DNS problem: NXDOMAIN looking up TXT for _acme-challenge. - check that a DNS record exists for this domain

Veuillez remplir les champs ci-dessous pour que nous puissions vous aider. Remarque : vous devez fournir votre nom de domaine pour obtenir de l’aide. Les noms de domaine des certificats émis sont tous rendus publics dans les journaux de Transparence de Certificat (par exemple, crt.sh | example.com). Par conséquent, le fait de ne pas indiquer votre nom de domaine ici n’aide pas à le garder secret, mais rend plus difficile pour nous le fait de vous aider.

Je peux lire des réponses en Anglais : yes

Mon nom de domaine est : configuration.wildlifetracking.net

J’ai exécuté cette commande :
sudo certbot certonly --dns-route53 -d configuration.wildlifetracking.net -vv

Elle a produit cette sortie :Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator dns-route53 and installer None
Changing event name from creating-client-class.iot-data to creating-client-class.iot-data-plane
Changing event name from before-call.apigateway to before-call.api-gateway
Changing event name from request-created.machinelearning.Predict to request-created.machine-learning.Predict
Changing event name from before-parameter-build.autoscaling.CreateLaunchConfiguration to before-parameter-build.auto-scaling.CreateLaunchConfiguration
Changing event name from before-parameter-build.route53 to before-parameter-build.route-53
Changing event name from request-created.cloudsearchdomain.Search to request-created.cloudsearch-domain.Search
Changing event name from docs.*.autoscaling.CreateLaunchConfiguration.complete-section to docs.*.auto-scaling.CreateLaunchConfiguration.complete-section
Changing event name from before-parameter-build.logs.CreateExportTask to before-parameter-build.cloudwatch-logs.CreateExportTask
Changing event name from docs.*.logs.CreateExportTask.complete-section to docs.*.cloudwatch-logs.CreateExportTask.complete-section
Changing event name from before-parameter-build.cloudsearchdomain.Search to before-parameter-build.cloudsearch-domain.Search
Changing event name from docs.*.cloudsearchdomain.Search.complete-section to docs.*.cloudsearch-domain.Search.complete-section
IMDS ENDPOINT: http://169.254.169.254/
Looking for credentials via: env
Looking for credentials via: assume-role
Looking for credentials via: assume-role-with-web-identity
Looking for credentials via: sso
Looking for credentials via: shared-credentials-file
Looking for credentials via: custom-process
Looking for credentials via: config-file
Credentials found in config file: ~/.aws/config
Loading JSON file: /snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/data/endpoints.json
Loading JSON file: /snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/data/sdk-default-configuration.json
Event choose-service-name: calling handler <function handle_service_name_alias at 0x7fe4a241b550>
Loading JSON file: /snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/data/route53/2013-04-01/service-2.json
Loading JSON file: /snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/data/route53/2013-04-01/endpoint-rule-set-1.json.gz
Loading JSON file: /snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/data/partitions.json
Event creating-client-class.route-53: calling handler <function add_generate_presigned_url at 0x7fe4a25179d0>
Setting route53 timeout as (60, 60)
Loading JSON file: /snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/data/_retry.json
Registering retry handlers for service: route53
Single candidate plugin: * dns-route53
Description: Obtain certificates using a DNS TXT record (if you are using AWS Route53 for DNS).
Interfaces: Authenticator, Plugin
Entry point: dns-route53 = certbot_dns_route53._internal.dns_route53:Authenticator
Initialized: <certbot_dns_route53._internal.dns_route53.Authenticator object at 0x7fe4a5efa520>
Prep: True
Selected authenticator <certbot_dns_route53._internal.dns_route53.Authenticator object at 0x7fe4a5efa520> and installer None
Plugins selected: Authenticator dns-route53, Installer None
Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1193419837', new_authzr_uri=None, terms_of_service=None), e51c51c06973c1365401bddb8f3cdab4, Meta(creation_dt=datetime.datetime(2023, 7, 6, 8, 54, 11, tzinfo=<UTC>), creation_host='atlas-pygar-01', register_to_eff=None))>
Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
Received response:
HTTP 200
Server: nginx
Date: Wed, 12 Jul 2023 07:48:46 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "3F1uQEcs44k": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
Notifying user: Requesting a certificate for configuration.wildlifetracking.net
Requesting a certificate for configuration.wildlifetracking.net
Requesting fresh nonce
Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Server: nginx
Date: Wed, 12 Jul 2023 07:48:46 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 853F976m5XDK4Xldn7od0L93nVBoOAeGCNw77zwURyF01Rk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


Storing nonce: 853F976m5XDK4Xldn7od0L93nVBoOAeGCNw77zwURyF01Rk
JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "configuration.wildlifetracking.net"\n    }\n  ]\n}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5MzQxOTgzNyIsICJub25jZSI6ICI4NTNGOTc2bTVYREs0WGxkbjdvZDBMOTNuVkJvT0FlR0NOdzc3endVUnlGMDFSayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
  "signature": "pNLQVLsE2v8gr2bedqsjLxqgnkdcRV1Yn3rdk30E973YIKGO8KRYXR0GR3kXvIvchggpHaZLso4Ywc2iCFNW1rBTBNpNO7itmvYIMrzADK7mC5RJgwGgRGY1PUUANavU7teC1k9GdeShwtJXB5L9sa_zGDZ1qA11KTVgBmv4ZR9GQ_RSQYm8HgzRvv_7_r3D5DmQP4qbHBoKZBQygZzNBP4I1jRiiGp5DEtUQA8oBO8U02VkqZTrW9lo9RBi3pJ4Zr3iZK_Ld9hp3EM5EIPeAJeqHSdodD5U6JQasnMUf_Awd2iJrQIGqXFWVWpc4dBFRUU8ejcaYLbbd69WKZh7tA",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImNvbmZpZ3VyYXRpb24ud2lsZGxpZmV0cmFja2luZy5uZXQiCiAgICB9CiAgXQp9"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 360
Received response:
HTTP 201
Server: nginx
Date: Wed, 12 Jul 2023 07:48:46 GMT
Content-Type: application/json
Content-Length: 360
Connection: keep-alive
Boulder-Requester: 1193419837
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1193419837/194415637317
Replay-Nonce: F70E7PxgaIWW12Ig-2QhC1PZF7I9FXBVYPF4L-kxbx2-W2g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2023-07-19T07:48:46Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "configuration.wildlifetracking.net"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/244882106497"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1193419837/194415637317"
}
Storing nonce: F70E7PxgaIWW12Ig-2QhC1PZF7I9FXBVYPF4L-kxbx2-W2g
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/244882106497:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5MzQxOTgzNyIsICJub25jZSI6ICJGNzBFN1B4Z2FJV1cxMklnLTJRaEMxUFpGN0k5RlhCVllQRjRMLWt4YngyLVcyZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQ0ODgyMTA2NDk3In0",
  "signature": "I_iHDPf2F9Nuo4CRXybQL48eTVuIs8iullEa11fEfizzsRduZ8vwXVcRpb4mvUXHVDBC9OZOCs345xMB4kSkrjvngXaM-55HCRP7KAoJzNZiPSTSZzU0JGjTp2BLO6ld4EW6Jvvvqmvq7bA5z6Y-M4frcfUgYOxKd1KdcPc5zPjYvGC65MdVets2pbem6f8apCfwc_hd7ry4C36ekw_8aEL80PdiLzyjo_p8ErSnZtPQztuu7YbAydf76S7_sxsGn0lgpuzv8MAF5_ak5C1jqW4zQOICGdYynaxF2-ZLF8NZHrNs-bJxh2dVr5rWNROFRwmID4hlSeERTRHiZEVrgw",
  "payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/244882106497 HTTP/1.1" 200 818
Received response:
HTTP 200
Server: nginx
Date: Wed, 12 Jul 2023 07:48:46 GMT
Content-Type: application/json
Content-Length: 818
Connection: keep-alive
Boulder-Requester: 1193419837
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 853FeqBurbEloHmgpIkfXaANQDDWukd408uf9AjR-hLVgqk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "configuration.wildlifetracking.net"
  },
  "status": "pending",
  "expires": "2023-07-19T07:48:46Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/244882106497/w_nIgw",
      "token": "PgUYL0f77J95Ay3sB6uMx4s9FPAuHiv07xFaVQ8M9L4"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/244882106497/GuXIzQ",
      "token": "PgUYL0f77J95Ay3sB6uMx4s9FPAuHiv07xFaVQ8M9L4"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/244882106497/cJ0_Dw",
      "token": "PgUYL0f77J95Ay3sB6uMx4s9FPAuHiv07xFaVQ8M9L4"
    }
  ]
}
Storing nonce: 853FeqBurbEloHmgpIkfXaANQDDWukd408uf9AjR-hLVgqk
Performing the following challenges:
dns-01 challenge for configuration.wildlifetracking.net
Loading JSON file: /snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/data/route53/2013-04-01/paginators-1.json
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.ListHostedZones: calling handler <function fix_route53_ids at 0x7fe4a2435a60>
Event before-parameter-build.route-53.ListHostedZones: calling handler <function generate_idempotent_uuid at 0x7fe4a2431b80>
Event before-call.route-53.ListHostedZones: calling handler <function add_recursion_detection_header at 0x7fe4a2431820>
Event before-call.route-53.ListHostedZones: calling handler <function inject_api_version_header_if_needed at 0x7fe4a2438430>
Making request for OperationModel(name=ListHostedZones) with params: {'url_path': '/2013-04-01/hostedzone', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'', 'url': 'https://route53.amazonaws.com/2013-04-01/hostedzone', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fe4a228f280>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.ListHostedZones: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fe4a228f160>>
Event choose-signer.route-53.ListHostedZones: calling handler <function set_operation_specific_signer at 0x7fe4a2431a60>
Calculating signature using v4 auth.
CanonicalRequest:
GET
/2013-04-01/hostedzone

host:route53.amazonaws.com
x-amz-date:20230712T074847Z

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
StringToSign:
AWS4-HMAC-SHA256
20230712T074847Z
20230712/us-east-1/route53/aws4_request
b7b46c36b924ba1f23165281b3066d54fc688e04ce7d8c617d0487f5bd957a21
Signature:
b8ca4000fb74da29e8f4d33331d9d6d1b22b6e01962631588b02cbec9f89e608
Event request-created.route-53.ListHostedZones: calling handler <function add_retry_headers at 0x7fe4a2438af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://route53.amazonaws.com/2013-04-01/hostedzone, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T074847Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=b8ca4000fb74da29e8f4d33331d9d6d1b22b6e01962631588b02cbec9f89e608', 'amz-sdk-invocation-id': b'ba3d896e-9e1e-413e-8b3a-1de4eae25017', 'amz-sdk-request': b'attempt=1'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
Starting new HTTPS connection (1): route53.amazonaws.com:443
https://route53.amazonaws.com:443 "GET /2013-04-01/hostedzone HTTP/1.1" 200 802
Response headers: {'x-amzn-RequestId': 'fb803c50-6e8f-4863-bd55-4f29c21d13ea', 'Content-Type': 'text/xml', 'Content-Length': '802', 'Date': 'Wed, 12 Jul 2023 07:48:47 GMT'}
Response body:
b'<?xml version="1.0"?>\n<ListHostedZonesResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><HostedZones><HostedZone><Id>/hostedzone/Z0467553HLBDNHD1ETI</Id><Name>wildlifetracking.net.</Name><CallerReference>8f79c9ca-904c-4791-895b-5c8a8a398663</CallerReference><Config><Comment></Comment><PrivateZone>false</PrivateZone></Config><ResourceRecordSetCount>2</ResourceRecordSetCount></HostedZone><HostedZone><Id>/hostedzone/Z02588631MY41ILJP1A90</Id><Name>configuration.wildlifetracking.net.</Name><CallerReference>a9451bd5-8b21-44f8-bb0d-b4bb9af16762</CallerReference><Config><Comment></Comment><PrivateZone>false</PrivateZone></Config><ResourceRecordSetCount>2</ResourceRecordSetCount></HostedZone></HostedZones><IsTruncated>false</IsTruncated><MaxItems>100</MaxItems></ListHostedZonesResponse>'
Event needs-retry.route-53.ListHostedZones: calling handler <botocore.retryhandler.RetryHandler object at 0x7fe4a2237e20>
No retry needed.
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.ChangeResourceRecordSets: calling handler <function fix_route53_ids at 0x7fe4a2435a60>
HostedZoneId /hostedzone/Z02588631MY41ILJP1A90 -> Z02588631MY41ILJP1A90
Event before-parameter-build.route-53.ChangeResourceRecordSets: calling handler <function generate_idempotent_uuid at 0x7fe4a2431b80>
Event before-call.route-53.ChangeResourceRecordSets: calling handler <function add_recursion_detection_header at 0x7fe4a2431820>
Event before-call.route-53.ChangeResourceRecordSets: calling handler <function inject_api_version_header_if_needed at 0x7fe4a2438430>
Making request for OperationModel(name=ChangeResourceRecordSets) with params: {'url_path': '/2013-04-01/hostedzone/Z02588631MY41ILJP1A90/rrset/', 'query_string': {}, 'method': 'POST', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'<ChangeResourceRecordSetsRequest xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeBatch><Comment>certbot-dns-route53 certificate validation UPSERT</Comment><Changes><Change><Action>UPSERT</Action><ResourceRecordSet><Name>_acme-challenge.configuration.wildlifetracking.net</Name><Type>TXT</Type><TTL>10</TTL><ResourceRecords><ResourceRecord><Value>"OQySWlB3105WcLKKtIkG0Wh6X_DFXyVS3_jX5d3ea_c"</Value></ResourceRecord></ResourceRecords></ResourceRecordSet></Change></Changes></ChangeBatch></ChangeResourceRecordSetsRequest>', 'url': 'https://route53.amazonaws.com/2013-04-01/hostedzone/Z02588631MY41ILJP1A90/rrset/', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fe4a228f280>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.ChangeResourceRecordSets: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fe4a228f160>>
Event choose-signer.route-53.ChangeResourceRecordSets: calling handler <function set_operation_specific_signer at 0x7fe4a2431a60>
Calculating signature using v4 auth.
CanonicalRequest:
POST
/2013-04-01/hostedzone/Z02588631MY41ILJP1A90/rrset/

host:route53.amazonaws.com
x-amz-date:20230712T074847Z

host;x-amz-date
3f8f9893d6f98197ab4ef5ab484617b39777c379af6ac26907a1acebd776de8b
StringToSign:
AWS4-HMAC-SHA256
20230712T074847Z
20230712/us-east-1/route53/aws4_request
87a4a9b08c6cc2f837656b3147d762087e69a139b7d55bd99d028f3e296fa328
Signature:
5daa6230cdcba3182b5bb01b5393bb600049619392fb38263aae2b428c58dc1b
Event request-created.route-53.ChangeResourceRecordSets: calling handler <function add_retry_headers at 0x7fe4a2438af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=POST, url=https://route53.amazonaws.com/2013-04-01/hostedzone/Z02588631MY41ILJP1A90/rrset/, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T074847Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=5daa6230cdcba3182b5bb01b5393bb600049619392fb38263aae2b428c58dc1b', 'amz-sdk-invocation-id': b'87293b7d-5fe5-4342-803b-49471873e538', 'amz-sdk-request': b'attempt=1', 'Content-Length': '534'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
https://route53.amazonaws.com:443 "POST /2013-04-01/hostedzone/Z02588631MY41ILJP1A90/rrset/ HTTP/1.1" 200 351
Response headers: {'x-amzn-RequestId': '8f9555d0-7d3c-49cd-8af6-5c46b8df497f', 'Content-Type': 'text/xml', 'Content-Length': '351', 'Date': 'Wed, 12 Jul 2023 07:48:47 GMT'}
Response body:
b'<?xml version="1.0"?>\n<ChangeResourceRecordSetsResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeInfo><Id>/change/C014469212GFHS6XNKO1J</Id><Status>PENDING</Status><SubmittedAt>2023-07-12T07:48:47.843Z</SubmittedAt><Comment>certbot-dns-route53 certificate validation UPSERT</Comment></ChangeInfo></ChangeResourceRecordSetsResponse>'
Event needs-retry.route-53.ChangeResourceRecordSets: calling handler <botocore.retryhandler.RetryHandler object at 0x7fe4a2237e20>
No retry needed.
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.GetChange: calling handler <function fix_route53_ids at 0x7fe4a2435a60>
Id /change/C014469212GFHS6XNKO1J -> C014469212GFHS6XNKO1J
Event before-parameter-build.route-53.GetChange: calling handler <function generate_idempotent_uuid at 0x7fe4a2431b80>
Event before-call.route-53.GetChange: calling handler <function add_recursion_detection_header at 0x7fe4a2431820>
Event before-call.route-53.GetChange: calling handler <function inject_api_version_header_if_needed at 0x7fe4a2438430>
Making request for OperationModel(name=GetChange) with params: {'url_path': '/2013-04-01/change/C014469212GFHS6XNKO1J', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'', 'url': 'https://route53.amazonaws.com/2013-04-01/change/C014469212GFHS6XNKO1J', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fe4a228f280>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.GetChange: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fe4a228f160>>
Event choose-signer.route-53.GetChange: calling handler <function set_operation_specific_signer at 0x7fe4a2431a60>
Calculating signature using v4 auth.
CanonicalRequest:
GET
/2013-04-01/change/C014469212GFHS6XNKO1J

host:route53.amazonaws.com
x-amz-date:20230712T074847Z

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
StringToSign:
AWS4-HMAC-SHA256
20230712T074847Z
20230712/us-east-1/route53/aws4_request
c03af32ce0a899a5c245c25a1661115a8c329e6a5997cd3089fd2eba32b2094e
Signature:
39019c522ac03850b4c775cb5a7cb135b36326a97c06ddc74db6aeeadfff2452
Event request-created.route-53.GetChange: calling handler <function add_retry_headers at 0x7fe4a2438af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://route53.amazonaws.com/2013-04-01/change/C014469212GFHS6XNKO1J, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T074847Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=39019c522ac03850b4c775cb5a7cb135b36326a97c06ddc74db6aeeadfff2452', 'amz-sdk-invocation-id': b'a5569d6b-0777-4180-82a2-a71b3b5c4b53', 'amz-sdk-request': b'attempt=1'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
https://route53.amazonaws.com:443 "GET /2013-04-01/change/C014469212GFHS6XNKO1J HTTP/1.1" 200 321
Response headers: {'x-amzn-RequestId': '8fe54b2a-11e7-4c7c-8929-ebffc971971b', 'Content-Type': 'text/xml', 'Content-Length': '321', 'Date': 'Wed, 12 Jul 2023 07:48:47 GMT'}
Response body:
b'<?xml version="1.0"?>\n<GetChangeResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeInfo><Id>/change/C014469212GFHS6XNKO1J</Id><Status>PENDING</Status><SubmittedAt>2023-07-12T07:48:47.843Z</SubmittedAt><Comment>certbot-dns-route53 certificate validation UPSERT</Comment></ChangeInfo></GetChangeResponse>'
Event needs-retry.route-53.GetChange: calling handler <botocore.retryhandler.RetryHandler object at 0x7fe4a2237e20>
No retry needed.
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.GetChange: calling handler <function fix_route53_ids at 0x7fe4a2435a60>
Id /change/C014469212GFHS6XNKO1J -> C014469212GFHS6XNKO1J
Event before-parameter-build.route-53.GetChange: calling handler <function generate_idempotent_uuid at 0x7fe4a2431b80>
Event before-call.route-53.GetChange: calling handler <function add_recursion_detection_header at 0x7fe4a2431820>
Event before-call.route-53.GetChange: calling handler <function inject_api_version_header_if_needed at 0x7fe4a2438430>
Making request for OperationModel(name=GetChange) with params: {'url_path': '/2013-04-01/change/C014469212GFHS6XNKO1J', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'', 'url': 'https://route53.amazonaws.com/2013-04-01/change/C014469212GFHS6XNKO1J', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fe4a228f280>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.GetChange: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fe4a228f160>>
Event choose-signer.route-53.GetChange: calling handler <function set_operation_specific_signer at 0x7fe4a2431a60>
Calculating signature using v4 auth.
CanonicalRequest:
GET
/2013-04-01/change/C014469212GFHS6XNKO1J

host:route53.amazonaws.com
x-amz-date:20230712T074853Z

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
StringToSign:
AWS4-HMAC-SHA256
20230712T074853Z
20230712/us-east-1/route53/aws4_request
7b9ea9342374f13e91d7d0b295a82655d183031ff67678fb98b6a3d466c70345
Signature:
b6987522009b4cb7ee1226663bdf388692c019223a7050e16eb9a00b17c46b96
Event request-created.route-53.GetChange: calling handler <function add_retry_headers at 0x7fe4a2438af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://route53.amazonaws.com/2013-04-01/change/C014469212GFHS6XNKO1J, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T074853Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=b6987522009b4cb7ee1226663bdf388692c019223a7050e16eb9a00b17c46b96', 'amz-sdk-invocation-id': b'c47283eb-293b-4d60-a16b-2a7ae6808840', 'amz-sdk-request': b'attempt=1'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
https://route53.amazonaws.com:443 "GET /2013-04-01/change/C014469212GFHS6XNKO1J HTTP/1.1" 200 321
Response headers: {'x-amzn-RequestId': '9dcd3432-c3d6-434e-a06f-1d9dd086cbf4', 'Content-Type': 'text/xml', 'Content-Length': '321', 'Date': 'Wed, 12 Jul 2023 07:48:53 GMT'}
Response body:
b'<?xml version="1.0"?>\n<GetChangeResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeInfo><Id>/change/C014469212GFHS6XNKO1J</Id><Status>PENDING</Status><SubmittedAt>2023-07-12T07:48:47.843Z</SubmittedAt><Comment>certbot-dns-route53 certificate validation UPSERT</Comment></ChangeInfo></GetChangeResponse>'
Event needs-retry.route-53.GetChange: calling handler <botocore.retryhandler.RetryHandler object at 0x7fe4a2237e20>
No retry needed.
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.GetChange: calling handler <function fix_route53_ids at 0x7fe4a2435a60>
Id /change/C014469212GFHS6XNKO1J -> C014469212GFHS6XNKO1J
Event before-parameter-build.route-53.GetChange: calling handler <function generate_idempotent_uuid at 0x7fe4a2431b80>
Event before-call.route-53.GetChange: calling handler <function add_recursion_detection_header at 0x7fe4a2431820>
Event before-call.route-53.GetChange: calling handler <function inject_api_version_header_if_needed at 0x7fe4a2438430>
Making request for OperationModel(name=GetChange) with params: {'url_path': '/2013-04-01/change/C014469212GFHS6XNKO1J', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'', 'url': 'https://route53.amazonaws.com/2013-04-01/change/C014469212GFHS6XNKO1J', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fe4a228f280>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.GetChange: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fe4a228f160>>
Event choose-signer.route-53.GetChange: calling handler <function set_operation_specific_signer at 0x7fe4a2431a60>
Calculating signature using v4 auth.
CanonicalRequest:
GET
/2013-04-01/change/C014469212GFHS6XNKO1J

host:route53.amazonaws.com
x-amz-date:20230712T074858Z

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
StringToSign:
AWS4-HMAC-SHA256
20230712T074858Z
20230712/us-east-1/route53/aws4_request
726599e8c391a57e76047e63d13535c9009a1696c44096eb00b81fb7f3942937
Signature:
1d86e23c95313b31f6d230b5d09f5b9dfd87181cee3edcc3b176dacac141c73b
Event request-created.route-53.GetChange: calling handler <function add_retry_headers at 0x7fe4a2438af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://route53.amazonaws.com/2013-04-01/change/C014469212GFHS6XNKO1J, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T074858Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=1d86e23c95313b31f6d230b5d09f5b9dfd87181cee3edcc3b176dacac141c73b', 'amz-sdk-invocation-id': b'8a08bea0-88ff-4e4f-b963-4283a0bc0211', 'amz-sdk-request': b'attempt=1'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
https://route53.amazonaws.com:443 "GET /2013-04-01/change/C014469212GFHS6XNKO1J HTTP/1.1" 200 321
Response headers: {'x-amzn-RequestId': 'cf99e8d5-792b-41e9-8a97-e4274b4c779c', 'Content-Type': 'text/xml', 'Content-Length': '321', 'Date': 'Wed, 12 Jul 2023 07:48:58 GMT'}
Response body:
b'<?xml version="1.0"?>\n<GetChangeResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeInfo><Id>/change/C014469212GFHS6XNKO1J</Id><Status>PENDING</Status><SubmittedAt>2023-07-12T07:48:47.843Z</SubmittedAt><Comment>certbot-dns-route53 certificate validation UPSERT</Comment></ChangeInfo></GetChangeResponse>'
Event needs-retry.route-53.GetChange: calling handler <botocore.retryhandler.RetryHandler object at 0x7fe4a2237e20>
No retry needed.
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.GetChange: calling handler <function fix_route53_ids at 0x7fe4a2435a60>
Id /change/C014469212GFHS6XNKO1J -> C014469212GFHS6XNKO1J
Event before-parameter-build.route-53.GetChange: calling handler <function generate_idempotent_uuid at 0x7fe4a2431b80>
Event before-call.route-53.GetChange: calling handler <function add_recursion_detection_header at 0x7fe4a2431820>
Event before-call.route-53.GetChange: calling handler <function inject_api_version_header_if_needed at 0x7fe4a2438430>
Making request for OperationModel(name=GetChange) with params: {'url_path': '/2013-04-01/change/C014469212GFHS6XNKO1J', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'', 'url': 'https://route53.amazonaws.com/2013-04-01/change/C014469212GFHS6XNKO1J', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fe4a228f280>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.GetChange: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fe4a228f160>>
Event choose-signer.route-53.GetChange: calling handler <function set_operation_specific_signer at 0x7fe4a2431a60>
Calculating signature using v4 auth.
CanonicalRequest:
GET
/2013-04-01/change/C014469212GFHS6XNKO1J

host:route53.amazonaws.com
x-amz-date:20230712T074904Z

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
StringToSign:
AWS4-HMAC-SHA256
20230712T074904Z
20230712/us-east-1/route53/aws4_request
b071b4851b03e9aa3a76cb7326a77ff63d8ac8818350ab0b4925cce4f0c110fa
Signature:
73175f1981be476cd414c9bc40cdfb337c588f4a7e9c46e488b9c14fff694e50
Event request-created.route-53.GetChange: calling handler <function add_retry_headers at 0x7fe4a2438af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://route53.amazonaws.com/2013-04-01/change/C014469212GFHS6XNKO1J, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T074904Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=73175f1981be476cd414c9bc40cdfb337c588f4a7e9c46e488b9c14fff694e50', 'amz-sdk-invocation-id': b'163826dc-6179-47f7-bc60-ce951071d6da', 'amz-sdk-request': b'attempt=1'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
https://route53.amazonaws.com:443 "GET /2013-04-01/change/C014469212GFHS6XNKO1J HTTP/1.1" 200 321
Response headers: {'x-amzn-RequestId': '438149cc-a8d3-46a4-8088-deb3fe805cbe', 'Content-Type': 'text/xml', 'Content-Length': '321', 'Date': 'Wed, 12 Jul 2023 07:49:03 GMT'}
Response body:
b'<?xml version="1.0"?>\n<GetChangeResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeInfo><Id>/change/C014469212GFHS6XNKO1J</Id><Status>PENDING</Status><SubmittedAt>2023-07-12T07:48:47.843Z</SubmittedAt><Comment>certbot-dns-route53 certificate validation UPSERT</Comment></ChangeInfo></GetChangeResponse>'
Event needs-retry.route-53.GetChange: calling handler <botocore.retryhandler.RetryHandler object at 0x7fe4a2237e20>
No retry needed.
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.GetChange: calling handler <function fix_route53_ids at 0x7fe4a2435a60>
Id /change/C014469212GFHS6XNKO1J -> C014469212GFHS6XNKO1J
Event before-parameter-build.route-53.GetChange: calling handler <function generate_idempotent_uuid at 0x7fe4a2431b80>
Event before-call.route-53.GetChange: calling handler <function add_recursion_detection_header at 0x7fe4a2431820>
Event before-call.route-53.GetChange: calling handler <function inject_api_version_header_if_needed at 0x7fe4a2438430>
Making request for OperationModel(name=GetChange) with params: {'url_path': '/2013-04-01/change/C014469212GFHS6XNKO1J', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'', 'url': 'https://route53.amazonaws.com/2013-04-01/change/C014469212GFHS6XNKO1J', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fe4a228f280>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.GetChange: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fe4a228f160>>
Event choose-signer.route-53.GetChange: calling handler <function set_operation_specific_signer at 0x7fe4a2431a60>
Calculating signature using v4 auth.
CanonicalRequest:
GET
/2013-04-01/change/C014469212GFHS6XNKO1J

host:route53.amazonaws.com
x-amz-date:20230712T074909Z

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
StringToSign:
AWS4-HMAC-SHA256
20230712T074909Z
20230712/us-east-1/route53/aws4_request
325994c28b5a5a2128c42a2c9443a422aa0d6ac592a303841651f2fb5c8c50ab
Signature:
de93f4d21490acc751fe4c3abd997080a6a74c181801ae2eb4e2affbed8a559d
Event request-created.route-53.GetChange: calling handler <function add_retry_headers at 0x7fe4a2438af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://route53.amazonaws.com/2013-04-01/change/C014469212GFHS6XNKO1J, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T074909Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=de93f4d21490acc751fe4c3abd997080a6a74c181801ae2eb4e2affbed8a559d', 'amz-sdk-invocation-id': b'cff707c8-1036-4285-a653-3e97e90fc379', 'amz-sdk-request': b'attempt=1'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
https://route53.amazonaws.com:443 "GET /2013-04-01/change/C014469212GFHS6XNKO1J HTTP/1.1" 200 321
Response headers: {'x-amzn-RequestId': '1f258f9a-c343-44b3-95c6-1a516e829703', 'Content-Type': 'text/xml', 'Content-Length': '321', 'Date': 'Wed, 12 Jul 2023 07:49:09 GMT'}
Response body:
b'<?xml version="1.0"?>\n<GetChangeResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeInfo><Id>/change/C014469212GFHS6XNKO1J</Id><Status>PENDING</Status><SubmittedAt>2023-07-12T07:48:47.843Z</SubmittedAt><Comment>certbot-dns-route53 certificate validation UPSERT</Comment></ChangeInfo></GetChangeResponse>'
Event needs-retry.route-53.GetChange: calling handler <botocore.retryhandler.RetryHandler object at 0x7fe4a2237e20>
No retry needed.
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.GetChange: calling handler <function fix_route53_ids at 0x7fe4a2435a60>
Id /change/C014469212GFHS6XNKO1J -> C014469212GFHS6XNKO1J
Event before-parameter-build.route-53.GetChange: calling handler <function generate_idempotent_uuid at 0x7fe4a2431b80>
Event before-call.route-53.GetChange: calling handler <function add_recursion_detection_header at 0x7fe4a2431820>
Event before-call.route-53.GetChange: calling handler <function inject_api_version_header_if_needed at 0x7fe4a2438430>
Making request for OperationModel(name=GetChange) with params: {'url_path': '/2013-04-01/change/C014469212GFHS6XNKO1J', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'', 'url': 'https://route53.amazonaws.com/2013-04-01/change/C014469212GFHS6XNKO1J', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fe4a228f280>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.GetChange: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fe4a228f160>>
Event choose-signer.route-53.GetChange: calling handler <function set_operation_specific_signer at 0x7fe4a2431a60>
Calculating signature using v4 auth.
CanonicalRequest:
GET
/2013-04-01/change/C014469212GFHS6XNKO1J

host:route53.amazonaws.com
x-amz-date:20230712T074914Z

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
StringToSign:
AWS4-HMAC-SHA256
20230712T074914Z
20230712/us-east-1/route53/aws4_request
2d3febdbe305714a65122fa4ac9c75e295ea6f58d991db32d7b080db4bab26a8
Signature:
037ca89be4b6784f6a8e745cf5510baccf0e69b625d624fa804ea720a00809bb
Event request-created.route-53.GetChange: calling handler <function add_retry_headers at 0x7fe4a2438af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://route53.amazonaws.com/2013-04-01/change/C014469212GFHS6XNKO1J, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T074914Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=037ca89be4b6784f6a8e745cf5510baccf0e69b625d624fa804ea720a00809bb', 'amz-sdk-invocation-id': b'00e3a2f6-8877-4801-b1ad-6798da784fed', 'amz-sdk-request': b'attempt=1'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
https://route53.amazonaws.com:443 "GET /2013-04-01/change/C014469212GFHS6XNKO1J HTTP/1.1" 200 321
Response headers: {'x-amzn-RequestId': '123a35a5-1f42-49a1-929c-ada8bd5c8cf2', 'Content-Type': 'text/xml', 'Content-Length': '321', 'Date': 'Wed, 12 Jul 2023 07:49:14 GMT'}
Response body:
b'<?xml version="1.0"?>\n<GetChangeResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeInfo><Id>/change/C014469212GFHS6XNKO1J</Id><Status>PENDING</Status><SubmittedAt>2023-07-12T07:48:47.843Z</SubmittedAt><Comment>certbot-dns-route53 certificate validation UPSERT</Comment></ChangeInfo></GetChangeResponse>'
Event needs-retry.route-53.GetChange: calling handler <botocore.retryhandler.RetryHandler object at 0x7fe4a2237e20>
No retry needed.
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.GetChange: calling handler <function fix_route53_ids at 0x7fe4a2435a60>
Id /change/C014469212GFHS6XNKO1J -> C014469212GFHS6XNKO1J
Event before-parameter-build.route-53.GetChange: calling handler <function generate_idempotent_uuid at 0x7fe4a2431b80>
Event before-call.route-53.GetChange: calling handler <function add_recursion_detection_header at 0x7fe4a2431820>
Event before-call.route-53.GetChange: calling handler <function inject_api_version_header_if_needed at 0x7fe4a2438430>
Making request for OperationModel(name=GetChange) with params: {'url_path': '/2013-04-01/change/C014469212GFHS6XNKO1J', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'', 'url': 'https://route53.amazonaws.com/2013-04-01/change/C014469212GFHS6XNKO1J', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fe4a228f280>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.GetChange: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fe4a228f160>>
Event choose-signer.route-53.GetChange: calling handler <function set_operation_specific_signer at 0x7fe4a2431a60>
Calculating signature using v4 auth.
CanonicalRequest:
GET
/2013-04-01/change/C014469212GFHS6XNKO1J

host:route53.amazonaws.com
x-amz-date:20230712T074920Z

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
StringToSign:
AWS4-HMAC-SHA256
20230712T074920Z
20230712/us-east-1/route53/aws4_request
2e42b2cdd0dfadb0d6d043a5ceb5b0e723cbe8d17dbd976af6889e4e6c480a9a
Signature:
a241189a2119dab73af26d0d5616e4b237df62de5282a448ea73352983dbe497
Event request-created.route-53.GetChange: calling handler <function add_retry_headers at 0x7fe4a2438af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://route53.amazonaws.com/2013-04-01/change/C014469212GFHS6XNKO1J, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T074920Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=a241189a2119dab73af26d0d5616e4b237df62de5282a448ea73352983dbe497', 'amz-sdk-invocation-id': b'ceacfa9c-36ab-451e-a6f6-1a5d17f56874', 'amz-sdk-request': b'attempt=1'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
https://route53.amazonaws.com:443 "GET /2013-04-01/change/C014469212GFHS6XNKO1J HTTP/1.1" 200 320
Response headers: {'x-amzn-RequestId': '213716aa-8945-473c-b71e-5f1de141de5d', 'Content-Type': 'text/xml', 'Content-Length': '320', 'Date': 'Wed, 12 Jul 2023 07:49:20 GMT'}
Response body:
b'<?xml version="1.0"?>\n<GetChangeResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeInfo><Id>/change/C014469212GFHS6XNKO1J</Id><Status>INSYNC</Status><SubmittedAt>2023-07-12T07:48:47.843Z</SubmittedAt><Comment>certbot-dns-route53 certificate validation UPSERT</Comment></ChangeInfo></GetChangeResponse>'
Event needs-retry.route-53.GetChange: calling handler <botocore.retryhandler.RetryHandler object at 0x7fe4a2237e20>
No retry needed.
JWS payload:
b'{}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/244882106497/GuXIzQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5MzQxOTgzNyIsICJub25jZSI6ICI4NTNGZXFCdXJiRWxvSG1ncElrZlhhQU5RRERXdWtkNDA4dWY5QWpSLWhMVmdxayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMjQ0ODgyMTA2NDk3L0d1WEl6USJ9",
  "signature": "jWN172TVjLKGWQWay2EzQLluXlNK1cZTisCtXWNh4OtzuG4Cio9bGmhnulDr76bj0e5HnJokiKIqBsEl69jsbq0KnvLEG7CFD9oEpcSVMXcQElVvgEOSJT6D3rjc-I2NG39erPde6FY_kL2j-F2ipqSUkHPfvBX-FRstcAIpL-Ey9X0w_bNCIfJqoKrwfk_2rLJlEvqRed9BTV_PxZuwjdyEX3zJLMpaxpgOOSTUOqygRBQQPqOdYlq5PWpJo2r3BPSh-WYL5f-B4w4H8jNiMRIJrQdmKniNxFxYgO68_AGlcMF8z9H1DIsY0fOYgNq3ikgXo-WC4tmA1zuSqu-yjg",
  "payload": "e30"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/244882106497/GuXIzQ HTTP/1.1" 200 186
Received response:
HTTP 200
Server: nginx
Date: Wed, 12 Jul 2023 07:49:20 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 1193419837
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/244882106497>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/244882106497/GuXIzQ
Replay-Nonce: 853Fxl2QucoKKBNkuXlbk9kD_fcSiIXUtjtFjr75LeV-5cQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/244882106497/GuXIzQ",
  "token": "PgUYL0f77J95Ay3sB6uMx4s9FPAuHiv07xFaVQ8M9L4"
}
Storing nonce: 853Fxl2QucoKKBNkuXlbk9kD_fcSiIXUtjtFjr75LeV-5cQ
Waiting for verification...
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/244882106497:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5MzQxOTgzNyIsICJub25jZSI6ICI4NTNGeGwyUXVjb0tLQk5rdVhsYms5a0RfZmNTaUlYVXRqdEZqcjc1TGVWLTVjUSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQ0ODgyMTA2NDk3In0",
  "signature": "ZIWYlcJ7ENCx1mA4cTel-GwPymiKs7aNUcoUXiX4UkT2M8mNtxOc-tWKFloYbkbZzUlcCkg1YACbIshRaRmw1q-d9cD5NByS4lQKgPY0qdYMOQGHV2UNRtlLIcmVQeW-rh5rGzO-BNxR6Fxy__QWpAWJRT60UDghGADWRYxZrZB67OvbuQjalN_6SiR9mYdV1gSL9KL_q-qROwcFJhrM_kwt9sWlEa_-PxRM23iLbqPcCZFRKYHTdS38v2EIJQCylOOTDGUxA1GyGZLIvEMpAq4qPyTHG-SHukRLuUu5xDFyI8f7VH56SkQ6vHDP6-KuuNrSRF9jwoWjeO4z6pF1KA",
  "payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/244882106497 HTTP/1.1" 200 691
Received response:
HTTP 200
Server: nginx
Date: Wed, 12 Jul 2023 07:49:21 GMT
Content-Type: application/json
Content-Length: 691
Connection: keep-alive
Boulder-Requester: 1193419837
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 853Flbpwi7dNHpwEIhngpVLJH4ORynuX8dccbnqaR44EGfQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "configuration.wildlifetracking.net"
  },
  "status": "invalid",
  "expires": "2023-07-19T07:48:46Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.configuration.wildlifetracking.net - check that a DNS record exists for this domain",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/244882106497/GuXIzQ",
      "token": "PgUYL0f77J95Ay3sB6uMx4s9FPAuHiv07xFaVQ8M9L4",
      "validated": "2023-07-12T07:49:20Z"
    }
  ]
}
Storing nonce: 853Flbpwi7dNHpwEIhngpVLJH4ORynuX8dccbnqaR44EGfQ
Challenge failed for domain configuration.wildlifetracking.net
dns-01 challenge for configuration.wildlifetracking.net
Notifying user:
Certbot failed to authenticate some domains (authenticator: dns-route53). The Certificate Authority reported these problems:
  Domain: configuration.wildlifetracking.net
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.configuration.wildlifetracking.net - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-route53. Ensure the above domains have their DNS hosted by AWS Route53.


Certbot failed to authenticate some domains (authenticator: dns-route53). The Certificate Authority reported these problems:
  Domain: configuration.wildlifetracking.net
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.configuration.wildlifetracking.net - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-route53. Ensure the above domains have their DNS hosted by AWS Route53.

Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

Calling registered functions
Cleaning up challenges
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.ListHostedZones: calling handler <function fix_route53_ids at 0x7fe4a2435a60>
Event before-parameter-build.route-53.ListHostedZones: calling handler <function generate_idempotent_uuid at 0x7fe4a2431b80>
Event before-call.route-53.ListHostedZones: calling handler <function add_recursion_detection_header at 0x7fe4a2431820>
Event before-call.route-53.ListHostedZones: calling handler <function inject_api_version_header_if_needed at 0x7fe4a2438430>
Making request for OperationModel(name=ListHostedZones) with params: {'url_path': '/2013-04-01/hostedzone', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'', 'url': 'https://route53.amazonaws.com/2013-04-01/hostedzone', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fe4a228f280>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.ListHostedZones: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fe4a228f160>>
Event choose-signer.route-53.ListHostedZones: calling handler <function set_operation_specific_signer at 0x7fe4a2431a60>
Calculating signature using v4 auth.
CanonicalRequest:
GET
/2013-04-01/hostedzone

host:route53.amazonaws.com
x-amz-date:20230712T074921Z

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
StringToSign:
AWS4-HMAC-SHA256
20230712T074921Z
20230712/us-east-1/route53/aws4_request
48dfa9c56582041b80d44dd8b05cc1631e316792ad3496782d6a1ac485ed3767
Signature:
25a9b9ed861e94ca4f23584326152b7209907a5d520bf92d4df592ecdbfc9324
Event request-created.route-53.ListHostedZones: calling handler <function add_retry_headers at 0x7fe4a2438af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://route53.amazonaws.com/2013-04-01/hostedzone, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T074921Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=25a9b9ed861e94ca4f23584326152b7209907a5d520bf92d4df592ecdbfc9324', 'amz-sdk-invocation-id': b'5baacb7c-064c-402b-a6c7-ea0ee67db3ba', 'amz-sdk-request': b'attempt=1'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
https://route53.amazonaws.com:443 "GET /2013-04-01/hostedzone HTTP/1.1" 200 802
Response headers: {'x-amzn-RequestId': 'ad54f281-15e9-41a1-b971-8f479779ffa0', 'Content-Type': 'text/xml', 'Content-Length': '802', 'Date': 'Wed, 12 Jul 2023 07:49:21 GMT'}
Response body:
b'<?xml version="1.0"?>\n<ListHostedZonesResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><HostedZones><HostedZone><Id>/hostedzone/Z0467553HLBDNHD1ETI</Id><Name>wildlifetracking.net.</Name><CallerReference>8f79c9ca-904c-4791-895b-5c8a8a398663</CallerReference><Config><Comment></Comment><PrivateZone>false</PrivateZone></Config><ResourceRecordSetCount>2</ResourceRecordSetCount></HostedZone><HostedZone><Id>/hostedzone/Z02588631MY41ILJP1A90</Id><Name>configuration.wildlifetracking.net.</Name><CallerReference>a9451bd5-8b21-44f8-bb0d-b4bb9af16762</CallerReference><Config><Comment></Comment><PrivateZone>false</PrivateZone></Config><ResourceRecordSetCount>3</ResourceRecordSetCount></HostedZone></HostedZones><IsTruncated>false</IsTruncated><MaxItems>100</MaxItems></ListHostedZonesResponse>'
Event needs-retry.route-53.ListHostedZones: calling handler <botocore.retryhandler.RetryHandler object at 0x7fe4a2237e20>
No retry needed.
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.ChangeResourceRecordSets: calling handler <function fix_route53_ids at 0x7fe4a2435a60>
HostedZoneId /hostedzone/Z02588631MY41ILJP1A90 -> Z02588631MY41ILJP1A90
Event before-parameter-build.route-53.ChangeResourceRecordSets: calling handler <function generate_idempotent_uuid at 0x7fe4a2431b80>
Event before-call.route-53.ChangeResourceRecordSets: calling handler <function add_recursion_detection_header at 0x7fe4a2431820>
Event before-call.route-53.ChangeResourceRecordSets: calling handler <function inject_api_version_header_if_needed at 0x7fe4a2438430>
Making request for OperationModel(name=ChangeResourceRecordSets) with params: {'url_path': '/2013-04-01/hostedzone/Z02588631MY41ILJP1A90/rrset/', 'query_string': {}, 'method': 'POST', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'<ChangeResourceRecordSetsRequest xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeBatch><Comment>certbot-dns-route53 certificate validation DELETE</Comment><Changes><Change><Action>DELETE</Action><ResourceRecordSet><Name>_acme-challenge.configuration.wildlifetracking.net</Name><Type>TXT</Type><TTL>10</TTL><ResourceRecords><ResourceRecord><Value>"OQySWlB3105WcLKKtIkG0Wh6X_DFXyVS3_jX5d3ea_c"</Value></ResourceRecord></ResourceRecords></ResourceRecordSet></Change></Changes></ChangeBatch></ChangeResourceRecordSetsRequest>', 'url': 'https://route53.amazonaws.com/2013-04-01/hostedzone/Z02588631MY41ILJP1A90/rrset/', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fe4a228f280>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.ChangeResourceRecordSets: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fe4a228f160>>
Event choose-signer.route-53.ChangeResourceRecordSets: calling handler <function set_operation_specific_signer at 0x7fe4a2431a60>
Calculating signature using v4 auth.
CanonicalRequest:
POST
/2013-04-01/hostedzone/Z02588631MY41ILJP1A90/rrset/

host:route53.amazonaws.com
x-amz-date:20230712T074922Z

host;x-amz-date
e14588d17219646d752e10fe953317d222766be15f0b0c5b01a71a7f7d034930
StringToSign:
AWS4-HMAC-SHA256
20230712T074922Z
20230712/us-east-1/route53/aws4_request
69360789ae28aaff9a251e4ab621ab9cbc0a803229e2239aac1c40e93566bb10
Signature:
e7c4b8c287773ef8c886cc012212074f3f478c8d069edb41de22d871518932e1
Event request-created.route-53.ChangeResourceRecordSets: calling handler <function add_retry_headers at 0x7fe4a2438af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=POST, url=https://route53.amazonaws.com/2013-04-01/hostedzone/Z02588631MY41ILJP1A90/rrset/, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T074922Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=e7c4b8c287773ef8c886cc012212074f3f478c8d069edb41de22d871518932e1', 'amz-sdk-invocation-id': b'c6303284-0d95-489f-8b01-bd38a1051a07', 'amz-sdk-request': b'attempt=1', 'Content-Length': '534'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
https://route53.amazonaws.com:443 "POST /2013-04-01/hostedzone/Z02588631MY41ILJP1A90/rrset/ HTTP/1.1" 200 351
Response headers: {'x-amzn-RequestId': '28ddc548-16b8-41bf-9deb-f14dc4544ced', 'Content-Type': 'text/xml', 'Content-Length': '351', 'Date': 'Wed, 12 Jul 2023 07:49:22 GMT'}
Response body:
b'<?xml version="1.0"?>\n<ChangeResourceRecordSetsResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeInfo><Id>/change/C08576052OXUJDWEJ4Q06</Id><Status>PENDING</Status><SubmittedAt>2023-07-12T07:49:22.584Z</SubmittedAt><Comment>certbot-dns-route53 certificate validation DELETE</Comment></ChangeInfo></ChangeResourceRecordSetsResponse>'
Event needs-retry.route-53.ChangeResourceRecordSets: calling handler <botocore.retryhandler.RetryHandler object at 0x7fe4a2237e20>
No retry needed.
Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/3024/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/main.py", line 1864, in main
    return config.func(config, plugins)
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/main.py", line 1597, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Mon serveur Web est (inclure la version) :

Le système d’exploitation sur lequel mon serveur Web s’exécute est (version incluse) :

Mon hébergeur, le cas échéant, est : AWS

Je peux me connecter à un shell root sur ma machine (oui ou non, ou je ne sais pas) : oui

J’utilise un panneau de configuration pour gérer mon site (non, ou fournit le nom et la version du panneau de configuration) : route53

It looks from this that you have configured two separate hosted zones in Route 53, one for wildlifetracking.net (Z0467553HLBDNHD1ETI) and one for configuration.wildlifetracking.net (Z02588631MY41ILJP1A90). That's a bit unusual, and I suspect you don't need to do it that way, though you might have some good reasons. Certbot is updating the latter zone. However, you don't have the NS records in the wildlifetracking.net to delegate to the separate configuration.wildlifetracking.net zone, so that zone isn't actually being used for anything.

I think you need to either

1. Delete that configuration.wildlifetracking.net hosted zone entirely, and just have everything you're doing in the base wildlifetracking.net zone., or
2. Configure the base zone to delegate to the configuration.wildlifetracking.net zone, per the Routing traffic for subdomains documentation.

I'd personally prefer the first, especially as you can give the API credentials really narrowly tailored permissions for just the records you want it to be able to modify even if everything is in one zone. But I don't know the reasons why you've created a separate zone for it.

Hello Peter and thank you for your response.
After sended my former post, I came to the same conclusion regarding configuration.wildlifetracking.net, and I deleted it to keep only wildlifetracking.net. However, when I run the certbot command again, I still get the same error message.

Well, sometimes there's more than one problem. Can you post the output of your current run? Please put three backticks ``` on a line before and after, to help the formatting.

```
output
```

Also, until this is sorted out, you should probably add --dry-run to future certbot commands, so that we're testing in the staging environment which has higher rate limits and won't mess with "real" stuff.

sudo certbot certonly --dns-route53 -d configuration.wildlifetracking.net -vv
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator dns-route53 and installer None
Changing event name from creating-client-class.iot-data to creating-client-class.iot-data-plane
Changing event name from before-call.apigateway to before-call.api-gateway
Changing event name from request-created.machinelearning.Predict to request-created.machine-learning.Predict
Changing event name from before-parameter-build.autoscaling.CreateLaunchConfiguration to before-parameter-build.auto-scaling.CreateLaunchConfiguration
Changing event name from before-parameter-build.route53 to before-parameter-build.route-53
Changing event name from request-created.cloudsearchdomain.Search to request-created.cloudsearch-domain.Search
Changing event name from docs.*.autoscaling.CreateLaunchConfiguration.complete-section to docs.*.auto-scaling.CreateLaunchConfiguration.complete-section
Changing event name from before-parameter-build.logs.CreateExportTask to before-parameter-build.cloudwatch-logs.CreateExportTask
Changing event name from docs.*.logs.CreateExportTask.complete-section to docs.*.cloudwatch-logs.CreateExportTask.complete-section
Changing event name from before-parameter-build.cloudsearchdomain.Search to before-parameter-build.cloudsearch-domain.Search
Changing event name from docs.*.cloudsearchdomain.Search.complete-section to docs.*.cloudsearch-domain.Search.complete-section
IMDS ENDPOINT: http://169.254.169.254/
Looking for credentials via: env
Looking for credentials via: assume-role
Looking for credentials via: assume-role-with-web-identity
Looking for credentials via: sso
Looking for credentials via: shared-credentials-file
Looking for credentials via: custom-process
Looking for credentials via: config-file
Credentials found in config file: ~/.aws/config
Loading JSON file: /snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/data/endpoints.json
Loading JSON file: /snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/data/sdk-default-configuration.json
Event choose-service-name: calling handler <function handle_service_name_alias at 0x7fa6fa65a550>
Loading JSON file: /snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/data/route53/2013-04-01/service-2.json
Loading JSON file: /snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/data/route53/2013-04-01/endpoint-rule-set-1.json.gz
Loading JSON file: /snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/data/partitions.json
Event creating-client-class.route-53: calling handler <function add_generate_presigned_url at 0x7fa6fa7579d0>
Setting route53 timeout as (60, 60)
Loading JSON file: /snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/data/_retry.json
Registering retry handlers for service: route53
Single candidate plugin: * dns-route53
Description: Obtain certificates using a DNS TXT record (if you are using AWS Route53 for DNS).
Interfaces: Authenticator, Plugin
Entry point: dns-route53 = certbot_dns_route53._internal.dns_route53:Authenticator
Initialized: <certbot_dns_route53._internal.dns_route53.Authenticator object at 0x7fa6fe0fa520>
Prep: True
Selected authenticator <certbot_dns_route53._internal.dns_route53.Authenticator object at 0x7fa6fe0fa520> and installer None
Plugins selected: Authenticator dns-route53, Installer None
Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1193419837', new_authzr_uri=None, terms_of_service=None), e51c51c06973c1365401bddb8f3cdab4, Meta(creation_dt=datetime.datetime(2023, 7, 6, 8, 54, 11, tzinfo=<UTC>), creation_host='atlas-pygar-01', register_to_eff=None))>
Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
Received response:
HTTP 200
Server: nginx
Date: Wed, 12 Jul 2023 13:54:22 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "l3Va4n4bLDU": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
Notifying user: Requesting a certificate for configuration.wildlifetracking.net
Requesting a certificate for configuration.wildlifetracking.net
Requesting fresh nonce
Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Server: nginx
Date: Wed, 12 Jul 2023 13:54:22 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 1AADTXhpAisN0-NFQ9njrvB-RSeketTy3YdVq9n2KrPx78U
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


Storing nonce: 1AADTXhpAisN0-NFQ9njrvB-RSeketTy3YdVq9n2KrPx78U
JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "configuration.wildlifetracking.net"\n    }\n  ]\n}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5MzQxOTgzNyIsICJub25jZSI6ICIxQUFEVFhocEFpc04wLU5GUTluanJ2Qi1SU2VrZXRUeTNZZFZxOW4yS3JQeDc4VSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
  "signature": "UWj4vycrx9Z2de0p1HsbpEXtuFhU5mIMw_rVkQwB7uko-XOvrIZ9i1cGlFm_n0vL0wortbEPviizwuwksl0pqRVt0X3p2vVTnW9qv8d2ASnJD0z8YYdhFcJ8_fu5eaTsgiAUezZjx6itJ0bIFfxGgaJPOt-oVvQhjXSavNEoE_0Y6hnW6T5a8ANUvTumxTu2jai7EyAtZkUGIFn0J1AwPoy8TGdNMbu9gu65j2vyogpVYv6m7e1_glkzr_MQPmaeDECKeenTQkAqwVqV1jgfZq6ySdK-XwBpN1oOQxaIfDJer-I1sbLRSd0GiwX4g2GB-mQs8AUQjABk8LHNhzYaLA",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImNvbmZpZ3VyYXRpb24ud2lsZGxpZmV0cmFja2luZy5uZXQiCiAgICB9CiAgXQp9"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 360
Received response:
HTTP 201
Server: nginx
Date: Wed, 12 Jul 2023 13:54:22 GMT
Content-Type: application/json
Content-Length: 360
Connection: keep-alive
Boulder-Requester: 1193419837
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1193419837/194467353947
Replay-Nonce: 327CGW07oO4Ea-zFiYXQgcoqT6QeCqk0C_gj9iCx1oNoGcY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2023-07-19T13:54:22Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "configuration.wildlifetracking.net"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/244954586937"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1193419837/194467353947"
}
Storing nonce: 327CGW07oO4Ea-zFiYXQgcoqT6QeCqk0C_gj9iCx1oNoGcY
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/244954586937:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5MzQxOTgzNyIsICJub25jZSI6ICIzMjdDR1cwN29PNEVhLXpGaVlYUWdjb3FUNlFlQ3FrMENfZ2o5aUN4MW9Ob0djWSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQ0OTU0NTg2OTM3In0",
  "signature": "ASZee4g1AiDKvyTP68LQIpnQQcTYTC73WLEqE0wZ6ZtbAjt5lgQZ7GwSY9J1dxSjxFJuLT35u9oLRmTQZFU5JOEmaOKHFQsKOb5zun5DuERFZqYNTdjRcQwfYOTk4pZADOragruGxHpSCCuzRohIn6EVel7mnLOXzZt3i-l_PszVCUGOauRlKeZwvc_ABMeHTUS-XwkhkWpkUkA2-Vz5TQLNaZ6qvgwq4XcpTSKIRVfwGkTxHfDjh9BVEJLzVp4sJWmMNNug5U_WaNE4DO2wGdCqFAhuayK70LuXf-75VX3IETGH-TelCf2meBzsF8xoL3XNpPVA-LzN3TNosFYfzA",
  "payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/244954586937 HTTP/1.1" 200 818
Received response:
HTTP 200
Server: nginx
Date: Wed, 12 Jul 2023 13:54:23 GMT
Content-Type: application/json
Content-Length: 818
Connection: keep-alive
Boulder-Requester: 1193419837
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 327CiSqrqBVbXezi457GmZ9Cqa1GGpC_F916rV-vlqoIAqI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "configuration.wildlifetracking.net"
  },
  "status": "pending",
  "expires": "2023-07-19T13:54:22Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/244954586937/iH0h2Q",
      "token": "5Dl0IxLcKOh3qxOxfqZsRa8iR3H2ccpksegcRatfomI"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/244954586937/Z1N-iw",
      "token": "5Dl0IxLcKOh3qxOxfqZsRa8iR3H2ccpksegcRatfomI"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/244954586937/4oJ_Pg",
      "token": "5Dl0IxLcKOh3qxOxfqZsRa8iR3H2ccpksegcRatfomI"
    }
  ]
}
Storing nonce: 327CiSqrqBVbXezi457GmZ9Cqa1GGpC_F916rV-vlqoIAqI
Performing the following challenges:
dns-01 challenge for configuration.wildlifetracking.net
Loading JSON file: /snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/data/route53/2013-04-01/paginators-1.json
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.ListHostedZones: calling handler <function fix_route53_ids at 0x7fa6fa675a60>
Event before-parameter-build.route-53.ListHostedZones: calling handler <function generate_idempotent_uuid at 0x7fa6fa670b80>
Event before-call.route-53.ListHostedZones: calling handler <function add_recursion_detection_header at 0x7fa6fa670820>
Event before-call.route-53.ListHostedZones: calling handler <function inject_api_version_header_if_needed at 0x7fa6fa678430>
Making request for OperationModel(name=ListHostedZones) with params: {'url_path': '/2013-04-01/hostedzone', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'', 'url': 'https://route53.amazonaws.com/2013-04-01/hostedzone', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fa6fa4cf2b0>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.ListHostedZones: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fa6fa4cf190>>
Event choose-signer.route-53.ListHostedZones: calling handler <function set_operation_specific_signer at 0x7fa6fa670a60>
Calculating signature using v4 auth.
CanonicalRequest:
GET
/2013-04-01/hostedzone

host:route53.amazonaws.com
x-amz-date:20230712T135423Z

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
StringToSign:
AWS4-HMAC-SHA256
20230712T135423Z
20230712/us-east-1/route53/aws4_request
b921922ba1d37c44b90418d7ec882911477f92658f85059f0d5f7704b0a4ddca
Signature:
53ac0b8f57f3d5542e28664b4f43e36e4aa5509799ff42116ff00fb0f24a2b49
Event request-created.route-53.ListHostedZones: calling handler <function add_retry_headers at 0x7fa6fa678af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://route53.amazonaws.com/2013-04-01/hostedzone, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T135423Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=53ac0b8f57f3d5542e28664b4f43e36e4aa5509799ff42116ff00fb0f24a2b49', 'amz-sdk-invocation-id': b'cff05824-d4a8-4dbb-854a-4e0bf1f83dbc', 'amz-sdk-request': b'attempt=1'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
Starting new HTTPS connection (1): route53.amazonaws.com:443
Exception received when sending HTTP request.
Traceback (most recent call last):
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/connection.py", line 174, in _new_conn
    conn = connection.create_connection(
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/util/connection.py", line 95, in create_connection
    raise err
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/util/connection.py", line 85, in create_connection
    sock.connect(sa)
socket.timeout: timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/httpsession.py", line 455, in send
    urllib_response = conn.urlopen(
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/connectionpool.py", line 787, in urlopen
    retries = retries.increment(
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/util/retry.py", line 525, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/packages/six.py", line 770, in reraise
    raise value
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/connectionpool.py", line 703, in urlopen
    httplib_response = self._make_request(
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/connectionpool.py", line 386, in _make_request
    self._validate_conn(conn)
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/connectionpool.py", line 1042, in _validate_conn
    conn.connect()
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/connection.py", line 363, in connect
    self.sock = conn = self._new_conn()
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/connection.py", line 179, in _new_conn
    raise ConnectTimeoutError(
urllib3.exceptions.ConnectTimeoutError: (<botocore.awsrequest.AWSHTTPSConnection object at 0x7fa6fa4480a0>, 'Connection to route53.amazonaws.com timed out. (connect timeout=60)')

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/endpoint.py", line 281, in _do_get_response
    http_response = self._send(request)
  File "/snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/endpoint.py", line 377, in _send
    return self.http_session.send(request)
  File "/snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/httpsession.py", line 490, in send
    raise ConnectTimeoutError(endpoint_url=request.url, error=e)
botocore.exceptions.ConnectTimeoutError: Connect timeout on endpoint URL: "https://route53.amazonaws.com/2013-04-01/hostedzone"
Event needs-retry.route-53.ListHostedZones: calling handler <botocore.retryhandler.RetryHandler object at 0x7fa6fa476e50>
retry needed, retryable exception caught: Connect timeout on endpoint URL: "https://route53.amazonaws.com/2013-04-01/hostedzone"
Traceback (most recent call last):
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/connection.py", line 174, in _new_conn
    conn = connection.create_connection(
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/util/connection.py", line 95, in create_connection
    raise err
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/util/connection.py", line 85, in create_connection
    sock.connect(sa)
socket.timeout: timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/httpsession.py", line 455, in send
    urllib_response = conn.urlopen(
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/connectionpool.py", line 787, in urlopen
    retries = retries.increment(
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/util/retry.py", line 525, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/packages/six.py", line 770, in reraise
    raise value
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/connectionpool.py", line 703, in urlopen
    httplib_response = self._make_request(
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/connectionpool.py", line 386, in _make_request
    self._validate_conn(conn)
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/connectionpool.py", line 1042, in _validate_conn
    conn.connect()
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/connection.py", line 363, in connect
    self.sock = conn = self._new_conn()
  File "/snap/certbot/3024/lib/python3.8/site-packages/urllib3/connection.py", line 179, in _new_conn
    raise ConnectTimeoutError(
urllib3.exceptions.ConnectTimeoutError: (<botocore.awsrequest.AWSHTTPSConnection object at 0x7fa6fa4480a0>, 'Connection to route53.amazonaws.com timed out. (connect timeout=60)')

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/retryhandler.py", line 307, in _should_retry
    return self._checker(
  File "/snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/retryhandler.py", line 363, in __call__
    checker_response = checker(
  File "/snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/retryhandler.py", line 247, in __call__
    return self._check_caught_exception(
  File "/snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/retryhandler.py", line 416, in _check_caught_exception
    raise caught_exception
  File "/snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/endpoint.py", line 281, in _do_get_response
    http_response = self._send(request)
  File "/snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/endpoint.py", line 377, in _send
    return self.http_session.send(request)
  File "/snap/certbot-dns-route53/current/lib/python3.8/site-packages/botocore/httpsession.py", line 490, in send
    raise ConnectTimeoutError(endpoint_url=request.url, error=e)
botocore.exceptions.ConnectTimeoutError: Connect timeout on endpoint URL: "https://route53.amazonaws.com/2013-04-01/hostedzone"
Retry needed, action of: 0.5615041723747408
Response received to retry, sleeping for 0.5615041723747408 seconds
Event request-created.route-53.ListHostedZones: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fa6fa4cf190>>
Event choose-signer.route-53.ListHostedZones: calling handler <function set_operation_specific_signer at 0x7fa6fa670a60>
Calculating signature using v4 auth.
CanonicalRequest:
GET
/2013-04-01/hostedzone

host:route53.amazonaws.com
x-amz-date:20230712T135524Z

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
StringToSign:
AWS4-HMAC-SHA256
20230712T135524Z
20230712/us-east-1/route53/aws4_request
48045bbf1db2735a7dbb81a3611c562c3ae5368135b72096f2240e9f11ae2b72
Signature:
49808d2a29dda35063c8f79acbca2876b9d54eb8065a5eb4cf7eb7b0068c6da1
Event request-created.route-53.ListHostedZones: calling handler <function add_retry_headers at 0x7fa6fa678af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://route53.amazonaws.com/2013-04-01/hostedzone, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T135524Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=49808d2a29dda35063c8f79acbca2876b9d54eb8065a5eb4cf7eb7b0068c6da1', 'amz-sdk-invocation-id': b'cff05824-d4a8-4dbb-854a-4e0bf1f83dbc', 'amz-sdk-request': b'attempt=2; max=5'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
Starting new HTTPS connection (2): route53.amazonaws.com:443
https://route53.amazonaws.com:443 "GET /2013-04-01/hostedzone HTTP/1.1" 200 498
Response headers: {'x-amzn-RequestId': 'c7c696a9-7ff2-4e6d-a9b7-2fedc3fb3686', 'Content-Type': 'text/xml', 'Content-Length': '498', 'Date': 'Wed, 12 Jul 2023 13:55:23 GMT'}
Response body:
b'<?xml version="1.0"?>\n<ListHostedZonesResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><HostedZones><HostedZone><Id>/hostedzone/Z0467553HLBDNHD1ETI</Id><Name>wildlifetracking.net.</Name><CallerReference>8f79c9ca-904c-4791-895b-5c8a8a398663</CallerReference><Config><Comment></Comment><PrivateZone>false</PrivateZone></Config><ResourceRecordSetCount>2</ResourceRecordSetCount></HostedZone></HostedZones><IsTruncated>false</IsTruncated><MaxItems>100</MaxItems></ListHostedZonesResponse>'
Event needs-retry.route-53.ListHostedZones: calling handler <botocore.retryhandler.RetryHandler object at 0x7fa6fa476e50>
No retry needed.
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.ChangeResourceRecordSets: calling handler <function fix_route53_ids at 0x7fa6fa675a60>
HostedZoneId /hostedzone/Z0467553HLBDNHD1ETI -> Z0467553HLBDNHD1ETI
Event before-parameter-build.route-53.ChangeResourceRecordSets: calling handler <function generate_idempotent_uuid at 0x7fa6fa670b80>
Event before-call.route-53.ChangeResourceRecordSets: calling handler <function add_recursion_detection_header at 0x7fa6fa670820>
Event before-call.route-53.ChangeResourceRecordSets: calling handler <function inject_api_version_header_if_needed at 0x7fa6fa678430>
Making request for OperationModel(name=ChangeResourceRecordSets) with params: {'url_path': '/2013-04-01/hostedzone/Z0467553HLBDNHD1ETI/rrset/', 'query_string': {}, 'method': 'POST', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'<ChangeResourceRecordSetsRequest xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeBatch><Comment>certbot-dns-route53 certificate validation UPSERT</Comment><Changes><Change><Action>UPSERT</Action><ResourceRecordSet><Name>_acme-challenge.configuration.wildlifetracking.net</Name><Type>TXT</Type><TTL>10</TTL><ResourceRecords><ResourceRecord><Value>"s5lzqi3YOI-mVek95CTvvqMrMAerxH1_XRvhywspdQQ"</Value></ResourceRecord></ResourceRecords></ResourceRecordSet></Change></Changes></ChangeBatch></ChangeResourceRecordSetsRequest>', 'url': 'https://route53.amazonaws.com/2013-04-01/hostedzone/Z0467553HLBDNHD1ETI/rrset/', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fa6fa4cf2b0>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.ChangeResourceRecordSets: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fa6fa4cf190>>
Event choose-signer.route-53.ChangeResourceRecordSets: calling handler <function set_operation_specific_signer at 0x7fa6fa670a60>
Calculating signature using v4 auth.
CanonicalRequest:
POST
/2013-04-01/hostedzone/Z0467553HLBDNHD1ETI/rrset/

host:route53.amazonaws.com
x-amz-date:20230712T135524Z

host;x-amz-date
83d2293e4baf39adc31e23ba3eb0a2bc94ebf5117c8c3f6d259ce246e53be2d4
StringToSign:
AWS4-HMAC-SHA256
20230712T135524Z
20230712/us-east-1/route53/aws4_request
9f6f5bbfd300250ed19622dbb69c3ac87bb177140fe4a3447720e20fb562eff1
Signature:
125d9d5939e213cfe3b68927801e3b0e710023acf55bc743f87df3f8d464fb2f
Event request-created.route-53.ChangeResourceRecordSets: calling handler <function add_retry_headers at 0x7fa6fa678af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=POST, url=https://route53.amazonaws.com/2013-04-01/hostedzone/Z0467553HLBDNHD1ETI/rrset/, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T135524Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=125d9d5939e213cfe3b68927801e3b0e710023acf55bc743f87df3f8d464fb2f', 'amz-sdk-invocation-id': b'4adc97ba-d015-444b-a450-17c71af258c6', 'amz-sdk-request': b'attempt=1', 'Content-Length': '534'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
https://route53.amazonaws.com:443 "POST /2013-04-01/hostedzone/Z0467553HLBDNHD1ETI/rrset/ HTTP/1.1" 200 350
Response headers: {'x-amzn-RequestId': 'b7e71266-8bc2-43aa-9100-910c82b61cba', 'Content-Type': 'text/xml', 'Content-Length': '350', 'Date': 'Wed, 12 Jul 2023 13:55:24 GMT'}
Response body:
b'<?xml version="1.0"?>\n<ChangeResourceRecordSetsResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeInfo><Id>/change/C04350234QDUOALZOEJZ</Id><Status>PENDING</Status><SubmittedAt>2023-07-12T13:55:24.794Z</SubmittedAt><Comment>certbot-dns-route53 certificate validation UPSERT</Comment></ChangeInfo></ChangeResourceRecordSetsResponse>'
Event needs-retry.route-53.ChangeResourceRecordSets: calling handler <botocore.retryhandler.RetryHandler object at 0x7fa6fa476e50>
No retry needed.
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.GetChange: calling handler <function fix_route53_ids at 0x7fa6fa675a60>
Id /change/C04350234QDUOALZOEJZ -> C04350234QDUOALZOEJZ
Event before-parameter-build.route-53.GetChange: calling handler <function generate_idempotent_uuid at 0x7fa6fa670b80>
Event before-call.route-53.GetChange: calling handler <function add_recursion_detection_header at 0x7fa6fa670820>
Event before-call.route-53.GetChange: calling handler <function inject_api_version_header_if_needed at 0x7fa6fa678430>
Making request for OperationModel(name=GetChange) with params: {'url_path': '/2013-04-01/change/C04350234QDUOALZOEJZ', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'', 'url': 'https://route53.amazonaws.com/2013-04-01/change/C04350234QDUOALZOEJZ', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fa6fa4cf2b0>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.GetChange: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fa6fa4cf190>>
Event choose-signer.route-53.GetChange: calling handler <function set_operation_specific_signer at 0x7fa6fa670a60>
Calculating signature using v4 auth.
CanonicalRequest:
GET
/2013-04-01/change/C04350234QDUOALZOEJZ

host:route53.amazonaws.com
x-amz-date:20230712T135524Z

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
StringToSign:
AWS4-HMAC-SHA256
20230712T135524Z
20230712/us-east-1/route53/aws4_request
5be5d59b1e88fca6f3704707c54c102f78a8ef84dc994b220a62706bf0e7b60f
Signature:
a765c4c3c6cdd2e621259cd237d84f92f2baf9afa8f1046f93755caef75099e8
Event request-created.route-53.GetChange: calling handler <function add_retry_headers at 0x7fa6fa678af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://route53.amazonaws.com/2013-04-01/change/C04350234QDUOALZOEJZ, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T135524Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=a765c4c3c6cdd2e621259cd237d84f92f2baf9afa8f1046f93755caef75099e8', 'amz-sdk-invocation-id': b'3def6c4b-cda9-4a9f-9a23-4576a3cb06f9', 'amz-sdk-request': b'attempt=1'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
https://route53.amazonaws.com:443 "GET /2013-04-01/change/C04350234QDUOALZOEJZ HTTP/1.1" 200 320
Response headers: {'x-amzn-RequestId': 'efc095f4-c374-4612-8630-40370e009e60', 'Content-Type': 'text/xml', 'Content-Length': '320', 'Date': 'Wed, 12 Jul 2023 13:55:24 GMT'}
Response body:
b'<?xml version="1.0"?>\n<GetChangeResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeInfo><Id>/change/C04350234QDUOALZOEJZ</Id><Status>PENDING</Status><SubmittedAt>2023-07-12T13:55:24.794Z</SubmittedAt><Comment>certbot-dns-route53 certificate validation UPSERT</Comment></ChangeInfo></GetChangeResponse>'
Event needs-retry.route-53.GetChange: calling handler <botocore.retryhandler.RetryHandler object at 0x7fa6fa476e50>
No retry needed.
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.GetChange: calling handler <function fix_route53_ids at 0x7fa6fa675a60>
Id /change/C04350234QDUOALZOEJZ -> C04350234QDUOALZOEJZ
Event before-parameter-build.route-53.GetChange: calling handler <function generate_idempotent_uuid at 0x7fa6fa670b80>
Event before-call.route-53.GetChange: calling handler <function add_recursion_detection_header at 0x7fa6fa670820>
Event before-call.route-53.GetChange: calling handler <function inject_api_version_header_if_needed at 0x7fa6fa678430>
Making request for OperationModel(name=GetChange) with params: {'url_path': '/2013-04-01/change/C04350234QDUOALZOEJZ', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'', 'url': 'https://route53.amazonaws.com/2013-04-01/change/C04350234QDUOALZOEJZ', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fa6fa4cf2b0>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.GetChange: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fa6fa4cf190>>
Event choose-signer.route-53.GetChange: calling handler <function set_operation_specific_signer at 0x7fa6fa670a60>
Calculating signature using v4 auth.
CanonicalRequest:
GET
/2013-04-01/change/C04350234QDUOALZOEJZ

host:route53.amazonaws.com
x-amz-date:20230712T135530Z

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
StringToSign:
AWS4-HMAC-SHA256
20230712T135530Z
20230712/us-east-1/route53/aws4_request
e385a804ea3ae76715d41ebb8c80a684c0d194be8291a687e8715e68d60301c6
Signature:
24bdc2b34c919b93921dbb2404837dd23c0dd97fd9dd0f2974a26837273a659a
Event request-created.route-53.GetChange: calling handler <function add_retry_headers at 0x7fa6fa678af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://route53.amazonaws.com/2013-04-01/change/C04350234QDUOALZOEJZ, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T135530Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=24bdc2b34c919b93921dbb2404837dd23c0dd97fd9dd0f2974a26837273a659a', 'amz-sdk-invocation-id': b'8867a505-53fe-4ed3-b6bb-227b2ab5d956', 'amz-sdk-request': b'attempt=1'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
https://route53.amazonaws.com:443 "GET /2013-04-01/change/C04350234QDUOALZOEJZ HTTP/1.1" 200 320
Response headers: {'x-amzn-RequestId': '4d3608d8-ed5e-4e19-9cf9-dd57eb480c56', 'Content-Type': 'text/xml', 'Content-Length': '320', 'Date': 'Wed, 12 Jul 2023 13:55:29 GMT'}
Response body:
b'<?xml version="1.0"?>\n<GetChangeResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeInfo><Id>/change/C04350234QDUOALZOEJZ</Id><Status>PENDING</Status><SubmittedAt>2023-07-12T13:55:24.794Z</SubmittedAt><Comment>certbot-dns-route53 certificate validation UPSERT</Comment></ChangeInfo></GetChangeResponse>'
Event needs-retry.route-53.GetChange: calling handler <botocore.retryhandler.RetryHandler object at 0x7fa6fa476e50>
No retry needed.
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.GetChange: calling handler <function fix_route53_ids at 0x7fa6fa675a60>
Id /change/C04350234QDUOALZOEJZ -> C04350234QDUOALZOEJZ
Event before-parameter-build.route-53.GetChange: calling handler <function generate_idempotent_uuid at 0x7fa6fa670b80>
Event before-call.route-53.GetChange: calling handler <function add_recursion_detection_header at 0x7fa6fa670820>
Event before-call.route-53.GetChange: calling handler <function inject_api_version_header_if_needed at 0x7fa6fa678430>
Making request for OperationModel(name=GetChange) with params: {'url_path': '/2013-04-01/change/C04350234QDUOALZOEJZ', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'', 'url': 'https://route53.amazonaws.com/2013-04-01/change/C04350234QDUOALZOEJZ', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fa6fa4cf2b0>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.GetChange: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fa6fa4cf190>>
Event choose-signer.route-53.GetChange: calling handler <function set_operation_specific_signer at 0x7fa6fa670a60>
Calculating signature using v4 auth.
CanonicalRequest:
GET
/2013-04-01/change/C04350234QDUOALZOEJZ

host:route53.amazonaws.com
x-amz-date:20230712T135535Z

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
StringToSign:
AWS4-HMAC-SHA256
20230712T135535Z
20230712/us-east-1/route53/aws4_request
7773052acb94624d6af79a943a3ad8868fe7403716851e2584998e3e12d1103d
Signature:
cc32560f7a37b0b4ddb53c58044e2d937f269454e1f58c7842417a1492084838
Event request-created.route-53.GetChange: calling handler <function add_retry_headers at 0x7fa6fa678af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://route53.amazonaws.com/2013-04-01/change/C04350234QDUOALZOEJZ, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T135535Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=cc32560f7a37b0b4ddb53c58044e2d937f269454e1f58c7842417a1492084838', 'amz-sdk-invocation-id': b'47d52bdf-3b17-47e5-9d47-ade22183ea46', 'amz-sdk-request': b'attempt=1'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
https://route53.amazonaws.com:443 "GET /2013-04-01/change/C04350234QDUOALZOEJZ HTTP/1.1" 200 320
Response headers: {'x-amzn-RequestId': '1c137056-c038-43c9-a9c9-89afd10241f9', 'Content-Type': 'text/xml', 'Content-Length': '320', 'Date': 'Wed, 12 Jul 2023 13:55:34 GMT'}
Response body:
b'<?xml version="1.0"?>\n<GetChangeResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeInfo><Id>/change/C04350234QDUOALZOEJZ</Id><Status>PENDING</Status><SubmittedAt>2023-07-12T13:55:24.794Z</SubmittedAt><Comment>certbot-dns-route53 certificate validation UPSERT</Comment></ChangeInfo></GetChangeResponse>'
Event needs-retry.route-53.GetChange: calling handler <botocore.retryhandler.RetryHandler object at 0x7fa6fa476e50>
No retry needed.
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.GetChange: calling handler <function fix_route53_ids at 0x7fa6fa675a60>
Id /change/C04350234QDUOALZOEJZ -> C04350234QDUOALZOEJZ
Event before-parameter-build.route-53.GetChange: calling handler <function generate_idempotent_uuid at 0x7fa6fa670b80>
Event before-call.route-53.GetChange: calling handler <function add_recursion_detection_header at 0x7fa6fa670820>
Event before-call.route-53.GetChange: calling handler <function inject_api_version_header_if_needed at 0x7fa6fa678430>
Making request for OperationModel(name=GetChange) with params: {'url_path': '/2013-04-01/change/C04350234QDUOALZOEJZ', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'', 'url': 'https://route53.amazonaws.com/2013-04-01/change/C04350234QDUOALZOEJZ', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fa6fa4cf2b0>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.GetChange: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fa6fa4cf190>>
Event choose-signer.route-53.GetChange: calling handler <function set_operation_specific_signer at 0x7fa6fa670a60>
Calculating signature using v4 auth.
CanonicalRequest:
GET
/2013-04-01/change/C04350234QDUOALZOEJZ

host:route53.amazonaws.com
x-amz-date:20230712T135540Z

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
StringToSign:
AWS4-HMAC-SHA256
20230712T135540Z
20230712/us-east-1/route53/aws4_request
f7ca32fd306039db9a473a16b3a0852546abbd6f210b33cc412845ef9b8fe48c
Signature:
4653cd2a1104623ed307b854a029e58d6c9c577ddba293aa530633945ff4b062
Event request-created.route-53.GetChange: calling handler <function add_retry_headers at 0x7fa6fa678af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://route53.amazonaws.com/2013-04-01/change/C04350234QDUOALZOEJZ, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T135540Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=4653cd2a1104623ed307b854a029e58d6c9c577ddba293aa530633945ff4b062', 'amz-sdk-invocation-id': b'd5d005ce-47d3-4b06-9b67-9c8d8ace0572', 'amz-sdk-request': b'attempt=1'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
https://route53.amazonaws.com:443 "GET /2013-04-01/change/C04350234QDUOALZOEJZ HTTP/1.1" 200 320
Response headers: {'x-amzn-RequestId': '3d3b202f-6aec-4e97-ae60-d47fafa6c985', 'Content-Type': 'text/xml', 'Content-Length': '320', 'Date': 'Wed, 12 Jul 2023 13:55:40 GMT'}
Response body:
b'<?xml version="1.0"?>\n<GetChangeResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeInfo><Id>/change/C04350234QDUOALZOEJZ</Id><Status>PENDING</Status><SubmittedAt>2023-07-12T13:55:24.794Z</SubmittedAt><Comment>certbot-dns-route53 certificate validation UPSERT</Comment></ChangeInfo></GetChangeResponse>'
Event needs-retry.route-53.GetChange: calling handler <botocore.retryhandler.RetryHandler object at 0x7fa6fa476e50>
No retry needed.
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.GetChange: calling handler <function fix_route53_ids at 0x7fa6fa675a60>
Id /change/C04350234QDUOALZOEJZ -> C04350234QDUOALZOEJZ
Event before-parameter-build.route-53.GetChange: calling handler <function generate_idempotent_uuid at 0x7fa6fa670b80>
Event before-call.route-53.GetChange: calling handler <function add_recursion_detection_header at 0x7fa6fa670820>
Event before-call.route-53.GetChange: calling handler <function inject_api_version_header_if_needed at 0x7fa6fa678430>
Making request for OperationModel(name=GetChange) with params: {'url_path': '/2013-04-01/change/C04350234QDUOALZOEJZ', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'', 'url': 'https://route53.amazonaws.com/2013-04-01/change/C04350234QDUOALZOEJZ', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fa6fa4cf2b0>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.GetChange: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fa6fa4cf190>>
Event choose-signer.route-53.GetChange: calling handler <function set_operation_specific_signer at 0x7fa6fa670a60>
Calculating signature using v4 auth.
CanonicalRequest:
GET
/2013-04-01/change/C04350234QDUOALZOEJZ

host:route53.amazonaws.com
x-amz-date:20230712T135546Z

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
StringToSign:
AWS4-HMAC-SHA256
20230712T135546Z
20230712/us-east-1/route53/aws4_request
259338168ac9e321515dbc822c25c6b96d546bb5f74199df4e75065c589e7c95
Signature:
6738b0407e4adccaaae4b03ea47a88b899b6bef2b9a287dd159c14110b30632f
Event request-created.route-53.GetChange: calling handler <function add_retry_headers at 0x7fa6fa678af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://route53.amazonaws.com/2013-04-01/change/C04350234QDUOALZOEJZ, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T135546Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=6738b0407e4adccaaae4b03ea47a88b899b6bef2b9a287dd159c14110b30632f', 'amz-sdk-invocation-id': b'a3ee7f85-70be-43ad-a52c-096aa248132b', 'amz-sdk-request': b'attempt=1'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
https://route53.amazonaws.com:443 "GET /2013-04-01/change/C04350234QDUOALZOEJZ HTTP/1.1" 200 320
Response headers: {'x-amzn-RequestId': '015d43a6-9264-4199-bfb4-47393fea74c6', 'Content-Type': 'text/xml', 'Content-Length': '320', 'Date': 'Wed, 12 Jul 2023 13:55:45 GMT'}
Response body:
b'<?xml version="1.0"?>\n<GetChangeResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeInfo><Id>/change/C04350234QDUOALZOEJZ</Id><Status>PENDING</Status><SubmittedAt>2023-07-12T13:55:24.794Z</SubmittedAt><Comment>certbot-dns-route53 certificate validation UPSERT</Comment></ChangeInfo></GetChangeResponse>'
Event needs-retry.route-53.GetChange: calling handler <botocore.retryhandler.RetryHandler object at 0x7fa6fa476e50>
No retry needed.
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.GetChange: calling handler <function fix_route53_ids at 0x7fa6fa675a60>
Id /change/C04350234QDUOALZOEJZ -> C04350234QDUOALZOEJZ
Event before-parameter-build.route-53.GetChange: calling handler <function generate_idempotent_uuid at 0x7fa6fa670b80>
Event before-call.route-53.GetChange: calling handler <function add_recursion_detection_header at 0x7fa6fa670820>
Event before-call.route-53.GetChange: calling handler <function inject_api_version_header_if_needed at 0x7fa6fa678430>
Making request for OperationModel(name=GetChange) with params: {'url_path': '/2013-04-01/change/C04350234QDUOALZOEJZ', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'', 'url': 'https://route53.amazonaws.com/2013-04-01/change/C04350234QDUOALZOEJZ', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fa6fa4cf2b0>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.GetChange: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fa6fa4cf190>>
Event choose-signer.route-53.GetChange: calling handler <function set_operation_specific_signer at 0x7fa6fa670a60>
Calculating signature using v4 auth.
CanonicalRequest:
GET
/2013-04-01/change/C04350234QDUOALZOEJZ

host:route53.amazonaws.com
x-amz-date:20230712T135551Z

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
StringToSign:
AWS4-HMAC-SHA256
20230712T135551Z
20230712/us-east-1/route53/aws4_request
1fa7969ff4d34ef95b6112cd8a85faf7941079645b7c97c8bc6531e11d4ea7b9
Signature:
ee5506c51ef9bd4f8081555b3bce25408a23800a3ce2be029fb49c850507f2c1
Event request-created.route-53.GetChange: calling handler <function add_retry_headers at 0x7fa6fa678af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://route53.amazonaws.com/2013-04-01/change/C04350234QDUOALZOEJZ, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T135551Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=ee5506c51ef9bd4f8081555b3bce25408a23800a3ce2be029fb49c850507f2c1', 'amz-sdk-invocation-id': b'fba53ad9-62d4-4b4b-a287-9f15ab315966', 'amz-sdk-request': b'attempt=1'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
https://route53.amazonaws.com:443 "GET /2013-04-01/change/C04350234QDUOALZOEJZ HTTP/1.1" 200 320
Response headers: {'x-amzn-RequestId': '1cc20fc1-2b06-4175-b607-4a97b432be69', 'Content-Type': 'text/xml', 'Content-Length': '320', 'Date': 'Wed, 12 Jul 2023 13:55:50 GMT'}
Response body:
b'<?xml version="1.0"?>\n<GetChangeResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeInfo><Id>/change/C04350234QDUOALZOEJZ</Id><Status>PENDING</Status><SubmittedAt>2023-07-12T13:55:24.794Z</SubmittedAt><Comment>certbot-dns-route53 certificate validation UPSERT</Comment></ChangeInfo></GetChangeResponse>'
Event needs-retry.route-53.GetChange: calling handler <botocore.retryhandler.RetryHandler object at 0x7fa6fa476e50>
No retry needed.
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.GetChange: calling handler <function fix_route53_ids at 0x7fa6fa675a60>
Id /change/C04350234QDUOALZOEJZ -> C04350234QDUOALZOEJZ
Event before-parameter-build.route-53.GetChange: calling handler <function generate_idempotent_uuid at 0x7fa6fa670b80>
Event before-call.route-53.GetChange: calling handler <function add_recursion_detection_header at 0x7fa6fa670820>
Event before-call.route-53.GetChange: calling handler <function inject_api_version_header_if_needed at 0x7fa6fa678430>
Making request for OperationModel(name=GetChange) with params: {'url_path': '/2013-04-01/change/C04350234QDUOALZOEJZ', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'', 'url': 'https://route53.amazonaws.com/2013-04-01/change/C04350234QDUOALZOEJZ', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fa6fa4cf2b0>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.GetChange: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fa6fa4cf190>>
Event choose-signer.route-53.GetChange: calling handler <function set_operation_specific_signer at 0x7fa6fa670a60>
Calculating signature using v4 auth.
CanonicalRequest:
GET
/2013-04-01/change/C04350234QDUOALZOEJZ

host:route53.amazonaws.com
x-amz-date:20230712T135556Z

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
StringToSign:
AWS4-HMAC-SHA256
20230712T135556Z
20230712/us-east-1/route53/aws4_request
5b96989283ebaac22ec80a7198b32c44940aa048801c940b79dc0158001e73e2
Signature:
32ad95d2c310f66d4c1c925ae6a93e9a1d0324bbe8690a4a709a383a15a86476
Event request-created.route-53.GetChange: calling handler <function add_retry_headers at 0x7fa6fa678af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://route53.amazonaws.com/2013-04-01/change/C04350234QDUOALZOEJZ, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T135556Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=32ad95d2c310f66d4c1c925ae6a93e9a1d0324bbe8690a4a709a383a15a86476', 'amz-sdk-invocation-id': b'9c8b3f89-d7b2-4b8e-bffd-66989d21ea70', 'amz-sdk-request': b'attempt=1'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
https://route53.amazonaws.com:443 "GET /2013-04-01/change/C04350234QDUOALZOEJZ HTTP/1.1" 200 319
Response headers: {'x-amzn-RequestId': '0d953023-e096-4b11-946c-c58102773f13', 'Content-Type': 'text/xml', 'Content-Length': '319', 'Date': 'Wed, 12 Jul 2023 13:55:56 GMT'}
Response body:
b'<?xml version="1.0"?>\n<GetChangeResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeInfo><Id>/change/C04350234QDUOALZOEJZ</Id><Status>INSYNC</Status><SubmittedAt>2023-07-12T13:55:24.794Z</SubmittedAt><Comment>certbot-dns-route53 certificate validation UPSERT</Comment></ChangeInfo></GetChangeResponse>'
Event needs-retry.route-53.GetChange: calling handler <botocore.retryhandler.RetryHandler object at 0x7fa6fa476e50>
No retry needed.
JWS payload:
b'{}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/244954586937/Z1N-iw:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5MzQxOTgzNyIsICJub25jZSI6ICIzMjdDaVNxcnFCVmJYZXppNDU3R21aOUNxYTFHR3BDX0Y5MTZyVi12bHFvSUFxSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMjQ0OTU0NTg2OTM3L1oxTi1pdyJ9",
  "signature": "dkZSiyJqmukhQGZNydJe9DOZ1k0VKPyfwP1-4xJ6w7yrm0q9aIQHHq1_wu4Uz8S3jbtOin2R1Er1sasLN-4ckwKCYkIkcy90AzdK66GSL3R2sp6VxMjqPZzJ-40OtLzfC--ScHd9eJYY4P_CjM2tlXqa4LCP8xXa21wH5MqUVgNBtutUedtjn5DH4eQafDCZxsAVt3DItesrJqZFH6fqeqwSULYkb40EUlwgPf-zrUIIg7GJPTbEaXgKJ3Ii5AN2yf30U4BsfFGcoHmdzsPCG-CAm9WOMQpGn2xEu59XVmZxcMTT66XVRDH7dJ5OjuMXbipHduX2RA765BVWkXcFtw",
  "payload": "e30"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/244954586937/Z1N-iw HTTP/1.1" 200 186
Received response:
HTTP 200
Server: nginx
Date: Wed, 12 Jul 2023 13:55:57 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 1193419837
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/244954586937>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/244954586937/Z1N-iw
Replay-Nonce: 327CG6j66iOirB5Z1zt9kIFHDr65-p3I25mal9guu-eYRpg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

end of the response

{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/244954586937/Z1N-iw",
  "token": "5Dl0IxLcKOh3qxOxfqZsRa8iR3H2ccpksegcRatfomI"
}
Storing nonce: 327CG6j66iOirB5Z1zt9kIFHDr65-p3I25mal9guu-eYRpg
Waiting for verification...
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/244954586937:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5MzQxOTgzNyIsICJub25jZSI6ICIzMjdDRzZqNjZpT2lyQjVaMXp0OWtJRkhEcjY1LXAzSTI1bWFsOWd1dS1lWVJwZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQ0OTU0NTg2OTM3In0",
  "signature": "C8vcyw6PspaP5nSXOn0lMh1kexDRD3Y8Zo-kPItf3kvTuhhgr3fOM2IHZf4-4x4_dwSuXLhGQClIXfW8GN0ZD0chUxVu0DRPG0MPhPN5_FVcQaqAOwDkDNzsEUhTjVJR19ikhCWpmSRD28U4qk3aQEAPOnkv4ct9mBNXDhD_BJRtjzb_qyjY9LMlDM9XphZL6TW9412-Rx-znOw929RvhNKsc-Rdlz7jkqBb7XKup7VWSva9UKkLBokXkI7oieK9wy_yLbTF16oW7eWDboEa-GhjuxFR0SPE3L0gDUNP9el0mNCj8tVwY9xlqyHAlgx7oBKmoKBt8pD_Oh2bQ11_gQ",
  "payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/244954586937 HTTP/1.1" 200 691
Received response:
HTTP 200
Server: nginx
Date: Wed, 12 Jul 2023 13:55:58 GMT
Content-Type: application/json
Content-Length: 691
Connection: keep-alive
Boulder-Requester: 1193419837
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 1AADcBgzgGR99oXCPFf_5z7S_sdbAQwN98dU2wVPLPxXxTU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "configuration.wildlifetracking.net"
  },
  "status": "invalid",
  "expires": "2023-07-19T13:54:22Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.configuration.wildlifetracking.net - check that a DNS record exists for this domain",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/244954586937/Z1N-iw",
      "token": "5Dl0IxLcKOh3qxOxfqZsRa8iR3H2ccpksegcRatfomI",
      "validated": "2023-07-12T13:55:57Z"
    }
  ]
}
Storing nonce: 1AADcBgzgGR99oXCPFf_5z7S_sdbAQwN98dU2wVPLPxXxTU
Challenge failed for domain configuration.wildlifetracking.net
dns-01 challenge for configuration.wildlifetracking.net
Notifying user:
Certbot failed to authenticate some domains (authenticator: dns-route53). The Certificate Authority reported these problems:
  Domain: configuration.wildlifetracking.net
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.configuration.wildlifetracking.net - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-route53. Ensure the above domains have their DNS hosted by AWS Route53.


Certbot failed to authenticate some domains (authenticator: dns-route53). The Certificate Authority reported these problems:
  Domain: configuration.wildlifetracking.net
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.configuration.wildlifetracking.net - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-route53. Ensure the above domains have their DNS hosted by AWS Route53.

Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

Calling registered functions
Cleaning up challenges
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.ListHostedZones: calling handler <function fix_route53_ids at 0x7fa6fa675a60>
Event before-parameter-build.route-53.ListHostedZones: calling handler <function generate_idempotent_uuid at 0x7fa6fa670b80>
Event before-call.route-53.ListHostedZones: calling handler <function add_recursion_detection_header at 0x7fa6fa670820>
Event before-call.route-53.ListHostedZones: calling handler <function inject_api_version_header_if_needed at 0x7fa6fa678430>
Making request for OperationModel(name=ListHostedZones) with params: {'url_path': '/2013-04-01/hostedzone', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'', 'url': 'https://route53.amazonaws.com/2013-04-01/hostedzone', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fa6fa4cf2b0>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.ListHostedZones: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fa6fa4cf190>>
Event choose-signer.route-53.ListHostedZones: calling handler <function set_operation_specific_signer at 0x7fa6fa670a60>
Calculating signature using v4 auth.
CanonicalRequest:
GET
/2013-04-01/hostedzone

host:route53.amazonaws.com
x-amz-date:20230712T135558Z

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
StringToSign:
AWS4-HMAC-SHA256
20230712T135558Z
20230712/us-east-1/route53/aws4_request
4cd58dbf138186c33f89ff849f9d9f69b3e6fc8b3a9e30b9b382dc3c77ca2efa
Signature:
c6bd6d5d26ba1028f0748c2b0f68b76c48973e8af14f2f474a4f92bff8f88adf
Event request-created.route-53.ListHostedZones: calling handler <function add_retry_headers at 0x7fa6fa678af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://route53.amazonaws.com/2013-04-01/hostedzone, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T135558Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=c6bd6d5d26ba1028f0748c2b0f68b76c48973e8af14f2f474a4f92bff8f88adf', 'amz-sdk-invocation-id': b'7ec16bcd-8c11-4f5d-bd3f-95c3c58789d1', 'amz-sdk-request': b'attempt=1'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
https://route53.amazonaws.com:443 "GET /2013-04-01/hostedzone HTTP/1.1" 200 498
Response headers: {'x-amzn-RequestId': '055544c8-62d6-4285-9611-a90e6ed86c2d', 'Content-Type': 'text/xml', 'Content-Length': '498', 'Date': 'Wed, 12 Jul 2023 13:55:57 GMT'}
Response body:
b'<?xml version="1.0"?>\n<ListHostedZonesResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><HostedZones><HostedZone><Id>/hostedzone/Z0467553HLBDNHD1ETI</Id><Name>wildlifetracking.net.</Name><CallerReference>8f79c9ca-904c-4791-895b-5c8a8a398663</CallerReference><Config><Comment></Comment><PrivateZone>false</PrivateZone></Config><ResourceRecordSetCount>3</ResourceRecordSetCount></HostedZone></HostedZones><IsTruncated>false</IsTruncated><MaxItems>100</MaxItems></ListHostedZonesResponse>'
Event needs-retry.route-53.ListHostedZones: calling handler <botocore.retryhandler.RetryHandler object at 0x7fa6fa476e50>
No retry needed.
Calling endpoint provider with parameters: {'Region': 'aws-global', 'UseDualStack': False, 'UseFIPS': False}
Endpoint provider result: https://route53.amazonaws.com
Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'route53'}
Event before-parameter-build.route-53.ChangeResourceRecordSets: calling handler <function fix_route53_ids at 0x7fa6fa675a60>
HostedZoneId /hostedzone/Z0467553HLBDNHD1ETI -> Z0467553HLBDNHD1ETI
Event before-parameter-build.route-53.ChangeResourceRecordSets: calling handler <function generate_idempotent_uuid at 0x7fa6fa670b80>
Event before-call.route-53.ChangeResourceRecordSets: calling handler <function add_recursion_detection_header at 0x7fa6fa670820>
Event before-call.route-53.ChangeResourceRecordSets: calling handler <function inject_api_version_header_if_needed at 0x7fa6fa678430>
Making request for OperationModel(name=ChangeResourceRecordSets) with params: {'url_path': '/2013-04-01/hostedzone/Z0467553HLBDNHD1ETI/rrset/', 'query_string': {}, 'method': 'POST', 'headers': {'User-Agent': 'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113'}, 'body': b'<ChangeResourceRecordSetsRequest xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeBatch><Comment>certbot-dns-route53 certificate validation DELETE</Comment><Changes><Change><Action>DELETE</Action><ResourceRecordSet><Name>_acme-challenge.configuration.wildlifetracking.net</Name><Type>TXT</Type><TTL>10</TTL><ResourceRecords><ResourceRecord><Value>"s5lzqi3YOI-mVek95CTvvqMrMAerxH1_XRvhywspdQQ"</Value></ResourceRecord></ResourceRecords></ResourceRecordSet></Change></Changes></ChangeBatch></ChangeResourceRecordSetsRequest>', 'url': 'https://route53.amazonaws.com/2013-04-01/hostedzone/Z0467553HLBDNHD1ETI/rrset/', 'context': {'client_region': 'aws-global', 'client_config': <botocore.config.Config object at 0x7fa6fa4cf2b0>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'route53'}}}
Event request-created.route-53.ChangeResourceRecordSets: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fa6fa4cf190>>
Event choose-signer.route-53.ChangeResourceRecordSets: calling handler <function set_operation_specific_signer at 0x7fa6fa670a60>
Calculating signature using v4 auth.
CanonicalRequest:
POST
/2013-04-01/hostedzone/Z0467553HLBDNHD1ETI/rrset/

host:route53.amazonaws.com
x-amz-date:20230712T135558Z

host;x-amz-date
7f1340cc8c64ce7047b6330d63c2e00374c9e895291e1926192578fb8d527af1
StringToSign:
AWS4-HMAC-SHA256
20230712T135558Z
20230712/us-east-1/route53/aws4_request
d327c5b566ed6a7b7b6c7e1a62b63f4246fc8a820fa3ebe8ca4f4f33020f528b
Signature:
4651b10d251f72a38fcba27dfd29c4046e4f9389ac18edee48d294046c042bb3
Event request-created.route-53.ChangeResourceRecordSets: calling handler <function add_retry_headers at 0x7fa6fa678af0>
Sending http request: <AWSPreparedRequest stream_output=False, method=POST, url=https://route53.amazonaws.com/2013-04-01/hostedzone/Z0467553HLBDNHD1ETI/rrset/, headers={'User-Agent': b'Boto3/1.26.113 Python/3.8.10 Linux/5.19.0-46-generic Botocore/1.29.113', 'X-Amz-Date': b'20230712T135558Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATDYCXZDCG22WAYGA/20230712/us-east-1/route53/aws4_request, SignedHeaders=host;x-amz-date, Signature=4651b10d251f72a38fcba27dfd29c4046e4f9389ac18edee48d294046c042bb3', 'amz-sdk-invocation-id': b'e71faac6-6748-4c27-8033-970505fe654f', 'amz-sdk-request': b'attempt=1', 'Content-Length': '534'}>
Certificate path: /snap/certbot/3024/lib/python3.8/site-packages/certifi/cacert.pem
https://route53.amazonaws.com:443 "POST /2013-04-01/hostedzone/Z0467553HLBDNHD1ETI/rrset/ HTTP/1.1" 200 350
Response headers: {'x-amzn-RequestId': '8284df1c-3ed9-43cd-98f4-29d8955c747e', 'Content-Type': 'text/xml', 'Content-Length': '350', 'Date': 'Wed, 12 Jul 2023 13:55:58 GMT'}
Response body:
b'<?xml version="1.0"?>\n<ChangeResourceRecordSetsResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeInfo><Id>/change/C042569753HVA1C2DWOF</Id><Status>PENDING</Status><SubmittedAt>2023-07-12T13:55:58.926Z</SubmittedAt><Comment>certbot-dns-route53 certificate validation DELETE</Comment></ChangeInfo></ChangeResourceRecordSetsResponse>'
Event needs-retry.route-53.ChangeResourceRecordSets: calling handler <botocore.retryhandler.RetryHandler object at 0x7fa6fa476e50>
No retry needed.
Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/3024/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/main.py", line 1864, in main
    return config.func(config, plugins)
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/main.py", line 1597, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
Some challenges have failed.
```

Thanks. It does look like it's updating the Z0467553HLBDNHD1ETI now.

Can you confirm that this zone is actually the some zone that's hosting the public DNS? That is, if you make a change in that zone directly (like, add a random record through the console), can you see it in DNS?

If so, I think the next step is to run with --dry-run --debug-challenges. That will pause certbot after it has added the records to Route 53, but before asking Let's Encrypt to confirm that the records are there. Can you run that, and keep certbot paused (that is, don't hit enter to proceed, just keep certbot waiting), and confirm that the _acme-challenge record exists in the Route 53 zone, and also appears when querying public DNS?

I'm not entirely sure I understand the question, but the public DNS appears to be atlas.wildlifetracking.net

By "querying public DNS", I mean checking the records that are being added in Route 53 from your own DNS resolver, using nslookup or dig, or through online tools like Google's DNS.

I need to step away and get back to my day job, but it's possible that other people here could assist you as well. Good luck!

any way I run my command again after adding --dry-run --debug-challenges and I confirm _acme-challenge records exists in the route 53 zone

Just to double-check, can you re-run that test and use https://unboundtest.com to check the TXT record?

It uses a lookup method similar to Let's Encrypt servers.

Query results for TXT wildlifetracking.net

Response:
;; opcode: QUERY, status: NOERROR, id: 2545
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: do; udp: 512

;; QUESTION SECTION:
;wildlifetracking.net. IN TXT

;; AUTHORITY SECTION:
wildlifetracking.net. 0 IN SOA ns-1474.awsdns-56.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

You would look for TXT for

_acme-challenge.configuration.wildlifetracking.net

if configuration is still the subdomain you are trying to get a cert for

This fail !

Query results for TXT _acme-challenge.configuration.wildlifetracking.net

Response:
;; opcode: QUERY, status: NXDOMAIN, id: 37615
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: do; udp: 512

;; QUESTION SECTION:
;_acme-challenge.configuration.wildlifetracking.net. IN TXT

;; AUTHORITY SECTION:
wildlifetracking.net. 0 IN SOA ns-1474.awsdns-56.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

Well, now we know why Certbot request fails. This is still probably something related to the different zones you had before.

Can you check your Route53 console when your --dry-run --debug-challenges request is paused? If you see your TXT record there but not in unboundtest that should help see what is wrong.

Can you post a screen snap of the Route53 display so we can see the TXT info you see?

I suspect that there is more than one Route 53 zone for this domain, with one being used in public, and the AWS account that certbot is accessing is utilizing a different one.

Here is a screenshot of the question from Certbot

image736×259 6.87 KB

followed by another screenshot of the response from Route 53. the expected value looks like ok !

In that case, I suppose I shouldn't expect a response from Route 53, right ?

Are you still paused? Because I don't see that TXT in unboundtest.com