/63794024/15860194724 HTTP/1.1" 200 841
2025-01-28 09:05:05,083:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 08:05:05 GMT
Content-Type: application/json
Content-Length: 841
Connection: keep-alive
Boulder-Requester: 63794024
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: _vkPb5sreNUiZv9YL6NeBKN3eae3PMB3ZaNFjcAkHHVmKwcUzKs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "webshare.sxces.com"
},
"status": "pending",
"expires": "2025-02-04T08:04:57Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860194724/RXGVYg",
"status": "pending",
"token": "s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI"
},
{
"type": "dns-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860194724/Hw82MA",
"status": "pending",
"token": "s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI"
},
{
"type": "tls-alpn-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860194724/avXrlw",
"status": "pending",
"token": "s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI"
}
]
}
2025-01-28 09:05:05,083:DEBUG:acme.client:Storing nonce: _vkPb5sreNUiZv9YL6NeBKN3eae3PMB3ZaNFjcAkHHVmKwcUzKs
2025-01-28 09:05:08,085:DEBUG:acme.client:JWS payload:
b''
2025-01-28 09:05:08,088:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/63794024/15860194724:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Mzc5NDAyNCIsICJub25jZSI6ICJfdmtQYjVzcmVOVWladjlZTDZOZUJLTjNlYWUzUE1CM1phTkZqY0FrSEhWbUt3Y1V6S3MiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovNjM3OTQwMjQvMTU4NjAxOTQ3MjQifQ",
"signature": "BMhM6a8XyWT91J6jX6u_e85YEJWpw3hhYlFWOXtWiav9FT0L09SSUm1k2RILMOKDm8Jx_uMfFn8SP-VZI6xjWXUCvk413H1f0pGaEc-mvzhfRLQqkImiMLKNlAnfuSUfpyiwE9ws2_9TvBmh2kD_g6KlvSlA7eaT0YoqYnghMwNVYkVU3yZ1zz03sYVwd8-pvSraOlLfMVEXp0KHh1Ya__QhJXOVpfbQO8gARyh8kMJCJXe2x2u4ztl_S8OksUEvJ6wp8P-yTN1iXWi3kDx5sZ4F8xix9KdtBZWjeU8NtwtXWd-vr-TrD_tJ_VRqrvffBe92X_XgVOn6F-tuFbViCQ",
"payload": ""
}
2025-01-28 09:05:08,243:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/63794024/15860194724 HTTP/1.1" 200 841
2025-01-28 09:05:08,244:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 08:05:08 GMT
Content-Type: application/json
Content-Length: 841
Connection: keep-alive
Boulder-Requester: 63794024
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: h8qLw8hspWpZOLGGmR9fkguFeGLC4zRfQ6PrR96YJchCZvMOZic
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "webshare.sxces.com"
},
"status": "pending",
"expires": "2025-02-04T08:04:57Z",
"challenges": [
{
"type": "dns-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860194724/Hw82MA",
"status": "pending",
"token": "s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI"
},
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860194724/RXGVYg",
"status": "pending",
"token": "s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI"
},
{
"type": "tls-alpn-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860194724/avXrlw",
"status": "pending",
"token": "s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI"
}
]
}
2025-01-28 09:05:08,244:DEBUG:acme.client:Storing nonce: h8qLw8hspWpZOLGGmR9fkguFeGLC4zRfQ6PrR96YJchCZvMOZic
2025-01-28 09:05:11,245:DEBUG:acme.client:JWS payload:
b''
2025-01-28 09:05:11,250:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/63794024/15860194724:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Mzc5NDAyNCIsICJub25jZSI6ICJoOHFMdzhoc3BXcFpPTEdHbVI5ZmtndUZlR0xDNHpSZlE2UHJSOTZZSmNoQ1p2TU9aaWMiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovNjM3OTQwMjQvMTU4NjAxOTQ3MjQifQ",
"signature": "zL5OElGephQKz_YtEc0I52vlTEs-j1f9WVKZO2mBIJH5PDzy3kAldKoIUw4poz9d-uKvy2uKs4MneTXJ-Ix0kbqD7YGOcA6Vd7TmaQh9DZNOa0ZLhZGsVzhZxLvQjgqqV8_7DTCMMx5y-KlC6Qa1pe3aA79l-OML3dQq9SrGHbRxySWKcbntoX4vMO0T5-dKrvm_CHQYFp7F-Gvh6qyxIVLDSlUF2Zn-Nn2-rkjc9HPesvoasfe-6Fsh-qsOHtH8t0DSYIW2CKChlG8QQ-Z4Jv7X30gu2vrtWqNmbwWwr61P88XqvRSjfrZR_86KVVbsb9K-13q-pWzUh1I_x7e6rQ",
"payload": ""
}
2025-01-28 09:05:11,406:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/63794024/15860194724 HTTP/1.1" 200 1112
2025-01-28 09:05:11,407:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 08:05:11 GMT
Content-Type: application/json
Content-Length: 1112
Connection: keep-alive
Boulder-Requester: 63794024
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: _vkPb5srvP_tCEbDENQUmRLv6tpETfvsEOBunSn6ovr8T_nGcUc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "webshare.sxces.com"
},
"status": "invalid",
"expires": "2025-02-04T08:04:57Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/63794024/15860194724/RXGVYg",
"status": "invalid",
"validated": "2025-01-28T08:04:57Z",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "During secondary validation: 87.129.184.91: Fetching http://webshare.sxces.com/.well-known/acme-challenge/s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI: Timeout during connect (likely firewall problem)",
"status": 400
},
"token": "s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI",
"validationRecord": [
{
"url": "http://webshare.sxces.com/.well-known/acme-challenge/s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI",
"hostname": "webshare.sxces.com",
"port": "80",
"addressesResolved": [
"87.129.184.91"
],
"addressUsed": "87.129.184.91"
}
]
}
]
}
2025-01-28 09:05:11,407:DEBUG:acme.client:Storing nonce: _vkPb5srvP_tCEbDENQUmRLv6tpETfvsEOBunSn6ovr8T_nGcUc
2025-01-28 09:05:11,408:INFO:certbot._internal.auth_handler:Challenge failed for domain webshare.sxces.com
2025-01-28 09:05:11,409:INFO:certbot._internal.auth_handler:http-01 challenge for webshare.sxces.com
2025-01-28 09:05:11,409:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: webshare.sxces.com
Type: connection
Detail: During secondary validation: 87.129.184.91: Fetching http://webshare.sxces.com/.well-known/acme-challenge/s4U6dLpnY7kSkGZYSgpBIAIjnWwMt1X5Bveos55g-DI: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

2025-01-28 09:05:11,414:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2025-01-28 09:05:11,414:DEBUG:certbot._internal.error_handler:Calling registered functions
2025-01-28 09:05:11,415:INFO:certbot._internal.auth_handler:Cleaning up challenges
2025-01-28 09:05:11,415:DEBUG:certbot._internal.plugins.standalone:Stopping server at :::80...
2025-01-28 09:05:11,906:ERROR:certbot._internal.renewal:Failed to renew certificate webshare.sxces.com with error: Some challenges have failed.
2025-01-28 09:05:11,912:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/main.py", line 1529, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/main.py", line 130, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/client.py", line 429, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/client.py", line 497, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2025-01-28 09:05:11,914:DEBUG:certbot._internal.display.obj:Notifying user:

2025-01-28 09:05:11,914:ERROR:certbot._internal.renewal:All simulated renewals failed. The following certificates could not be renewed:
2025-01-28 09:05:11,915:ERROR:certbot._internal.renewal: /etc/letsencrypt/live/webshare.sxces.com/fullchain.pem (failure)
2025-01-28 09:05:11,915:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2025-01-28 09:05:11,915:DEBUG:certbot._internal.log:Exiting abnormally:

That's better We know this well. Looks like you have geographic based firewall blocking access to some of the Let's Encrypt validation servers. LE checks from multiple places around the globe. This is an excellent description: Multi-Perspective Validation & Geoblocking FAQ

You should open port 80 for worldwide access. See this website to test global access: Check website performance and response : Check host - online website monitoring Do the HTTP test for your domain name even with your current server running.

Hi,
I set geo-blocked off, but the unclear result:
"certbot renew --dry-run" worked without error
"certbot renew" failed again:
Failed to renew certificate webshare.sxces.com with error: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))

After that I installed acme.sh and where able to download the cert without problems.

Here is the debug-log of the failed session:
2025-01-28 19:29:00,712:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2025-01-28 19:29:00,823:DEBUG:certbot._internal.main:certbot version: 3.1.0
2025-01-28 19:29:00,823:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/4325/bin/certbot
2025-01-28 19:29:00,823:DEBUG:certbot._internal.main:Arguments: ['--standalone', '-n', '-d', 'webshare.sxces.com', '--preconfigured-renewal']
2025-01-28 19:29:00,823:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-01-28 19:29:00,829:DEBUG:certbot._internal.log:Root logging level set at 30
2025-01-28 19:29:00,830:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2025-01-28 19:29:00,830:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
Description: Runs an HTTP server locally which serves the necessary validation files under the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP server already running. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='standalone', value='certbot._internal.plugins.standalone:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x7f5f805f2390>
Prep: True
2025-01-28 19:29:00,831:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x7f5f805f2390> and installer None
2025-01-28 19:29:00,831:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2025-01-28 19:29:00,875:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/667869176', new_authzr_uri=None, terms_of_service=None), 02b766f097eb9c7a95055541121bf981, Meta(creation_dt=datetime.datetime(2022, 8, 8, 18, 0, 47, tzinfo=datetime.timezone.utc), creation_host='webshare', register_to_eff=None))>
2025-01-28 19:29:00,875:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-01-28 19:29:00,876:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-01-28 19:29:46,955:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 828
2025-01-28 19:29:46,956:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 18:29:46 GMT
Content-Type: application/json
Content-Length: 828
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"TTmlFu2xez4": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"profiles": {
"classic": "The same profile you're accustomed to"
},
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-01-28 19:29:47,015:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r10.o.lencr.org:80
2025-01-28 19:30:07,573:DEBUG:urllib3.connectionpool:http://r10.o.lencr.org:80 "POST / HTTP/1.1" 200 504
2025-01-28 19:30:07,575:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/webshare.sxces.com/cert14.pem is signed by the certificate's issuer.
2025-01-28 19:30:07,576:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/webshare.sxces.com/cert14.pem is: OCSPCertStatus.GOOD
2025-01-28 19:30:07,582:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2025-01-31 22:02:11 UTC.
2025-01-28 19:30:07,582:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2025-01-28 19:30:07,582:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for webshare.sxces.com
2025-01-28 19:30:07,647:DEBUG:acme.client:Requesting fresh nonce
2025-01-28 19:30:07,647:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2025-01-28 19:30:07,793:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-01-28 19:30:07,794:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 18:30:07 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: Z6auUXuuUmExJ_oSMnkmROf8GDgwAFFIzU3wCYk0_UbdH62ZS9Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2025-01-28 19:30:07,794:DEBUG:acme.client:Storing nonce: Z6auUXuuUmExJ_oSMnkmROf8GDgwAFFIzU3wCYk0_UbdH62ZS9Y
2025-01-28 19:30:07,795:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "webshare.sxces.com"\n }\n ]\n}'
2025-01-28 19:30:07,801:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjY3ODY5MTc2IiwgIm5vbmNlIjogIlo2YXVVWHV1VW1FeEpfb1NNbmttUk9mOEdEZ3dBRkZJelUzd0NZazBfVWJkSDYyWlM5WSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
"signature": "jYOFRKqkdJXpCG27UO7oSBxKVt7TvpdT0hqz8OA2xnW31folNqG9m-XuxCBJmNrkbZyLPkyryUwk7fBrkBC4oovqAhMXU2mLHjve2jB6RslfApeVFwtvcmVhWLfeqyFbaFkxdQJyrtrHCu9ZB1TvZ_qM9aU3EAZg_V1eboienSEQL-npRG8ipMT1PCb41YtXW1ubD3BgFvapt1nAX-exMWie_m-kwAxnMikEOpJj1_z5wFkcD-ssxd21STJ3N4MS19rlasog2i7GDCO6JNjc68ficDn4CwJ9bki7ab-SfrcihiFnj_orzx0xUnUgyyWQnvIZz3BqlW9JfQoA3Jk71Q",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIndlYnNoYXJlLnN4Y2VzLmNvbSIKICAgIH0KICBdCn0"
}
2025-01-28 19:30:08,078:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 348
2025-01-28 19:30:08,079:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 28 Jan 2025 18:30:08 GMT
Content-Type: application/json
Content-Length: 348
Connection: keep-alive
Boulder-Requester: 667869176
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/667869176/347289507865
Replay-Nonce: KY2mD_AjgjsWsjhgEVuCDXQ64ETbrDdLetJau2gQiUvP9jSty5U
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "ready",
"expires": "2025-01-30T16:07:49Z",
"identifiers": [
{
"type": "dns",
"value": "webshare.sxces.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/667869176/454168913575"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/667869176/347289507865"
}
2025-01-28 19:30:08,080:DEBUG:acme.client:Storing nonce: KY2mD_AjgjsWsjhgEVuCDXQ64ETbrDdLetJau2gQiUvP9jSty5U
2025-01-28 19:30:08,081:DEBUG:acme.client:JWS payload:
b''
2025-01-28 19:30:08,084:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/667869176/454168913575:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjY3ODY5MTc2IiwgIm5vbmNlIjogIktZMm1EX0FqZ2pzV3NqaGdFVnVDRFhRNjRFVGJyRGRMZXRKYXUyZ1FpVXZQOWpTdHk1VSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovNjY3ODY5MTc2LzQ1NDE2ODkxMzU3NSJ9",
"signature": "Nr5cqwpkrDyU_8bC5G95YGTIBjO2qADsVa6wA_gEpqXg7ktvpkggHz8RCyWfaxYa2g84BTzqzGFi0XMREKcfI5ZKJHiW5eKI1wXe_Hk3RL1xugOI8iInALjQJe5RVhivJxmA2TE8LZRL6VrbWG0SK-X0UcG1QlWHVRYpaYju9HwoXfXJ3RVbRY616jmhqBYOSEpZzbkNH_N1XChz_ukPn9C6nU0_GI_czp9kyw2TN4KvfknXMwk5TgHhKCHTgzEPMB1pj85Lx8Zoqa2Ad4Vbxy0vNmSUMbCgDnEh8nZIXduUNWOBrjXSqFWXgE_a85f3QLDDeAXHhsXadxrZaXPD8g",
"payload": ""
}
2025-01-28 19:30:08,252:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/667869176/454168913575 HTTP/1.1" 200 776
2025-01-28 19:30:08,253:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 18:30:08 GMT
Content-Type: application/json
Content-Length: 776
Connection: keep-alive
Boulder-Requester: 667869176
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: Z6auUXuuYliegXJDxlQcjYnhz5pKFixHQjUhMPvtjJxV1H4ciyw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "webshare.sxces.com"
},
"status": "valid",
"expires": "2025-02-03T23:01:01Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/667869176/454168913575/ejQLxw",
"status": "valid",
"validated": "2025-01-04T23:00:59Z",
"token": "YGkUwBMI5etgFKgWVTCoegeOge79QenFclSXhHLZQtg",
"validationRecord": [
{
"url": "http://webshare.sxces.com/.well-known/acme-challenge/YGkUwBMI5etgFKgWVTCoegeOge79QenFclSXhHLZQtg",
"hostname": "webshare.sxces.com",
"port": "80",
"addressesResolved": [
"87.129.184.91"
],
"addressUsed": "87.129.184.91"
}
]
}
]
}
2025-01-28 19:30:08,254:DEBUG:acme.client:Storing nonce: Z6auUXuuYliegXJDxlQcjYnhz5pKFixHQjUhMPvtjJxV1H4ciyw
2025-01-28 19:30:08,255:DEBUG:certbot._internal.client:CSR: CSR(file=None, data=b'-----BEGIN CERTIFICATE REQUEST-----\nMIICdTCCAV0CAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALHz\nWGGx/qlEIW2WIxmY2EBSpL9o32ml4Dpefx2q0Q+XluGOtnAW2b0+VJF+EJymrG2A\nVOTcnCtnRH6d7sHJPUBh3DdrSaJmRDDbmc4T0V31Enm6aVoydwOXk8Kk3fQ1Nyrk\nmMSRO7FeXTqajwAqu/rx7oF2x3eQkPvbErQpwq0e2v6qbeTG27FbEBTN8LGkQMZd\ngrxyuRE6fhg16H6YHW7C7ehE9dkwXS/8MoB6+KxM09v/W6zUbd2t1f0RO8k+OD2o\nvybuHd3+FVytnyPZgJPaxax7oUzFmkR4dPSzgZrZHSIvfEutQL6z7jI55qOI3nW/\naLjHTRxvNDUyAMTeku0CAwEAAaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0RBBYw\nFIISd2Vic2hhcmUuc3hjZXMuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQCVDSjU5nJ2\nhC7jBo+dBjGrSBLpvxsP+UBdbYusZXwR3/tfmp9HpRM1gZ75euGaCPlW3qTi4ZIZ\n/T4r9JllPe8vSnfGbA32FYukrEseCofA1jFcExdFgtqIfxuCEaMZtRFBFcntaL0h\nPV6+6rTkTDVjtJ9yVwHK5Nt5m4XmV9kE6Y8rGX6KrSlhRhxhKiyAkSRJIo++eofH\nH0woalzaS5B51oUOr5Z+hN/zPx35PYbvpW+jyGJxOQnsdry8BWe+Gwny9XzbKdx4\nyvMf2Um6WzZoJSQXrgdxEGgt3iAT3CAFK3wV74AsvveqAJaMW+ugVomFuDIyIvb7\nKlMF5Az3u37I\n-----END CERTIFICATE REQUEST-----\n', form='pem')
2025-01-28 19:30:08,255:DEBUG:certbot._internal.client:Will poll for certificate issuance until 2025-01-28 19:31:38.255836
2025-01-28 19:30:08,257:DEBUG:acme.client:JWS payload:
b'{\n "csr": "MIICdTCCAV0CAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALHzWGGx_qlEIW2WIxmY2EBSpL9o32ml4Dpefx2q0Q-XluGOtnAW2b0-VJF-EJymrG2AVOTcnCtnRH6d7sHJPUBh3DdrSaJmRDDbmc4T0V31Enm6aVoydwOXk8Kk3fQ1NyrkmMSRO7FeXTqajwAqu_rx7oF2x3eQkPvbErQpwq0e2v6qbeTG27FbEBTN8LGkQMZdgrxyuRE6fhg16H6YHW7C7ehE9dkwXS_8MoB6-KxM09v_W6zUbd2t1f0RO8k-OD2ovybuHd3-FVytnyPZgJPaxax7oUzFmkR4dPSzgZrZHSIvfEutQL6z7jI55qOI3nW_aLjHTRxvNDUyAMTeku0CAwEAAaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0RBBYwFIISd2Vic2hhcmUuc3hjZXMuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQCVDSjU5nJ2hC7jBo-dBjGrSBLpvxsP-UBdbYusZXwR3_tfmp9HpRM1gZ75euGaCPlW3qTi4ZIZ_T4r9JllPe8vSnfGbA32FYukrEseCofA1jFcExdFgtqIfxuCEaMZtRFBFcntaL0hPV6-6rTkTDVjtJ9yVwHK5Nt5m4XmV9kE6Y8rGX6KrSlhRhxhKiyAkSRJIo--eofHH0woalzaS5B51oUOr5Z-hN_zPx35PYbvpW-jyGJxOQnsdry8BWe-Gwny9XzbKdx4yvMf2Um6WzZoJSQXrgdxEGgt3iAT3CAFK3wV74AsvveqAJaMW-ugVomFuDIyIvb7KlMF5Az3u37I"\n}'
2025-01-28 19:30:08,260:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/finalize/667869176/347289507865:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjY3ODY5MTc2IiwgIm5vbmNlIjogIlo2YXVVWHV1WWxpZWdYSkR4bFFjalluaHo1cEtGaXhIUWpVaE1QdnRqSnhWMUg0Y2l5dyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvZmluYWxpemUvNjY3ODY5MTc2LzM0NzI4OTUwNzg2NSJ9",
"signature": "bG3TEmVZNDX45MHkHOKd53DenwXpWCHVeovct0S7E-bKKQ1y7megvH9_FOaGX6gHpMfFCnrO28LsBKAcwaCupreFMPhvyhV1vsKF3g8lire2WgdkIUwtAZva8bDRLmQlsGRWWdgQylyTW85YZkpHrfvqJXIvJRMGdzvfDU-XECo-_MLoBNJZ1BqJIxGVOS0Fg3CTGW_SHWJ9ngAPqEKos5486FtSc1I03U4ari9x9EfmRvx_ggekzQBn3Gnrx1MFeeRA71MOFrQja6yIXNS8GoP4MrTSGFT-aZxoW5gTqj7Q7tDOJTgpmDVd_y50ETGuFns3kkXglJdfKQKKJQ0PMw",
"payload": "ewogICJjc3IiOiAiTUlJQ2RUQ0NBVjBDQVFBd0FEQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUxIeldHR3hfcWxFSVcyV0l4bVkyRUJTcEw5bzMybWw0RHBlZngycTBRLVhsdUdPdG5BVzJiMC1WSkYtRUp5bXJHMkFWT1RjbkN0blJINmQ3c0hKUFVCaDNEZHJTYUptUkREYm1jNFQwVjMxRW5tNmFWb3lkd09YazhLazNmUTFOeXJrbU1TUk83RmVYVHFhandBcXVfcng3b0YyeDNlUWtQdmJFclFwd3EwZTJ2NnFiZVRHMjdGYkVCVE44TEdrUU1aZGdyeHl1UkU2ZmhnMTZINllIVzdDN2VoRTlka3dYU184TW9CNi1LeE0wOXZfVzZ6VWJkMnQxZjBSTzhrLU9EMm92eWJ1SGQzLUZWeXRueVBaZ0pQYXhheDdvVXpGbWtSNGRQU3pnWnJaSFNJdmZFdXRRTDZ6N2pJNTVxT0kzbldfYUxqSFRSeHZORFV5QU1UZWt1MENBd0VBQWFBd01DNEdDU3FHU0liM0RRRUpEakVoTUI4d0hRWURWUjBSQkJZd0ZJSVNkMlZpYzJoaGNtVXVjM2hqWlhNdVkyOXRNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNWRFNqVTVuSjJoQzdqQm8tZEJqR3JTQkxwdnhzUC1VQmRiWXVzWlh3UjNfdGZtcDlIcFJNMWdaNzVldUdhQ1BsVzNxVGk0WklaX1Q0cjlKbGxQZTh2U25mR2JBMzJGWXVrckVzZUNvZkExakZjRXhkRmd0cUlmeHVDRWFNWnRSRkJGY250YUwwaFBWNi02clRrVERWanRKOXlWd0hLNU50NW00WG1WOWtFNlk4ckdYNktyU2xoUmh4aEtpeUFrU1JKSW8tLWVvZkhIMHdvYWx6YVM1QjUxb1VPcjVaLWhOX3pQeDM1UFlidnBXLWp5R0p4T1Fuc2RyeThCV2UtR3dueTlYemJLZHg0eXZNZjJVbTZXelpvSlNRWHJnZHhFR2d0M2lBVDNDQUZLM3dWNzRBc3Z2ZXFBSmFNVy11Z1ZvbUZ1REl5SXZiN0tsTUY1QXozdTM3SSIKfQ"
}
2025-01-28 19:30:08,361:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/4325/lib/python3.12/site-packages/urllib3/connectionpool.py", line 716, in urlopen
httplib_response = self._make_request(
^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/urllib3/connectionpool.py", line 468, in _make_request
six.raise_from(e, None)
File "", line 3, in raise_from
File "/snap/certbot/4325/lib/python3.12/site-packages/urllib3/connectionpool.py", line 463, in _make_request
httplib_response = conn.getresponse()
^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/usr/lib/python3.12/http/client.py", line 1428, in getresponse
response.begin()
File "/snap/certbot/4325/usr/lib/python3.12/http/client.py", line 331, in begin
version, status, reason = self._read_status()
^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/usr/lib/python3.12/http/client.py", line 300, in _read_status
raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/snap/certbot/4325/lib/python3.12/site-packages/requests/adapters.py", line 667, in send
resp = conn.urlopen(
^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/urllib3/connectionpool.py", line 802, in urlopen
retries = retries.increment(
^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/urllib3/util/retry.py", line 552, in increment
raise six.reraise(type(error), error, _stacktrace)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/urllib3/packages/six.py", line 769, in reraise
raise value.with_traceback(tb)
File "/snap/certbot/4325/lib/python3.12/site-packages/urllib3/connectionpool.py", line 716, in urlopen
httplib_response = self._make_request(
^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/urllib3/connectionpool.py", line 468, in _make_request
six.raise_from(e, None)
File "", line 3, in raise_from
File "/snap/certbot/4325/lib/python3.12/site-packages/urllib3/connectionpool.py", line 463, in _make_request
httplib_response = conn.getresponse()
^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/usr/lib/python3.12/http/client.py", line 1428, in getresponse
response.begin()
File "/snap/certbot/4325/usr/lib/python3.12/http/client.py", line 331, in begin
version, status, reason = self._read_status()
^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/usr/lib/python3.12/http/client.py", line 300, in _read_status
raise RemoteDisconnected("Remote end closed connection without"
urllib3.exceptions.ProtocolError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/snap/certbot/4325/bin/certbot", line 8, in
sys.exit(main())
^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/main.py", line 1873, in main
return config.func(config, plugins)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/main.py", line 1579, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/main.py", line 130, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/client.py", line 452, in obtain_certificate
cert, chain = self.obtain_certificate_from_csr(csr, orderr)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/client.py", line 342, in obtain_certificate_from_csr
orderr = self.acme.finalize_order(
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/acme/client.py", line 279, in finalize_order
self.begin_finalization(orderr)
File "/snap/certbot/4325/lib/python3.12/site-packages/acme/client.py", line 230, in begin_finalization
res = self._post(orderr.body.finalize, wrapped_csr)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/acme/client.py", line 370, in _post
return self.net.post(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/acme/client.py", line 743, in post
return self._post_once(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/acme/client.py", line 755, in _post_once
response = self._send_request('POST', url, data=data, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/acme/client.py", line 652, in _send_request
response = self.session.request(method, url, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/requests/sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/requests/sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/requests/adapters.py", line 682, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
2025-01-28 19:30:08,374:ERROR:certbot._internal.log:An unexpected error occurred:
2025-01-28 19:30:08,377:ERROR:certbot._internal.log:requests.exceptions.ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
2025-01-28 19:32:19,362:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2025-01-28 19:32:19,465:DEBUG:certbot._internal.main:certbot version: 3.1.0
2025-01-28 19:32:19,465:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/4325/bin/certbot
2025-01-28 19:32:19,465:DEBUG:certbot._internal.main:Arguments: ['-v', '--preconfigured-renewal']
2025-01-28 19:32:19,465:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-01-28 19:32:19,471:DEBUG:certbot._internal.log:Root logging level set at 20
2025-01-28 19:32:19,472:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/webshare.sxces.com.conf
2025-01-28 19:32:19,473:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2025-01-28 19:32:19,481:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r10.o.lencr.org:80
2025-01-28 19:32:40,039:DEBUG:urllib3.connectionpool:http://r10.o.lencr.org:80 "POST / HTTP/1.1" 200 504
2025-01-28 19:32:40,041:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/webshare.sxces.com/cert14.pem is signed by the certificate's issuer.
2025-01-28 19:32:40,043:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/webshare.sxces.com/cert14.pem is: OCSPCertStatus.GOOD
2025-01-28 19:32:40,050:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2025-01-31 22:02:11 UTC.
2025-01-28 19:32:40,050:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2025-01-28 19:32:40,050:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2025-01-28 19:32:40,051:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
Description: Runs an HTTP server locally which serves the necessary validation files under the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP server already running. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='standalone', value='certbot._internal.plugins.standalone:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x7f43ffcc9400>
Prep: True
2025-01-28 19:32:40,051:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x7f43ffcc9400> and installer None
2025-01-28 19:32:40,051:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2025-01-28 19:32:40,096:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/667869176', new_authzr_uri=None, terms_of_service=None), 02b766f097eb9c7a95055541121bf981, Meta(creation_dt=datetime.datetime(2022, 8, 8, 18, 0, 47, tzinfo=datetime.timezone.utc), creation_host='webshare', register_to_eff=None))>
2025-01-28 19:32:40,097:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-01-28 19:32:40,098:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-01-28 19:33:26,049:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 828
2025-01-28 19:33:26,050:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 18:33:25 GMT
Content-Type: application/json
Content-Length: 828
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"VtphhhyR50U": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"profiles": {
"classic": "The same profile you're accustomed to"
},
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-01-28 19:33:26,052:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for webshare.sxces.com
2025-01-28 19:33:26,185:DEBUG:acme.client:Requesting fresh nonce
2025-01-28 19:33:26,185:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2025-01-28 19:33:26,325:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-01-28 19:33:26,326:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 18:33:26 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: Z6auUXuuEr_XXxaektc8TgE6enSCEVUzjYLy61LWc19BGBfdIxE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2025-01-28 19:33:26,327:DEBUG:acme.client:Storing nonce: Z6auUXuuEr_XXxaektc8TgE6enSCEVUzjYLy61LWc19BGBfdIxE
2025-01-28 19:33:26,327:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "webshare.sxces.com"\n }\n ]\n}'
2025-01-28 19:33:26,334:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjY3ODY5MTc2IiwgIm5vbmNlIjogIlo2YXVVWHV1RXJfWFh4YWVrdGM4VGdFNmVuU0NFVlV6allMeTYxTFdjMTlCR0JmZEl4RSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
"signature": "T_UoBqNLiSq12IWa2EcE9zis9sxhpdxH4hZGMwXbxQ7dBI5fhTrbdK9zUBExyXcUJ-koT8VePxK5Jb1sARlmD5V6qwC4gAJz7FsJ_UzvF053E2abFAm8yLb57aCyyAgjNa2nEVdds23sOwA1AlJXtCYzaNgy2-MtJocBe_TCuXcHjsrNqcXvZUlqbupAxI-MGsX-080hR0Ute_lyXHUZIdxDCrHHVCmUvb2-R8LwItfrgNqY4542spEU4kPosHH1z3Ftm5qy3-aB73124q2ca5v_O_7cGHFCGy6Vj7w9wEFXevXl6ko9megRls0uXWIP-Da0iVFD6VdRB-j0jo1j_w",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIndlYnNoYXJlLnN4Y2VzLmNvbSIKICAgIH0KICBdCn0"
}
2025-01-28 19:33:26,514:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 348
2025-01-28 19:33:26,515:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 28 Jan 2025 18:33:26 GMT
Content-Type: application/json
Content-Length: 348
Connection: keep-alive
Boulder-Requester: 667869176
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/667869176/347289507865
Replay-Nonce: KY2mD_AjeZIOhBbdgDZFdDHCpJXVh7VMVycMgPuItnSvcawOwf0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "ready",
"expires": "2025-01-30T16:07:49Z",
"identifiers": [
{
"type": "dns",
"value": "webshare.sxces.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/667869176/454168913575"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/667869176/347289507865"
}
2025-01-28 19:33:26,516:DEBUG:acme.client:Storing nonce: KY2mD_AjeZIOhBbdgDZFdDHCpJXVh7VMVycMgPuItnSvcawOwf0
2025-01-28 19:33:26,516:DEBUG:acme.client:JWS payload:
b''
2025-01-28 19:33:26,520:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/667869176/454168913575:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjY3ODY5MTc2IiwgIm5vbmNlIjogIktZMm1EX0FqZVpJT2hCYmRnRFpGZERIQ3BKWFZoN1ZNVnljTWdQdUl0blN2Y2F3T3dmMCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovNjY3ODY5MTc2LzQ1NDE2ODkxMzU3NSJ9",
"signature": "M3s3tcbgIbkivf1VvEA5stiyGH2o3kXbQnd3bdtaxTNoOibMIihPkYl0Ns3lhZmxYiTh4VMJ-tKBg6xMR95GEA9oagMI-oJEpasynB8BcEoXtdU6LKCQpfEBxtCyZCLk4PYLS8hfiG69iYpqv1N8iRsiouQ4zgOOSND_BEpmbK0pzjf4E9zMYd7pMcKsHQDJXge5thHxgNczGwD2U7CmR4z1ynhiOIcWSBo3y0Nf0jPgEKnHAcNbLn2upmkv6CgWrevVUsF4l505dVh5MF1P7F0yXrgF7EY93r_SFMVsgcIlXk-HDYLH0-sHtgiReiX8A5hdepSs2bovTAd7ybYo6Q",
"payload": ""
}
2025-01-28 19:33:26,683:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/667869176/454168913575 HTTP/1.1" 200 776
2025-01-28 19:33:26,684:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 28 Jan 2025 18:33:26 GMT
Content-Type: application/json
Content-Length: 776
Connection: keep-alive
Boulder-Requester: 667869176
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: KY2mD_Aj1XTvqDWrJA4kS3snIUqZf9dcImR-2RuvEMbR7YHETF4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "webshare.sxces.com"
},
"status": "valid",
"expires": "2025-02-03T23:01:01Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/667869176/454168913575/ejQLxw",
"status": "valid",
"validated": "2025-01-04T23:00:59Z",
"token": "YGkUwBMI5etgFKgWVTCoegeOge79QenFclSXhHLZQtg",
"validationRecord": [
{
"url": "http://webshare.sxces.com/.well-known/acme-challenge/YGkUwBMI5etgFKgWVTCoegeOge79QenFclSXhHLZQtg",
"hostname": "webshare.sxces.com",
"port": "80",
"addressesResolved": [
"87.129.184.91"
],
"addressUsed": "87.129.184.91"
}
]
}
]
}
2025-01-28 19:33:26,685:DEBUG:acme.client:Storing nonce: KY2mD_Aj1XTvqDWrJA4kS3snIUqZf9dcImR-2RuvEMbR7YHETF4
2025-01-28 19:33:26,685:DEBUG:certbot._internal.client:CSR: CSR(file=None, data=b'-----BEGIN CERTIFICATE REQUEST-----\nMIICdTCCAV0CAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALpt\nld71y4XPv/Q2GdDbj60S0LPx3kfgXZoBHOXLpdkfaevdlMGUKOL/KzQjOKqYMYVM\nZWyO5fMsZwf+/6bPpfugOrMAVEmQmv0oZMSkhjblGQGIxzldPaGhPAGEzCDbgYkc\n4J4MMv53eeQk8s2gRm9H/Rs1nweKMZdOvu1GkBcUEacZp3oivtYFa1BfESm5WeT+\nULdjxMwRawr/wfj/ydxSpPowsrEbGMW1BIl2sp1j5H45zf9swz7JBThSSNF8qc/+\njHYjJnnvZee/KHOwQFcU24i75BCS4SOlWmUjc6OsC3dZP5Wm+X9Uyp0N7a9IX3Fn\nhbNy5fj+JxZqHVuZAMsCAwEAAaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0RBBYw\nFIISd2Vic2hhcmUuc3hjZXMuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQB7p+qEhZiM\nuu9Yqj5huBXXakVweKKn2pHBYES5y7pp/hw0yXuBashMMCDFAUGHs1KskscttoJC\njao1uJ8NhBDMswKYeMep6XlLZXuKgrMlMqjIih8GdQWhO2VZeYCDK0Xvjmbo3uFl\nejBacX31PkveBOsTVawODi6G8aerFcjFmkPDpZ7w9cSOvasixX10m4icL7LGl0GU\nRNYlCV13Ujxc8zaOuS1o0KPiQLO1qLQ4Ii6IwKMFYbrm6qd100eu4bq3QNepiog4\nrBeP6SugEDRux52fxxNj9grN3uEZ5u20FWY0tes4fPhWjUP5m2xZKMgiocCqCUQd\n6kuhS0rgKdVq\n-----END CERTIFICATE REQUEST-----\n', form='pem')
2025-01-28 19:33:26,686:DEBUG:certbot._internal.client:Will poll for certificate issuance until 2025-01-28 19:34:56.686713
2025-01-28 19:33:26,688:DEBUG:acme.client:JWS payload:
b'{\n "csr": "MIICdTCCAV0CAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALptld71y4XPv_Q2GdDbj60S0LPx3kfgXZoBHOXLpdkfaevdlMGUKOL_KzQjOKqYMYVMZWyO5fMsZwf-6bPpfugOrMAVEmQmv0oZMSkhjblGQGIxzldPaGhPAGEzCDbgYkc4J4MMv53eeQk8s2gRm9H_Rs1nweKMZdOvu1GkBcUEacZp3oivtYFa1BfESm5WeT-ULdjxMwRawr_wfj_ydxSpPowsrEbGMW1BIl2sp1j5H45zf9swz7JBThSSNF8qc-jHYjJnnvZee_KHOwQFcU24i75BCS4SOlWmUjc6OsC3dZP5Wm-X9Uyp0N7a9IX3FnhbNy5fj-JxZqHVuZAMsCAwEAAaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0RBBYwFIISd2Vic2hhcmUuc3hjZXMuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQB7p-qEhZiMuu9Yqj5huBXXakVweKKn2pHBYES5y7pp_hw0yXuBashMMCDFAUGHs1KskscttoJCjao1uJ8NhBDMswKYeMep6XlLZXuKgrMlMqjIih8GdQWhO2VZeYCDK0Xvjmbo3uFlejBacX31PkveBOsTVawODi6G8aerFcjFmkPDpZ7w9cSOvasixX10m4icL7LGl0GURNYlCV13Ujxc8zaOuS1o0KPiQLO1qLQ4Ii6IwKMFYbrm6qd100eu4bq3QNepiog4rBeP6SugEDRux52fxxNj9grN3uEZ5u20FWY0tes4fPhWjUP5m2xZKMgiocCqCUQd6kuhS0rgKdVq"\n}'
2025-01-28 19:33:26,691:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/finalize/667869176/347289507865:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjY3ODY5MTc2IiwgIm5vbmNlIjogIktZMm1EX0FqMVhUdnFEV3JKQTRrUzNzbklVcVpmOWRjSW1SLTJSdXZFTWJSN1lIRVRGNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvZmluYWxpemUvNjY3ODY5MTc2LzM0NzI4OTUwNzg2NSJ9",
"signature": "iIl5bAnWffmrbFOtuuauSHmFPHyikdYkfWMdsypoz7rQMdNSOPg4Ij-h1NWh6v-gUc8Ter24CfK-IhYPJQRH0F-ThholHDbtWxZwFjpokt5M1NZkJ9PWjayxBfTg0kDdRviDil5zIdItNQ2f5TGCaOIIII4aGQC63Tu_w7IQ0d503NhtVG2Q1acGmrWv-xEFLW0OVd0yO83q097FV1_yZSCm8Rge3J7KPlee1toLF-aGfpm9Pk9hnL0vE82Qod9rXGhl6O29d67HBBV7zL857vxJH3vVkFAQN_Sqwy0NctE3f1I_5EdBZzRZ74KD97q4qHuxHD6wkujAbZ8xwLim4w",
"payload": "ewogICJjc3IiOiAiTUlJQ2RUQ0NBVjBDQVFBd0FEQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUxwdGxkNzF5NFhQdl9RMkdkRGJqNjBTMExQeDNrZmdYWm9CSE9YTHBka2ZhZXZkbE1HVUtPTF9LelFqT0txWU1ZVk1aV3lPNWZNc1p3Zi1fNmJQcGZ1Z09yTUFWRW1RbXYwb1pNU2toamJsR1FHSXh6bGRQYUdoUEFHRXpDRGJnWWtjNEo0TU12NTNlZVFrOHMyZ1JtOUhfUnMxbndlS01aZE92dTFHa0JjVUVhY1pwM29pdnRZRmExQmZFU201V2VULVVMZGp4TXdSYXdyX3dmal95ZHhTcFBvd3NyRWJHTVcxQklsMnNwMWo1SDQ1emY5c3d6N0pCVGhTU05GOHFjXy1qSFlqSm5udlplZV9LSE93UUZjVTI0aTc1QkNTNFNPbFdtVWpjNk9zQzNkWlA1V20tWDlVeXAwTjdhOUlYM0ZuaGJOeTVmai1KeFpxSFZ1WkFNc0NBd0VBQWFBd01DNEdDU3FHU0liM0RRRUpEakVoTUI4d0hRWURWUjBSQkJZd0ZJSVNkMlZpYzJoaGNtVXVjM2hqWlhNdVkyOXRNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUI3cC1xRWhaaU11dTlZcWo1aHVCWFhha1Z3ZUtLbjJwSEJZRVM1eTdwcF9odzB5WHVCYXNoTU1DREZBVUdIczFLc2tzY3R0b0pDamFvMXVKOE5oQkRNc3dLWWVNZXA2WGxMWlh1S2dyTWxNcWpJaWg4R2RRV2hPMlZaZVlDREswWHZqbWJvM3VGbGVqQmFjWDMxUGt2ZUJPc1RWYXdPRGk2RzhhZXJGY2pGbWtQRHBaN3c5Y1NPdmFzaXhYMTBtNGljTDdMR2wwR1VSTllsQ1YxM1VqeGM4emFPdVMxbzBLUGlRTE8xcUxRNElpNkl3S01GWWJybTZxZDEwMGV1NGJxM1FOZXBpb2c0ckJlUDZTdWdFRFJ1eDUyZnh4Tmo5Z3JOM3VFWjV1MjBGV1kwdGVzNGZQaFdqVVA1bTJ4WktNZ2lvY0NxQ1VRZDZrdWhTMHJnS2RWcSIKfQ"
}
2025-01-28 19:33:26,791:ERROR:certbot._internal.renewal:Failed to renew certificate webshare.sxces.com with error: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
2025-01-28 19:33:26,804:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/snap/certbot/4325/lib/python3.12/site-packages/urllib3/connectionpool.py", line 716, in urlopen
httplib_response = self._make_request(
^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/urllib3/connectionpool.py", line 468, in _make_request
six.raise_from(e, None)
File "", line 3, in raise_from
File "/snap/certbot/4325/lib/python3.12/site-packages/urllib3/connectionpool.py", line 463, in _make_request
httplib_response = conn.getresponse()
^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/usr/lib/python3.12/http/client.py", line 1428, in getresponse
response.begin()
File "/snap/certbot/4325/usr/lib/python3.12/http/client.py", line 331, in begin
version, status, reason = self._read_status()
^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/usr/lib/python3.12/http/client.py", line 300, in _read_status
raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/snap/certbot/4325/lib/python3.12/site-packages/requests/adapters.py", line 667, in send
resp = conn.urlopen(
^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/urllib3/connectionpool.py", line 802, in urlopen
retries = retries.increment(
^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/urllib3/util/retry.py", line 552, in increment
raise six.reraise(type(error), error, _stacktrace)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/urllib3/packages/six.py", line 769, in reraise
raise value.with_traceback(tb)
File "/snap/certbot/4325/lib/python3.12/site-packages/urllib3/connectionpool.py", line 716, in urlopen
httplib_response = self._make_request(
^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/urllib3/connectionpool.py", line 468, in _make_request
six.raise_from(e, None)
File "", line 3, in raise_from
File "/snap/certbot/4325/lib/python3.12/site-packages/urllib3/connectionpool.py", line 463, in _make_request
httplib_response = conn.getresponse()
^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/usr/lib/python3.12/http/client.py", line 1428, in getresponse
response.begin()
File "/snap/certbot/4325/usr/lib/python3.12/http/client.py", line 331, in begin
version, status, reason = self._read_status()
^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/usr/lib/python3.12/http/client.py", line 300, in _read_status
raise RemoteDisconnected("Remote end closed connection without"
urllib3.exceptions.ProtocolError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/main.py", line 1529, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/main.py", line 130, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/client.py", line 452, in obtain_certificate
cert, chain = self.obtain_certificate_from_csr(csr, orderr)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/client.py", line 342, in obtain_certificate_from_csr
orderr = self.acme.finalize_order(
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/acme/client.py", line 279, in finalize_order
self.begin_finalization(orderr)
File "/snap/certbot/4325/lib/python3.12/site-packages/acme/client.py", line 230, in begin_finalization
res = self._post(orderr.body.finalize, wrapped_csr)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/acme/client.py", line 370, in _post
return self.net.post(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/acme/client.py", line 743, in post
return self._post_once(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/acme/client.py", line 755, in _post_once
response = self._send_request('POST', url, data=data, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/acme/client.py", line 652, in _send_request
response = self.session.request(method, url, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/requests/sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/requests/sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/requests/adapters.py", line 682, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))

2025-01-28 19:33:26,804:DEBUG:certbot._internal.display.obj:Notifying user:

2025-01-28 19:33:26,805:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2025-01-28 19:33:26,805:ERROR:certbot._internal.renewal: /etc/letsencrypt/live/webshare.sxces.com/fullchain.pem (failure)
2025-01-28 19:33:26,805:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2025-01-28 19:33:26,805:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/4325/bin/certbot", line 8, in
sys.exit(main())
^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/main.py", line 1873, in main
return config.func(config, plugins)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/main.py", line 1621, in renew
renewed_domains, failed_domains = renewal.handle_renewal_request(config)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/lib/python3.12/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request
raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2025-01-28 19:33:26,806:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)

Well, that's interesting and I am not sure what to suggest.

Below is the key part of the log. The "RemoteDisconnected..." message happens after the POST to the Finalize endpoint. The challenges were successful so LE is reaching your domain just fine. And you generally talk to the LE API just fine to have gotten this far.

I remember some time back a problem someone had with Finalize was related to their MTU or some network routing problem. I don't remember exactly what. The Finalize packet is larger than the others and had something to do with that.

In your case it might not be networking given acme.sh got a cert and presumably its Finalize packet would be the same size.

@Osiris or @petercooperjr do you remember or know what this could be? Sorry if you weren't involved in those prior but I thought you might be. Thanks

2025-01-28 19:30:08,260:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/finalize/667869176/347289507865:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjY3ODY5MTc2IiwgIm5vbmNlIjogIlo2YXVVWHV1WWxpZWdYSkR4bFFjalluaHo1cEtGaXhI
(... trimmed for brevity ...)
File "/snap/certbot/4325/usr/lib/python3.12/http/client.py", line 1428, in getresponse
response.begin()
File "/snap/certbot/4325/usr/lib/python3.12/http/client.py", line 331, in begin
version, status, reason = self._read_status()
^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4325/usr/lib/python3.12/http/client.py", line 300, in _read_status
raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response

I do vaguely remember issues with Finalize that didn't happen with other calls, but I don't remember a specific smoking gun on what to do with them. I think we might have recommended trying some other CAs, and if one of those worked then narrowing down the problem became less of a priority. Definitely worth checking for MTU/MSS issues, and making sure that ICMP messages for path MTU discovery aren't being blocked. I don't remember what test sites to look for them might be recommended nowadays.

Could be MTU related indeed. The CSR that's being send in that POST is relatively large.

Not sure how that would result in a disconnect from the remote end though.

Yeah, might be some kind of firewall trying to be too clever as well.

Here are links to some other reports of issues specific to breaking on the finalize step, though I don't think there was really much of a resolution of them, other than one case where it was the hypervisor network card emulation or something?

Ok, but why is acme.sh working?
The underlaying protocol should be the same.
I will make some additional tests with MTU size.

Which CA were you using with acme.sh? It uses ZeroSSL by default. (To be clear, I don't know why one CA would work and another not, it's just something else that can be different.)

Censys shows one production LE cert issued about 5H ago and two earlier today from Staging. Sure, it's possible acme.sh cert was from another CA and isn't posted to Censys yet but somehow a production LE cert got issued.

The production LE cert is ECDSA (presumably from acme.sh). One Staging is RSA the other ECDSA. Any chance this affects Finalize packet?

If it's some kind of packet size issue, then an ECDSA CSR being smaller than an RSA one could possibly make it more likely to work. I thought that both certbot and acme.sh defaulted to P-256 ECDSA though. I'm really grasping at straws, though. I think one would need an actual packet capture, possibly from multiple places in the network flow to try to track down which device is not getting the response or closing the connection or whatever.

I think Certbot retains the kind from earlier issuances. A new Certbot would default to ECDSA same as acme.sh

@Guenter1 You could try changing the Certbot renewal profile using these steps: User Guide — Certbot 3.2.0.dev0 documentation

I made a quick test:
--key-type rsa (default): failed again
--key-type ecdsa: works!!!!
Thats a really good finish for a very long day!