Error - Certificate isn't trusted, RemoteCertificateNameMismatch

My domain is: ggc.world

I ran this command: https://check-your-website.server-daten.de/?q=ggc.world

It produced this output:
https://www.ggc.world/ 2.36.58.214
Error - Certificate isn’t trusted, RemoteCertificateNameMismatch

My web server is (include version): nginx version: nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04.4 Desktop

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): I used acme.sh client for the certificates

This is the procedure I followed for the certificates:

  1. Installed acme.sh :

    (base) marco@pc01:~/webMatters$ git clone https://github.com/acmesh-official/acme.sh.git
    Cloning into ‘acme.sh’…
    remote: Enumerating objects: 12, done.
    remote: Counting objects: 100% (12/12), done.
    remote: Compressing objects: 100% (12/12), done.
    remote: Total 9858 (delta 5), reused 2 (delta 0), pack-reused 9846
    Receiving objects: 100% (9858/9858), 3.89 MiB | 5.81 MiB/s, done.
    Resolving deltas: 100% (5787/5787), done.

    (base) marco@pc01:~/webMatters/acme.sh$ sudo su
    root@pc01:/home/marco/webMatters/acme.sh# mkdir data

    root@pc01:/home/marco/webMatters/acme.sh# pwd
    /home/marco/webMatters/acme.sh
    root@pc01:/home/marco/webMatters/acme.sh# ./acme.sh --install --config-home /home/marco
    /webMatters/acme.sh/data/
    [ven 7 feb 2020, 18.28.59, CET] It is recommended to install socat first.
    [ven 7 feb 2020, 18.28.59, CET] We use socat for standalone server if you use standalone mode.
    [ven 7 feb 2020, 18.28.59, CET] If you don’t use standalone mode, just ignore this warning.
    [ven 7 feb 2020, 18.28.59, CET] Installing to /root/.acme.sh
    [ven 7 feb 2020, 18.28.59, CET] Installed to /root/.acme.sh/acme.sh
    [ven 7 feb 2020, 18.28.59, CET] Installing alias to ‘/root/.bashrc’
    [ven 7 feb 2020, 18.28.59, CET] OK, Close and reopen your terminal to start using acme.sh
    [ven 7 feb 2020, 18.28.59, CET] Installing cron job
    47 0 * * * “/home/marco/.acme.sh”/acme.sh --cron --home “/home/marco/.acme.sh” > /dev/null
    [ven 7 feb 2020, 18.28.59, CET] Good, bash is found, so change the shebang to use bash as
    preferred.
    [ven 7 feb 2020, 18.28.59, CET] OK

  2. Issued and Installed certificates :
    I followed the indications found here: https://www.cyberciti.biz/faq/how-to-configure-nginx-with-free-lets-encrypt-ssl-certificate-on-debian-or-ubuntu-linux/

    root@pc01:/home/marco/webMatters/acme.sh# D=/var/www/ggc.world
    root@pc01:/home/marco/webMatters/acme.sh# mkdir -vp {D}/.well-known/acme-challenge/ mkdir: created directory '/var/www/ggc.world/.well-known' mkdir: created directory '/var/www/ggc.world/.well-known/acme-challenge/' root@pc01:/home/marco/webMatters/acme.sh# chown -R www-data:www-data {D}/.well-
    known/acme-challenge/
    root@pc01:/home/marco/webMatters/acme.sh# chmod -R 0555 {D}/.well-known/acme-challenge/ root@pc01:/home/marco/webMatters/acme.sh# cd /etc/nginx/ssl/ggc.world/ root@pc01:/etc/nginx/ssl/ggc.world# openssl dhparam -out dhparams.pem -dsaparam 4096 Generating DSA parameters, 4096 bit long prime ..................+........+...........+..+...........+..+........+............+.....+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++* ..+..............+......+.....................+.....+....+..............+.....................................+............+..............+.+..+..+..........+.........+................+...+.....+......+.

    root@pc01:/etc/nginx/ssl/ggc.world# acme.sh --issue -w /var/www/ggc.world/ -d ggc.world
    [dom 9 feb 2020, 19.18.20, CET] Create account key ok.
    [dom 9 feb 2020, 19.18.20, CET] Registering account
    [dom 9 feb 2020, 19.18.21, CET] Registered
    [dom 9 feb 2020, 19.18.21, CET] ACCOUNT_THUMBPRINT=’…’
    [dom 9 feb 2020, 19.18.21, CET] Creating domain key
    [dom 9 feb 2020, 19.18.21, CET] The domain key is here: /home/marco/webMatters/acme.sh
    /data//ggc.world/ggc.world.key
    [dom 9 feb 2020, 19.18.21, CET] Single domain=‘ggc.world’
    [dom 9 feb 2020, 19.18.21, CET] Getting domain auth token for each domain
    [dom 9 feb 2020, 19.18.23, CET] Getting webroot for domain=‘ggc.world’
    [dom 9 feb 2020, 19.18.23, CET] Verifying: ggc.world
    [dom 9 feb 2020, 19.18.26, CET] Success
    [dom 9 feb 2020, 19.18.26, CET] Verify finished, start to sign.
    [dom 9 feb 2020, 19.18.26, CET] Lets finalize the order, Le_OrderFinalize: https://acme-
    v02.api.letsencrypt.org/acme/finalize/77760425/2282146886
    [dom 9 feb 2020, 19.18.27, CET] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org
    /acme/cert/03510d59a93f48cca51922f61d4cbc42d206
    [dom 9 feb 2020, 19.18.28, CET] Cert success.
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
    [dom 9 feb 2020, 19.18.28, CET] Your cert is in /home/marco/webMatters/acme.sh/data//ggc.world
    /ggc.world.cer
    [dom 9 feb 2020, 19.18.28, CET] Your cert key is in /home/marco/webMatters/acme.sh
    /data//ggc.world/ggc.world.key
    [dom 9 feb 2020, 19.18.28, CET] The intermediate CA cert is in /home/marco/webMatters/acme.sh
    /data//ggc.world/ca.cer
    [dom 9 feb 2020, 19.18.28, CET] And the full chain certs is there: /home/marco/webMatters
    /acme.sh/data//ggc.world/fullchain.cer

With this /etc/nginx/sites-enabled/default:

sudo nano root@pc01:/etc/nginx/ssl/ggc.world# nano /etc/nginx/sites-enabled/default : 

server {
    #listen 80 default_server;
    #listen [::]:80 default_server;
    #listen 80;

    listen  2.36.58.214:443;
    server_name ggc.world;
    ssl on;
    ssl_certificate_key /etc/nginx/ssl/ggc.world/ggc.world.key;
    ssl_certificate /etc/nginx/ssl/ggc.world/ggc.world.cer;
    ssl_session_timeout 30m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
    ssl_session_cache shared:SSL:10m;
    ssl_dhparam /etc/nginx/ssl/ggc.world/dhparams.pem;
    ssl_prefer_server_ciphers on;

    ## Improves TTFB by using a smaller SSL buffer than the nginx default
    ssl_buffer_size 8k;

    ## Enables OCSP stapling
    ssl_stapling on;
    resolver 8.8.8.8;
    ssl_stapling_verify on;

    ## Send header to tell the browser to prefer https to http traffic
    add_header Strict-Transport-Security max-age=31536000;

    ## SSL logs ##
    access_log /var/log/nginx/ggc.world/ssl_access.log;
    error_log /var/log/nginx/ggc.world/ssl_error.log;
    #-------- END SSL config -------##

    # Let's Encrypt webroot
    include includes/letsencrypt-webroot;
    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;
    server_name _;

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            try_files $uri $uri/ =404;
    }
}

I installed the certs:

root@pc01:/etc/nginx/ssl/ggc.world# acme.sh --installcert -d ggc.world --keypath /etc/nginx
/ssl/ggc.world/ggc.world.key --fullchainpath /etc/nginx/ssl/ggc.world/ggc.world.cer --reloadcmd 
'systemctl reloa$
[dom  9 feb 2020, 19.35.00, CET] Installing key to:/etc/nginx/ssl/ggc.world/ggc.world.key
[dom  9 feb 2020, 19.35.00, CET] Installing full chain to:/etc/nginx/ssl/ggc.world/ggc.world.cer
[dom  9 feb 2020, 19.35.00, CET] Run reload cmd: systemctl reload nginx
[dom  9 feb 2020, 19.35.00, CET] Reload success

I then opened port 443:

root@pc01:/etc/nginx/ssl/ggc.world# ufw allow proto tcp from any to 2.36.58.214 port 443
Rules updated

I then created a sudo nano /etc/nginx/conf.d/default.conf :

server {
    listen 443 ssl http2 default_server;
    server_name ggc.world;

    ssl_certificate_key /etc/nginx/ssl/ggc.world/ggc.world.key;
    ssl_certificate /etc/nginx/ssl/ggc.world/ggc.world.cer;

    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-  

draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
#ssl_stapling on;
#ssl_stapling_verify on;

    access_log /var/log/nginx/ggcworld-access.log combined;

    add_header Strict-Transport-Security "max-age=31536000";
    location = /favicon.ico { access_log off; log_not_found off; }
    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    error_page 497 https://$host:$server_port$request_uri;
    server_name www.ggc.world;
    return 301 https://$server_name$request_uri;

    access_log /var/log/nginx/ggcworld-access.log combined;

    add_header Strict-Transport-Security "max-age=31536000";
    location = /favicon.ico { access_log off; log_not_found off; }
    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Reloaded and restarted nginx server:

(base) marco@pc01:~$ sudo systemctl reload nginx
(base) marco@pc01:~$ sudo systemctl start nginx
(base) marco@pc01:~$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
(base) marco@pc01:~$ sudo systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2020-02-10 10:48:43 CET; 5min ago
     Docs: man:nginx(8)
  Process: 3859 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload  
(code=exited, status=0/SUCCESS)
  Process: 1017 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, 
status=0/SUCCESS)
  Process: 998 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, 
status=0/SUCCESS)
 Main PID: 1056 (nginx)
    Tasks: 9 (limit: 4915)
   CGroup: /system.slice/nginx.service
           ├─1056 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           ├─3861 nginx: worker process
           ├─3863 nginx: worker process
           ├─3864 nginx: worker process
           ├─3865 nginx: worker process
           ├─3866 nginx: worker process
           ├─3867 nginx: worker process
           ├─3868 nginx: worker process
           └─3869 nginx: worker process

feb 10 10:48:43 pc01 systemd[1]: Starting A high performance web server and a reverse proxy 
server...
feb 10 10:48:43 pc01 systemd[1]: Started A high performance web server and a reverse proxy 
server.
feb 10 10:50:35 pc01 systemd[1]: Reloading A high performance web server and a reverse proxy 
server.
feb 10 10:50:35 pc01 systemd[1]: Reloaded A high performance web server and a reverse proxy 
server.
feb 10 10:54:23 pc01 systemd[1]: Reloading A high performance web server and a reverse proxy 
server.
feb 10 10:54:23 pc01 systemd[1]: Reloaded A high performance web server and a reverse proxy 
server.

But I get "
Error - Certificate isn’t trusted, RemoteCertificateNameMismatch"

How to solve the problem?
Looking forward to your kind help.
Marco

Hi @marcoippolito

please read your output.

Why do you think a certificate with ggc.world should work with www.gcc.world?

Actuallty I’m right now trying to re-issue certificates wtih www.ggc.world as well:

acme.sh --issue -w /var/www/ggc.world/ -d ggc.world -d www.ggc.world --debug --force

but I’m getting a “new” error: www.ggc.world:Verify error:Invalid response from https://www.ggc.world/.well-known/acme-challenge/gPramZJtTpS2Ln0mWx9BlkEzinMyr3QMQEcDt0eVnkU [2.36.58.214]:

@JuergenAuer

This is the complete log output of my attempt to issue a certificate for ggc.world + www.ggc.world:

root@pc01:/etc/nginx/ssl/ggc.world# acme.sh --issue -w /var/www/ggc.world/ -d ggc.world -d www.ggc.world --debug --force
[lun 10 feb 2020, 11.59.54, CET] Lets find script dir.
[lun 10 feb 2020, 11.59.54, CET] SCRIPT=’/root/.acme.sh/acme.sh’
[lun 10 feb 2020, 11.59.54, CET] _script=’/root/.acme.sh/acme.sh’
[lun 10 feb 2020, 11.59.54, CET] _script_home=’/root/.acme.sh’
[lun 10 feb 2020, 11.59.54, CET] Using config home:/home/marco/webMatters/acme.sh/data/


v2.8.6
[lun 10 feb 2020, 11.59.54, CET] Running cmd: issue
[lun 10 feb 2020, 11.59.54, CET] _main_domain=‘ggc.world’
[lun 10 feb 2020, 11.59.54, CET] _alt_domains=‘www.ggc.world’
[lun 10 feb 2020, 11.59.54, CET] Using config home:/home/marco/webMatters/acme.sh/data/
[lun 10 feb 2020, 11.59.54, CET] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory
[lun 10 feb 2020, 11.59.54, CET] DOMAIN_PATH=’/home/marco/webMatters/acme.sh/data//ggc.world’
[lun 10 feb 2020, 11.59.54, CET] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[lun 10 feb 2020, 11.59.54, CET] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[lun 10 feb 2020, 11.59.54, CET] GET
[lun 10 feb 2020, 11.59.54, CET] url=‘https://acme-v02.api.letsencrypt.org/directory
[lun 10 feb 2020, 11.59.54, CET] timeout=
[lun 10 feb 2020, 11.59.54, CET] _CURL=‘curl -L --silent --dump-header /home/marco/webMatters/acme.sh/data//http.header -g ’
[lun 10 feb 2020, 11.59.55, CET] ret=‘0’
[lun 10 feb 2020, 11.59.55, CET] ACME_KEY_CHANGE=‘https://acme-v02.api.letsencrypt.org/acme/key-change
[lun 10 feb 2020, 11.59.55, CET] ACME_NEW_AUTHZ
[lun 10 feb 2020, 11.59.55, CET] ACME_NEW_ORDER=‘https://acme-v02.api.letsencrypt.org/acme/new-order
[lun 10 feb 2020, 11.59.55, CET] ACME_NEW_ACCOUNT=‘https://acme-v02.api.letsencrypt.org/acme/new-acct
[lun 10 feb 2020, 11.59.55, CET] ACME_REVOKE_CERT=‘https://acme-v02.api.letsencrypt.org/acme/revoke-cert
[lun 10 feb 2020, 11.59.55, CET] ACME_AGREEMENT=‘https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
[lun 10 feb 2020, 11.59.55, CET] ACME_NEW_NONCE=‘https://acme-v02.api.letsencrypt.org/acme/new-nonce
[lun 10 feb 2020, 11.59.55, CET] ACME_VERSION=‘2’
[lun 10 feb 2020, 11.59.55, CET] Le_NextRenewTime=‘1586369908’
[lun 10 feb 2020, 11.59.55, CET] _on_before_issue
[lun 10 feb 2020, 11.59.55, CET] _chk_main_domain=‘ggc.world’
[lun 10 feb 2020, 11.59.55, CET] _chk_alt_domains=‘www.ggc.world’
[lun 10 feb 2020, 11.59.55, CET] Le_LocalAddress
[lun 10 feb 2020, 11.59.55, CET] d=‘ggc.world’
[lun 10 feb 2020, 11.59.55, CET] Check for domain=‘ggc.world’
[lun 10 feb 2020, 11.59.55, CET] _currentRoot=’/var/www/ggc.world/’
[lun 10 feb 2020, 11.59.55, CET] d=‘www.ggc.world’
[lun 10 feb 2020, 11.59.55, CET] Check for domain=‘www.ggc.world’
[lun 10 feb 2020, 11.59.55, CET] _currentRoot=’/var/www/ggc.world/’
[lun 10 feb 2020, 11.59.55, CET] d
[lun 10 feb 2020, 11.59.55, CET] _saved_account_key_hash is not changed, skip register account.
[lun 10 feb 2020, 11.59.55, CET] Read key length:
[lun 10 feb 2020, 11.59.55, CET] _createcsr
[lun 10 feb 2020, 11.59.55, CET] Multi domain=‘DNS:ggc.world,DNS:www.ggc.world’
[lun 10 feb 2020, 11.59.55, CET] Getting domain auth token for each domain
[lun 10 feb 2020, 11.59.55, CET] d=‘www.ggc.world’
[lun 10 feb 2020, 11.59.55, CET] d
[lun 10 feb 2020, 11.59.55, CET] url=‘https://acme-v02.api.letsencrypt.org/acme/new-order
[lun 10 feb 2020, 11.59.55, CET] payload=’{“identifiers”: [{“type”:“dns”,“value”:“ggc.world”},{“type”:“dns”,“value”:“www.ggc.world”}]}’
[lun 10 feb 2020, 11.59.55, CET] RSA key
[lun 10 feb 2020, 11.59.55, CET] HEAD
[lun 10 feb 2020, 11.59.55, CET] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/new-nonce
[lun 10 feb 2020, 11.59.55, CET] _CURL=‘curl -L --silent --dump-header /home/marco/webMatters/acme.sh/data//http.header -g -I ’
[lun 10 feb 2020, 11.59.56, CET] _ret=‘0’
[lun 10 feb 2020, 11.59.56, CET] POST
[lun 10 feb 2020, 11.59.56, CET] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/new-order
[lun 10 feb 2020, 11.59.56, CET] _CURL=‘curl -L --silent --dump-header /home/marco/webMatters/acme.sh/data//http.header -g ’
[lun 10 feb 2020, 11.59.56, CET] _ret=‘0’
[lun 10 feb 2020, 11.59.56, CET] code=‘201’
[lun 10 feb 2020, 11.59.56, CET] Le_LinkOrder=‘https://acme-v02.api.letsencrypt.org/acme/order/77760425/2289074131
[lun 10 feb 2020, 11.59.56, CET] Le_OrderFinalize=‘https://acme-v02.api.letsencrypt.org/acme/finalize/77760425/2289074131
[lun 10 feb 2020, 11.59.56, CET] url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/2728308541
[lun 10 feb 2020, 11.59.56, CET] payload
[lun 10 feb 2020, 11.59.56, CET] POST
[lun 10 feb 2020, 11.59.56, CET] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/2728308541
[lun 10 feb 2020, 11.59.56, CET] _CURL=‘curl -L --silent --dump-header /home/marco/webMatters/acme.sh/data//http.header -g ’
[lun 10 feb 2020, 11.59.57, CET] _ret=‘0’
[lun 10 feb 2020, 11.59.57, CET] code=‘200’
[lun 10 feb 2020, 11.59.57, CET] url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/2740555628
[lun 10 feb 2020, 11.59.57, CET] payload
[lun 10 feb 2020, 11.59.57, CET] POST
[lun 10 feb 2020, 11.59.57, CET] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/2740555628
[lun 10 feb 2020, 11.59.57, CET] _CURL=‘curl -L --silent --dump-header /home/marco/webMatters/acme.sh/data//http.header -g ’
[lun 10 feb 2020, 11.59.58, CET] _ret=‘0’
[lun 10 feb 2020, 11.59.58, CET] code=‘200’
[lun 10 feb 2020, 11.59.58, CET] d=‘ggc.world’
[lun 10 feb 2020, 11.59.58, CET] Getting webroot for domain=‘ggc.world’
[lun 10 feb 2020, 11.59.58, CET] _w=’/var/www/ggc.world/’
[lun 10 feb 2020, 11.59.58, CET] _currentRoot=’/var/www/ggc.world/’
[lun 10 feb 2020, 11.59.58, CET] entry=’“type”:“http-01”,“status”:“valid”,“url”:“https://acme-v02.api.letsencrypt.org/acme/chall-v3/2728308541/UmtAkQ",“token”:“qtYTtmaMHh4RPaqWLAjC98eSVHSfc8ZmdvOdWcYDr1E”,“validationRecord”:[{“url”:“http://ggc.world/.well-known/acme-challenge/qtYTtmaMHh4RPaqWLAjC98eSVHSfc8ZmdvOdWcYDr1E”,“hostname”:“ggc.world”,“port”:“80”,“addressesResolved”:[“2.36.58.214”],“addressUsed”:"2.36.58.214”’
[lun 10 feb 2020, 11.59.58, CET] token=‘qtYTtmaMHh4RPaqWLAjC98eSVHSfc8ZmdvOdWcYDr1E’
[lun 10 feb 2020, 11.59.58, CET] uri=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/2728308541/UmtAkQ
[lun 10 feb 2020, 11.59.58, CET] keyauthorization=‘qtYTtmaMHh4RPaqWLAjC98eSVHSfc8ZmdvOdWcYDr1E.3saRMlkAj4d_m20XxunO7Z9O1TWIIqp2MbT-pbsKl3c’
[lun 10 feb 2020, 11.59.58, CET] ggc.world is already verified.
[lun 10 feb 2020, 11.59.58, CET] keyauthorization=‘verified_ok’
[lun 10 feb 2020, 11.59.58, CET] dvlist=‘ggc.world#verified_ok#https://acme-v02.api.letsencrypt.org/acme/chall-v3/2728308541/UmtAkQ#http-01#/var/www/ggc.world/
[lun 10 feb 2020, 11.59.58, CET] d=‘www.ggc.world’
[lun 10 feb 2020, 11.59.58, CET] Getting webroot for domain=‘www.ggc.world’
[lun 10 feb 2020, 11.59.58, CET] _w=’/var/www/ggc.world/’
[lun 10 feb 2020, 11.59.58, CET] _currentRoot=’/var/www/ggc.world/’
[lun 10 feb 2020, 11.59.58, CET] entry=’“type”:“http-01”,“status”:“pending”,“url”:“https://acme-v02.api.letsencrypt.org/acme/chall-v3/2740555628/1zk06w",“token”:"gPramZJtTpS2Ln0mWx9BlkEzinMyr3QMQEcDt0eVnkU”’
[lun 10 feb 2020, 11.59.58, CET] token=‘gPramZJtTpS2Ln0mWx9BlkEzinMyr3QMQEcDt0eVnkU’
[lun 10 feb 2020, 11.59.58, CET] uri=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/2740555628/1zk06w
[lun 10 feb 2020, 11.59.58, CET] keyauthorization=‘gPramZJtTpS2Ln0mWx9BlkEzinMyr3QMQEcDt0eVnkU.3saRMlkAj4d_m20XxunO7Z9O1TWIIqp2MbT-pbsKl3c’
[lun 10 feb 2020, 11.59.58, CET] dvlist=‘www.ggc.world#gPramZJtTpS2Ln0mWx9BlkEzinMyr3QMQEcDt0eVnkU.3saRMlkAj4d_m20XxunO7Z9O1TWIIqp2MbT-pbsKl3c#https://acme-v02.api.letsencrypt.org/acme/chall-v3/2740555628/1zk06w#http-01#/var/www/ggc.world/
[lun 10 feb 2020, 11.59.58, CET] d
[lun 10 feb 2020, 11.59.58, CET] vlist=‘ggc.world#verified_ok#https://acme-v02.api.letsencrypt.org/acme/chall-v3/2728308541/UmtAkQ#http-01#/var/www/ggc.world/,www.ggc.world#gPramZJtTpS2Ln0mWx9BlkEzinMyr3QMQEcDt0eVnkU.3saRMlkAj4d_m20XxunO7Z9O1TWIIqp2MbT-pbsKl3c#https://acme-v02.api.letsencrypt.org/acme/chall-v3/2740555628/1zk06w#http-01#/var/www/ggc.world/,’
[lun 10 feb 2020, 11.59.58, CET] d=‘ggc.world’
[lun 10 feb 2020, 11.59.58, CET] ggc.world is already verified, skip http-01.
[lun 10 feb 2020, 11.59.58, CET] d=‘www.ggc.world’
[lun 10 feb 2020, 11.59.58, CET] ok, let’s start to verify
[lun 10 feb 2020, 11.59.58, CET] ggc.world is already verified, skip http-01.
[lun 10 feb 2020, 11.59.58, CET] Verifying: www.ggc.world
[lun 10 feb 2020, 11.59.58, CET] d=‘www.ggc.world’
[lun 10 feb 2020, 11.59.58, CET] keyauthorization=‘gPramZJtTpS2Ln0mWx9BlkEzinMyr3QMQEcDt0eVnkU.3saRMlkAj4d_m20XxunO7Z9O1TWIIqp2MbT-pbsKl3c’
[lun 10 feb 2020, 11.59.58, CET] uri=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/2740555628/1zk06w
[lun 10 feb 2020, 11.59.58, CET] _currentRoot=’/var/www/ggc.world/’
[lun 10 feb 2020, 11.59.58, CET] wellknown_path=’/var/www/ggc.world//.well-known/acme-challenge’
[lun 10 feb 2020, 11.59.58, CET] writing token:gPramZJtTpS2Ln0mWx9BlkEzinMyr3QMQEcDt0eVnkU to /var/www/ggc.world//.well-known/acme-challenge/gPramZJtTpS2Ln0mWx9BlkEzinMyr3QMQEcDt0eVnkU
[lun 10 feb 2020, 11.59.58, CET] Changing owner/group of .well-known to root:www-data
[lun 10 feb 2020, 11.59.58, CET] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/2740555628/1zk06w
[lun 10 feb 2020, 11.59.58, CET] payload=’{}’
[lun 10 feb 2020, 11.59.58, CET] POST
[lun 10 feb 2020, 11.59.58, CET] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/2740555628/1zk06w
[lun 10 feb 2020, 11.59.58, CET] _CURL=‘curl -L --silent --dump-header /home/marco/webMatters/acme.sh/data//http.header -g ’
[lun 10 feb 2020, 11.59.59, CET] _ret=‘0’
[lun 10 feb 2020, 11.59.59, CET] code=‘200’
[lun 10 feb 2020, 11.59.59, CET] trigger validation code: 200
[lun 10 feb 2020, 11.59.59, CET] sleep 2 secs to verify
[lun 10 feb 2020, 12.00.01, CET] checking
[lun 10 feb 2020, 12.00.01, CET] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/2740555628/1zk06w
[lun 10 feb 2020, 12.00.01, CET] payload
[lun 10 feb 2020, 12.00.01, CET] POST
[lun 10 feb 2020, 12.00.01, CET] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/2740555628/1zk06w
[lun 10 feb 2020, 12.00.01, CET] _CURL=‘curl -L --silent --dump-header /home/marco/webMatters/acme.sh/data//http.header -g ’
[lun 10 feb 2020, 12.00.01, CET] _ret=‘0’
[lun 10 feb 2020, 12.00.01, CET] code=‘200’
[lun 10 feb 2020, 12.00.01, CET] www.ggc.world:Verify error:Invalid response from https://www.ggc.world/.well-known/acme-challenge/gPramZJtTpS2Ln0mWx9BlkEzinMyr3QMQEcDt0eVnkU [2.36.58.214]:
[lun 10 feb 2020, 12.00.01, CET] Debug: get token url.
[lun 10 feb 2020, 12.00.01, CET] GET
[lun 10 feb 2020, 12.00.01, CET] url=‘http://www.ggc.world/.well-known/acme-challenge/gPramZJtTpS2Ln0mWx9BlkEzinMyr3QMQEcDt0eVnkU
[lun 10 feb 2020, 12.00.01, CET] timeout=1
[lun 10 feb 2020, 12.00.02, CET] _CURL=‘curl -L --silent --dump-header /home/marco/webMatters/acme.sh/data//http.header -g --connect-timeout 1’
[lun 10 feb 2020, 12.00.02, CET] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 51
[lun 10 feb 2020, 12.00.02, CET] ret=‘51’
[lun 10 feb 2020, 12.00.02, CET] Debugging, skip removing: /var/www/ggc.world//.well-known/acme-challenge/gPramZJtTpS2Ln0mWx9BlkEzinMyr3QMQEcDt0eVnkU
[lun 10 feb 2020, 12.00.02, CET] pid
[lun 10 feb 2020, 12.00.02, CET] No need to restore nginx, skip.
[lun 10 feb 2020, 12.00.02, CET] _clearupdns
[lun 10 feb 2020, 12.00.02, CET] dns_entries
[lun 10 feb 2020, 12.00.02, CET] skip dns.
[lun 10 feb 2020, 12.00.02, CET] _on_issue_err
[lun 10 feb 2020, 12.00.02, CET] Please add ‘–debug’ or ‘–log’ to check more details.
[lun 10 feb 2020, 12.00.02, CET] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[lun 10 feb 2020, 12.00.02, CET] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/2728308541/UmtAkQ
[lun 10 feb 2020, 12.00.02, CET] payload=’{}’
[lun 10 feb 2020, 12.00.02, CET] POST
[lun 10 feb 2020, 12.00.02, CET] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/2728308541/UmtAkQ
[lun 10 feb 2020, 12.00.02, CET] _CURL=‘curl -L --silent --dump-header /home/marco/webMatters/acme.sh/data//http.header -g ’
[lun 10 feb 2020, 12.00.03, CET] _ret=‘0’
[lun 10 feb 2020, 12.00.03, CET] code=‘200’
[lun 10 feb 2020, 12.00.03, CET] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/2740555628/1zk06w
[lun 10 feb 2020, 12.00.03, CET] payload=’{}’
[lun 10 feb 2020, 12.00.03, CET] POST
[lun 10 feb 2020, 12.00.03, CET] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/2740555628/1zk06w
[lun 10 feb 2020, 12.00.03, CET] _CURL=‘curl -L --silent --dump-header /home/marco/webMatters/acme.sh/data//http.header -g ’
[lun 10 feb 2020, 12.00.04, CET] _ret=‘0’
[lun 10 feb 2020, 12.00.04, CET] code=‘400’
[lun 10 feb 2020, 12.00.04, CET] socat doesn’t exists.
[lun 10 feb 2020, 12.00.04, CET] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.1 11 Sep 2018
apache:
apache doesn’t exists.
nginx:
nginx version: nginx/1.14.0 (Ubuntu)
built with OpenSSL 1.1.1 11 Sep 2018
TLS SNI support enabled
configure arguments: --with-cc-opt=’-g -O2 -fdebug-prefix-map=/build/nginx-GkiujU/nginx-1.14.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2’ --with-ld-opt=’-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC’ --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module
socat:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.