I'm getting "Error getting validation data" with status 400 for the challenge URL and I have no idea why. I see Nginx returning 200 for it in the access log, and it works if I try it manually. I'm not using IPv6 (no AAAA, not enabled on server, firewall blocks it). It's a fresh install of Debian, Nginx and Certbot as of yesterday. The Nginx config is about as basic as you can get and serves HTML just fine. DNS setup hasn't changed in a long time (CAA 0 issue "letsencrypt.org" record is there)... Anyone have any ideas?
My domain is: escm.ml
I ran this command: certbot certonly --nginx -d "escm.ml" --debug-challenges --dry-run
It produced this output: See below
My web server is (include version): nginx/1.18.0
The operating system my web server runs on is (include version): Debian 10.9
My hosting provider, if applicable, is: Me
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot 1.14.0
Debug log:
2021-04-10 19:56:34,505:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2021-04-10 19:56:34,930:DEBUG:certbot._internal.main:certbot version: 1.14.0
2021-04-10 19:56:34,930:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1093/bin/certbot
2021-04-10 19:56:34,930:DEBUG:certbot._internal.main:Arguments: ['--nginx', '-d', 'escm.ml', '--debug-challenges', '--dry-run', '--preconfigured-renewal']
2021-04-10 19:56:34,930:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-04-10 19:56:34,948:DEBUG:certbot._internal.log:Root logging level set at 20
2021-04-10 19:56:34,948:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-04-10 19:56:34,949:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2021-04-10 19:56:35,067:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f80bcb85df0>
Prep: True
2021-04-10 19:56:35,068:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f80bcb85df0>
Prep: True
2021-04-10 19:56:35,068:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f80bcb85df0> and installer <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f80bcb85df0>
2021-04-10 19:56:35,068:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2021-04-10 19:56:35,078:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/19016084', new_authzr_uri=None, terms_of_service=None), 855b82e654230c82496679cfb0491e1b, Meta(creation_dt=datetime.datetime(2021, 4, 10, 19, 0, 49, tzinfo=<UTC>), creation_host='WebServer.lan', register_to_eff=None))>
2021-04-10 19:56:35,080:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2021-04-10 19:56:35,082:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2021-04-10 19:56:35,775:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 724
2021-04-10 19:56:35,775:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 10 Apr 2021 23:56:35 GMT
Content-Type: application/json
Content-Length: 724
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"k-aG3-bsdmg": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org/docs/staging-environment/"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-04-10 19:56:35,776:DEBUG:certbot.display.util:Notifying user: Simulating a certificate request for escm.ml
2021-04-10 19:56:35,946:DEBUG:acme.client:Requesting fresh nonce
2021-04-10 19:56:35,946:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2021-04-10 19:56:36,026:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-04-10 19:56:36,027:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 10 Apr 2021 23:56:35 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00031DQuZmQJuQpA1ed6phTJQP6MH99nEtcge-kSJYNz_RQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2021-04-10 19:56:36,027:DEBUG:acme.client:Storing nonce: 00031DQuZmQJuQpA1ed6phTJQP6MH99nEtcge-kSJYNz_RQ
2021-04-10 19:56:36,027:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "escm.ml"\n }\n ]\n}'
2021-04-10 19:56:36,029:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTAxNjA4NCIsICJub25jZSI6ICIwMDAzMURRdVptUUp1UXBBMWVkNnBoVEpRUDZNSDk5bkV0Y2dlLWtTSllOel9SUSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "JRqiu_qXvwxe7JQqzsUfYSZAniWj9Dy8Ndsb0oAHEehvcB7RiVVOqzs2DaiVzpUYpKxOcHUvL59RYtep3Hd4NjIwvCQOYXd8G5Q1s1-cGV_y2-8fmnV9TSi_foizqJLSo00OP7FVAav3qdSLoBhOQ9aOermWxzvIBA8Te8A9Q7VvY5o_KSTNTYGz5N__0ENC4vb9FVFVT5FU933QSefeOPqX4Lwefd16c_1xt36E8N0B21YlbpIXFRTXHwj1vIU4F19B9LBvTmI8Xs9DKiAMadWnG7lw4buXr6lUr_pU69Zjm-_UOh0Ls9x0S6diJiLpGRvV7vFBvA9yT9ntRMEGQg",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImVzY20ubWwiCiAgICB9CiAgXQp9"
}
2021-04-10 19:56:36,146:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 339
2021-04-10 19:56:36,147:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sat, 10 Apr 2021 23:56:36 GMT
Content-Type: application/json
Content-Length: 339
Connection: keep-alive
Boulder-Requester: 19016084
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/19016084/29429321
Replay-Nonce: 0004RRcU-TfvYTpQobr7FV1sGTrOi7fcLegAbc7cVPZmIVg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2021-04-17T23:56:36Z",
"identifiers": [
{
"type": "dns",
"value": "escm.ml"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/25872200"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/19016084/29429321"
}
2021-04-10 19:56:36,147:DEBUG:acme.client:Storing nonce: 0004RRcU-TfvYTpQobr7FV1sGTrOi7fcLegAbc7cVPZmIVg
2021-04-10 19:56:36,147:DEBUG:acme.client:JWS payload:
b''
2021-04-10 19:56:36,149:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/25872200:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTAxNjA4NCIsICJub25jZSI6ICIwMDA0UlJjVS1UZnZZVHBRb2JyN0ZWMXNHVHJPaTdmY0xlZ0FiYzdjVlBabUlWZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNTg3MjIwMCJ9",
"signature": "TkwjaToxl4l2XIyf1YD92DmtDG7ldNAoO-M21SCh3xq7hTlbNUmJO1YSdQxYLi34Wyt1U3h695fS1Zqp_oD9dYi93kCYb42B2sTC3cmFh1wmt4SqKMn-5i41N7Eq79WWhrQXxMiIwAFbD5P5WXvF0OVjcah3bLZEoAWZCIbsDy88mjT4MY5gx8klAD8lUnGEI_ufPDxb3VddH60TKtbTlXDW7ojnNNhoxn_tWE3tvYTxPxi4z-ryAyURzO3hm5v9R9Fp7jkFN3EGPTqZQpIQbZ1PyzEWJn7UnMws6NskBuFLhheOHwGArWWozGU57RPYcNqPSOmKn2f_FRWqFoEfYQ",
"payload": ""
}
2021-04-10 19:56:36,238:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/25872200 HTTP/1.1" 200 803
2021-04-10 19:56:36,239:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 10 Apr 2021 23:56:36 GMT
Content-Type: application/json
Content-Length: 803
Connection: keep-alive
Boulder-Requester: 19016084
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0004LMYfi_TP7wULiZpbM18f1O2ikIxtXuFQwFGxdWAspjw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "escm.ml"
},
"status": "pending",
"expires": "2021-04-17T23:56:36Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25872200/HxGzqg",
"token": "PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25872200/5LGqnQ",
"token": "PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25872200/XQSO4w",
"token": "PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc"
}
]
}
2021-04-10 19:56:36,239:DEBUG:acme.client:Storing nonce: 0004LMYfi_TP7wULiZpbM18f1O2ikIxtXuFQwFGxdWAspjw
2021-04-10 19:56:36,239:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-04-10 19:56:36,240:INFO:certbot._internal.auth_handler:http-01 challenge for escm.ml
2021-04-10 19:56:36,245:DEBUG:certbot_nginx._internal.http_01:Generated server block:
[]
2021-04-10 19:56:36,246:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
2021-04-10 19:56:36,246:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
2021-04-10 19:56:36,246:DEBUG:certbot.reverter:Creating backup of /etc/nginx/conf.d/default.conf
2021-04-10 19:56:36,247:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/nginx.conf:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/letsencrypt/le_http_01_cert_challenge.conf;
server_names_hash_bucket_size 128;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
2021-04-10 19:56:36,248:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/conf.d/default.conf:
server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
server_name escm.ml;
listen 80;
location / {
root /var/www/html;
index index.html;
}
location = /.well-known/acme-challenge/PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc{default_type text/plain;return 200 PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc.tEWGUSWdPFLTgLNoZthzugaPO54UVO8RVHyaJgMVh_c;} # managed by Certbot
}
2021-04-10 19:56:37,259:INFO:certbot._internal.auth_handler:Waiting for verification...
2021-04-10 19:56:37,260:DEBUG:certbot.display.util:Notifying user: Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about
challenges.
2021-04-10 19:56:37,870:DEBUG:acme.client:JWS payload:
b'{}'
2021-04-10 19:56:37,872:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25872200/HxGzqg:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTAxNjA4NCIsICJub25jZSI6ICIwMDA0TE1ZZmlfVFA3d1VMaVpwYk0xOGYxTzJpa0l4dFh1RlF3Rkd4ZFdBc3BqdyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8yNTg3MjIwMC9IeEd6cWcifQ",
"signature": "rugE-covM9I0T_Yvf1-msSig4ncHkbH9QKyie0HRxqpJfh2sR0Q7vDNF24-lDRSIF08bO0Aft1bxgTRbilNwibOmcWQ0O4cHCkLQxbgOD2sKgDbaTlBTzxvE6yk4JiVkC8tBdmh_MwEP4B0Zs_SfUq_saQK-w5sgXRue3El1yBd5ru6nzYFU2PKV5JEk1H3un5lpu2LlAufTIgdfs4TAxHGqF0kazs4oS4LEKY2vjrGsB7pey4-xGNjtzlouEo9dRI8kCkNlq_20ghr61-EfvO4z_gI6bHog0XBhU5TRblqT8rGJcKGt2p2_5kEp_NI39GwmFpxFa_AcvlbTrwbjpw",
"payload": "e30"
}
2021-04-10 19:56:37,955:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/25872200/HxGzqg HTTP/1.1" 200 191
2021-04-10 19:56:37,956:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 10 Apr 2021 23:56:37 GMT
Content-Type: application/json
Content-Length: 191
Connection: keep-alive
Boulder-Requester: 19016084
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/25872200>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25872200/HxGzqg
Replay-Nonce: 0004i6k2dAXeyjnc6F9XNCgedHTQD7maLzb583LqhTBm3lc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25872200/HxGzqg",
"token": "PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc"
}
2021-04-10 19:56:37,956:DEBUG:acme.client:Storing nonce: 0004i6k2dAXeyjnc6F9XNCgedHTQD7maLzb583LqhTBm3lc
2021-04-10 19:56:38,958:DEBUG:acme.client:JWS payload:
b''
2021-04-10 19:56:38,960:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/25872200:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTAxNjA4NCIsICJub25jZSI6ICIwMDA0aTZrMmRBWGV5am5jNkY5WE5DZ2VkSFRRRDdtYUx6YjU4M0xxaFRCbTNsYyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNTg3MjIwMCJ9",
"signature": "NhAkloM6ApfkYABBskMjgRaoecyVXRzNewSWnkOXJsmZV_2aeqW57RvYGTxg5YsZOMd6le9cixjTTsBb5iurTwAueAo7KuRC5_RaWbfTv1_UzD3DdrJPunn695-ZZaii-WgIy_PrnSxM1GnPHzJ6m2RsbaVv2pS_xBzWe6L0S1EjaQzfoYuXBPj2X549ILlSdzUnC0JABrlq5x7VGtTeyRZj2YLDJ7HIQL2BIyPcAwQRjBCeyd5eD4pFvBd5rPjo8kEtw0l7hUnvk9xsnDRLVJq53mB_-Y14LvntfOk5wl3viG2E05aUtUww-LqsB8I2PDUaaA_zSj58Ec_wOwl_Ww",
"payload": ""
}
2021-04-10 19:56:39,043:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/25872200 HTTP/1.1" 200 803
2021-04-10 19:56:39,044:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 10 Apr 2021 23:56:39 GMT
Content-Type: application/json
Content-Length: 803
Connection: keep-alive
Boulder-Requester: 19016084
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00042wBr5LxKzcZCcwyutte6DZrzs4se6xjV1OWXXv7rOPE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "escm.ml"
},
"status": "pending",
"expires": "2021-04-17T23:56:36Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25872200/HxGzqg",
"token": "PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25872200/5LGqnQ",
"token": "PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25872200/XQSO4w",
"token": "PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc"
}
]
}
2021-04-10 19:56:39,044:DEBUG:acme.client:Storing nonce: 00042wBr5LxKzcZCcwyutte6DZrzs4se6xjV1OWXXv7rOPE
2021-04-10 19:56:42,048:DEBUG:acme.client:JWS payload:
b''
2021-04-10 19:56:42,050:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/25872200:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTAxNjA4NCIsICJub25jZSI6ICIwMDA0MndCcjVMeEt6Y1pDY3d5dXR0ZTZEWnJ6czRzZTZ4alYxT1dYWHY3ck9QRSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNTg3MjIwMCJ9",
"signature": "bnUqYxM5BSiZvv0wd8D-pR68n0WFnlm6hZCZiE9q1C284vns7mnB15Bi_upGObJB9C7kprgwnUPGfIyjSAcKYv7PIRKi3fLHjnmWlA6p7xnwgXIJRLs9Hg_EzUmM_W0Bib_1MwZwSksQQbkMpdYAidmdYNsv3662ZIz3s--BkJWaaw7cemDPWObEoN7IcSA-OcA0sJvDKpaeSFg_HqXywLe3TXf1bYfTTOMAOOCCjYXJMBqwdwYCa28CLG5mEpIb8kLQV9tsJFXoiv_w4qxjz47InnqOs2Y44KEjKMRNkyF64MmXxYVOv9b_VRFWe8ZfpAYzzbtsMxkN8kiS8l_jzA",
"payload": ""
}
2021-04-10 19:56:42,136:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/25872200 HTTP/1.1" 200 803
2021-04-10 19:56:42,136:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 10 Apr 2021 23:56:42 GMT
Content-Type: application/json
Content-Length: 803
Connection: keep-alive
Boulder-Requester: 19016084
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0003zEhXOuyqrQ4T7SFgkbFQshu4-Ba3VoPArManrAZP4Co
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "escm.ml"
},
"status": "pending",
"expires": "2021-04-17T23:56:36Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25872200/HxGzqg",
"token": "PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25872200/5LGqnQ",
"token": "PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25872200/XQSO4w",
"token": "PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc"
}
]
}
2021-04-10 19:56:42,137:DEBUG:acme.client:Storing nonce: 0003zEhXOuyqrQ4T7SFgkbFQshu4-Ba3VoPArManrAZP4Co
2021-04-10 19:56:45,140:DEBUG:acme.client:JWS payload:
b''
2021-04-10 19:56:45,142:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/25872200:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTAxNjA4NCIsICJub25jZSI6ICIwMDAzekVoWE91eXFyUTRUN1NGZ2tiRlFzaHU0LUJhM1ZvUEFyTWFuckFaUDRDbyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNTg3MjIwMCJ9",
"signature": "sXIWspDs0hFqhglaYUvlCtwn-OCbYAWSo5bfFHo5PB6dsqEMHNjCdxZ56DVMMeKQfwbS1uzkeohqtsMXFayBafER2JTADZihpJvYS4tAnZI5-vWuKm8a_ltgoBT-YhhuE2a_dtO8LPwrWVXiRqFPvQVlsat35pHwcL366arCQ03WcmN1iesQugSofoiZ-PY1bmOIDK9laqs0qEWLwtTquA2joi9my76vpk-IWkKkxgCRTjwUrxU_IRDcDzsQVFB7OOFBQKQY3T7DDUHu0R0hJ-vJFtZhAxqfAnEqjKhGtJNIPewBRjeShO18w2pn--ioVbPq-S2ijh6il4PeP9pr-Q",
"payload": ""
}
2021-04-10 19:56:45,224:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/25872200 HTTP/1.1" 200 803
2021-04-10 19:56:45,225:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 10 Apr 2021 23:56:45 GMT
Content-Type: application/json
Content-Length: 803
Connection: keep-alive
Boulder-Requester: 19016084
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00034XGTSB_llJu7enj5dSoJsha0LZDY1HL89t6CCATPKF8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "escm.ml"
},
"status": "pending",
"expires": "2021-04-17T23:56:36Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25872200/HxGzqg",
"token": "PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25872200/5LGqnQ",
"token": "PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25872200/XQSO4w",
"token": "PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc"
}
]
}
2021-04-10 19:56:45,225:DEBUG:acme.client:Storing nonce: 00034XGTSB_llJu7enj5dSoJsha0LZDY1HL89t6CCATPKF8
2021-04-10 19:56:48,229:DEBUG:acme.client:JWS payload:
b''
2021-04-10 19:56:48,231:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/25872200:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTAxNjA4NCIsICJub25jZSI6ICIwMDAzNFhHVFNCX2xsSnU3ZW5qNWRTb0pzaGEwTFpEWTFITDg5dDZDQ0FUUEtGOCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNTg3MjIwMCJ9",
"signature": "GilONK9IU7mFJyWuc3DRhgSsgBGhMBSP9yCYVkriW2YRGDk1KyuZLRrQknfwjoug9N1sxs4Ludj6QkupSALAekfEFmc4iDsykLYJlpNgf6Df0XqSimMgynW5hb9K_wmjbSs3StncHEeEIH_SAI00r2Fs-t-DctFC6CXVYBmBgNkOT38oWxKbz5YbbXVxR-kVy3QyVuKRoCzEe1IhX15AU_2r6hn8r--Ori0AspN1dSumIlylqhGnUVoB8NKWaVy_XqZZyog1Qy5uUTw2VTDb_3qbNz1qpW00RVI65GsEYnz8wzB6ZUo4YMWLpesPuUoF5bKDubNODMpPztJjNjaT4Q",
"payload": ""
}
2021-04-10 19:56:48,319:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/25872200 HTTP/1.1" 200 803
2021-04-10 19:56:48,320:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 10 Apr 2021 23:56:48 GMT
Content-Type: application/json
Content-Length: 803
Connection: keep-alive
Boulder-Requester: 19016084
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00033M9REvJYVJt534_-dk4vJILZsOpdq6rmehoTuQ0Jf6U
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "escm.ml"
},
"status": "pending",
"expires": "2021-04-17T23:56:36Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25872200/HxGzqg",
"token": "PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25872200/5LGqnQ",
"token": "PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25872200/XQSO4w",
"token": "PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc"
}
]
}
2021-04-10 19:56:48,320:DEBUG:acme.client:Storing nonce: 00033M9REvJYVJt534_-dk4vJILZsOpdq6rmehoTuQ0Jf6U
2021-04-10 19:56:51,324:DEBUG:acme.client:JWS payload:
b''
2021-04-10 19:56:51,327:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/25872200:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTAxNjA4NCIsICJub25jZSI6ICIwMDAzM005UkV2SllWSnQ1MzRfLWRrNHZKSUxac09wZHE2cm1laG9UdVEwSmY2VSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNTg3MjIwMCJ9",
"signature": "k2nsb11m3ss1FAQTOXVFjRdZQvwj_ceKAvcHoz1HvDFDyfob25oIgniSwIzTdgai9zvNCffQ9UK2323A6zR4czRpCKCGI18BUAvYFOB00gPOb3lpMDJ_WN_1D-7RbTIfqF0lL4Jh9913IfkTZMiL0ujOSOUNTVTlLPbiALrRKgohGG19-ZN4HdRrNrgk-V58JA6ARrI4YdpwpDZ8bF3tOX5LLXrcbS0JXDA2NTxwblg3LyMwp0zbr0Q-8FVsrTtQzBw3XmTXdFSANvHudRUgdkoLt8CGeYC8oBzSOeyKnavl1gQAkh1ESVSn3MlFvmIbGeUzbfpirRp_37Rrn6pvCw",
"payload": ""
}
2021-04-10 19:56:51,407:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/25872200 HTTP/1.1" 200 1000
2021-04-10 19:56:51,408:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 10 Apr 2021 23:56:51 GMT
Content-Type: application/json
Content-Length: 1000
Connection: keep-alive
Boulder-Requester: 19016084
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0004_cwCqH0yqlEfXFUbhj8-zaeNg6sb80Us7Cmneu3N03Q
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "escm.ml"
},
"status": "invalid",
"expires": "2021-04-17T23:56:36Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "Fetching http://escm.ml/.well-known/acme-challenge/PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc: Error getting validation data",
"status": 400
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25872200/HxGzqg",
"token": "PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc",
"validationRecord": [
{
"url": "http://escm.ml/.well-known/acme-challenge/PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc",
"hostname": "escm.ml",
"port": "80",
"addressesResolved": [
"174.112.189.216"
],
"addressUsed": "174.112.189.216"
}
],
"validated": "2021-04-10T23:56:37Z"
}
]
}
2021-04-10 19:56:51,408:DEBUG:acme.client:Storing nonce: 0004_cwCqH0yqlEfXFUbhj8-zaeNg6sb80Us7Cmneu3N03Q
2021-04-10 19:56:51,409:WARNING:certbot._internal.auth_handler:Challenge failed for domain escm.ml
2021-04-10 19:56:51,409:INFO:certbot._internal.auth_handler:http-01 challenge for escm.ml
2021-04-10 19:56:51,410:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:
Domain: escm.ml
Type: connection
Detail: Fetching http://escm.ml/.well-known/acme-challenge/PFHzOy5PGlgkQZvFA-Q7Hmr16bOO_0Q_NylvCcw5EVc: Error getting validation data
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2021-04-10 19:56:51,410:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 179, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-04-10 19:56:51,411:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-04-10 19:56:51,411:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-04-10 19:56:52,522:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/1093/bin/certbot", line 8, in <module>
sys.exit(main())
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/main.py", line 1435, in main
return config.func(config, plugins)
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/main.py", line 1304, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/main.py", line 140, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/client.py", line 444, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/client.py", line 424, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 179, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-04-10 19:56:52,523:ERROR:certbot._internal.log:Some challenges have failed.