Certbout-auto returning "unauthorized" and not issuing a cert via ISPConfig 3.1

matthewobrn · August 29, 2016, 8:04am

I recently set up a server following the perfect server guide for Debian Jessia and ISPconfig 3.1.

It's running on a banana pi m3 with Debian jessie.

I am hosting 3 domains
matthewobrn.com

meldp.com.au

The webserver is apach2
The operating system is debian jessie

I can log into the console and run sudo commands.

I have also tested this toutorial on a fresh Vmware workstation and it worked successfully.

I have also posted the letsencrypt.log

2016-08-29 07:25:14,645:DEBUG:certbot.main:Root logging level set at 30
2016-08-29 07:25:14,649:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-08-29 07:25:14,653:WARNING:certbot.cli:You are running with an old copy of letsencrypt-auto that does not receive updates, and is less reliable than more recent versions. We recommend upgrading to the latest certbot-auto script, or using native OS packages.
2016-08-29 07:25:14,653:DEBUG:certbot.main:certbot version: 0.8.1
2016-08-29 07:25:14,654:DEBUG:certbot.main:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v01.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', 'postmaster@meldp.com.au', '--domains', 'meldp.com.au', '--webroot-path', '/usr/local/ispconfig/interface/acme']
2016-08-29 07:25:14,658:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-08-29 07:25:14,660:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2016-08-29 07:25:14,680:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0xb5f90910>
Prep: True
2016-08-29 07:25:14,685:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0xb5f90910> and installer None
2016-08-29 07:25:16,155:DEBUG:certbot.main:Picked account: <Account(a855594acdf72a1943c9b2d685c6479c)>
2016-08-29 07:25:16,165:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2016-08-29 07:25:16,183:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-08-29 07:25:18,519:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 280
2016-08-29 07:25:18,525:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '280', 'Expires': 'Mon, 29 Aug 2016 07:25:18 GMT', 'Boulder-Request-Id': 'IDcRIbDXtkzeYgjVIybhMG4IMRge7zzQTWJTw3jeIpI', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Mon, 29 Aug 2016 07:25:18 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'rMtFHDLS_dY8QqibGeO4oHApq-CGsTdo7uN3b0fhlxA'}. Content: '{\n "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
2016-08-29 07:25:18,527:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '280', 'Expires': 'Mon, 29 Aug 2016 07:25:18 GMT', 'Boulder-Request-Id': 'IDcRIbDXtkzeYgjVIybhMG4IMRge7zzQTWJTw3jeIpI', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Mon, 29 Aug 2016 07:25:18 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'rMtFHDLS_dY8QqibGeO4oHApq-CGsTdo7uN3b0fhlxA'}): '{\n "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
2016-08-29 07:25:18,534:DEBUG:root:Requesting fresh nonce
2016-08-29 07:25:18,535:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2016-08-29 07:25:19,059:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2016-08-29 07:25:19,061:DEBUG:root:Received <Response [405]>. Headers: {'Content-Length': '91', 'Pragma': 'no-cache', 'Boulder-Request-Id': 'u1ftQXmoqyW78yTFzK35gbpb_7R6aKNAqIcxtsuYsnY', 'Expires': 'Mon, 29 Aug 2016 07:25:18 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow': 'POST', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Mon, 29 Aug 2016 07:25:18 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'm_2v14yrip7kTK4CHhpxTHSVR0vu3cxqYV4EojxjJtY'}. Content: ''
2016-08-29 07:25:19,062:DEBUG:acme.client:Storing nonce: '\x9b\xfd\xaf\xd7\x8c\xab\x8a\x9e\xe4L\xae\x02\x1e\x1aqLt\x95GK\xee\xdd\xccja^\x04\xa2<c&\xd6'
2016-08-29 07:25:19,067:DEBUG:acme.jose.json_util:Omitted empty fields: combinations=None, expires=None, status=None, challenges=None
2016-08-29 07:25:19,068:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "meldp.com.au"}, "resource": "new-authz"}
2016-08-29 07:25:19,089:DEBUG:acme.jose.json_util:Omitted empty fields: x5u=None, x5c=(), crit=(), cty=None, x5tS256=None, jku=None, alg=None, jwk=None, kid=None, x5t=None, typ=None
2016-08-29 07:25:19,353:DEBUG:acme.jose.json_util:Omitted empty fields: x5u=None, x5c=(), crit=(), cty=None, x5tS256=None, jku=None, nonce=None, typ=None, kid=None, x5t=None
2016-08-29 07:25:19,355:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wETE-IQTch3Hr5OBSedsHJnrHHJZbSRbDazL1U_r-2IqifdURsBzi6RryyW8GqjLfSTMTrpnwTppt7NQIWZRoFr3VvjMCF35QOV6pSrSoTVmyW6JyCe_m8OIEfDA8s3mui79YZqGlC2UnPeCLiaN8ksVUFQN1RP0SVyRaUMni4I6CrCBbafwaKNxRfhNzfLqGAO7vbw_Ddcj-qw32Y-WT0BO3931WciKN0bYPoWHRpIe6oNXBy4EXYYoUxKjNhmr7uhZUIylwdPIJqf26iIIGe6o54UYVYuMCQqOy7mt6CVtB8quTDp4n1EGFQqATCSIIQrmTzWMgA3kWKBUvxpgM4JndKqAZ0yG7u-GJtHfGu0RMtlS8nkQK6_-VyuiNj7n9WeuiY5ofiUzyUeAQSc3cxZOKfZN2sAMPZ0mNeWZ2ewUx9Hr3hVPHei_jmdNRXnfog08sNlktVCNGGQgNO0WURBr8oYI7QFUTYM2cAwCZYabctWixLxKIiRGl2soBQHilP5AnfNGjw0xmgcSgbmyurWUMFQwwaIEcZs36akJ3oHw8773ZI5hyXAUxCaQbZr1l4ITRAxWO85gusyQrkhmAf_ByXeZDdbFbtE2ZnP4euKONfEqzjapnWCKiAINLD2HhF9FG_gpNI86DzMilvfAuelBif8wJLe4V4hxpTxo-VM"}}, "protected": "eyJub25jZSI6ICJtXzJ2MTR5cmlwN2tUSzRDSGhweFRIU1ZSMHZ1M2N4cVlWNEVvanhqSnRZIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJtZWxkcC5jb20uYXUifSwgInJlc291cmNlIjogIm5ldy1hdXRoeiJ9", "signature": "Q53BZliKFQJoR96df5WAzp_2lpZxTXIp_76bETKS2orf0_7al_TloNJrdNRCm3Jm880EYc1B0rby9Ge3IVjZwt9OtIKF6rZNpmo6tI84pnMv92zrhxUc-Z28DlsMp_anKYdZpGVJvuNGiV48w6tTwKUwI9626UKaYzMOakf-HJB-mDHJo-WmnQf4004GCKDRJyy7A-U1d54A7aBTQPGdJA4-yHor-DtsybPnV6Jmpry_xtODSdjDxohDZAPCD8XRUNByJqmpjCllr36kWcDUPLQ6S9asnI9-AbQKwtz0stsHF-iqcrAotTX_f82UtzOq64iIOeuc3Efbb6anJSLi03Z-WnYJJnZQR4BZqVk9KGQK4eSuTMW8HcQATbOTBRb8RVilz5KJEfSn9jCtjrz1TlQ6nOnUysr7vjaWDJ2ePJFrNkGqM5sbdnBpnVCCXaT8HpIUZUOZwZaLq_1RIo-WX9I0-ylxhDj1FwPDG8VmkWYWTb-gZ-W1QlxpQXyb0w1iAz_qPDieixEI_enPKo0kX0lkb2zaIsknnGwMl7UF-NVNrgFGPP9djMIBdC583WFToJGO1Ig3PBFA9-2riRmiTIxHvwldzuhUI8sxAtGV0YgeNFE98FPOKDggL-p0LAlQ477yuogjwxdLJrHcnIJWIbB2gS2d4xmnAQrMpJSv9Og"}'}
2016-08-29 07:25:19,932:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 997
2016-08-29 07:25:19,938:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '997', 'Expires': 'Mon, 29 Aug 2016 07:25:19 GMT', 'Boulder-Request-Id': 'R2S_rk18Dm3AyYCeHFkGeXhR5gRZorq62Os3lfhlmVE', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': 'https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I', 'Pragma': 'no-cache', 'Boulder-Requester': '3729492', 'Date': 'Mon, 29 Aug 2016 07:25:19 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'u7TEraXEt0Gp1Xf2UAcA8h9JAXAvaYc8HWhavqfGR0Q'}. Content: '{\n "identifier": {\n "type": "dns",\n "value": "meldp.com.au"\n },\n "status": "pending",\n "expires": "2016-09-05T07:25:19.649370797Z",\n "challenges": [\n {\n "type": "dns-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I/248496876",\n "token": "z-NA9Wx7Uhnia6tBQiswsGjLqR0c61wPaxTbJHgXRqI"\n },\n {\n "type": "http-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I/248496877",\n "token": "OJGSLh91KgtJB3FPiB9voXonido53WGRDLOm2njxAlk"\n },\n {\n "type": "tls-sni-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I/248496878",\n "token": "t1sCW87cCJ92zOk4ThR_ucOdutYwnG3Q2jguVBCwap8"\n }\n ],\n "combinations": [\n [\n 0\n ],\n [\n 1\n ],\n [\n 2\n ]\n ]\n}'
2016-08-29 07:25:19,940:DEBUG:acme.client:Storing nonce: '\xbb\xb4\xc4\xad\xa5\xc4\xb7A\xa9\xd5w\xf6P\x07\x00\xf2\x1fI\x01p/i\x87<\x1dhZ\xbe\xa7\xc6GD'
2016-08-29 07:25:19,941:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '997', 'Expires': 'Mon, 29 Aug 2016 07:25:19 GMT', 'Boulder-Request-Id': 'R2S_rk18Dm3AyYCeHFkGeXhR5gRZorq62Os3lfhlmVE', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': 'https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I', 'Pragma': 'no-cache', 'Boulder-Requester': '3729492', 'Date': 'Mon, 29 Aug 2016 07:25:19 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'u7TEraXEt0Gp1Xf2UAcA8h9JAXAvaYc8HWhavqfGR0Q'}): '{\n "identifier": {\n "type": "dns",\n "value": "meldp.com.au"\n },\n "status": "pending",\n "expires": "2016-09-05T07:25:19.649370797Z",\n "challenges": [\n {\n "type": "dns-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I/248496876",\n "token": "z-NA9Wx7Uhnia6tBQiswsGjLqR0c61wPaxTbJHgXRqI"\n },\n {\n "type": "http-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I/248496877",\n "token": "OJGSLh91KgtJB3FPiB9voXonido53WGRDLOm2njxAlk"\n },\n {\n "type": "tls-sni-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I/248496878",\n "token": "t1sCW87cCJ92zOk4ThR_ucOdutYwnG3Q2jguVBCwap8"\n }\n ],\n "combinations": [\n [\n 0\n ],\n [\n 1\n ],\n [\n 2\n ]\n ]\n}'
2016-08-29 07:25:19,947:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'z-NA9Wx7Uhnia6tBQiswsGjLqR0c61wPaxTbJHgXRqI', u'type': u'dns-01', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I/248496876'}
2016-08-29 07:25:19,952:INFO:certbot.auth_handler:Performing the following challenges:
2016-08-29 07:25:19,954:INFO:certbot.auth_handler:http-01 challenge for meldp.com.au
2016-08-29 07:25:19,955:INFO:certbot.plugins.webroot:Using the webroot path /usr/local/ispconfig/interface/acme for all unmatched domains.
2016-08-29 07:25:19,956:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
2016-08-29 07:25:20,015:DEBUG:certbot.plugins.webroot:Attempting to save validation to /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/OJGSLh91KgtJB3FPiB9voXonido53WGRDLOm2njxAlk
2016-08-29 07:25:20,018:INFO:certbot.auth_handler:Waiting for verification...
2016-08-29 07:25:20,019:DEBUG:acme.client:Serialized JSON: {"keyAuthorization": "OJGSLh91KgtJB3FPiB9voXonido53WGRDLOm2njxAlk.ppqvRBIqymhB47y8oHjEu7JoZG2DXBEc0fZH3z2Rzdk", "type": "http-01", "resource": "challenge"}
2016-08-29 07:25:20,039:DEBUG:acme.jose.json_util:Omitted empty fields: x5u=None, x5c=(), crit=(), cty=None, x5tS256=None, jku=None, alg=None, jwk=None, kid=None, x5t=None, typ=None
2016-08-29 07:25:20,304:DEBUG:acme.jose.json_util:Omitted empty fields: x5u=None, x5c=(), crit=(), cty=None, x5tS256=None, jku=None, nonce=None, typ=None, kid=None, x5t=None
2016-08-29 07:25:20,306:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I/248496877. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wETE-IQTch3Hr5OBSedsHJnrHHJZbSRbDazL1U_r-2IqifdURsBzi6RryyW8GqjLfSTMTrpnwTppt7NQIWZRoFr3VvjMCF35QOV6pSrSoTVmyW6JyCe_m8OIEfDA8s3mui79YZqGlC2UnPeCLiaN8ksVUFQN1RP0SVyRaUMni4I6CrCBbafwaKNxRfhNzfLqGAO7vbw_Ddcj-qw32Y-WT0BO3931WciKN0bYPoWHRpIe6oNXBy4EXYYoUxKjNhmr7uhZUIylwdPIJqf26iIIGe6o54UYVYuMCQqOy7mt6CVtB8quTDp4n1EGFQqATCSIIQrmTzWMgA3kWKBUvxpgM4JndKqAZ0yG7u-GJtHfGu0RMtlS8nkQK6_-VyuiNj7n9WeuiY5ofiUzyUeAQSc3cxZOKfZN2sAMPZ0mNeWZ2ewUx9Hr3hVPHei_jmdNRXnfog08sNlktVCNGGQgNO0WURBr8oYI7QFUTYM2cAwCZYabctWixLxKIiRGl2soBQHilP5AnfNGjw0xmgcSgbmyurWUMFQwwaIEcZs36akJ3oHw8773ZI5hyXAUxCaQbZr1l4ITRAxWO85gusyQrkhmAf_ByXeZDdbFbtE2ZnP4euKONfEqzjapnWCKiAINLD2HhF9FG_gpNI86DzMilvfAuelBif8wJLe4V4hxpTxo-VM"}}, "protected": "eyJub25jZSI6ICJ1N1RFcmFYRXQwR3AxWGYyVUFjQThoOUpBWEF2YVljOEhXaGF2cWZHUjBRIn0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogIk9KR1NMaDkxS2d0SkIzRlBpQjl2b1hvbmlkbzUzV0dSRExPbTJuanhBbGsucHBxdlJCSXF5bWhCNDd5OG9IakV1N0pvWkcyRFhCRWMwZlpIM3oyUnpkayIsICJ0eXBlIjogImh0dHAtMDEiLCAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIn0", "signature": "isoEzF9Mxr_DhZsAImP8DDn3QfUU6G7jKJ96CBX7maYDAvAaUijq7M6WojFefe_ARvwKzAvBGpl-KFXMFhm2VEWMfhttyTx3s7BH0nEqrKZk6Opic2JuIt1_z2oVoe9qOlj5lsokTFtw6P3oKFgXNuHlpxBNXj5FHUvULVjpuNAnNMwrai2i8nQrHFfm0X9WTHkfJVGDhmO6mNzlFoV80IzVVosWIOz2YBzM9uGYO27UiVOBTbOT6x_iA-Yyuj1Gmu7xtZfO56lv2yg_7xzPP1zIbQhoxq3poq8IZAxc3oP1ROx6VQPQdgBz73BxLgswTZi9jqCNPhNcehc5VfOLmaH0oj6xdxfhOfWrPhgcCsaY2U1mCxdZmRhF2BD5DKqyGvtmujbXesKP0KGaj-353--0wBRCpFxFGrHry-s-8loH8-3pqUd1Y-J8J7ULs8pQaCZ-y919CoKDmqeocVE4Ni8RjGdtl0eTrLsTK8Y9UdXg5ysv2ezOV3f0hP6TjnL5A66RZEkN-BqwV6MArft_w3FANgIz2BtrzJddfJ_v2dmpolHwCuefR9UVZN09sAMD5TnurYwz0yfOSo5MDl_m4OwR6waqRiIMRvUHy464okiEh93_CzyL6WBUmTAA8VDYFsEoZOOue7yM9aJt-AmR5Rtn778dImJ1bCD23iPzs7I"}'}
2016-08-29 07:25:20,870:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I/248496877 HTTP/1.1" 202 335
2016-08-29 07:25:20,873:DEBUG:root:Received <Response [202]>. Headers: {'Content-Length': '335', 'Boulder-Request-Id': 'PjcTY2raGcSkJPYfSPCXi_Fv8RMAlpMK05KCLctL4Ec', 'Expires': 'Mon, 29 Aug 2016 07:25:20 GMT', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': 'https://acme-v01.api.letsencrypt.org/acme/authz/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I;rel="up"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/challenge/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I/248496877', 'Pragma': 'no-cache', 'Boulder-Requester': '3729492', 'Date': 'Mon, 29 Aug 2016 07:25:20 GMT', 'Content-Type': 'application/json', 'Replay-Nonce': 'AtezvV0S9Ka62CXcuXK1AXcZW6nb1avwI2UyaS_ShA0'}. Content: '{\n "type": "http-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I/248496877",\n "token": "OJGSLh91KgtJB3FPiB9voXonido53WGRDLOm2njxAlk",\n "keyAuthorization": "OJGSLh91KgtJB3FPiB9voXonido53WGRDLOm2njxAlk.ppqvRBIqymhB47y8oHjEu7JoZG2DXBEc0fZH3z2Rzdk"\n}'
2016-08-29 07:25:20,874:DEBUG:acme.client:Storing nonce: '\x02\xd7\xb3\xbd]\x12\xf4\xa6\xba\xd8%\xdc\xb9r\xb5\x01w\x19[\xa9\xdb\xd5\xab\xf0#e2i/\xd2\x84\r'
2016-08-29 07:25:20,875:DEBUG:acme.client:Received response <Response [202]> (headers: {'Content-Length': '335', 'Boulder-Request-Id': 'PjcTY2raGcSkJPYfSPCXi_Fv8RMAlpMK05KCLctL4Ec', 'Expires': 'Mon, 29 Aug 2016 07:25:20 GMT', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': 'https://acme-v01.api.letsencrypt.org/acme/authz/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I;rel="up"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/challenge/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I/248496877', 'Pragma': 'no-cache', 'Boulder-Requester': '3729492', 'Date': 'Mon, 29 Aug 2016 07:25:20 GMT', 'Content-Type': 'application/json', 'Replay-Nonce': 'AtezvV0S9Ka62CXcuXK1AXcZW6nb1avwI2UyaS_ShA0'}): '{\n "type": "http-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I/248496877",\n "token": "OJGSLh91KgtJB3FPiB9voXonido53WGRDLOm2njxAlk",\n "keyAuthorization": "OJGSLh91KgtJB3FPiB9voXonido53WGRDLOm2njxAlk.ppqvRBIqymhB47y8oHjEu7JoZG2DXBEc0fZH3z2Rzdk"\n}'
2016-08-29 07:25:23,880:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I. args: (), kwargs: {}
2016-08-29 07:25:24,412:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I HTTP/1.1" 200 1837
2016-08-29 07:25:24,418:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '1837', 'Expires': 'Mon, 29 Aug 2016 07:25:24 GMT', 'Boulder-Request-Id': '6njQZQCykeLepxUcR-yjkHaXsafVlk3el74UYshOCL8', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': 'https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Mon, 29 Aug 2016 07:25:24 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'mplPVtv9f7SAV6iQ5OOXQQiKS7Vrs9fJrMZuRXcFmWA'}. Content: '{\n "identifier": {\n "type": "dns",\n "value": "meldp.com.au"\n },\n "status": "invalid",\n "expires": "2016-09-05T07:25:19Z",\n "challenges": [\n {\n "type": "dns-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I/248496876",\n "token": "z-NA9Wx7Uhnia6tBQiswsGjLqR0c61wPaxTbJHgXRqI"\n },\n {\n "type": "http-01",\n "status": "invalid",\n "error": {\n "type": "urn:acme:error:unauthorized",\n "detail": "Invalid response from http://meldp.com.au/.well-known/acme-challenge/OJGSLh91KgtJB3FPiB9voXonido53WGRDLOm2njxAlk: \"\u003c!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\\"\\u003e\\n\\u003cht\\"",\n "status": 403\n },\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I/248496877",\n "token": "OJGSLh91KgtJB3FPiB9voXonido53WGRDLOm2njxAlk",\n "keyAuthorization": "OJGSLh91KgtJB3FPiB9voXonido53WGRDLOm2njxAlk.ppqvRBIqymhB47y8oHjEu7JoZG2DXBEc0fZH3z2Rzdk",\n "validationRecord": [\n {\n "url": "http://meldp.com.au/.well-known/acme-challenge/OJGSLh91KgtJB3FPiB9voXonido53WGRDLOm2njxAlk",\n "hostname": "meldp.com.au",\n "port": "80",\n "addressesResolved": [\n "122.151.149.134"\n ],\n "addressUsed": "122.151.149.134"\n }\n ]\n },\n {\n "type": "tls-sni-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I/248496878",\n "token": "t1sCW87cCJ92zOk4ThR_ucOdutYwnG3Q2jguVBCwap8"\n }\n ],\n "combinations": [\n [\n 0\n ],\n [\n 1\n ],\n [\n 2\n ]\n ]\n}'
2016-08-29 07:25:24,421:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '1837', 'Expires': 'Mon, 29 Aug 2016 07:25:24 GMT', 'Boulder-Request-Id': '6njQZQCykeLepxUcR-yjkHaXsafVlk3el74UYshOCL8', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': 'https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Mon, 29 Aug 2016 07:25:24 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'mplPVtv9f7SAV6iQ5OOXQQiKS7Vrs9fJrMZuRXcFmWA'}): '{\n "identifier": {\n "type": "dns",\n "value": "meldp.com.au"\n },\n "status": "invalid",\n "expires": "2016-09-05T07:25:19Z",\n "challenges": [\n {\n "type": "dns-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I/248496876",\n "token": "z-NA9Wx7Uhnia6tBQiswsGjLqR0c61wPaxTbJHgXRqI"\n },\n {\n "type": "http-01",\n "status": "invalid",\n "error": {\n "type": "urn:acme:error:unauthorized",\n "detail": "Invalid response from http://meldp.com.au/.well-known/acme-challenge/OJGSLh91KgtJB3FPiB9voXonido53WGRDLOm2njxAlk: \"\u003c!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\\"\\u003e\\n\\u003cht\\"",\n "status": 403\n },\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I/248496877",\n "token": "OJGSLh91KgtJB3FPiB9voXonido53WGRDLOm2njxAlk",\n "keyAuthorization": "OJGSLh91KgtJB3FPiB9voXonido53WGRDLOm2njxAlk.ppqvRBIqymhB47y8oHjEu7JoZG2DXBEc0fZH3z2Rzdk",\n "validationRecord": [\n {\n "url": "http://meldp.com.au/.well-known/acme-challenge/OJGSLh91KgtJB3FPiB9voXonido53WGRDLOm2njxAlk",\n "hostname": "meldp.com.au",\n "port": "80",\n "addressesResolved": [\n "122.151.149.134"\n ],\n "addressUsed": "122.151.149.134"\n }\n ]\n },\n {\n "type": "tls-sni-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I/248496878",\n "token": "t1sCW87cCJ92zOk4ThR_ucOdutYwnG3Q2jguVBCwap8"\n }\n ],\n "combinations": [\n [\n 0\n ],\n [\n 1\n ],\n [\n 2\n ]\n ]\n}'
2016-08-29 07:25:24,425:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'z-NA9Wx7Uhnia6tBQiswsGjLqR0c61wPaxTbJHgXRqI', u'type': u'dns-01', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/yBedDzMNZsKaaCqogY_TWCZTUkvR13uttFfFSw8Lx_I/248496876'}
2016-08-29 07:25:24,433:INFO:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: meldp.com.au
Type: unauthorized
Detail: Invalid response from http://meldp.com.au/.well-known/acme-challenge/OJGSLh91KgtJB3FPiB9voXonido53WGRDLOm2njxAlk: "
<ht"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
2016-08-29 07:25:24,434:INFO:certbot.auth_handler:Cleaning up challenges
2016-08-29 07:25:24,436:DEBUG:certbot.plugins.webroot:Removing /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/OJGSLh91KgtJB3FPiB9voXonido53WGRDLOm2njxAlk
2016-08-29 07:25:24,439:INFO:certbot.plugins.webroot:Unable to clean up challenge directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
2016-08-29 07:25:24,440:DEBUG:certbot.plugins.webroot:Error was: [Errno 39] Directory not empty: '/usr/local/ispconfig/interface/acme/.well-known/acme-challenge'
2016-08-29 07:25:24,458:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in
sys.exit(main())
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 744, in main
return config.func(config, plugins)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 555, in obtain_cert
_, action = _auth_from_domains(le_client, config, domains, lineage)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 94, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 276, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 247, in obtain_certificate
self.config.allow_subset_of_names)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 74, in get_authorizations
self._respond(resp, best_effort)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 131, in _respond
self._poll_challenges(chall_update, best_effort)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 195, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. meldp.com.au (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://meldp.com.au/.well-known/acme-challenge/OJGSLh91KgtJB3FPiB9voXonido53WGRDLOm2njxAlk: "
<ht"

pfg · August 29, 2016, 2:13pm

Are you certain that /usr/local/ispconfig/interface/acme is your webroot, i.e. the DocumentRoot of your apache instance? Do you have any .htaccess (or other) rules that would prevent a file in that directory from being served?

It looks like you’re serving HTML instead of the plaintext file right now. I’d recommend testing this manually by creating a file in /usr/local/ispconfig/interface/acme/.well-known/acme-challenge (or whatever your DocumentRoot is) and verifying you get that file back when you browse to it.

matthewobrn · August 30, 2016, 4:25am

Hi pfg,

Thanks for your response.

I created a duplicate install of the server configuration on my vmware workstation, using exactly the same tutorial, the only difference really is the architecture of the two instances.

certbot-auto works perfectly on the vmware

Anyway, after a lot of checking backwards the ispconfig.conf files had some significant differences.

I used the settings from the working ispconfig file and restarted the apache2 service and it all worked.

If was the first line in your reply that got me thinking to trace back where things were going wrong.

I served a new file to the /usr/local/ispconfig/interface/acme/.well-known… and initiated the certbot-auto script.

It supposedly served the files but the connection was being refused by the server, that’s when I started looking into the ispconfig.conf file.

Thanks
Matt

system · September 29, 2016, 4:25am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.