Certificate renewal issues

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.democracystriaghtup.org

I ran this command: certonly --reinstall --webroot --webroot-path=/var/www/certbot --staging --email democracy.straight.up@gmail.com --agree-tos --no-eff-email -d www.democracystraightup.org

My web server is (include version): nginx

The operating system my web server runs on is (include version): ubuntu

My hosting provider, if applicable, is: aws

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Output:

Attaching to certbot
certbot | Requesting a certificate for www.democracystraightup.org
certbot |
certbot | Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
certbot | Domain: www.democracystraightup.org
certbot | Type: connection
certbot | Detail: 52.45.15.71: Fetching http://www.democracystraightup.org/.well-known/acme-challenge/KVQliCb_AK0MdFlCOnCXPgvCg5QvZeOTYaDnj9c8Enk: Connection refused
certbot |
certbot | Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
certbot |
certbot | Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot | Some challenges have failed.
certbot | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

/var/log/letsencrypt/letsencrypt.log

output:

2022-11-14 17:29:07,127:DEBUG:certbot._internal.main:certbot version: 1.28.0
2022-11-14 17:29:07,128:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/local/bin/certbot
2022-11-14 17:29:07,128:DEBUG:certbot._internal.main:Arguments: ['--reinstall', '--webroot', '--webroot-path=/var/www/certbot', '-->
2022-11-14 17:29:07,128:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#n>
2022-11-14 17:29:07,169:DEBUG:certbot._internal.log:Root logging level set at 30
2022-11-14 17:29:07,170:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2022-11-14 17:29:07,173:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f9286b15730>
Prep: True
2022-11-14 17:29:07,174:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authent>
2022-11-14 17:29:07,174:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2022-11-14 17:29:07,186:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, cont>
2022-11-14 17:29:07,187:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2022-11-14 17:29:07,188:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2022-11-14 17:29:07,362:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200>
2022-11-14 17:29:07,363:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 14 Nov 2022 17:29:07 GMT
Content-Type: application/json
Content-Length: 830
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"K0ZwULvVqUc": "Adding random entries to the directory",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "Staging Environment - Let's Encrypt"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/get/draft-ietf-acme-ari-00/renewalInfo/",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
2022-11-14 17:29:07,364:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for www.democracystraightup.org
2022-11-14 17:29:07,471:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0010_key-certbot.pem
2022-11-14 17:29:07,474:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0010_csr-certbot.pem
2022-11-14 17:29:07,475:DEBUG:acme.client:Requesting fresh nonce
2022-11-14 17:29:07,475:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2022-11-14 17:29:07,530:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.>
2022-11-14 17:29:07,531:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 14 Nov 2022 17:29:07 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 8F05dG86WXJ6cgAaGIJVv8lt0kwQaw_embfmcthkjnEbzz4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2022-11-14 17:29:07,531:DEBUG:acme.client:Storing nonce: 8F05dG86WXJ6cgAaGIJVv8lt0kwQaw_embfmcthkjnEbzz4
2022-11-14 17:29:07,531:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "www.democracystraightup.org"\n }\n ]\n}'
2022-11-14 17:29:07,533:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC83NjA4MDc>
"signature": "g27ohRHaJ_wdWuZeRCMpBtPjaG1T7eGWE21W4dA8K68V6FGsFZ6QEOyzOKEP3x_8hsmUPqlK-F-B4U9fuOW-LV_gM6plLm7lHjvK7qSnF5hvkDWE-ch>
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5kZW1vY3JhY3lzdHJhaWdodHVwL>
}
2022-11-14 17:29:07,616:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.>
2022-11-14 17:29:07,617:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Mon, 14 Nov 2022 17:29:07 GMT
Content-Type: application/json
Content-Length: 363
Connection: keep-alive
Boulder-Requester: 76080734
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/76080734/5204739464
Replay-Nonce: 8F05mak3syHk4wVqvy3ZJs_ATXDnQgyLp7QRcNyDt9grMDI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2022-11-21T17:29:07Z",
"identifiers": [
{
"type": "dns",
"value": "www.democracystraightup.org"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/4319248104"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/76080734/5204739464"
}
2022-11-14 17:29:07,617:DEBUG:acme.client:Storing nonce: 8F05mak3syHk4wVqvy3ZJs_ATXDnQgyLp7QRcNyDt9grMDI
2022-11-14 17:29:07,617:DEBUG:acme.client:JWS payload:
b''
2022-11-14 17:29:07,618:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/431924>
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC83NjA4MDc>
"signature": "ih0A45vvbqgln7EVPo0qT0zR9A8K_gEWvLMMTkGbexyIMCrOvETDuDbsuIJEucGyIqkwvgacAiUMvum5j9lZ0QVVcFN7fBV7wKpHnaZFRrLgshF9lII>
"payload": ""
}
2022-11-14 17:29:07,677:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/43192481>
2022-11-14 17:29:07,678:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 14 Nov 2022 17:29:07 GMT
Content-Type: application/json
Content-Length: 829
Connection: keep-alive
Boulder-Requester: 76080734
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 8F05uII25ojW14BQGhKiTTyXikzWKF9UcqpQQFcpSZ21FAI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "www.democracystraightup.org"
},
"status": "pending",
"expires": "2022-11-21T17:29:07Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/4319248104/xsABzw",
"token": "KVQliCb_AK0MdFlCOnCXPgvCg5QvZeOTYaDnj9c8Enk"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/4319248104/n1P5jA",
"token": "KVQliCb_AK0MdFlCOnCXPgvCg5QvZeOTYaDnj9c8Enk"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/4319248104/VeZH5A",
"token": "KVQliCb_AK0MdFlCOnCXPgvCg5QvZeOTYaDnj9c8Enk"
}
]
}
2022-11-14 17:29:07,678:DEBUG:acme.client:Storing nonce: 8F05uII25ojW14BQGhKiTTyXikzWKF9UcqpQQFcpSZ21FAI
2022-11-14 17:29:07,679:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-11-14 17:29:07,679:INFO:certbot._internal.auth_handler:http-01 challenge for www.democracystraightup.org
2022-11-14 17:29:07,679:INFO:certbot._internal.plugins.webroot:Using the webroot path /var/www/certbot for all unmatched domains.
2022-11-14 17:29:07,679:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/certbot/.well-k>
2022-11-14 17:29:07,680:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/certbot/.well-known/acme->
2022-11-14 17:29:07,680:DEBUG:acme.client:JWS payload:
b'{}'
2022-11-14 17:29:07,682:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/431924>
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC83NjA4MDc>
"signature": "Kq-nBYbTabZD_pQ-GHjZUUJJqbga9CDkSpi3pysWpKGLRytjUuXzTINzduaeyU_LHel17chs0fGhjJmuuzuPYzOemMDrE-rn3q_HyBhchPykI9i4aTh>
"payload": "e30"
}
2022-11-14 17:29:07,742:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/43192481>
2022-11-14 17:29:07,742:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 14 Nov 2022 17:29:07 GMT
Content-Type: application/json
Content-Length: 193
Connection: keep-alive
Boulder-Requester: 76080734
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index", https://acme-staging-v02.api.letsencrypt.org/acme/auth
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/4319248104/xsABzw
Replay-Nonce: A272LD-PP81TZnhfD9-bd1e32b6acFxRhNwBsERgK1ecOB4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/4319248104/xsABzw",
"token": "KVQliCb_AK0MdFlCOnCXPgvCg5QvZeOTYaDnj9c8Enk"
}
2022-11-14 17:29:07,742:DEBUG:acme.client:Storing nonce: A272LD-PP81TZnhfD9-bd1e32b6acFxRhNwBsERgK1ecOB4
2022-11-14 17:29:07,743:INFO:certbot._internal.auth_handler:Waiting for verification...
2022-11-14 17:29:08,743:DEBUG:acme.client:JWS payload:
b''
2022-11-14 17:29:08,744:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/431924>
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC83NjA4MDc>
"signature": "2HILY7Dz4A5oqvAYwl3gXPdHsWbBtpCWEKbDnqQXofffR41wAEGRj8jVwrE15lBELtUvG_A1iNBShxJ3nbzKM6Gfk8Iy_H4Am0c0KoNoAgV9SpVAt1w>
"payload": ""
}
2022-11-14 17:29:08,802:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/43192481>
2022-11-14 17:29:08,806:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 14 Nov 2022 17:29:08 GMT
Content-Type: application/json
Content-Length: 1076
Connection: keep-alive
Boulder-Requester: 76080734
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: A272G-kEdQQpfvuDLOz1NK-qXacTSTLgBE4OndoS_cLOL2M
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "www.democracystraightup.org"
},
"status": "invalid",
"expires": "2022-11-21T17:29:07Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "52.45.15.71: Fetching http://www.democracystraightup.org/.well-known/acme-challenge/KVQliCb_AK0MdFlCOnCXPgvCg5Qv>
"status": 400
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/4319248104/xsABzw",
"token": "KVQliCb_AK0MdFlCOnCXPgvCg5QvZeOTYaDnj9c8Enk",
"validationRecord": [
{
"url": "http://www.democracystraightup.org/.well-known/acme-challenge/KVQliCb_AK0MdFlCOnCXPgvCg5QvZeOTYaDnj9c8Enk",
"hostname": "www.democracystraightup.org",
"port": "80",
"addressesResolved": [
"52.45.15.71"
],
"addressUsed": "52.45.15.71"
}
],
"validated": "2022-11-14T17:29:07Z"
}
]
}
2022-11-14 17:29:08,807:DEBUG:acme.client:Storing nonce: A272G-kEdQQpfvuDLOz1NK-qXacTSTLgBE4OndoS_cLOL2M
2022-11-14 17:29:08,807:INFO:certbot._internal.auth_handler:Challenge failed for domain www.democracystraightup.org
2022-11-14 17:29:08,807:INFO:certbot._internal.auth_handler:http-01 challenge for www.democracystraightup.org
2022-11-14 17:29:08,807:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: www.democracystraightup.org
Type: connection
Detail: 52.45.15.71: Fetching http://www.democracystraightup.org/.well-known/acme-challenge/KVQliCb_AK0MdFlCOnCXPgvCg5QvZeOTYaDnj>

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains>

2022-11-14 17:29:08,808:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2022-11-14 17:29:08,808:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-11-14 17:29:08,808:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-11-14 17:29:08,808:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/certbot/.well-known/acme-challenge/KVQliCb_AK0MdF>
2022-11-14 17:29:08,808:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2022-11-14 17:29:08,808:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 33, in
sys.exit(load_entry_point('certbot', 'console_scripts', 'certbot')())
File "/opt/certbot/src/certbot/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1744, in main
return config.func(config, plugins)
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1591, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 141, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 513, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 441, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 493, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-11-14 17:29:08,812:ERROR:certbot._internal.log:Some challenges have failed.

It doesn't look like your webserver is running. Start it and try again

nmap  www.democracystraightup.org
rDNS record for 52.45.15.71: ec2-52-45-15-71.compute-1.amazonaws.com
PORT    STATE  SERVICE
22/tcp  open   ssh
80/tcp  closed http
443/tcp closed https

If that does not help, make sure your DNS record is still pointing to your EC2 instance. And, make sure your EC2 Security Group has ports 80 and 443 open

4 Likes

nginx server is up now

2022-11-14 18:03:14,476:DEBUG:certbot._internal.main:certbot version: 1.28.0
2022-11-14 18:03:14,476:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/local/bin/certbot
2022-11-14 18:03:14,476:DEBUG:certbot._internal.main:Arguments: ['--reinstall', '--webroot', '--webroot-path=/var/www/certbot', '--email', 'democracy.straight.up@gmail.com', '--agree-tos', '--no-eff-email', '-d', 'www.democracystraightup.org']
2022-11-14 18:03:14,476:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-11-14 18:03:14,526:DEBUG:certbot._internal.log:Root logging level set at 30
2022-11-14 18:03:14,527:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2022-11-14 18:03:14,531:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f3ed30216a0>
Prep: True
2022-11-14 18:03:14,531:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f3ed30216a0> and installer None
2022-11-14 18:03:14,531:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2022-11-14 18:03:14,541:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://a>
2022-11-14 18:03:14,542:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-11-14 18:03:14,544:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-11-14 18:03:14,703:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 659
2022-11-14 18:03:14,703:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 14 Nov 2022 18:03:14 GMT
Content-Type: application/json
Content-Length: 659
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"iKPjQSUMz70": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2022-11-14 18:03:14,729:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): stg-r3.o.lencr.org:80
2022-11-14 18:03:14,744:DEBUG:urllib3.connectionpool:http://stg-r3.o.lencr.org:80 "POST / HTTP/1.1" 200 543
2022-11-14 18:03:14,745:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/www.democracystraightup.org/cert1.pem is signed by the certificate's issuer.
2022-11-14 18:03:14,748:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/www.democracystraightup.org/cert1.pem is: OCSPCertStatus.GOOD
2022-11-14 18:03:14,754:DEBUG:certbot._internal.display.obj:Notifying user: Certificate not yet due for renewal
2022-11-14 18:03:14,755:INFO:certbot._internal.main:Keeping the existing certificate
2022-11-14 18:03:14,755:DEBUG:certbot._internal.display.obj:Notifying user: Certificate not yet due for renewal; no action taken.

What is your goal there?
I see things that confuse me:
--reinstall
--staging

4 Likes