My domain is: api.pictalk.xyz
I ran this command: certbot certonly --webroot -w '/captain-webroot/api.pictalk.xyz' -d 'api.pictalk.xyz'
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for api.pictalk.xyz
Using the webroot path /captain-webroot/api.pictalk.xyz for all unmatched domains.
Waiting for verification...
Challenge failed for domain api.pictalk.xyz
http-01 challenge for api.pictalk.xyz
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: api.pictalk.xyz
Type: dns
Detail: DNS problem: SERVFAIL looking up A for api.pictalk.xyz -
the domain's nameservers may be malfunctioning
My web server is (include version): Docker nginx:1-alpine
The operating system my web server runs on is (include version): Ubuntu 18.04 BUT it's all dockerized
My hosting provider, if applicable, is: Digital Ocean, DNS is Namecheap
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
I'm using the very good PaaS https://caprover.com/
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): v1.6
CONTEXT:
I had this domain up and running since 6-7months. All was running smoothly.
But on the april the 20th te renewal of the certificate occurred during Namecheap DNS maitenance.. Since then I always have this error even if I didn't changed my setup since 6 months!
What I have tried:
- Cleaning the cache of the host machine
- Delete the certificate (with certbot & deleting files in the filesystem)
- Rebooting the host machine
- Adding the domain to another container and test if certificate could be created (it wasn't)
- Wait for DNS changes ... ( api.pictalk.yz has the right IP addr)
link to my github issue on Caprover:
https://github.com/caprover/caprover/issues/1089
2021-04-21 15:33:43,802:DEBUG:certbot._internal.main:certbot version: 1.6.0
2021-04-21 15:33:43,803:DEBUG:certbot._internal.main:Arguments: ['--webroot', '-w', '/captain-webroot/api.pictalk.xyz', '-d', 'api.pictalk.xyz']
2021-04-21 15:33:43,803:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-04-21 15:33:43,822:DEBUG:certbot._internal.log:Root logging level set at 20
2021-04-21 15:33:43,822:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-04-21 15:33:43,824:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2021-04-21 15:33:43,828:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f611448fdc0>
Prep: True
2021-04-21 15:33:43,828:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f611448fdc0> and installer None
2021-04-21 15:33:43,828:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-04-21 15:33:43,833:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/87421455', new_authzr_uri=None, terms_of_service=None), 8d0903c7c3ce2aa9f22fe6ae92185270, Meta(creation_dt=datetime.datetime(2020, 5, 29, 11, 13, 31, tzinfo=<UTC>), creation_host='ef55cb490d00', register_to_eff=None))>
2021-04-21 15:33:43,833:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-04-21 15:33:43,835:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-04-21 15:33:44,348:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-04-21 15:33:44,348:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 21 Apr 2021 15:33:44 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"mj7EeLJ2PFY": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-04-21 15:33:44,397:INFO:certbot._internal.main:Obtaining a new certificate
2021-04-21 15:33:44,634:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/7506_key-certbot.pem
2021-04-21 15:33:44,710:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/7506_csr-certbot.pem
2021-04-21 15:33:44,711:DEBUG:acme.client:Requesting fresh nonce
2021-04-21 15:33:44,711:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-04-21 15:33:44,838:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-04-21 15:33:44,839:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 21 Apr 2021 15:33:44 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104ilHW92xuqs96G6iwQwizjmSDIQXvwe7oOMm24n8zYjk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2021-04-21 15:33:44,839:DEBUG:acme.client:Storing nonce: 0104ilHW92xuqs96G6iwQwizjmSDIQXvwe7oOMm24n8zYjk
2021-04-21 15:33:44,839:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "api.pictalk.xyz"\n }\n ]\n}'
2021-04-21 15:33:44,841:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODc0MjE0NTUiLCAibm9uY2UiOiAiMDEwNGlsSFc5Mnh1cXM5Nkc2aXdRd2l6am1TRElRWHZ3ZTdvT01tMjRuOHpZamsiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "R54Z5JgoTQ10nIxwcyy8ETyWSEWSRp6XlZ9faJ_JPA86u4SN2qhtLKUTGE068vMJD8D0bT00XTK3UaUk7JxLBzCO5ow8FhxP6ZGFSE03RI2w3fuTZoSD-_DnKyBuM3b_lTSIapiCMYYrq52kgO309J3wbPQIsxY4IQS0P1QVGgCB9Tx6zoB1x6gy7d6dactLxkx082j7FQ9a3TBtMKW0FP3mtkftvoCEMy3kOrbDiyu4nzwsXxstXxY9SpseeJrtP7_9cMW0WMBkhL7u2zWusHFtHa1iMryxmbv8Zi1gTS4i3DsiYj2p-uLsnK83ET0u2-Hk71xzK_qpL3cqcP7QHA",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImFwaS5waWN0YWxrLnh5eiIKICAgIH0KICBdCn0"
}
2021-04-21 15:33:45,113:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 336
2021-04-21 15:33:45,114:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 21 Apr 2021 15:33:45 GMT
Content-Type: application/json
Content-Length: 336
Connection: keep-alive
Boulder-Requester: 87421455
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/87421455/9206777412
Replay-Nonce: 0104qFaIDN5xzNEU7elu_gcrGGfieOACPHsxJ2ReaGifNi8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2021-04-28T15:33:45Z",
"identifiers": [
{
"type": "dns",
"value": "api.pictalk.xyz"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/12512922097"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/87421455/9206777412"
}
2021-04-21 15:33:45,114:DEBUG:acme.client:Storing nonce: 0104qFaIDN5xzNEU7elu_gcrGGfieOACPHsxJ2ReaGifNi8
2021-04-21 15:33:45,115:DEBUG:acme.client:JWS payload:
b''
2021-04-21 15:33:45,116:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/12512922097:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODc0MjE0NTUiLCAibm9uY2UiOiAiMDEwNHFGYUlETjV4ek5FVTdlbHVfZ2NyR0dmaWVPQUNQSHN4SjJSZWFHaWZOaTgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzEyNTEyOTIyMDk3In0",
"signature": "37KuBUeWHuFBrzQaGxHTgE2gdoC_1WQMOZIT2bVXWn0KS9SVkUQ6GpIs497c8LvZpUQ6qrYta1vMpxF8FLjvyiiR4yFaACqof7z5yMQzIRJnUNdKP2o09yM5UrQhfaH6WOZzSDTkmAiyKDovhZ67o6_Aiat6FJkkG8m5I-rVkbdk0ha0j6jQfE2XDckN1Br8AUVv6Kk5BnnPBA4zxD9Sp8Bg1sOp-S0X6J-wCnH7B0SqiubD7vX7C-fV4ONbMEuBJuRKoEEUS69yVsY1nPgFP0Fra1-jA72GKKD_P7hToFdYwE4mLemKBl4szwQUFGCmPlADNU1ovQM6680EgrXbeg",
"payload": ""
}
2021-04-21 15:33:45,270:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/12512922097 HTTP/1.1" 200 796
2021-04-21 15:33:45,271:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 21 Apr 2021 15:33:45 GMT
Content-Type: application/json
Content-Length: 796
Connection: keep-alive
Boulder-Requester: 87421455
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104Iyr1Gix9F3UZYQ3ednV3D0JtG4xELHJpCX0yFvJaMDQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "api.pictalk.xyz"
},
"status": "pending",
"expires": "2021-04-28T15:33:45Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/12512922097/aZVukg",
"token": "6miqCOUaAcsZv1_wmr8ugF9F9GPLRdlm3QfFot58m9c"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/12512922097/U4d9Zw",
"token": "6miqCOUaAcsZv1_wmr8ugF9F9GPLRdlm3QfFot58m9c"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/12512922097/MI2hcA",
"token": "6miqCOUaAcsZv1_wmr8ugF9F9GPLRdlm3QfFot58m9c"
}
]
}
2021-04-21 15:33:45,271:DEBUG:acme.client:Storing nonce: 0104Iyr1Gix9F3UZYQ3ednV3D0JtG4xELHJpCX0yFvJaMDQ
2021-04-21 15:33:45,272:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-04-21 15:33:45,273:INFO:certbot._internal.auth_handler:http-01 challenge for api.pictalk.xyz
2021-04-21 15:33:45,274:INFO:certbot._internal.plugins.webroot:Using the webroot path /captain-webroot/api.pictalk.xyz for all unmatched domains.
2021-04-21 15:33:45,275:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /captain-webroot/api.pictalk.xyz/.well-known/acme-challenge
2021-04-21 15:33:45,278:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /captain-webroot/api.pictalk.xyz/.well-known/acme-challenge/6miqCOUaAcsZv1_wmr8ugF9F9GPLRdlm3QfFot58m9c
2021-04-21 15:33:45,278:INFO:certbot._internal.auth_handler:Waiting for verification...
2021-04-21 15:33:45,279:DEBUG:acme.client:JWS payload:
b'{}'
2021-04-21 15:33:45,281:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/12512922097/aZVukg:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODc0MjE0NTUiLCAibm9uY2UiOiAiMDEwNEl5cjFHaXg5RjNVWllRM2VkblYzRDBKdEc0eEVMSEpwQ1gweUZ2SmFNRFEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzEyNTEyOTIyMDk3L2FaVnVrZyJ9",
"signature": "MUBPjfaQU5fHaNYD5qimjneRfSypC8Ef7zQPSlzQC25mAXeBCzS3Cg5jh6RAQoZ6Dt13LnX1UjWPY4HPPilF85TUvXMV3Ci4bWEZ113TrqrxprGcDA7Mzlu31pRVYFuRpN8F3sQ7okcZGzTrzT6uNDyWG3RqjetN1-IcDBlC40X7jyk2wg7T16SBozWAzgWvLYEfZ31W4fEjxuUWYFyLPeWNfxwjxcQtY70TfGLVolfK5wdUcTZCG1c4uWdrnLZYVZHKEvb1rZyrb7xi7xfdAPvJUhDf9fOgnEDsI_OxBv4oCF4pHjFuIC_QlEeLbyydNwno4FquRCVvdez6MW1gig",
"payload": "e30"
}
2021-04-21 15:33:45,448:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/12512922097/aZVukg HTTP/1.1" 200 186
2021-04-21 15:33:45,449:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 21 Apr 2021 15:33:45 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 87421455
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/12512922097>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/12512922097/aZVukg
Replay-Nonce: 0103DLGRiZawAbHxUTfQza2UJA8ndiiQghjCc0aSvTGPfac
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/12512922097/aZVukg",
"token": "6miqCOUaAcsZv1_wmr8ugF9F9GPLRdlm3QfFot58m9c"
}
2021-04-21 15:33:45,449:DEBUG:acme.client:Storing nonce: 0103DLGRiZawAbHxUTfQza2UJA8ndiiQghjCc0aSvTGPfac
2021-04-21 15:33:46,451:DEBUG:acme.client:JWS payload:
b''
2021-04-21 15:33:46,453:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/12512922097:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODc0MjE0NTUiLCAibm9uY2UiOiAiMDEwM0RMR1JpWmF3QWJIeFVUZlF6YTJVSkE4bmRpaVFnaGpDYzBhU3ZUR1BmYWMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzEyNTEyOTIyMDk3In0",
"signature": "g2irYDHhPSMP-sBeFFNlrYSXomYZ3_5W7gY0YrM6jOsff6ecDwCDYiHCGvb-30xRhvP2b_Yjh830Rrpk2SG-9pbX-AcOdWllg1gpMCTfveWaQ0ahqyarvWmpGwXdKa1H2KuO0fxRZrnBVT2DUFIXLH5aYtoZCcWrpE-yfMFrY7d7lZw68HtUJ4z48l_V5H9nD3TM6CNWp17I2ZM8YDIs010GxP4HooRnm_Sd40UkmQVNBi4eojcOy7hWHT1fsOw3Cpr9C92hSQlySjOfEZsluQ9lsuk2DNb60gUPyEgUcxB-6lEvtpeO9CXvNHss5JniV-OhLv0o_lNCD7pcpfcEKg",
"payload": ""
}
2021-04-21 15:33:46,608:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/12512922097 HTTP/1.1" 200 635
2021-04-21 15:33:46,608:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 21 Apr 2021 15:33:46 GMT
Content-Type: application/json
Content-Length: 635
Connection: keep-alive
Boulder-Requester: 87421455
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104ev7kv9dhWnllBhCkiE45ejfUU8SOEX0rUofQzA8sYB0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "api.pictalk.xyz"
},
"status": "invalid",
"expires": "2021-04-28T15:33:45Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:dns",
"detail": "DNS problem: SERVFAIL looking up A for api.pictalk.xyz - the domain's nameservers may be malfunctioning",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/12512922097/aZVukg",
"token": "6miqCOUaAcsZv1_wmr8ugF9F9GPLRdlm3QfFot58m9c",
"validated": "2021-04-21T15:33:45Z"
}
]
}
2021-04-21 15:33:46,608:DEBUG:acme.client:Storing nonce: 0104ev7kv9dhWnllBhCkiE45ejfUU8SOEX0rUofQzA8sYB0
2021-04-21 15:33:46,609:WARNING:certbot._internal.auth_handler:Challenge failed for domain api.pictalk.xyz
2021-04-21 15:33:46,610:INFO:certbot._internal.auth_handler:http-01 challenge for api.pictalk.xyz
2021-04-21 15:33:46,611:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:
Domain: api.pictalk.xyz
Type: dns
Detail: DNS problem: SERVFAIL looking up A for api.pictalk.xyz - the domain's nameservers may be malfunctioning
2021-04-21 15:33:46,611:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-04-21 15:33:46,611:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-04-21 15:33:46,611:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-04-21 15:33:46,612:DEBUG:certbot._internal.plugins.webroot:Removing /captain-webroot/api.pictalk.xyz/.well-known/acme-challenge/6miqCOUaAcsZv1_wmr8ugF9F9GPLRdlm3QfFot58m9c
2021-04-21 15:33:46,612:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2021-04-21 15:33:46,613:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 11, in <module>
load_entry_point('certbot', 'console_scripts', 'certbot')()
File "/opt/certbot/src/certbot/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1353, in main
return config.func(config, plugins)
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1237, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 418, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 351, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 398, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-04-21 15:33:46,614:ERROR:certbot._internal.log:Some challenges have failed.