Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: www.democracystriaghtup.org
I ran this command: certonly --reinstall --webroot --webroot-path=/var/www/certbot --staging --email democracy.straight.up@gmail.com --agree-tos --no-eff-email -d www.democracystraightup.org
My web server is (include version): nginx
The operating system my web server runs on is (include version): ubuntu
My hosting provider, if applicable, is: aws
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Output:
Attaching to certbot
certbot | Requesting a certificate for www.democracystraightup.org
certbot |
certbot | Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
certbot | Domain: www.democracystraightup.org
certbot | Type: connection
certbot | Detail: 52.45.15.71: Fetching http://www.democracystraightup.org/.well-known/acme-challenge/KVQliCb_AK0MdFlCOnCXPgvCg5QvZeOTYaDnj9c8Enk: Connection refused
certbot |
certbot | Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
certbot |
certbot | Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot | Some challenges have failed.
certbot | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
/var/log/letsencrypt/letsencrypt.log
output:
2022-11-14 17:29:07,127:DEBUG:certbot._internal.main:certbot version: 1.28.0
2022-11-14 17:29:07,128:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/local/bin/certbot
2022-11-14 17:29:07,128:DEBUG:certbot._internal.main:Arguments: ['--reinstall', '--webroot', '--webroot-path=/var/www/certbot', '-->
2022-11-14 17:29:07,128:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#n>
2022-11-14 17:29:07,169:DEBUG:certbot._internal.log:Root logging level set at 30
2022-11-14 17:29:07,170:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2022-11-14 17:29:07,173:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f9286b15730>
Prep: True
2022-11-14 17:29:07,174:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authent>
2022-11-14 17:29:07,174:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2022-11-14 17:29:07,186:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, cont>
2022-11-14 17:29:07,187:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2022-11-14 17:29:07,188:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2022-11-14 17:29:07,362:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200>
2022-11-14 17:29:07,363:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 14 Nov 2022 17:29:07 GMT
Content-Type: application/json
Content-Length: 830
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"K0ZwULvVqUc": "Adding random entries to the directory",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "Staging Environment - Let's Encrypt"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/get/draft-ietf-acme-ari-00/renewalInfo/",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
2022-11-14 17:29:07,364:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for www.democracystraightup.org
2022-11-14 17:29:07,471:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0010_key-certbot.pem
2022-11-14 17:29:07,474:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0010_csr-certbot.pem
2022-11-14 17:29:07,475:DEBUG:acme.client:Requesting fresh nonce
2022-11-14 17:29:07,475:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2022-11-14 17:29:07,530:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.>
2022-11-14 17:29:07,531:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 14 Nov 2022 17:29:07 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 8F05dG86WXJ6cgAaGIJVv8lt0kwQaw_embfmcthkjnEbzz4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2022-11-14 17:29:07,531:DEBUG:acme.client:Storing nonce: 8F05dG86WXJ6cgAaGIJVv8lt0kwQaw_embfmcthkjnEbzz4
2022-11-14 17:29:07,531:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "www.democracystraightup.org"\n }\n ]\n}'
2022-11-14 17:29:07,533:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC83NjA4MDc>
"signature": "g27ohRHaJ_wdWuZeRCMpBtPjaG1T7eGWE21W4dA8K68V6FGsFZ6QEOyzOKEP3x_8hsmUPqlK-F-B4U9fuOW-LV_gM6plLm7lHjvK7qSnF5hvkDWE-ch>
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5kZW1vY3JhY3lzdHJhaWdodHVwL>
}
2022-11-14 17:29:07,616:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.>
2022-11-14 17:29:07,617:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Mon, 14 Nov 2022 17:29:07 GMT
Content-Type: application/json
Content-Length: 363
Connection: keep-alive
Boulder-Requester: 76080734
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/76080734/5204739464
Replay-Nonce: 8F05mak3syHk4wVqvy3ZJs_ATXDnQgyLp7QRcNyDt9grMDI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2022-11-21T17:29:07Z",
"identifiers": [
{
"type": "dns",
"value": "www.democracystraightup.org"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/4319248104"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/76080734/5204739464"
}
2022-11-14 17:29:07,617:DEBUG:acme.client:Storing nonce: 8F05mak3syHk4wVqvy3ZJs_ATXDnQgyLp7QRcNyDt9grMDI
2022-11-14 17:29:07,617:DEBUG:acme.client:JWS payload:
b''
2022-11-14 17:29:07,618:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/431924>
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC83NjA4MDc>
"signature": "ih0A45vvbqgln7EVPo0qT0zR9A8K_gEWvLMMTkGbexyIMCrOvETDuDbsuIJEucGyIqkwvgacAiUMvum5j9lZ0QVVcFN7fBV7wKpHnaZFRrLgshF9lII>
"payload": ""
}
2022-11-14 17:29:07,677:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/43192481>
2022-11-14 17:29:07,678:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 14 Nov 2022 17:29:07 GMT
Content-Type: application/json
Content-Length: 829
Connection: keep-alive
Boulder-Requester: 76080734
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 8F05uII25ojW14BQGhKiTTyXikzWKF9UcqpQQFcpSZ21FAI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "www.democracystraightup.org"
},
"status": "pending",
"expires": "2022-11-21T17:29:07Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/4319248104/xsABzw",
"token": "KVQliCb_AK0MdFlCOnCXPgvCg5QvZeOTYaDnj9c8Enk"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/4319248104/n1P5jA",
"token": "KVQliCb_AK0MdFlCOnCXPgvCg5QvZeOTYaDnj9c8Enk"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/4319248104/VeZH5A",
"token": "KVQliCb_AK0MdFlCOnCXPgvCg5QvZeOTYaDnj9c8Enk"
}
]
}
2022-11-14 17:29:07,678:DEBUG:acme.client:Storing nonce: 8F05uII25ojW14BQGhKiTTyXikzWKF9UcqpQQFcpSZ21FAI
2022-11-14 17:29:07,679:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-11-14 17:29:07,679:INFO:certbot._internal.auth_handler:http-01 challenge for www.democracystraightup.org
2022-11-14 17:29:07,679:INFO:certbot._internal.plugins.webroot:Using the webroot path /var/www/certbot for all unmatched domains.
2022-11-14 17:29:07,679:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/certbot/.well-k>
2022-11-14 17:29:07,680:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/certbot/.well-known/acme->
2022-11-14 17:29:07,680:DEBUG:acme.client:JWS payload:
b'{}'
2022-11-14 17:29:07,682:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/431924>
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC83NjA4MDc>
"signature": "Kq-nBYbTabZD_pQ-GHjZUUJJqbga9CDkSpi3pysWpKGLRytjUuXzTINzduaeyU_LHel17chs0fGhjJmuuzuPYzOemMDrE-rn3q_HyBhchPykI9i4aTh>
"payload": "e30"
}
2022-11-14 17:29:07,742:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/43192481>
2022-11-14 17:29:07,742:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 14 Nov 2022 17:29:07 GMT
Content-Type: application/json
Content-Length: 193
Connection: keep-alive
Boulder-Requester: 76080734
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index", https://acme-staging-v02.api.letsencrypt.org/acme/auth
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/4319248104/xsABzw
Replay-Nonce: A272LD-PP81TZnhfD9-bd1e32b6acFxRhNwBsERgK1ecOB4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/4319248104/xsABzw",
"token": "KVQliCb_AK0MdFlCOnCXPgvCg5QvZeOTYaDnj9c8Enk"
}
2022-11-14 17:29:07,742:DEBUG:acme.client:Storing nonce: A272LD-PP81TZnhfD9-bd1e32b6acFxRhNwBsERgK1ecOB4
2022-11-14 17:29:07,743:INFO:certbot._internal.auth_handler:Waiting for verification...
2022-11-14 17:29:08,743:DEBUG:acme.client:JWS payload:
b''
2022-11-14 17:29:08,744:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/431924>
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC83NjA4MDc>
"signature": "2HILY7Dz4A5oqvAYwl3gXPdHsWbBtpCWEKbDnqQXofffR41wAEGRj8jVwrE15lBELtUvG_A1iNBShxJ3nbzKM6Gfk8Iy_H4Am0c0KoNoAgV9SpVAt1w>
"payload": ""
}
2022-11-14 17:29:08,802:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/43192481>
2022-11-14 17:29:08,806:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 14 Nov 2022 17:29:08 GMT
Content-Type: application/json
Content-Length: 1076
Connection: keep-alive
Boulder-Requester: 76080734
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: A272G-kEdQQpfvuDLOz1NK-qXacTSTLgBE4OndoS_cLOL2M
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "www.democracystraightup.org"
},
"status": "invalid",
"expires": "2022-11-21T17:29:07Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "52.45.15.71: Fetching http://www.democracystraightup.org/.well-known/acme-challenge/KVQliCb_AK0MdFlCOnCXPgvCg5Qv>
"status": 400
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/4319248104/xsABzw",
"token": "KVQliCb_AK0MdFlCOnCXPgvCg5QvZeOTYaDnj9c8Enk",
"validationRecord": [
{
"url": "http://www.democracystraightup.org/.well-known/acme-challenge/KVQliCb_AK0MdFlCOnCXPgvCg5QvZeOTYaDnj9c8Enk",
"hostname": "www.democracystraightup.org",
"port": "80",
"addressesResolved": [
"52.45.15.71"
],
"addressUsed": "52.45.15.71"
}
],
"validated": "2022-11-14T17:29:07Z"
}
]
}
2022-11-14 17:29:08,807:DEBUG:acme.client:Storing nonce: A272G-kEdQQpfvuDLOz1NK-qXacTSTLgBE4OndoS_cLOL2M
2022-11-14 17:29:08,807:INFO:certbot._internal.auth_handler:Challenge failed for domain www.democracystraightup.org
2022-11-14 17:29:08,807:INFO:certbot._internal.auth_handler:http-01 challenge for www.democracystraightup.org
2022-11-14 17:29:08,807:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: www.democracystraightup.org
Type: connection
Detail: 52.45.15.71: Fetching http://www.democracystraightup.org/.well-known/acme-challenge/KVQliCb_AK0MdFlCOnCXPgvCg5QvZeOTYaDnj>
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains>
2022-11-14 17:29:08,808:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-11-14 17:29:08,808:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-11-14 17:29:08,808:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-11-14 17:29:08,808:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/certbot/.well-known/acme-challenge/KVQliCb_AK0MdF>
2022-11-14 17:29:08,808:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2022-11-14 17:29:08,808:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 33, in
sys.exit(load_entry_point('certbot', 'console_scripts', 'certbot')())
File "/opt/certbot/src/certbot/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1744, in main
return config.func(config, plugins)
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1591, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 141, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 513, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 441, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 493, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-11-14 17:29:08,812:ERROR:certbot._internal.log:Some challenges have failed.