Challenge failed for my domain

jbo · November 24, 2020, 2:59pm

Hello,

I ran this command: certbot --nginx

It produced this output:

Waiting for verification...
Challenge failed for domain iparapheur.ville-agde.net
http-01 challenge for iparapheur.ville-agde.net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: iparapheur.ville-agde.net
Type: unauthorized
Detail: Invalid response from
http://iparapheur.ville-agde.net/.well-known/acme-challenge/sTHoX4LaMqjPn7d0rJ-GtQp6fULOwC_ZKZwxlCbiFUA
[37.58.183.3]: "\r\n<html
xmlns="http"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version): nginx

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.9.0

Ronan · November 24, 2020, 5:56pm

check if the records in DNS A zone with a fixed public IP are included.

griffin · November 24, 2020, 6:02pm

Welcome to the Let's Encrypt Community

It looks like there's a Basic Access Authentication scheme in the way on port 80.

Microsoft-IIS/8.0 answers?

>>> http://iparapheur.ville-agde.net/.well-known/acme-challenge/test
> --------------------------------------------
> 401 Unauthorized
> --------------------------------------------

Status: 401 Unauthorized
Code: 401
Pragma: no-cache
Content-Type: text/html
Server: Microsoft-IIS/8.0
WWW-Authenticate: NTLM
X-UA-Compatible: IE=EDGE
Date:Tue, 24 Nov 2020 18:11:49 GMT
Connection: close
Content-Length: 1384

Yet...

>>> https://iparapheur.ville-agde.net/.well-known/acme-challenge/test

> --------------------------------------------
> 302 Moved Temporarily
> --------------------------------------------

Status: 302 Moved Temporarily
Code: 302
Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 24 Nov 2020 18:23:16 GMT
Content-Type: text/html
Content-Length: 170
Connection: close
Location: https://iparapheur.ville-agde.net/iparapheur/
Cache-Control: public

>>> https://iparapheur.ville-agde.net/iparapheur/

> --------------------------------------------
> 200 OK
> --------------------------------------------

Status: 200 OK
Code: 200
Server: nginx/1.14.0 (Ubuntu)
Date:Tue, 24 Nov 2020 18:23:16 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 4866
Connection: close
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=4302B41D5FA27F6588C4C092A6F6C78F; Path=/iparapheur; Secure
Content-Language: de-DE
Cache-Control: public

griffin · November 24, 2020, 6:05pm

Welcome to You as Well

Clearly there's a public IP address:

jbo · November 24, 2020, 6:06pm

Verification done. It's included

jbo · November 25, 2020, 7:20am

Ok thanks for that informations but I dont see how i can fix that.

jbo · November 26, 2020, 4:25pm

Hi, may be a lead here :

What do you think ?

griffin · November 26, 2020, 6:15pm

Possibly. That's a pretty old reference, but the concepts seem sound. One thing you can do is add --debug-challenges to your certbot command, which will cause certbot to pause right before asking Let's Encrypt to validate the challenges. You should be able to see the temporary configuration changes that have occurred (and the authentication files in your file system). Hopefully that will give you a better idea of how your system is operating at that critical moment.

jbo · December 2, 2020, 10:59am

Ok so I post tail -f /var/log/letsencrypt/letsencrypt.log

jbo · December 2, 2020, 2:19pm

root@srviparapheur2:/var/www/parapheur/.well-known/acme-challenge# tail -f /var/log/letsencrypt/letsencrypt.log
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2020-12-02 15:18:25,140:DEBUG:certbot.util:Not suggesting name "_"
Traceback (most recent call last):
File "/snap/certbot/784/lib/python3.8/site-packages/certbot/util.py", line 305, in get_filtered_names
filtered_names.add(enforce_le_validity(name))
File "/snap/certbot/784/lib/python3.8/site-packages/certbot/util.py", line 487, in enforce_le_validity
raise errors.ConfigurationError(
certbot.errors.ConfigurationError: _ contains an invalid character. Valid characters are A-Z, a-z, 0-9, ., and -.
2020-12-02 15:18:39,427:DEBUG:certbot.display.util:Notifying user: Requesting a certificate for iparapheur.ville-agde.net
2020-12-02 15:18:39,483:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0025_key-certbot.pem
2020-12-02 15:18:39,485:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0025_csr-certbot.pem
2020-12-02 15:18:39,486:DEBUG:acme.client:Requesting fresh nonce
2020-12-02 15:18:39,486:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2020-12-02 15:18:39,652:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2020-12-02 15:18:39,653:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 02 Dec 2020 14:18:39 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 00036jcmL3hTnzUCvi5nIFngSr1riKQDH1NCb4F7ShUkUsQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2020-12-02 15:18:39,653:DEBUG:acme.client:Storing nonce: 00036jcmL3hTnzUCvi5nIFngSr1riKQDH1NCb4F7ShUkUsQ
2020-12-02 15:18:39,653:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "iparapheur.ville-agde.net"\n }\n ]\n}'
2020-12-02 15:18:39,656:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAzNDQyMTgzIiwgIm5vbmNlIjogIjAwMDM2amNtTDNoVG56VUN2aTVuSUZuZ1NyMXJpS1FESDFOQ2I0RjdTaFVrVXNRIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "X07hFGRaLitG0-OVsvThfba_08bxBFrG4VE716srJz_C8ns_9YK05B3EG5ljjoLqpsk2jLE-nVhQ37M6RYsbxfz776aB1oxnUQLl3WAakLzGETvqezfBjTYt0oWqXi2nnJFHE5kapBkj2pdN0X9aoiMFSYYWJ613bQp8j_PDwWdCwMv7Qgflr2wlVhlKLz5OxbkCYy7yRv_F9LM5oyJp0SjPkcsMNIEUP1TOIaFEdrwkAJdWHFANxFs9AW8zyPcqG2oXSfOcHcr-vB50pMGJv9hchNj2nSFEhCK2mfdyYnQR7s7Ya7JlmntYXDUgRl5GzBx2PwQ4Jhibr2Tni-2EgA",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImlwYXJhcGhldXIudmlsbGUtYWdkZS5uZXQiCiAgICB9CiAgXQp9"
}
2020-12-02 15:18:39,952:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 356
2020-12-02 15:18:39,952:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 02 Dec 2020 14:18:39 GMT
Content-Type: application/json
Content-Length: 356
Connection: keep-alive
Boulder-Requester: 103442183
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/103442183/6526488473
Replay-Nonce: 0004T3yabDwHCD0UE2_1SNwClJG9A_GydY5IHq6M2VT_LX8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2020-12-09T14:18:39.797752801Z",
"identifiers": [
{
"type": "dns",
"value": "iparapheur.ville-agde.net"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/9022589765"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/103442183/6526488473"
}
2020-12-02 15:18:39,953:DEBUG:acme.client:Storing nonce: 0004T3yabDwHCD0UE2_1SNwClJG9A_GydY5IHq6M2VT_LX8
2020-12-02 15:18:39,953:DEBUG:acme.client:JWS payload:
b''
2020-12-02 15:18:39,955:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/9022589765:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAzNDQyMTgzIiwgIm5vbmNlIjogIjAwMDRUM3lhYkR3SENEMFVFMl8xU053Q2xKRzlBX0d5ZFk1SUhxNk0yVlRfTFg4IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My85MDIyNTg5NzY1In0",
"signature": "Q1XDATq4DmZFGVo7bb2VLirIypNazhf4ByOnB3g0Q3S_A9Q5XHa7x_HBRORquoJddVS5d29DWzKdTVicbl9LrJt0NC7CZsuPBorusXLerxt4zC4W5ajmIHYbkxxCg7iX7PEc4Dm2MGice9Yjq4FS_5ULh-89n1SYc1JKdK_Doc1Drur5_5aK8Vwmb1tgclRWwrMn7-C3g9NH5Vy1z6YgniVj0IzHhgdXF2jEUklIutK3ps_OKOyL_7nOpthBzmsKajuIN5HWNHvbIobo6xq1hWHk1zoMs6232_SsR96FBPOwxraV1z97BDYr8zMGdsQd9_q35TviX36i6Xki5Z8Acw",
"payload": ""
}
2020-12-02 15:18:40,138:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/9022589765 HTTP/1.1" 200 803
2020-12-02 15:18:40,139:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 02 Dec 2020 14:18:40 GMT
Content-Type: application/json
Content-Length: 803
Connection: keep-alive
Boulder-Requester: 103442183
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0004fIERCEd6kgnVmKXpd2mo3T3IF3KdL2uV6UnY9Rb-yWk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "iparapheur.ville-agde.net"
},
"status": "pending",
"expires": "2020-12-09T14:18:39Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9022589765/LTiriQ",
"token": "L_ICqWbQTM8hpJG_YDDZS2lgenI7hPkRWjQ2fWMGZeA"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9022589765/EUDo3Q",
"token": "L_ICqWbQTM8hpJG_YDDZS2lgenI7hPkRWjQ2fWMGZeA"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9022589765/94cDCg",
"token": "L_ICqWbQTM8hpJG_YDDZS2lgenI7hPkRWjQ2fWMGZeA"
}
]
}
2020-12-02 15:18:40,139:DEBUG:acme.client:Storing nonce: 0004fIERCEd6kgnVmKXpd2mo3T3IF3KdL2uV6UnY9Rb-yWk
2020-12-02 15:18:40,140:INFO:certbot._internal.auth_handler:Performing the following challenges:
2020-12-02 15:18:40,140:INFO:certbot._internal.auth_handler:http-01 challenge for iparapheur.ville-agde.net
2020-12-02 15:18:40,159:DEBUG:certbot_nginx._internal.http_01:Generated server block:

2020-12-02 15:18:40,159:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-stream.conf
2020-12-02 15:18:40,159:DEBUG:certbot.reverter:Creating backup of /etc/nginx/conf.d/confpara
2020-12-02 15:18:40,160:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-geoip.conf
2020-12-02 15:18:40,160:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/default
2020-12-02 15:18:40,160:DEBUG:certbot.reverter:Creating backup of /etc/nginx/conf.d/parapheur_ssl.conf
2020-12-02 15:18:40,160:DEBUG:certbot.reverter:Creating backup of /etc/nginx/conf.d/parapheur.conf
2020-12-02 15:18:40,160:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-mail.conf
2020-12-02 15:18:40,161:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
2020-12-02 15:18:40,161:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
2020-12-02 15:18:40,161:DEBUG:certbot.reverter:Creating backup of /etc/nginx/conf.d/confssl
2020-12-02 15:18:40,161:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-image-filter.conf
2020-12-02 15:18:40,161:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf
2020-12-02 15:18:40,162:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
worker_connections 768;
# multi_accept on;
}

http {
include /etc/letsencrypt/le_http_01_cert_challenge.conf;

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

server_names_hash_bucket_size 128;
# server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

}

#mail {

# See sample authentication script at:

# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript

# auth_http localhost/auth.php;

# pop3_capabilities "TOP" "USER";

# imap_capabilities "IMAP4rev1" "UIDPLUS";

server {

listen localhost:110;

protocol pop3;

proxy on;

}

server {

listen localhost:143;

protocol imap;

proxy on;

}

#}

2020-12-02 15:18:40,163:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/conf.d/parapheur.conf:
server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot

    listen 80;
    server_name iparapheur.ville-agde.net secure-iparapheur.ville-agde.net;

    rewrite (?=^[\w\.-]+\/?[\w\.-]*$)^(?![\w\.-]*\/$).*$ $1/ permanent;

    access_log /var/log/nginx/parapheur_access.log;
    error_log /var/log/nginx/parapheur_error.log;

    include /etc/nginx/conf.d/confpara;

    location /socket.io/ {
            proxy_pass http://127.0.0.1:8081/socket.io/;
    }

    location /bl-xemwebviewer {
            proxy_intercept_errors off;
      proxy_pass http://127.0.0.1:8888;
    }

    #On empeche l'acces a l'index des webscripts
    location /index {
            return 404;
    }

    #Acces au alfresco (CANAL HISTORIQUE pour diagnostic/telemaintenance, node-browser...)
            location /alfresco/ {
      proxy_pass http://127.0.0.1:8080/alfresco/;
    }

    #Location d'accès aux pages statiques
    location ~ ^/(themes|docs|error_pages|applets|favicon.ico) {}

    location / {
            return https://$server_name/iparapheur/;
    }

location = /.well-known/acme-challenge/L_ICqWbQTM8hpJG_YDDZS2lgenI7hPkRWjQ2fWMGZeA{default_type text/plain;return 200 L_ICqWbQTM8hpJG_YDDZS2lgenI7hPkRWjQ2fWMGZeA.Zr8zmjs2mLnNNPEbOXZxTZzOf4HbR-1LHf5ZlaLOja0;} # managed by Certbot

}

#REDIRECT MOBILE
server {
listen 80;
server_name m.iparapheur.ville-agde.net;
add_header Cache-Control public;

            access_log /var/log/nginx/parapheur_access.log;
            error_log /var/log/nginx/parapheur_error.log;

    include /etc/nginx/conf.d/confpara;

location / {
    return https://$server_name/;
}

}

2020-12-02 15:18:41,817:INFO:certbot._internal.auth_handler:Waiting for verification...
2020-12-02 15:18:41,818:DEBUG:certbot.display.util:Notifying user: Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about
challenges.
2020-12-02 15:18:46,819:DEBUG:acme.client:JWS payload:
b'{}'
2020-12-02 15:18:46,821:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/9022589765/LTiriQ:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAzNDQyMTgzIiwgIm5vbmNlIjogIjAwMDRmSUVSQ0VkNmtnblZtS1hwZDJtbzNUM0lGM0tkTDJ1VjZVblk5UmIteVdrIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My85MDIyNTg5NzY1L0xUaXJpUSJ9",
"signature": "HDVkpyGY-azlpoTAqKQLUWLffipibCsxChARYPtZvxXenru8Nnv2Z4td43lryfd6cf1WrOLMlQCdH1U7ZloffIy4X4_gzfFwXlf-4MlSdZ-QdNZGbKJgTIkOz55mblCVUukl6m3oyQarf6-4sFGOaX2ug-ca50GhU5LQqfgrQLwB2pOP0DJApD-QwZ1zR9CcbZcv_4OjxaLgAkwmlviP9tGpwfD_uJaFEJ23ARukQP9FbdXFg92lzxfAKD6UdVHHxJ2m4z8Hx9n2GrpWa750hlPZlEjwMlM-8qxDiW6tHQYp9CGk3Ub8AnsKkxpjhFvmOSBQOBZfJZGkK1FQ3d1zKg",
"payload": "e30"
}
2020-12-02 15:18:47,005:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/9022589765/LTiriQ HTTP/1.1" 200 185
2020-12-02 15:18:47,005:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 02 Dec 2020 14:18:46 GMT
Content-Type: application/json
Content-Length: 185
Connection: keep-alive
Boulder-Requester: 103442183
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz-v3/9022589765;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/9022589765/LTiriQ
Replay-Nonce: 0003MWyVcWoz_CSSAiA_CvY0mdfIkiLe34SEsy44IuzsYoQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9022589765/LTiriQ",
"token": "L_ICqWbQTM8hpJG_YDDZS2lgenI7hPkRWjQ2fWMGZeA"
}
2020-12-02 15:18:47,006:DEBUG:acme.client:Storing nonce: 0003MWyVcWoz_CSSAiA_CvY0mdfIkiLe34SEsy44IuzsYoQ
2020-12-02 15:18:48,007:DEBUG:acme.client:JWS payload:
b''
2020-12-02 15:18:48,009:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/9022589765:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAzNDQyMTgzIiwgIm5vbmNlIjogIjAwMDNNV3lWY1dvel9DU1NBaUFfQ3ZZMG1kZklraUxlMzRTRXN5NDRJdXpzWW9RIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My85MDIyNTg5NzY1In0",
"signature": "Qpe6W9j8SlTMKvGMlenn2Uh6r-OSzvZdRE2umrA2u1vPrOrhAfjU6K7YeB2lad1zhpDUyIgVUe8dgYYdds1tRvu1L5a65MnzlrbPUtpAVtPBZ3eAuINbACrohfxXPgnkyBgZwOWX3LbFizfQ3jHJFGgAo7AtCt1_Z2eN1eKALJ0bEg1Jqx182T0qnJg31gcIccW-dGfDMqTtyjYxMyRB-rD8vDA22JYC8j6ffMPHCtfl8bnPgLHuHVia3E_buOOZGAzJV_SqH88tI3-h5TwVuBfGbjRNFyrXfz_6U5_U2Q3BDnVnHC9s_IeRUQdbM0rr_gXwme2ZPKM6D7yRV3y-TQ",
"payload": ""
}
2020-12-02 15:18:48,175:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/9022589765 HTTP/1.1" 200 1181
2020-12-02 15:18:48,176:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 02 Dec 2020 14:18:48 GMT
Content-Type: application/json
Content-Length: 1181
Connection: keep-alive
Boulder-Requester: 103442183
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0004OZreWeX3aQ0pQ0Awm8-wm93xndSIHuOMVN3tgPo0TPs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "iparapheur.ville-agde.net"
},
"status": "invalid",
"expires": "2020-12-09T14:18:39Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://iparapheur.ville-agde.net/.well-known/acme-challenge/L_ICqWbQTM8hpJG_YDDZS2lgenI7hPkRWjQ2fWMGZeA [37.58.183.3]: "\u003c!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\"\u003e\r\n\u003chtml xmlns=\"http"",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9022589765/LTiriQ",
"token": "L_ICqWbQTM8hpJG_YDDZS2lgenI7hPkRWjQ2fWMGZeA",
"validationRecord": [
{
"url": "http://iparapheur.ville-agde.net/.well-known/acme-challenge/L_ICqWbQTM8hpJG_YDDZS2lgenI7hPkRWjQ2fWMGZeA",
"hostname": "iparapheur.ville-agde.net",
"port": "80",
"addressesResolved": [
"37.58.183.3"
],
"addressUsed": "37.58.183.3"
}
]
}
]
}
2020-12-02 15:18:48,176:DEBUG:acme.client:Storing nonce: 0004OZreWeX3aQ0pQ0Awm8-wm93xndSIHuOMVN3tgPo0TPs
2020-12-02 15:18:48,177:WARNING:certbot._internal.auth_handler:Challenge failed for domain iparapheur.ville-agde.net
2020-12-02 15:18:48,177:INFO:certbot._internal.auth_handler:http-01 challenge for iparapheur.ville-agde.net
2020-12-02 15:18:48,177:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:

Domain: iparapheur.ville-agde.net
Type: unauthorized
Detail: Invalid response from http://iparapheur.ville-agde.net/.well-known/acme-challenge/L_ICqWbQTM8hpJG_YDDZS2lgenI7hPkRWjQ2fWMGZeA [37.58.183.3]: "\r\n<html xmlns="http"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2020-12-02 15:18:48,178:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/snap/certbot/784/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/snap/certbot/784/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2020-12-02 15:18:48,178:DEBUG:certbot._internal.error_handler:Calling registered functions
2020-12-02 15:18:48,178:INFO:certbot._internal.auth_handler:Cleaning up challenges
2020-12-02 15:18:49,945:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/784/bin/certbot", line 8, in
sys.exit(main())
File "/snap/certbot/784/lib/python3.8/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/snap/certbot/784/lib/python3.8/site-packages/certbot/_internal/main.py", line 1412, in main
return config.func(config, plugins)
File "/snap/certbot/784/lib/python3.8/site-packages/certbot/_internal/main.py", line 1154, in run
new_lineage = _get_and_save_cert(le_client, config, domains,
File "/snap/certbot/784/lib/python3.8/site-packages/certbot/_internal/main.py", line 134, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/snap/certbot/784/lib/python3.8/site-packages/certbot/_internal/client.py", line 441, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/snap/certbot/784/lib/python3.8/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/snap/certbot/784/lib/python3.8/site-packages/certbot/_internal/client.py", line 421, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/snap/certbot/784/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/snap/certbot/784/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2020-12-02 15:18:49,946:ERROR:certbot._internal.log:Some challenges have failed.

jbo · December 10, 2020, 3:41pm

Bad configuration on firewall.

griffin · December 10, 2020, 9:43pm

Sorry for not responding. I seem to have missed the update notification.

Glad you got it resolved.

system · January 9, 2021, 9:43pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.