Client receives "Error creating new cert" message from server


#1

I’m trying to run the client, my command-line looks like this:

./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory certonly

my domains are excergame.com,www.excergame.com

And this is the end of the log output (as i’m not allowed to post it all):

2015-11-06 22:33:05,386:DEBUG:acme.jose.json_util:Omitted empty fields: cty=None, x5t=None, crit=(), x5tS256=None, x5u=None, x5c=(), alg=None, jku=None, typ=None, kid=None, jwk=None
2015-11-06 22:33:05,390:DEBUG:acme.jose.json_util:Omitted empty fields: cty=None, x5t=None, crit=(), x5tS256=None, x5u=None, x5c=(), jku=None, typ=None, kid=None, nonce=None
2015-11-06 22:33:05,390:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-cert. args: (), kwargs: {‘headers’: {‘Accept’: ‘application/pkix-cert’}, ‘data’: ‘{“header”: {“alg”: “RS256”, “jwk”: {“e”: “AQAB”, “kty”: “RSA”, “n”: “zhAOnFetDmAkDs3yv27Pl2YvNHZpdcMf_ugDkIfGTIql4n7oVtdSFMpQonSnqMzOFR5m8TOZVTZKdO6fDDqscVNdEDS1ExG66eYpnbEQsYo8PPXBnKgukfOXg3Iy-qjZtd8S62-D9rS_AOLzPhG55bE39oMT3YA2XfMIJ5pYW5fu1KfNOXBcuOimjuQHYdgxiwZkZTRAI9-GNTs7weuSo1W3UL1SysRIXAIf7cXnvUaT7_DpKK3v6G_9U6fx6lUTJFLixJw_OEY82QWmSI4oa7qtxvFD1kHy1VD1qMUaxt-MxofhZvqSrNlbD0Xdh5_EQ-2tN-JY_D-gTIUIeD7OZQ”}}, “protected”: “eyJub25jZSI6ICJBTE0xd0hxbGdqX2ZkVU1FRkM3RFdubGFqR2hrdXBQd205eGhMWHc0NmprIn0”, “payload”: “eyJyZXNvdXJjZSI6ICJuZXctY2VydCIsICJjc3IiOiAiTUlJQ216Q0NBWU1DQVFBd0dERVdNQlFHQTFVRUF3d05aWGhqWlhKbllXMWxMbU52YlRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVg4QURLa25DbWt0a3J4WHlMQi1LdmZqNzFQdnZLZ1NiTTJ2UVdQd0F1SWxDelZOM3hqLUJyZGFZTjZuOHB5dW5QZWtHdFhFN3ZYSk9sS0h6b1Q4bUNIODFiUTgyUTFubDVta251MTI5VVZEMkVaUVlwTWNrdXgwYU9DalRDbDJlVVhucWFpZDg4N1RUUWZVcTdTSlRvOXNsejlINlhHZ0JJd3dLaVFNVVREQkU4d0RQcXJDaENDN2Fob2tPUTE4Z2Zyd2IzM2FYSHdITnNEWFRXMHVIeGQ1LXJWcm9rQ2MtV0RjREstMlpJSmYzZnR0dkwtVFBwUUJacUVVLUZUWWZGTVZBa2w4eG83WWUtU3YtZFc3VXNua3ZjZXRnb0ZNZmhJeS1KVUZucjFLd1pzYUIxLTNVdTZ0MXlwZDJGSC1LQWxlTGZHVWNPb0JtNjhvczIzNlAwQ0F3RUFBYUEtTUR3R0NTcUdTSWIzRFFFSkRqRXZNQzB3S3dZRFZSMFJCQ1F3SW9JTlpYaGpaWEpuWVcxbExtTnZiWUlSZDNkM0xtVjRZMlZ5WjJGdFpTNWpiMjB3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUxidFRLd3ZqMGNUWTlwZG1CZ044ZS1DTXU2a1A2WWdoQUtwajMtOUxqOEJRY2Q4bXdPM0Qwa2E1SDdXVUdJbGVlbUpGSGNSNlY4QmZ3dlVmX2Y1QThDNGN5R1dwSEZObng1MUlWUlBPMDBtZTVwTjQ2VUotT0tYSVJVNnpMeGpZTEYtN3RZVWdoN2w1eWpBQ1p0NnpLSUlhNDQ4V3U2RFA2R1RYVGREMDNycWlwdThIejBmR3RrMEstcm9EWDUxTHpXM0JIMkttRk5xZjNGNnptcm9iV3JrSlNrSFFmMEozVmphVk1wM2ZhYkhPR3pyTjRrbk00dFBkTy1PVE9IZU5iY2xxZFJDUG9tRGhTY2VOZTZtQUFQV0Rsd2thSEJWYWdxS2ppaGJjUm84bUw3UGpjZVhGeTMxaVpjdUZhS2U2M3RUQzRKR1l0TC1qZ01iWml4Q3JXayJ9”, “signature”: “NPvUR_cOlCrDMhhOZ8tAEmwJ5pVh2zAB9z4ZiNLfhtFUXau-YS7gqi9X-sdImgndgawEDTP118XOyK1TptVgi7iFTFTFySPKKsCvGGyzI4ln79LdNAB448rEz2q8Y0Sg6OKi2O-YZe_VXbheqfX0d6qqx9c-fGMgXaDB1gj595CypqcWBpGdr1JytPK75GDyGS5bT0hDaQu2A3nJF9c_gYbHgiZxc4n6_C6ZOpVuzwjLjslM8thFqepJXrrJDsPDo9c8dTnSm81WU49gkXAOvPF1rVGkb2uTgacDTLrBkSaXUfq5fwVjA0sjw2t6i2kdReuziVMjv4z35BdStxT4Qw”}’}
2015-11-06 22:33:05,392:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-11-06 22:33:05,727:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-cert HTTP/1.1” 500 75
2015-11-06 22:33:05,730:DEBUG:root:Received <Response [500]>. Headers: {‘Content-Length’: ‘75’, ‘Expires’: ‘Fri, 06 Nov 2015 22:33:05 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘close’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Fri, 06 Nov 2015 22:33:05 GMT’, ‘Content-Type’: ‘application/problem+json’, ‘Replay-Nonce’: ‘3VkUKtlLmVaBDTqHBcnPhGvDOhue5lD4sJxfs5jSUlU’}. Content: '{“type”:“urn:acme:error:serverInternal”,“detail”:“Error creating new cert”}'
2015-11-06 22:33:05,731:DEBUG:acme.client:Storing nonce: '\xddY\x14*\xd9K\x99V\x81\r:\x87\x05\xc9\xcf\x84k\xc3:\x1b\x9e\xe6P\xf8\xb0\x9c_\xb3\x98\xd2RU’
2015-11-06 22:33:05,731:DEBUG:acme.client:Received response <Response [500]> (headers: {‘Content-Length’: ‘75’, ‘Expires’: ‘Fri, 06 Nov 2015 22:33:05 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘close’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Fri, 06 Nov 2015 22:33:05 GMT’, ‘Content-Type’: ‘application/problem+json’, ‘Replay-Nonce’: ‘3VkUKtlLmVaBDTqHBcnPhGvDOhue5lD4sJxfs5jSUlU’}): '{“type”:“urn:acme:error:serverInternal”,“detail”:“Error creating new cert”}'
2015-11-06 22:33:05,732:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 1138, in main
return args.func(args, config, plugins)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 490, in obtaincert
_auth_from_domains(le_client, config, domains, plugins)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 328, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains, plugins)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 229, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 212, in obtain_certificate
return self._obtain_certificate(domains, csr) + (key, csr)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 174, in _obtain_certificate
authzr)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py”, line 312, in request_issuance
headers={‘Accept’: content_type})
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py”, line 624, in post
return self._check_response(response, content_type=content_type)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py”, line 542, in _check_response
raise messages.Error.from_json(jobj)
Error: serverInternal :: The server experienced an internal error :: Error creating new cert


#2

I’m seeing the same error.


As a test, I tried running letsencrypt-auto without flags and apache was configured with the fake ca certs in seconds.


#3

I was able to fix the error on my end. It appears to have been related to the host name of my server. The host name of my server was the same as the domain name I was trying to get a cert for, I changed the name of the server in the hostname file and updated the entry in the host file. On the next try I got my cert.


#4

I updated /etc/hosts so that the servername (that didn’t have anything to do with these domains) didn’t point to 127.0.0.1, I got my cert on the next attempt.


#5

I have the same problem.


#7

@elderdrake Your solution didn’t apply to me, as my hostname is not the same as my domain

@capitol I don’t understand your solution. How can you change the servername from 127.0.0.1 without breaking things? What do you change it to?


#8

I also had the same problem – tried multiple times and was seeing the same error. Removing /etc/letsencrypt (I made a backup first) and then running letsencrypt auto with the production url (–server https://acme-v01.api.letsencrypt.org/directory) worked without any issues.
The problem in my case was (I think) that I initially ran letsencrypt-auto without any args to install the required dependencies. Looking at the files in the keys and csr directories inside /etc/letsencrypt there seems to be a few more files in the former attempt

root@localhost:~# ls -R etc-letsencrypt/{csr,keys}/
etc-letsencrypt/csr/:
0000_csr-letsencrypt.pem  0002_csr-letsencrypt.pem  0004_csr-letsencrypt.pem  0006_csr-letsencrypt.pem
0001_csr-letsencrypt.pem  0003_csr-letsencrypt.pem  0005_csr-letsencrypt.pem  0007_csr-letsencrypt.pem

etc-letsencrypt/keys/:
0000_key-letsencrypt.pem  0002_key-letsencrypt.pem  0004_key-letsencrypt.pem  0006_key-letsencrypt.pem
0001_key-letsencrypt.pem  0003_key-letsencrypt.pem  0005_key-letsencrypt.pem  0007_key-letsencrypt.pem

root@localhost:~# ls -R /etc/letsencrypt/{csr,keys}/
/etc/letsencrypt/csr/:
0000_csr-letsencrypt.pem

/etc/letsencrypt/keys/:
0000_key-letsencrypt.pem

root@localhost:~# md5sum etc-letsencrypt/csr/0000_csr-letsencrypt.pem
20abf06d1216695908c82d51d91e328c  etc-letsencrypt/csr/0000_csr-letsencrypt.pem

root@localhost:~# md5sum /etc/letsencrypt/csr/0000_csr-letsencrypt.pem
6bea8fbc352ff238a75ed4e01fbe74d6  /etc/letsencrypt/csr/0000_csr-letsencrypt.pem

#9

For about five hours yesterday, Let’s Encrypt was serving errors for /acme/new-cert due to a server problem. It was fixed by 6pm PT Friday evening. If anyone on this thread is still getting serverInternal errors, please reply and let us know. Thanks!


#10

Hi,
I’m getting the same error when I’m trying to generate a simple cert for a .de domain, now that let’s encrypt is in public beta.
I run the command on a Fedora VM. This is the terminal output:

[vpc@localhost letsencrypt]$ ./letsencrypt-auto certonly     --authenticator manual --agree-dev-preview     --server https://acme-v01.api.letsencrypt.org/directory --text     --csr signreq.der
Updating letsencrypt and virtual environment dependencies.......
Running with virtualenv: sudo /home/vpc/.local/share/letsencrypt/bin/letsencrypt certonly --authenticator manual --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory --text --csr signreq.der
Use of --agree-dev-preview is deprecated.

-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running letsencrypt in manual mode on a machine that is
not your server, please ensure you're okay with that.

Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o: y
Make sure your web server displays the following content at
http://kinderbasar-luhe.de/.well-known/acme-challenge/MqxDSqBt4SPScZbB9T36iLV4DE_gTMAi4BpTheTR84o before continuing:

MqxDSqBt4SPScZbB9T36iLV4DE_gTMAi4BpTheTR84o.dY9nFOGupj544HjQN-TnlH2jCVo-4UxlbXiujRoiJr4

If you don't have HTTP server configured, you can run the following
command on the target server (as root):

mkdir -p /tmp/letsencrypt/public_html/.well-known/acme-challenge
cd /tmp/letsencrypt/public_html
printf "%s" MqxDSqBt4SPScZbB9T36iLV4DE_gTMAi4BpTheTR84o.dY9nFOGupj544HjQN-TnlH2jCVo-4UxlbXiujRoiJr4 > .well-known/acme-challenge/MqxDSqBt4SPScZbB9T36iLV4DE_gTMAi4BpTheTR84o
# run only once per server:
$(command -v python2 || command -v python2.7 || command -v python2.6) -c \
"import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \
s.serve_forever()" 
Press ENTER to continue
An unexpected error occurred:
The server experienced an internal error :: Error creating new cert
Please see the logfiles in /var/log/letsencrypt for more details.
[vpc@localhost letsencrypt]$ 

This is the logfile:

2015-12-03 20:29:20,416:DEBUG:letsencrypt.cli:Root logging level set at 30
2015-12-03 20:29:20,417:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2015-12-03 20:29:20,418:DEBUG:letsencrypt.cli:letsencrypt version: 0.1.0
2015-12-03 20:29:20,418:DEBUG:letsencrypt.cli:Arguments: ['--authenticator', 'manual', '--agree-dev-preview', '--server', 'https://acme-v01.api.letsencrypt.org/directory', '--text', '--csr', 'signreq.der']
2015-12-03 20:29:20,418:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2015-12-03 20:29:20,419:DEBUG:letsencrypt.cli:Requested authenticator manual and installer None
2015-12-03 20:29:20,423:DEBUG:letsencrypt.display.ops:Single candidate plugin: * manual
Description: Manually configure an HTTP server
Interfaces: IAuthenticator, IPlugin
Entry point: manual = letsencrypt.plugins.manual:Authenticator
Initialized: <letsencrypt.plugins.manual.Authenticator object at 0x7f2fbeda0d10>
Prep: True
2015-12-03 20:29:20,423:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt.plugins.manual.Authenticator object at 0x7f2fbeda0d10> and installer None
2015-12-03 20:29:20,435:DEBUG:letsencrypt.cli:Picked account: <Account(45c8ab189209753b7c113da40bf2c2c5)>
2015-12-03 20:29:20,436:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2015-12-03 20:29:20,438:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-03 20:29:20,758:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 263
2015-12-03 20:29:20,760:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '263', 'Expires': 'Thu, 03 Dec 2015 20:29:20 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Thu, 03 Dec 2015 20:29:20 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'jC_HEIZc5h4zkboxHsKM9ncVEQLX6NpL9TYcPsEZ-6c'}. Content: '{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}'
2015-12-03 20:29:20,760:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '263', 'Expires': 'Thu, 03 Dec 2015 20:29:20 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Thu, 03 Dec 2015 20:29:20 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'jC_HEIZc5h4zkboxHsKM9ncVEQLX6NpL9TYcPsEZ-6c'}): '{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}'
2015-12-03 20:29:20,760:DEBUG:letsencrypt.client:CSR: CSR(file='/home/vpc/letsenc/letsencrypt/signreq.der', data='0\x82\x02\xaf0\x82\x01\x97\x02\x01\x00091\x0b0\t\x06\x03U\x04\x06\x13\x02DE1\x140\x12\x06\x03U\x04\n\x0c\x0bPreisser-IT1\x140\x12\x06\x03U\x04\x03\x0c\x0bPreisser-IT0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xb6\xd9U\xee{\xff\xfeP\x05\x8b!Z\x14\x8bw\x13s\x00\xe3\xb2\'\x9c\xa59\xdf\x12\x07\x8b<7_t\xbb(\xa3\xa4r\xc5\xa5\\Q6\x8d\xb8\xc7\xbf\xe9\xec\xd3\xd50p\x1e\x90R3\xcc\xfe\xee\x8cG\x8a9\x91~`\x7f\xce\xf8/l\x9dd$.\xa9\x97i>\xac\x9ea\xaf\x1d\xa8\xe2T\x83!\xa81I\xb1.\xc1\xd9\x1f\xa0\x90\'!\xd6\xc6\nM\xbd\x9a,\xb0u\x9aq\xb0\xb3\x86\xb9;:\xe9\x03\x17\x13\xd4\xd4\x89i\xf8\xc5E\x9f\x9b\xb0\xc4$\x98H\x9f\x01S\x0b\xbf\xd5\xcdA\x0eH\xb4\xac\x87\xf8\xbf[\x92\xd3\x86\xb3\x0f\xa4DC\xfb\x8b\xb6\xd1\xb9\xeci\xf1\xd3\x92\xea\\8Y\xde\xc2\xc1\xcarG\x13\xe1\xb6P\x122yp\xca\xa3\xbc{\x98\xae\xdae\xe9D\x15\x11\xa4g\xa0U\xb4\xa5L\xfa|\x91Z\xa6kwO\xb9\xf9\x03\xfaK\xcb\xff\xc84\xae[\x00n\xc9X\xb8;\xc2\xb6\xc3?mp]n\xfb\x88\xed\xa2|\x10\xc8\xab6q<\xe9\xca\x19GS\x02\x03\x01\x00\x01\xa010/\x06\t*\x86H\x86\xf7\r\x01\t\x0e1"0 0\x1e\x06\x03U\x1d\x11\x04\x170\x15\x82\x13kinderbasar-luhe.de0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x9a\xcc0\x1e(\xc2\xe8\x81\xcb\x994\xc0\xd5i\x90\xee\xb7\xf5>M\xe3^}\x19\xc2\xf1\x03\xee\xc4\xd5\xe9\xfc\xc9E\xfa.\xa2\x06\n\x89Z\x85\xdev\xa7\x88,xA\xee\xf7\xcf3\xeb\xaa\xc4\xc4\xe3A\xac\x9b%\x9e\x8d]\x8e.\xf3P\x97X\x03\xcb\x86u\x9d\x170\tE\xdb\x97\x1f\x08S\xe1\x83\xb7\x13\xfdJ2\xa7\xeb\xe862\xac\xf3O%\x0b\xde\xd8\xbbj5\xc1\xb2"\x852Ji\xda\xbe\xb8r0\xf9n\x08\x16$B\xce\x14\xc2\x9c]Jc\xf7\x17\x8a\xba\xed~\x1c\xb9\x12(\xecL\x84\xcb$\xfd\xcf\x97-\x9eZ\xa3&\x1a\xa0\xa1b\x0c5\x98L\xdf6\xe4\x1a\x96\x91\xfe\x1ax\x93\x19\xea\x82NH0\x07\x81\x17\xa7NQ\x18\xf5\xb7\xce\xd8M\xcf\xaf\xe2O\xbc\x9e9\x00\xf6\x0b\x99\xdd\x9d\x96\xd5\xcc\x02\xf1\x03@@9\x10<\x85\xb1\xc0\xad\x04\xd0p\x9d\x80\x87\x03V\x0f\x16\xe1\xc1\xb7\xbc\x9eP\x10\x1eh\x8dp\x17\x8e\xddO\x13Z\x0e\xc3/\x0c\xd3\xacJs\xfb\x89', form='der'), domains: ['kinderbasar-luhe.de']
2015-12-03 20:29:20,761:DEBUG:root:Requesting fresh nonce
2015-12-03 20:29:20,761:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2015-12-03 20:29:20,761:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-03 20:29:21,047:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2015-12-03 20:29:21,049:DEBUG:root:Received <Response [405]>. Headers: {'Content-Length': '0', 'Pragma': 'no-cache', 'Expires': 'Thu, 03 Dec 2015 20:29:21 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow': 'POST', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Thu, 03 Dec 2015 20:29:21 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'D9Gcj0L7DGhuXGvx1YZhoacA8W4r1aEzw-60wVU1gxI'}. Content: ''
2015-12-03 20:29:21,049:DEBUG:acme.client:Storing nonce: '\x0f\xd1\x9c\x8fB\xfb\x0chn\\k\xf1\xd5\x86a\xa1\xa7\x00\xf1n+\xd5\xa13\xc3\xee\xb4\xc1U5\x83\x12'
2015-12-03 20:29:21,050:DEBUG:acme.jose.json_util:Omitted empty fields: combinations=None, challenges=None, expires=None, status=None
2015-12-03 20:29:21,050:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "kinderbasar-luhe.de"}, "resource": "new-authz"}
2015-12-03 20:29:21,050:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), jwk=None, typ=None, alg=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None
2015-12-03 20:29:21,052:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None, nonce=None
2015-12-03 20:29:21,052:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "o3UEOKn5uACs2tyPJbsdS_h3w8ZXnENXJTG60gJEdK15entrhImQLy-Z0GlmX8IMGTOkgWot27Lflykhjjrm-mlJ_TeURbk76vLypihS1FZ1mZxlMX7SV8vM672ylA4sdhCMd3ss9XO3uy2pC6b_53Q_N8tUVygtwqkjYHFlhmOr0Bz4IxcfclT6RT1mTk2ov4RCnUZ6S7Uir53fPPsjiMLaW21ROW9W_LVAFNPjfglQJJZRkKKshwsy7DKgePi9UVC7HFOhxOGQU6tQPWYNT5C1d7FlO2yNIbQ3v6UYQ6iQRnGOykmKEyzYNTCDQlxFTxfLA-AlRWVtomeow6eEyw"}}, "protected": "eyJub25jZSI6ICJEOUdjajBMN0RHaHVYR3Z4MVlaaG9hY0E4VzRyMWFFenctNjB3VlUxZ3hJIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJraW5kZXJiYXNhci1sdWhlLmRlIn0sICJyZXNvdXJjZSI6ICJuZXctYXV0aHoifQ", "signature": "BcQJO25k8wEovHGV3vsdFXZGOuLUz9zpf65BXrP0LXjysmie2LbQ58Ge4GZ1LJCqZ2jGa1RDFRELtH-QJUm66SOilhrnN-AGzlGrjNOwv6Bgwfg8rkpSYhjZbOGKipT-C8sIsgqd2zL6DLG4lF4jPtXa9eqWBfZqPujQAZrIz0-EVBR1PX5727h4Z3LwcM1Opp0iOZ57u-FWlei3jVdBavYXs6oRqyVMf3-E_4PNh7MFeXyWytD5XdW3bjFeYXhe6KIrv1T5fvZkzpXTQM8AnAUCTsC_uLOuiDAFuEQ-jam5vRS3OjtlRfr34SQ1kABPB0cSnBrwjJpti7B34nCzhg"}'}
2015-12-03 20:29:21,053:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-03 20:29:21,382:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 570
2015-12-03 20:29:21,383:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '570', 'Expires': 'Thu, 03 Dec 2015 20:29:21 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/ku4gO-fAIG9aQ2XLHxaSpw_jbHY32JiDVMcI10M9H28', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Thu, 03 Dec 2015 20:29:21 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'yirqD1rfphqnhBC2vs9SPaGggHKl-eKLfHfbm47YoIk'}. Content: '{"identifier":{"type":"dns","value":"kinderbasar-luhe.de"},"status":"pending","expires":"2015-12-10T20:29:21.277934462Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/ku4gO-fAIG9aQ2XLHxaSpw_jbHY32JiDVMcI10M9H28/572687","token":"MqxDSqBt4SPScZbB9T36iLV4DE_gTMAi4BpTheTR84o"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/ku4gO-fAIG9aQ2XLHxaSpw_jbHY32JiDVMcI10M9H28/572688","token":"XSsEY6ThXGY_fU5-hexWL9y8ZrpQVSD_9u1mgS4bvWI"}],"combinations":[[0],[1]]}'
2015-12-03 20:29:21,384:DEBUG:acme.client:Storing nonce: '\xca*\xea\x0fZ\xdf\xa6\x1a\xa7\x84\x10\xb6\xbe\xcfR=\xa1\xa0\x80r\xa5\xf9\xe2\x8b|w\xdb\x9b\x8e\xd8\xa0\x89'
2015-12-03 20:29:21,384:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '570', 'Expires': 'Thu, 03 Dec 2015 20:29:21 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/ku4gO-fAIG9aQ2XLHxaSpw_jbHY32JiDVMcI10M9H28', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Thu, 03 Dec 2015 20:29:21 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'yirqD1rfphqnhBC2vs9SPaGggHKl-eKLfHfbm47YoIk'}): '{"identifier":{"type":"dns","value":"kinderbasar-luhe.de"},"status":"pending","expires":"2015-12-10T20:29:21.277934462Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/ku4gO-fAIG9aQ2XLHxaSpw_jbHY32JiDVMcI10M9H28/572687","token":"MqxDSqBt4SPScZbB9T36iLV4DE_gTMAi4BpTheTR84o"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/ku4gO-fAIG9aQ2XLHxaSpw_jbHY32JiDVMcI10M9H28/572688","token":"XSsEY6ThXGY_fU5-hexWL9y8ZrpQVSD_9u1mgS4bvWI"}],"combinations":[[0],[1]]}'
2015-12-03 20:29:21,384:INFO:letsencrypt.auth_handler:Performing the following challenges:
2015-12-03 20:29:21,384:INFO:letsencrypt.auth_handler:http-01 challenge for kinderbasar-luhe.de
2015-12-03 20:30:05,024:DEBUG:acme.challenges:Verifying http-01 at http://kinderbasar-luhe.de/.well-known/acme-challenge/MqxDSqBt4SPScZbB9T36iLV4DE_gTMAi4BpTheTR84o...
2015-12-03 20:30:05,025:INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): kinderbasar-luhe.de
2015-12-03 20:30:05,085:DEBUG:requests.packages.urllib3.connectionpool:"GET /.well-known/acme-challenge/MqxDSqBt4SPScZbB9T36iLV4DE_gTMAi4BpTheTR84o HTTP/1.1" 200 87
2015-12-03 20:30:05,086:DEBUG:acme.challenges:Received <Response [200]>: MqxDSqBt4SPScZbB9T36iLV4DE_gTMAi4BpTheTR84o.dY9nFOGupj544HjQN-TnlH2jCVo-4UxlbXiujRoiJr4. Headers: {'Date': 'Thu, 03 Dec 2015 20:30:04 GMT', 'Content-Length': '87', 'Content-Type': 'text/plain; charset=utf-8', 'Server': 'Microsoft-IIS/8.5'}
2015-12-03 20:30:05,086:INFO:letsencrypt.auth_handler:Waiting for verification...
2015-12-03 20:30:05,086:DEBUG:acme.client:Serialized JSON: {"keyAuthorization": "MqxDSqBt4SPScZbB9T36iLV4DE_gTMAi4BpTheTR84o.dY9nFOGupj544HjQN-TnlH2jCVo-4UxlbXiujRoiJr4", "type": "http-01", "resource": "challenge"}
2015-12-03 20:30:05,087:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), jwk=None, typ=None, alg=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None
2015-12-03 20:30:05,088:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None, nonce=None
2015-12-03 20:30:05,088:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/ku4gO-fAIG9aQ2XLHxaSpw_jbHY32JiDVMcI10M9H28/572687. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "o3UEOKn5uACs2tyPJbsdS_h3w8ZXnENXJTG60gJEdK15entrhImQLy-Z0GlmX8IMGTOkgWot27Lflykhjjrm-mlJ_TeURbk76vLypihS1FZ1mZxlMX7SV8vM672ylA4sdhCMd3ss9XO3uy2pC6b_53Q_N8tUVygtwqkjYHFlhmOr0Bz4IxcfclT6RT1mTk2ov4RCnUZ6S7Uir53fPPsjiMLaW21ROW9W_LVAFNPjfglQJJZRkKKshwsy7DKgePi9UVC7HFOhxOGQU6tQPWYNT5C1d7FlO2yNIbQ3v6UYQ6iQRnGOykmKEyzYNTCDQlxFTxfLA-AlRWVtomeow6eEyw"}}, "protected": "eyJub25jZSI6ICJ5aXJxRDFyZnBocW5oQkMydnM5U1BhR2dnSEtsLWVLTGZIZmJtNDdZb0lrIn0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogIk1xeERTcUJ0NFNQU2NaYkI5VDM2aUxWNERFX2dUTUFpNEJwVGhlVFI4NG8uZFk5bkZPR3VwajU0NEhqUU4tVG5sSDJqQ1ZvLTRVeGxiWGl1alJvaUpyNCIsICJ0eXBlIjogImh0dHAtMDEiLCAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIn0", "signature": "SV5gpWM162LHiHJ_WBiRbTvx8twjNSdy5shrJKhB6uKdAvhRbXSLdum_kbKHRkqEFZv4d-2ukd_FysNI1KjoFUq9OkdrJ1p-NZRYvjXWoyaooXDNjN7n-pVrH3fUOxSmUtaLlJ5hZ0iaF95ecDKZKvzq2eEMDTd5Zw8GslNzFP6ZYYbCdtkl4CACzSqkhVsLCWkgyDURbVBZRvONgm-hLUdxnYABbsnileRqopCPNb0b2LmZUfT4sIuR-FZmV4L6Fz2vcBoRYcBq30IGyWUG78NcsjerARaaoj-I7bnPfWle_rybnj6TGOLuaS0UXcbhMzlyakr8cRrzcTzIKCZmPw"}'}
2015-12-03 20:30:05,089:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-03 20:30:05,447:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/ku4gO-fAIG9aQ2XLHxaSpw_jbHY32JiDVMcI10M9H28/572687 HTTP/1.1" 202 311
2015-12-03 20:30:05,448:DEBUG:root:Received <Response [202]>. Headers: {'Content-Length': '311', 'Expires': 'Thu, 03 Dec 2015 20:30:05 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/authz/ku4gO-fAIG9aQ2XLHxaSpw_jbHY32JiDVMcI10M9H28>;rel="up"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/challenge/ku4gO-fAIG9aQ2XLHxaSpw_jbHY32JiDVMcI10M9H28/572687', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Thu, 03 Dec 2015 20:30:05 GMT', 'Content-Type': 'application/json', 'Replay-Nonce': 'mKBWMfnOMnAkQEzEtehRQqSFd3liE9KHla9l_I5aYPo'}. Content: '{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/ku4gO-fAIG9aQ2XLHxaSpw_jbHY32JiDVMcI10M9H28/572687","token":"MqxDSqBt4SPScZbB9T36iLV4DE_gTMAi4BpTheTR84o","keyAuthorization":"MqxDSqBt4SPScZbB9T36iLV4DE_gTMAi4BpTheTR84o.dY9nFOGupj544HjQN-TnlH2jCVo-4UxlbXiujRoiJr4"}'
2015-12-03 20:30:05,448:DEBUG:acme.client:Storing nonce: '\x98\xa0V1\xf9\xce2p$@L\xc4\xb5\xe8QB\xa4\x85wyb\x13\xd2\x87\x95\xafe\xfc\x8eZ`\xfa'
2015-12-03 20:30:05,449:DEBUG:acme.client:Received response <Response [202]> (headers: {'Content-Length': '311', 'Expires': 'Thu, 03 Dec 2015 20:30:05 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/authz/ku4gO-fAIG9aQ2XLHxaSpw_jbHY32JiDVMcI10M9H28>;rel="up"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/challenge/ku4gO-fAIG9aQ2XLHxaSpw_jbHY32JiDVMcI10M9H28/572687', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Thu, 03 Dec 2015 20:30:05 GMT', 'Content-Type': 'application/json', 'Replay-Nonce': 'mKBWMfnOMnAkQEzEtehRQqSFd3liE9KHla9l_I5aYPo'}): '{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/ku4gO-fAIG9aQ2XLHxaSpw_jbHY32JiDVMcI10M9H28/572687","token":"MqxDSqBt4SPScZbB9T36iLV4DE_gTMAi4BpTheTR84o","keyAuthorization":"MqxDSqBt4SPScZbB9T36iLV4DE_gTMAi4BpTheTR84o.dY9nFOGupj544HjQN-TnlH2jCVo-4UxlbXiujRoiJr4"}'
2015-12-03 20:30:08,453:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/ku4gO-fAIG9aQ2XLHxaSpw_jbHY32JiDVMcI10M9H28. args: (), kwargs: {}
2015-12-03 20:30:08,454:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-03 20:30:08,757:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/ku4gO-fAIG9aQ2XLHxaSpw_jbHY32JiDVMcI10M9H28 HTTP/1.1" 200 909
2015-12-03 20:30:08,759:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '909', 'Expires': 'Thu, 03 Dec 2015 20:30:08 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Thu, 03 Dec 2015 20:30:08 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'MVRpCYlZzZ0lSrZqxgnmG8r4WOBHaed3FEx8_dHKqlg'}. Content: '{"identifier":{"type":"dns","value":"kinderbasar-luhe.de"},"status":"valid","expires":"2016-09-28T20:30:06Z","challenges":[{"type":"http-01","status":"valid","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/ku4gO-fAIG9aQ2XLHxaSpw_jbHY32JiDVMcI10M9H28/572687","token":"MqxDSqBt4SPScZbB9T36iLV4DE_gTMAi4BpTheTR84o","keyAuthorization":"MqxDSqBt4SPScZbB9T36iLV4DE_gTMAi4BpTheTR84o.dY9nFOGupj544HjQN-TnlH2jCVo-4UxlbXiujRoiJr4","validationRecord":[{"url":"http://kinderbasar-luhe.de/.well-known/acme-challenge/MqxDSqBt4SPScZbB9T36iLV4DE_gTMAi4BpTheTR84o","hostname":"kinderbasar-luhe.de","port":"80","addressesResolved":["37.120.162.254"],"addressUsed":"37.120.162.254"}]},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/ku4gO-fAIG9aQ2XLHxaSpw_jbHY32JiDVMcI10M9H28/572688","token":"XSsEY6ThXGY_fU5-hexWL9y8ZrpQVSD_9u1mgS4bvWI"}],"combinations":[[0],[1]]}'
2015-12-03 20:30:08,759:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '909', 'Expires': 'Thu, 03 Dec 2015 20:30:08 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Thu, 03 Dec 2015 20:30:08 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'MVRpCYlZzZ0lSrZqxgnmG8r4WOBHaed3FEx8_dHKqlg'}): '{"identifier":{"type":"dns","value":"kinderbasar-luhe.de"},"status":"valid","expires":"2016-09-28T20:30:06Z","challenges":[{"type":"http-01","status":"valid","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/ku4gO-fAIG9aQ2XLHxaSpw_jbHY32JiDVMcI10M9H28/572687","token":"MqxDSqBt4SPScZbB9T36iLV4DE_gTMAi4BpTheTR84o","keyAuthorization":"MqxDSqBt4SPScZbB9T36iLV4DE_gTMAi4BpTheTR84o.dY9nFOGupj544HjQN-TnlH2jCVo-4UxlbXiujRoiJr4","validationRecord":[{"url":"http://kinderbasar-luhe.de/.well-known/acme-challenge/MqxDSqBt4SPScZbB9T36iLV4DE_gTMAi4BpTheTR84o","hostname":"kinderbasar-luhe.de","port":"80","addressesResolved":["37.120.162.254"],"addressUsed":"37.120.162.254"}]},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/ku4gO-fAIG9aQ2XLHxaSpw_jbHY32JiDVMcI10M9H28/572688","token":"XSsEY6ThXGY_fU5-hexWL9y8ZrpQVSD_9u1mgS4bvWI"}],"combinations":[[0],[1]]}'
2015-12-03 20:30:08,760:INFO:letsencrypt.auth_handler:Cleaning up challenges
2015-12-03 20:30:08,760:DEBUG:acme.client:Requesting issuance...
2015-12-03 20:30:08,760:DEBUG:acme.client:Serialized JSON: {"resource": "new-cert", "csr": "MIICrzCCAZcCAQAwOTELMAkGA1UEBhMCREUxFDASBgNVBAoMC1ByZWlzc2VyLUlUMRQwEgYDVQQDDAtQcmVpc3Nlci1JVDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbZVe57__5QBYshWhSLdxNzAOOyJ5ylOd8SB4s8N190uyijpHLFpVxRNo24x7_p7NPVMHAekFIzzP7ujEeKOZF-YH_O-C9snWQkLqmXaT6snmGvHajiVIMhqDFJsS7B2R-gkCch1sYKTb2aLLB1mnGws4a5OzrpAxcT1NSJafjFRZ-bsMQkmEifAVMLv9XNQQ5ItKyH-L9bktOGsw-kREP7i7bRuexp8dOS6lw4Wd7CwcpyRxPhtlASMnlwyqO8e5iu2mXpRBURpGegVbSlTPp8kVqma3dPufkD-kvL_8g0rlsAbslYuDvCtsM_bXBdbvuI7aJ8EMirNnE86coZR1MCAwEAAaAxMC8GCSqGSIb3DQEJDjEiMCAwHgYDVR0RBBcwFYITa2luZGVyYmFzYXItbHVoZS5kZTANBgkqhkiG9w0BAQsFAAOCAQEAmswwHijC6IHLmTTA1WmQ7rf1Pk3jXn0ZwvED7sTV6fzJRfouogYKiVqF3naniCx4Qe73zzPrqsTE40GsmyWejV2OLvNQl1gDy4Z1nRcwCUXblx8IU-GDtxP9SjKn6-g2MqzzTyUL3ti7ajXBsiKFMkpp2r64cjD5bggWJELOFMKcXUpj9xeKuu1-HLkSKOxMhMsk_c-XLZ5aoyYaoKFiDDWYTN825BqWkf4aeJMZ6oJOSDAHgRenTlEY9bfO2E3Pr-JPvJ45APYLmd2dltXMAvEDQEA5EDyFscCtBNBwnYCHA1YPFuHBt7yeUBAeaI1wF47dTxNaDsMvDNOsSnP7iQ"}
2015-12-03 20:30:08,761:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), jwk=None, typ=None, alg=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None
2015-12-03 20:30:08,761:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None, nonce=None
2015-12-03 20:30:08,762:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-cert. args: (), kwargs: {'headers': {'Accept': 'application/pkix-cert'}, 'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "o3UEOKn5uACs2tyPJbsdS_h3w8ZXnENXJTG60gJEdK15entrhImQLy-Z0GlmX8IMGTOkgWot27Lflykhjjrm-mlJ_TeURbk76vLypihS1FZ1mZxlMX7SV8vM672ylA4sdhCMd3ss9XO3uy2pC6b_53Q_N8tUVygtwqkjYHFlhmOr0Bz4IxcfclT6RT1mTk2ov4RCnUZ6S7Uir53fPPsjiMLaW21ROW9W_LVAFNPjfglQJJZRkKKshwsy7DKgePi9UVC7HFOhxOGQU6tQPWYNT5C1d7FlO2yNIbQ3v6UYQ6iQRnGOykmKEyzYNTCDQlxFTxfLA-AlRWVtomeow6eEyw"}}, "protected": "eyJub25jZSI6ICJtS0JXTWZuT01uQWtRRXpFdGVoUlFxU0ZkM2xpRTlLSGxhOWxfSTVhWVBvIn0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctY2VydCIsICJjc3IiOiAiTUlJQ3J6Q0NBWmNDQVFBd09URUxNQWtHQTFVRUJoTUNSRVV4RkRBU0JnTlZCQW9NQzFCeVpXbHpjMlZ5TFVsVU1SUXdFZ1lEVlFRRERBdFFjbVZwYzNObGNpMUpWRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFMYlpWZTU3X181UUJZc2hXaFNMZHhOekFPT3lKNXlsT2Q4U0I0czhOMTkwdXlpanBITEZwVnhSTm8yNHg3X3A3TlBWTUhBZWtGSXp6UDd1akVlS09aRi1ZSF9PLUM5c25XUWtMcW1YYVQ2c25tR3ZIYWppVklNaHFERkpzUzdCMlItZ2tDY2gxc1lLVGIyYUxMQjFtbkd3czRhNU96cnBBeGNUMU5TSmFmakZSWi1ic01Ra21FaWZBVk1MdjlYTlFRNUl0S3lILUw5Ymt0T0dzdy1rUkVQN2k3YlJ1ZXhwOGRPUzZsdzRXZDdDd2NweVJ4UGh0bEFTTW5sd3lxTzhlNWl1Mm1YcFJCVVJwR2VnVmJTbFRQcDhrVnFtYTNkUHVma0Qta3ZMXzhnMHJsc0Fic2xZdUR2Q3RzTV9iWEJkYnZ1STdhSjhFTWlyTm5FODZjb1pSMU1DQXdFQUFhQXhNQzhHQ1NxR1NJYjNEUUVKRGpFaU1DQXdIZ1lEVlIwUkJCY3dGWUlUYTJsdVpHVnlZbUZ6WVhJdGJIVm9aUzVrWlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQW1zd3dIaWpDNklITG1UVEExV21RN3JmMVBrM2pYbjBad3ZFRDdzVFY2ZnpKUmZvdW9nWUtpVnFGM25hbmlDeDRRZTczenpQcnFzVEU0MEdzbXlXZWpWMk9Mdk5RbDFnRHk0WjFuUmN3Q1VYYmx4OElVLUdEdHhQOVNqS242LWcyTXF6elR5VUwzdGk3YWpYQnNpS0ZNa3BwMnI2NGNqRDViZ2dXSkVMT0ZNS2NYVXBqOXhlS3V1MS1ITGtTS094TWhNc2tfYy1YTFo1YW95WWFvS0ZpRERXWVROODI1QnFXa2Y0YWVKTVo2b0pPU0RBSGdSZW5UbEVZOWJmTzJFM1ByLUpQdko0NUFQWUxtZDJkbHRYTUF2RURRRUE1RUR5RnNjQ3RCTkJ3bllDSEExWVBGdUhCdDd5ZVVCQWVhSTF3RjQ3ZFR4TmFEc012RE5Pc1NuUDdpUSJ9", "signature": "R3nJ6ehWw9kNBhI8zVqmbf_8tvqJiGWEXdFN3xjjZieOKdgYeATfOUc9JVXWzscgOzlw3DhUNeRwmX2VWhKGmml9AXCsgOusQIYNDf7SjBfxsHRs-FCtimmCFNPs6wvtcBJ3b-2VlTaK1ZIVPiwrB6ATo-bm-xAM1U3QPwcRRZtxFKZb0pY0wBmqEnLwA8fGXZReI4uT-2X3ptBl6WZ4oJIyhrbjxmcd4tRmuJohIJG2rTRNZ9YZcXw9UJgzIoR-VpG1GsZ5UST8uH56G42J5-gIbDlCICfbDpCMzzKN8zLN1PNOW_2I7HefhWulpGFOR47OPSJR_AWiellfskYLFA"}'}
2015-12-03 20:30:08,762:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-03 20:30:09,097:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-cert HTTP/1.1" 500 88
2015-12-03 20:30:09,098:DEBUG:root:Received <Response [500]>. Headers: {'Content-Length': '88', 'Expires': 'Thu, 03 Dec 2015 20:30:09 GMT', 'Server': 'nginx', 'Connection': 'close', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Thu, 03 Dec 2015 20:30:09 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'efruEyTuYPdmxc-9GDAsgdhi5N7eyfh9WmcWrNdmwJE'}. Content: '{"type":"urn:acme:error:serverInternal","detail":"Error creating new cert","status":500}'
2015-12-03 20:30:09,098:DEBUG:acme.client:Storing nonce: 'y\xfa\xee\x13$\xee`\xf7f\xc5\xcf\xbd\x180,\x81\xd8b\xe4\xde\xde\xc9\xf8}Zg\x16\xac\xd7f\xc0\x91'
2015-12-03 20:30:09,098:DEBUG:acme.client:Received response <Response [500]> (headers: {'Content-Length': '88', 'Expires': 'Thu, 03 Dec 2015 20:30:09 GMT', 'Server': 'nginx', 'Connection': 'close', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Thu, 03 Dec 2015 20:30:09 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'efruEyTuYPdmxc-9GDAsgdhi5N7eyfh9WmcWrNdmwJE'}): '{"type":"urn:acme:error:serverInternal","detail":"Error creating new cert","status":500}'
2015-12-03 20:30:09,099:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
  File "/home/vpc/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/home/vpc/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py", line 1283, in main
    return args.func(args, config, plugins)
  File "/home/vpc/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py", line 506, in obtain_cert
    file=args.csr[0], data=args.csr[1], form="der"))
  File "/home/vpc/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/client.py", line 245, in obtain_certificate_from_csr
    csr.data, OpenSSL.crypto.FILETYPE_ASN1), csr)
  File "/home/vpc/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/client.py", line 228, in _obtain_certificate
    authzr)
  File "/home/vpc/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py", line 310, in request_issuance
    headers={'Accept': content_type})
  File "/home/vpc/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py", line 634, in post
    return self._check_response(response, content_type=content_type)
  File "/home/vpc/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py", line 550, in _check_response
    raise messages.Error.from_json(jobj)
Error: urn:acme:error:serverInternal :: The server experienced an internal error :: Error creating new cert

Any idea why I can’t generate a certificate?

Thanks!


#11

After trying some things I found that the issue was due to me not specifying one of the SAN domains in the CN (Common Name) field of the subject in the certificate request generated with OpenSSL.
After I changed this, the certificate was generated successfully.

However I think there should be a better error message than just “The server experienced an internal error :: Error creating new cert”.

Thanks


#12

Best open an issue for that at https://github.com/letsencrypt/boulder/issues, so it doesn’t get lost.