Error connection refused

bernardoc · August 5, 2021, 12:40pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mediterraneodesign.dyndns.org

I ran this command: certbot -v --apache -d mediterraneodesign.dyndns.org

It produced this output:

My web server is (include version): apache 2 - 2.4.18

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: localhost

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.18.0

bernardoc · August 5, 2021, 12:47pm

this is may log file:

2021-08-05 14:29:07,402:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2021-08-05 14:29:07,909:DEBUG:certbot._internal.main:certbot version: 1.18.0
2021-08-05 14:29:07,909:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1343/bin/certbot
2021-08-05 14:29:07,909:DEBUG:certbot._internal.main:Arguments: ['-v', '--apache', '-d', 'mediterraneodesign.dyndns.org', '--preconfigured-renewal']
2021-08-05 14:29:07,910:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-08-05 14:29:07,927:DEBUG:certbot._internal.log:Root logging level set at 20
2021-08-05 14:29:07,928:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2021-08-05 14:29:08,039:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.18
2021-08-05 14:29:08,332:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7f2d95c59100>
Prep: True
2021-08-05 14:29:08,332:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7f2d95c59100> and installer <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7f2d95c59100>
2021-08-05 14:29:08,333:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2021-08-05 14:29:08,343:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f2d93a0f0d0>)>), contact=('mailto:itfacility.medesign@gmail.com',), agreement='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf', status='valid', terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v01.api.letsencrypt.org/acme/reg/37017781', new_authzr_uri='https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'), 3545dbf72358023f69415479110179b2, Meta(creation_dt=datetime.datetime(2018, 6, 22, 8, 19, 58, tzinfo=<UTC>), creation_host='ubuntu', register_to_eff=None))>
2021-08-05 14:29:08,344:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-08-05 14:29:08,346:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-08-05 14:29:09,004:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-08-05 14:29:09,004:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 05 Aug 2021 12:29:08 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "pzP7d1djSbs": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-08-05 14:29:09,006:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for mediterraneodesign.dyndns.org
2021-08-05 14:29:09,493:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0050_key-certbot.pem
2021-08-05 14:29:09,498:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0050_csr-certbot.pem
2021-08-05 14:29:09,498:DEBUG:acme.client:Requesting fresh nonce
2021-08-05 14:29:09,499:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-08-05 14:29:09,662:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-08-05 14:29:09,662:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 05 Aug 2021 12:29:09 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001Aj8O4ORD_It6hKrOaZY3TjzquJQVVn1rL0NyjcKyDNI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-08-05 14:29:09,663:DEBUG:acme.client:Storing nonce: 0001Aj8O4ORD_It6hKrOaZY3TjzquJQVVn1rL0NyjcKyDNI
2021-08-05 14:29:09,663:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "mediterraneodesign.dyndns.org"\n    }\n  ]\n}'
2021-08-05 14:29:09,666:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNzAxNzc4MSIsICJub25jZSI6ICIwMDAxQWo4TzRPUkRfSXQ2aEtyT2FaWTNUanpxdUpRVlZuMXJMME55amNLeUROSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
  "signature": "XPhUGJslntyxQTyMrUQeiQvfJk6tOO9HhmillitCfvHVJbVVgcdethY-2E2GUhRi5OaoxbWrfLDwITYSMmyYve9O49WLpXZVwYvN8u3Xl7KD2g9AUZwAD0g0pHXaouTvcrL3d5Ga70k_iymcPL-cKBTUS6RMmV4Uco5QUx5kfzf49NLBTqcq2GKXQxHdqS6GRmf0edDwc8QnuipGJ8VPldQqfdWICiNabEC7y1xxcma4j15y_7GeAnNf3oWw53uUT63gtHn3bWkGodzrO6sqLmwEJ4loZkPp4KFWfrL8ClvPHDtwUodUUpj3dAZh5yfftVI0Z2KvaDWDQwksJGk5fQ",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1lZGl0ZXJyYW5lb2Rlc2lnbi5keW5kbnMub3JnIgogICAgfQogIF0KfQ"
}
2021-08-05 14:29:09,949:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 351
2021-08-05 14:29:09,949:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 05 Aug 2021 12:29:09 GMT
Content-Type: application/json
Content-Length: 351
Connection: keep-alive
Boulder-Requester: 37017781
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/37017781/14703406800
Replay-Nonce: 0001q7c61YDc4p_AOk4yiQ0ED6afT2fhhL9ZUuL5i1Qk0DY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-08-12T12:29:09Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "mediterraneodesign.dyndns.org"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/19181633370"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/37017781/14703406800"
}
2021-08-05 14:29:09,954:DEBUG:acme.client:Storing nonce: 0001q7c61YDc4p_AOk4yiQ0ED6afT2fhhL9ZUuL5i1Qk0DY
2021-08-05 14:29:09,954:DEBUG:acme.client:JWS payload:
b''
2021-08-05 14:29:09,958:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/19181633370:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNzAxNzc4MSIsICJub25jZSI6ICIwMDAxcTdjNjFZRGM0cF9BT2s0eWlRMEVENmFmVDJmaGhMOVpVdUw1aTFRazBEWSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTkxODE2MzMzNzAifQ",
  "signature": "oE11N0o6z1cxPpRK20mK4K8GFZOZuInqNrUmbGvQG8rkgl279hzBPlryBkg28m31UmtQ1WgTzidRsg4krGQm4JoUjICOw3pgn5hesSr1swcgrCXZMwH7cfmHaTEYULmjig1tTQxEfUiOIdErQBN5teRY_E7WKZSmLzaD1mMoJtDFLB1WqVnOdz5EdsyXmsGTuOylh4BtKp6LDrOXsvmksk-eaDL__2Jb5iHv4So6WuH8hQjiD5_8FfvHRnAOUcSFhKwfpDefnWeLcHSvrTXGxkL0JquOAeaVOMr6Etf8L6g5CjKfN8N1hRWt1jokGSsBc3UaDLIItRK51t8AV9mFsA",
  "payload": ""
}
2021-08-05 14:29:10,140:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/19181633370 HTTP/1.1" 200 810
2021-08-05 14:29:10,141:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 05 Aug 2021 12:29:10 GMT
Content-Type: application/json
Content-Length: 810
Connection: keep-alive
Boulder-Requester: 37017781
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002w4MU1YBbslmoNlq_v65cvZq8DGJFMRzBmmDzMrCtQ_M
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mediterraneodesign.dyndns.org"
  },
  "status": "pending",
  "expires": "2021-08-12T12:29:09Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/19181633370/H_xqEQ",
      "token": "Ai3p0xixJELqCq4DJQPFp4OcZH6nG7C8F-6ivDhb61c"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/19181633370/qFLO7g",
      "token": "Ai3p0xixJELqCq4DJQPFp4OcZH6nG7C8F-6ivDhb61c"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/19181633370/E2njJw",
      "token": "Ai3p0xixJELqCq4DJQPFp4OcZH6nG7C8F-6ivDhb61c"
    }
  ]
}
2021-08-05 14:29:10,141:DEBUG:acme.client:Storing nonce: 0002w4MU1YBbslmoNlq_v65cvZq8DGJFMRzBmmDzMrCtQ_M
2021-08-05 14:29:10,142:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-08-05 14:29:10,142:INFO:certbot._internal.auth_handler:http-01 challenge for mediterraneodesign.dyndns.org
2021-08-05 14:29:10,152:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: mediterraneodesign.ddns.net in: /etc/apache2/sites-enabled/owncloud.conf
2021-08-05 14:29:10,152:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: mediterraneodesign.ddns.net in: /etc/apache2/sites-enabled/000-default.conf
2021-08-05 14:29:10,153:DEBUG:certbot_apache._internal.http_01:writing a pre config file with text:
         RewriteEngine on
        RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
    
2021-08-05 14:29:10,153:DEBUG:certbot_apache._internal.http_01:writing a post config file with text:
         <Directory /var/lib/letsencrypt/http_challenges>
            Require all granted
        </Directory>
        <Location /.well-known/acme-challenge>
            Require all granted
        </Location>
    
2021-08-05 14:29:10,191:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/owncloud.conf
2021-08-05 14:29:10,192:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/000-default.conf
2021-08-05 14:29:13,407:DEBUG:acme.client:JWS payload:
b'{}'
2021-08-05 14:29:13,411:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/19181633370/H_xqEQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNzAxNzc4MSIsICJub25jZSI6ICIwMDAydzRNVTFZQmJzbG1vTmxxX3Y2NWN2WnE4REdKRk1SekJtbUR6TXJDdFFfTSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTkxODE2MzMzNzAvSF94cUVRIn0",
  "signature": "keqORYyIEMm6HTpCLSOZw5EHMfzjHaLveZCGxB5Heeqoand1MNUUA2lubQDycekClVSNp82YYDbcEDIHeOKwGwGy4mwPbmxxabAFC9PJD9K_iUsz1oQS-3eVQ1OwZX8PYTnNjgTKTtfEHMuZNid1ebzNxTMhjiMpwyJLhK865CGtNScK4H8ldWhmy8lPBnNmCc8huZwpp4v649FgRJ2mZiRASDnk2kChhB1Mya4V71p8bQjIT9bGjB12KPslsvuZMIzmOmsSYblRf1Bf9Ea93GH8fKkMoZhaOcGMzhBl-O4V_jzKNfSyntsUJbhUYVw93DofnStp2_yIRYr80Ovg8w",
  "payload": "e30"
}
2021-08-05 14:29:13,614:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/19181633370/H_xqEQ HTTP/1.1" 200 186
2021-08-05 14:29:13,615:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 05 Aug 2021 12:29:13 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 37017781
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/19181633370>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/19181633370/H_xqEQ
Replay-Nonce: 0001txZuxOfAOa51iXeyPtDe0ZUWq3KoK3MaeBkTWrCrS9c
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/19181633370/H_xqEQ",
  "token": "Ai3p0xixJELqCq4DJQPFp4OcZH6nG7C8F-6ivDhb61c"
}
2021-08-05 14:29:13,616:DEBUG:acme.client:Storing nonce: 0001txZuxOfAOa51iXeyPtDe0ZUWq3KoK3MaeBkTWrCrS9c
2021-08-05 14:29:13,616:INFO:certbot._internal.auth_handler:Waiting for verification...
2021-08-05 14:29:14,618:DEBUG:acme.client:JWS payload:
b''
2021-08-05 14:29:14,621:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/19181633370:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNzAxNzc4MSIsICJub25jZSI6ICIwMDAxdHhadXhPZkFPYTUxaVhleVB0RGUwWlVXcTNLb0szTWFlQmtUV3JDclM5YyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTkxODE2MzMzNzAifQ",
  "signature": "f5JBjOtUWbaSk9aJr3rVWJ9qvrNqJ3kGQF9Bt50zExjZmH8E-rp_Kj76GHnzCHd1uxmJqQkWjivY-aTQd7QJmEY1G7LbscczdI2WeGeTs1AqRCwn2ioVZcszm9DPSa-_-iaCeZe9xEsmaJb_3_N7vXRv_c5FzkdGTKSanNPbHrNW5BnbQJu1Wvi_J9twKD3yr6SwutBk2LUIZhTIahRUgEh9OgrUbbEMZGpIN6p78RrIuI4qeiPPg07G6MHsg7kMeD86l4qth2jKpw2zNI-Tj8OFOezVGdhZHpEutrCIwOaU5QpMBy7EyDnptNO_fuXC8efrQIF78KzeuQ3RbI-peA",
  "payload": ""
}
2021-08-05 14:29:14,792:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/19181633370 HTTP/1.1" 200 1072
2021-08-05 14:29:14,793:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 05 Aug 2021 12:29:14 GMT
Content-Type: application/json
Content-Length: 1072
Connection: keep-alive
Boulder-Requester: 37017781
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002Cfo9I8z5QMKhEqWZz0oxxca7Zc3f6X8dPMz6Q6hFguo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mediterraneodesign.dyndns.org"
  },
  "status": "invalid",
  "expires": "2021-08-12T12:29:09Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "Fetching http://mediterraneodesign.dyndns.org/.well-known/acme-challenge/Ai3p0xixJELqCq4DJQPFp4OcZH6nG7C8F-6ivDhb61c: Connection refused",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/19181633370/H_xqEQ",
      "token": "Ai3p0xixJELqCq4DJQPFp4OcZH6nG7C8F-6ivDhb61c",
      "validationRecord": [
        {
          "url": "http://mediterraneodesign.dyndns.org/.well-known/acme-challenge/Ai3p0xixJELqCq4DJQPFp4OcZH6nG7C8F-6ivDhb61c",
          "hostname": "mediterraneodesign.dyndns.org",
          "port": "80",
          "addressesResolved": [
            "185.177.194.240"
          ],
          "addressUsed": "185.177.194.240"
        }
      ],
      "validated": "2021-08-05T12:29:13Z"
    }
  ]
}
2021-08-05 14:29:14,793:DEBUG:acme.client:Storing nonce: 0002Cfo9I8z5QMKhEqWZz0oxxca7Zc3f6X8dPMz6Q6hFguo
2021-08-05 14:29:14,794:INFO:certbot._internal.auth_handler:Challenge failed for domain mediterraneodesign.dyndns.org
2021-08-05 14:29:14,794:INFO:certbot._internal.auth_handler:http-01 challenge for mediterraneodesign.dyndns.org
2021-08-05 14:29:14,795:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: mediterraneodesign.dyndns.org
  Type:   connection
  Detail: Fetching http://mediterraneodesign.dyndns.org/.well-known/acme-challenge/Ai3p0xixJELqCq4DJQPFp4OcZH6nG7C8F-6ivDhb61c: Connection refused

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

2021-08-05 14:29:14,795:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2021-08-05 14:29:14,796:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-08-05 14:29:14,796:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-08-05 14:29:15,048:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/1343/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/main.py", line 1566, in main
    return config.func(config, plugins)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/main.py", line 1280, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/main.py", line 128, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/client.py", line 456, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/client.py", line 386, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/client.py", line 436, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-08-05 14:29:15,050:ERROR:certbot._internal.log:Some challenges have failed.
2021-08-05 14:34:59,880:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2021-08-05 14:35:00,382:DEBUG:certbot._internal.main:certbot version: 1.18.0
2021-08-05 14:35:00,382:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1343/bin/certbot
2021-08-05 14:35:00,382:DEBUG:certbot._internal.main:Arguments: ['--nginx', '--dry-run', '-d', 'mediterraneodesign.dyndns.org', '--preconfigured-renewal']
2021-08-05 14:35:00,383:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-08-05 14:35:00,400:DEBUG:certbot._internal.log:Root logging level set at 30
2021-08-05 14:35:00,402:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2021-08-05 14:35:00,409:DEBUG:certbot._internal.plugins.disco:No installation (PluginEntryPoint#nginx): Could not find a usable 'nginx' binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.
Traceback (most recent call last):
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/plugins/disco.py", line 153, in prepare
    self._initialized.prepare()  # type: ignore
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot_nginx/_internal/configurator.py", line 186, in prepare
    raise errors.NoInstallationError(
certbot.errors.NoInstallationError: Could not find a usable 'nginx' binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.
2021-08-05 14:35:00,414:DEBUG:certbot._internal.plugins.selection:No candidate plugin
2021-08-05 14:35:00,414:DEBUG:certbot._internal.plugins.selection:No candidate plugin
2021-08-05 14:35:00,414:DEBUG:certbot._internal.plugins.selection:Selected authenticator None and installer None
2021-08-05 14:35:00,415:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/1343/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/main.py", line 1566, in main
    return config.func(config, plugins)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/main.py", line 1406, in certonly
    installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/plugins/selection.py", line 226, in choose_configurator_plugins
    diagnose_configurator_problem("authenticator", req_auth, plugins)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/plugins/selection.py", line 330, in diagnose_configurator_problem
    raise errors.PluginSelectionError(msg)
certbot.errors.PluginSelectionError: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError("Could not find a usable 'nginx' binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.")
2021-08-05 14:35:00,416:ERROR:certbot._internal.log:The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError("Could not find a usable 'nginx' binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.")

Osiris · August 5, 2021, 5:09pm

Here's the appropriate error: the Let's Encrypt validation server can't reach your Apache webserver on port 80. Nor can I by the way. You need to make sure your webserver is reachable on port 80 from the world wide web.

Also, I don't really understand why you tried certbot --nginx --dry-run too? Do you have a nginx webserver running too perhaps? Although that's unlikely looking at the error message provided after you tried that..

bernardoc · August 5, 2021, 5:13pm

hi, thank for the answare:

why you tried certbot --nginx --dry-run too? *** SORRY I'M NEWBEE, I'VE TRIED

Port 80 seems tobe closed on open port check tool.
is it possible open both 80 and 443?
i've to keep open also after finished the installation?

tnx & regards

Osiris · August 5, 2021, 5:23pm

That's through HTTPS, which used port 443. The --apache plugin can only work with the so called http-01 challenge, which uses HTTP port 80.

You can read more about the different challenges here:

In general, it's a good idea to read all the documentation available on the Let's Encrypt site.

Yes it is.

That's recommended, yes. Please see:

bernardoc · August 5, 2021, 5:28pm

root@ubuntu:/disco8t# sudo ufw app list
Applicazioni disponibili:
Apache
Apache Full
Apache Secure
OpenSSH
Samba
root@ubuntu:/disco8t# sudo ufw app info "Apache Full"
Profilo: Apache Full
Titolo: Web Server (HTTP,HTTPS)
Descrizione: Apache v2 is the next generation of the omnipresent Apache web
server.

Porte:
80,443/tcp
root@ubuntu:/disco8t# sudo ufw allow in "Apache Full"
Omessa l'aggiunto di regola esistente
Omessa l'aggiunto di regola esistente (v6)
root@ubuntu:/disco8t# certbot --apache -d mediterraneodesign.dyndns.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for mediterraneodesign.dyndns.org

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: mediterraneodesign.dyndns.org
Type: connection
Detail: Fetching http://mediterraneodesign.dyndns.org/.well-known/acme-challenge/912DGq8R8ajo9NjZzK5DUoqj5gVEKajFmkvykKFuQ-o: Connection refused

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

bernardoc · August 5, 2021, 5:37pm

A Azione Da

80,443/tcp (Apache Full) ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
80,443/tcp (Apache Full (v6)) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)

Osiris · August 5, 2021, 6:05pm

Is your Apache configured for listening on port 80? Perhaps you could share the output of sudo apachectl -S ?

rg305 · August 5, 2021, 7:59pm

OR (gasp!)
Maybe the ISP blocks port 80.

Hint: You need a functional HTTP site before you can secure it (using HTTP authentication).

system · September 4, 2021, 7:59pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.