Error getting validation data (webserver says 200 status)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: fmk.sk

I ran this command: certbot renew

It produced this output:Error getting validation data

My web server is (include version): Apache/2.4.41 (IUS)

The operating system my web server runs on is (include version): CentOS Linux release 7.8.2003

My hosting provider, if applicable, is: myself

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.5.0

Found this in access.log of my server:

52.28.236.88 - - [09/Jul/2020:14:21:09 +0200] “GET /.well-known/acme-challenge/8tBackykbaQq1aw_J3mYjj9h_Akyh70RrArnWmQrQxo HTTP/1.1” 200 87 “-” “Mozilla/5.0 (compatible; Let’s Encrypt validation ser
ver; +https://www.letsencrypt.org)”
52.15.254.228 - - [09/Jul/2020:14:21:09 +0200] “GET /.well-known/acme-challenge/8tBackykbaQq1aw_J3mYjj9h_Akyh70RrArnWmQrQxo HTTP/1.1” 200 87 “-” “Mozilla/5.0 (compatible; Let’s Encrypt validation se
rver; +https://www.letsencrypt.org)”
34.209.232.166 - - [09/Jul/2020:14:21:09 +0200] “GET /.well-known/acme-challenge/8tBackykbaQq1aw_J3mYjj9h_Akyh70RrArnWmQrQxo HTTP/1.1” 200 87 “-” “Mozilla/5.0 (compatible; Let’s Encrypt validation s
erver; +https://www.letsencrypt.org)”
66.133.109.36 - - [09/Jul/2020:14:21:10 +0200] “GET /.well-known/acme-challenge/8tBackykbaQq1aw_J3mYjj9h_Akyh70RrArnWmQrQxo HTTP/1.1” 200 87 “-” “Mozilla/5.0 (compatible; Let’s Encrypt validation se
rver; +https://www.letsencrypt.org)”

and yet I am getting “Error getting validation data”.
Why?

1 Like

Could you please post more of the certbot output when trying to renew? The error you've presented us now could be anything.

1 Like
2020-07-09 14:21:00,616:DEBUG:certbot._internal.main:certbot version: 1.5.0
2020-07-09 14:21:00,617:DEBUG:certbot._internal.main:Arguments: []
2020-07-09 14:21:00,617:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-07-09 14:21:00,658:DEBUG:certbot._internal.log:Root logging level set at 20
2020-07-09 14:21:00,658:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-07-09 14:21:00,686:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x7f8c95efbd10> and installer <certbot._internal.cli.cli_utils._Default object at 0x7f8c95efbd10>
2020-07-09 14:21:00,753:DEBUG:certbot.ocsp:Querying OCSP for /etc/letsencrypt/archive/fmk.sk/cert7.pem
2020-07-09 14:21:00,753:DEBUG:certbot.ocsp:openssl ocsp -no_nonce -issuer /etc/letsencrypt/archive/fmk.sk/chain7.pem -cert /etc/letsencrypt/archive/fmk.sk/cert7.pem -CAfile /etc/letsencrypt/archive/fmk.sk/chain7.pem -verify_other /etc/letsencrypt/archive/fmk.sk/chain7.pem -trust_other -timeout 10 -header Host ocsp.int-x3.letsencrypt.org -url http://ocsp.int-x3.letsencrypt.org
2020-07-09 14:21:00,816:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2020-07-10 14:19:48 UTC.
2020-07-09 14:21:00,816:INFO:certbot._internal.renewal:Cert is due for renewal, auto-renewing...
2020-07-09 14:21:00,817:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2020-07-09 14:21:01,020:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.41
2020-07-09 14:21:02,770:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f8c95fcce10>
Prep: True
2020-07-09 14:21:02,771:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f8c95fcce10>
Prep: True
2020-07-09 14:21:02,772:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f8c95fcce10> and installer <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f8c95fcce10>
2020-07-09 14:21:02,772:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2020-07-09 14:21:02,777:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None, external_account_binding=None), uri=u'https://acme-v02.api.letsencrypt.org/acme/acct/44312682', new_authzr_uri=None, terms_of_service=None), e1556381b2753bdc6055c8d2e9351c76, Meta(creation_host=u'fmk.ucm.sk', creation_dt=datetime.datetime(2018, 10, 22, 17, 52, 17, tzinfo=<UTC>)))>
2020-07-09 14:21:02,781:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2020-07-09 14:21:02,792:INFO:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2020-07-09 14:21:03,460:DEBUG:urllib3.connectionpool:"GET /directory HTTP/1.1" 200 658
2020-07-09 14:21:03,461:DEBUG:acme.client:Received response:
HTTP 200
content-length: 658
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
cache-control: public, max-age=0, no-cache
date: Thu, 09 Jul 2020 12:21:04 GMT
x-frame-options: DENY
content-type: application/json

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "nPcUGuk99Vw": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2020-07-09 14:21:03,462:INFO:certbot._internal.main:Renewing an existing certificate
2020-07-09 14:21:03,767:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0023_key-certbot.pem
2020-07-09 14:21:03,772:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0023_csr-certbot.pem
2020-07-09 14:21:03,773:DEBUG:acme.client:Requesting fresh nonce
2020-07-09 14:21:03,773:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2020-07-09 14:21:03,934:DEBUG:urllib3.connectionpool:"HEAD /acme/new-nonce HTTP/1.1" 200 0
2020-07-09 14:21:03,934:DEBUG:acme.client:Received response:
HTTP 200
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
cache-control: public, max-age=0, no-cache
date: Thu, 09 Jul 2020 12:21:05 GMT
x-frame-options: DENY
replay-nonce: 0002eRzKG4zPN63hFGHtO_or4Yy3UNeTqmLYKWrEKbvTuqQ


2020-07-09 14:21:03,935:DEBUG:acme.client:Storing nonce: 0002eRzKG4zPN63hFGHtO_or4Yy3UNeTqmLYKWrEKbvTuqQ
2020-07-09 14:21:03,935:DEBUG:acme.client:JWS payload:
{
  "identifiers": [
    {
      "type": "dns", 
      "value": "fmk.sk"
    }
  ]
}
2020-07-09 14:21:03,940:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJub25jZSI6ICIwMDAyZVJ6S0c0elBONjNoRkdIdE9fb3I0WXkzVU5lVHFtTFlLV3JFS2J2VHVxUSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzQ0MzEyNjgyIiwgImFsZyI6ICJSUzI1NiJ9", 
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICJmbWsuc2siCiAgICB9CiAgXQp9", 
  "signature": "G3HFMwdjaPKSdCOq7yscIglVF_VIn9olVmY1hfAdd47fRVCXcphUhw9EptHe5udSdJO9bxZwZAREwCFOzn1t9hWSMYxwxJcLGeKRxOYRtgRWkW36hNMVBoIdi9H9HgmRWXkvpTz0q_SIISyq_fWv4qUP8RCfUux9nGi_aSeGk0Sa7Vp0UJaPToM1zJtvUvEiBDyMtLuDethBH-6NUbqSjDGfaqkMYTVCojMhAN2OjxYSFQWxKL6gBXVE39JBuiYJs1Z8gz4kCsGJjh40UpU4AsrtzBq3cXnUgXTCbuyrnFMk1henTqwL-jC-VGoLn8gfyRav80ilr_I4cE09iNmsuQ"
}
2020-07-09 14:21:04,571:DEBUG:urllib3.connectionpool:"POST /acme/new-order HTTP/1.1" 201 336
2020-07-09 14:21:04,572:DEBUG:acme.client:Received response:
HTTP 201
content-length: 336
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/44312682/4126020811
boulder-requester: 44312682
date: Thu, 09 Jul 2020 12:21:06 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0002lvtQvl5BfTHqxiUND6ngMP2aBmpOuBs67Mq_1gKFbpM

{
  "status": "pending",
  "expires": "2020-07-16T12:21:05.966566064Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "fmk.sk"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/5767739734"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/44312682/4126020811"
}
2020-07-09 14:21:04,572:DEBUG:acme.client:Storing nonce: 0002lvtQvl5BfTHqxiUND6ngMP2aBmpOuBs67Mq_1gKFbpM
2020-07-09 14:21:04,573:DEBUG:acme.client:JWS payload:

2020-07-09 14:21:04,577:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/5767739734:
{
  "protected": "eyJub25jZSI6ICIwMDAybHZ0UXZsNUJmVEhxeGlVTkQ2bmdNUDJhQm1wT3VCczY3TXFfMWdLRmJwTSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNTc2NzczOTczNCIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NDMxMjY4MiIsICJhbGciOiAiUlMyNTYifQ", 
  "payload": "", 
  "signature": "WEwS_r6RwUtVvSXR0p2cfe7DxOuVIfAfs6kMZFpdtgk9OQyuCn7X4ahhou8vWnILgSKt_6BD7wv8uyQihbKpABlbJmhLJHaNPcmP-junRyxlFyNOcbjNBNOe-qufeC8PpxHtm2OA2uZ9A5Vbxsk63zjf1iqWateOlugwOkHNCwBAtYejokH51A8_cIOLAMHrpoGuKPx4lQIMja4v55eHFfLii97LzEx7XRI8sWVkjisRZ8p5hf1GO92mNR32nBxJzna1FETnRC3yXnE-K1264CaewPFtUed9TH9yJOfdz4nthVSSTPRXvgnu8UEroo__-8yxm6Z-9T28e-U9WmYREA"
}
2020-07-09 14:21:04,857:DEBUG:urllib3.connectionpool:"POST /acme/authz-v3/5767739734 HTTP/1.1" 200 784
2020-07-09 14:21:04,858:DEBUG:acme.client:Received response:
HTTP 200
content-length: 784
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
boulder-requester: 44312682
date: Thu, 09 Jul 2020 12:21:06 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0002ATA9-FLK-qPBoS868wBrIru0BkF_-lHFbhbo6Rq5Pjg

{
  "identifier": {
    "type": "dns",
    "value": "fmk.sk"
  },
  "status": "pending",
  "expires": "2020-07-16T12:21:05Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/5767739734/rk_zug",
      "token": "8tBackykbaQq1aw_J3mYjj9h_Akyh70RrArnWmQrQxo"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/5767739734/PwNqPw",
      "token": "8tBackykbaQq1aw_J3mYjj9h_Akyh70RrArnWmQrQxo"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/5767739734/-8xhvw",
      "token": "8tBackykbaQq1aw_J3mYjj9h_Akyh70RrArnWmQrQxo"
    }
  ]
}
2020-07-09 14:21:04,859:DEBUG:acme.client:Storing nonce: 0002ATA9-FLK-qPBoS868wBrIru0BkF_-lHFbhbo6Rq5Pjg
2020-07-09 14:21:04,861:INFO:certbot._internal.auth_handler:Performing the following challenges:
2020-07-09 14:21:04,861:INFO:certbot._internal.auth_handler:http-01 challenge for fmk.sk
2020-07-09 14:21:05,245:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: fmk.sk in: /etc/httpd/sites-enabled/fmk.ucm.sk.conf
2020-07-09 14:21:05,245:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: fmk.sk in: /etc/httpd/sites-enabled/fmk.ucm.sk.conf
2020-07-09 14:21:05,246:DEBUG:certbot_apache._internal.http_01:writing a pre config file with text:
         RewriteEngine on
        RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
    
2020-07-09 14:21:05,246:DEBUG:certbot_apache._internal.http_01:writing a post config file with text:
         <Directory /var/lib/letsencrypt/http_challenges>
            Require all granted
        </Directory>
        <Location /.well-known/acme-challenge>
            Require all granted
        </Location>
    
2020-07-09 14:21:05,301:DEBUG:certbot.reverter:Creating backup of /etc/httpd/sites-enabled/fmk.ucm.sk.conf
2020-07-09 14:21:08,659:INFO:certbot._internal.auth_handler:Waiting for verification...
2020-07-09 14:21:08,661:DEBUG:acme.client:JWS payload:
{}
2020-07-09 14:21:08,667:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/5767739734/rk_zug:
{
  "protected": "eyJub25jZSI6ICIwMDAyQVRBOS1GTEstcVBCb1M4Njh3QnJJcnUwQmtGXy1sSEZiaGJvNlJxNVBqZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvNTc2NzczOTczNC9ya196dWciLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDQzMTI2ODIiLCAiYWxnIjogIlJTMjU2In0", 
  "payload": "e30", 
  "signature": "Nmm_2ArXfrGrRXz9dUy_B5eRn4NzOcfO97CpXqRmuQwjSLFBXeO5LsRkfrAbOmqKi2wT5E5io2274ikLi5Hh8WFiyk3KVuwivvYcBhyLTCpke6QAP2KD9fqzxwpfhMS_3sIpc0dhTNfdDA0IKgYiToqaqWMQNbp0_NWgF-VK6Zf-TVu30h9Z7gry-q4P-tqjvovFsS5oVgow36iwtG4voX73Ez717EAPNhxj7367LRuf_ojRznnPo6s4cjRovrwkSMZu_T_kkC0-4xUyAIv-bGKuGrdearDe9QLwFlwBsrayakMw_i-kSlJD5cQYPaGst4mEz6E3zqjsye6NvQeP_A"
}
2020-07-09 14:21:09,022:DEBUG:urllib3.connectionpool:"POST /acme/chall-v3/5767739734/rk_zug HTTP/1.1" 200 185
2020-07-09 14:21:09,023:DEBUG:acme.client:Received response:
HTTP 200
content-length: 185
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/5767739734>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/5767739734/rk_zug
boulder-requester: 44312682
date: Thu, 09 Jul 2020 12:21:10 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0001LeK3CENauroKjpPI0E3op2d-ZH0X-A5tiSxcTQBPO7Y

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/5767739734/rk_zug",
  "token": "8tBackykbaQq1aw_J3mYjj9h_Akyh70RrArnWmQrQxo"
}
2020-07-09 14:21:09,024:DEBUG:acme.client:Storing nonce: 0001LeK3CENauroKjpPI0E3op2d-ZH0X-A5tiSxcTQBPO7Y
2020-07-09 14:21:10,026:DEBUG:acme.client:JWS payload:

2020-07-09 14:21:10,030:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/5767739734:
{
  "protected": "eyJub25jZSI6ICIwMDAxTGVLM0NFTmF1cm9LanBQSTBFM29wMmQtWkgwWC1BNXRpU3hjVFFCUE83WSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNTc2NzczOTczNCIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NDMxMjY4MiIsICJhbGciOiAiUlMyNTYifQ", 
  "payload": "", 
  "signature": "Mly2Z3tEm37aURBFOkhSxoEDdbyipAK_bZamJTF7wQo-4JgdJpmFowjNNv2T_WxOToD8aPUJNggRU7MrqsZQRI3lbilZR8TgQyOXsQWk9Le8f76jYIvyYi78yMeAwaPygrT8tNODkme-0xiM18ObVWzgQLN5rVDd0G5VUSfp_OZlzIukswU-mtRZKJHcW1mnhu2XuCmApTpy99gp7vnqeY0A9tf9q7ZRXIGgneTHAaDeniNuIgVw6UtMamIA0YOfu_SVT69gthVo1PRGckD4GQY3CJ1gXrYH-7_f49rJXpegw_NQxd_G_MTKCw-9-w-vCAepK9JSx1EwNAtLO8btPg"
}
2020-07-09 14:21:10,234:DEBUG:urllib3.connectionpool:"POST /acme/authz-v3/5767739734 HTTP/1.1" 200 784
2020-07-09 14:21:10,235:DEBUG:acme.client:Received response:
HTTP 200
content-length: 784
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
boulder-requester: 44312682
date: Thu, 09 Jul 2020 12:21:11 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0001HbcpcX6y6lSVNJuRxA3eQ_OIqyfw0Lom-EfV4Dl3Ylc

{
  "identifier": {
    "type": "dns",
    "value": "fmk.sk"
  },
  "status": "pending",
  "expires": "2020-07-16T12:21:05Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/5767739734/rk_zug",
      "token": "8tBackykbaQq1aw_J3mYjj9h_Akyh70RrArnWmQrQxo"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/5767739734/PwNqPw",
      "token": "8tBackykbaQq1aw_J3mYjj9h_Akyh70RrArnWmQrQxo"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/5767739734/-8xhvw",
      "token": "8tBackykbaQq1aw_J3mYjj9h_Akyh70RrArnWmQrQxo"
    }
  ]
}
2020-07-09 14:21:10,236:DEBUG:acme.client:Storing nonce: 0001HbcpcX6y6lSVNJuRxA3eQ_OIqyfw0Lom-EfV4Dl3Ylc
2020-07-09 14:21:13,241:DEBUG:acme.client:JWS payload:

2020-07-09 14:21:13,248:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/5767739734:
{
  "protected": "eyJub25jZSI6ICIwMDAxSGJjcGNYNnk2bFNWTkp1UnhBM2VRX09JcXlmdzBMb20tRWZWNERsM1lsYyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNTc2NzczOTczNCIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NDMxMjY4MiIsICJhbGciOiAiUlMyNTYifQ", 
  "payload": "", 
  "signature": "lG-yo0d9HDOqvtq9L_wl0vbxBfGfYOB-uy_M3EJZv1Pqg_S9yvAj_tVFD-jSGN8lYE3bVbAnhS_jUORHLCK1pWVwfFdKeGNFCsa6DO4VscpqhqWiNonigB57i83_hC7F3y6qci8yijhaKNuilsZMuUNgR7lB9ChAPC1MrTSF7WzVpB9AsULeWTE91z3vN5LmB-NQLzF4s0tVw_XUwlw2M7yLnf0p0V0GY_FZTvQc6LRxpBFdQ_vUBzjadcDDeFR7kDMBp-eyygl7ltiKEsaSuxuRGxEW_S_ueVueJjvSUTXSUcidVU0XVYSSPNcoM6fOm9jnL9trt9nzQ2cMzlOUQw"
}
2020-07-09 14:21:13,453:DEBUG:urllib3.connectionpool:"POST /acme/authz-v3/5767739734 HTTP/1.1" 200 941
2020-07-09 14:21:13,454:DEBUG:acme.client:Received response:
HTTP 200
content-length: 941
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
boulder-requester: 44312682
date: Thu, 09 Jul 2020 12:21:14 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0001iQw7ArE1S25zS-YPXvDdoBKKU3PPqkkCu5oZNHsbpKE

{
  "identifier": {
    "type": "dns",
    "value": "fmk.sk"
  },
  "status": "invalid",
  "expires": "2020-07-16T12:21:05Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "Fetching http://fmk.sk/.well-known/acme-challenge/8tBackykbaQq1aw_J3mYjj9h_Akyh70RrArnWmQrQxo: Error getting validation data",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/5767739734/rk_zug",
      "token": "8tBackykbaQq1aw_J3mYjj9h_Akyh70RrArnWmQrQxo",
      "validationRecord": [
        {
          "url": "http://fmk.sk/.well-known/acme-challenge/8tBackykbaQq1aw_J3mYjj9h_Akyh70RrArnWmQrQxo",
          "hostname": "fmk.sk",
          "port": "80",
          "addressesResolved": [
            "193.87.59.85"
          ],
          "addressUsed": "193.87.59.85"
        }
      ]
    }
  ]
}
2020-07-09 14:21:13,454:DEBUG:acme.client:Storing nonce: 0001iQw7ArE1S25zS-YPXvDdoBKKU3PPqkkCu5oZNHsbpKE
2020-07-09 14:21:13,455:WARNING:certbot._internal.auth_handler:Challenge failed for domain fmk.sk
2020-07-09 14:21:13,456:INFO:certbot._internal.auth_handler:http-01 challenge for fmk.sk
2020-07-09 14:21:13,456:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:

Domain: fmk.sk
Type:   connection
Detail: Fetching http://fmk.sk/.well-known/acme-challenge/8tBackykbaQq1aw_J3mYjj9h_Akyh70RrArnWmQrQxo: Error getting validation data

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2020-07-09 14:21:13,457:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
AuthorizationError: Some challenges have failed.

2020-07-09 14:21:13,457:DEBUG:certbot._internal.error_handler:Calling registered functions
2020-07-09 14:21:13,458:INFO:certbot._internal.auth_handler:Cleaning up challenges
2020-07-09 14:21:14,228:WARNING:certbot._internal.renewal:Attempting to renew cert (fmk.sk) from /etc/letsencrypt/renewal/fmk.sk.conf produced an unexpected error: Some challenges have failed.. Skipping.
2020-07-09 14:21:14,231:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/certbot/_internal/renewal.py", line 448, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1176, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 116, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/renewal.py", line 306, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 343, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 390, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
AuthorizationError: Some challenges have failed.

2020-07-09 14:21:14,231:ERROR:certbot._internal.renewal:All renewal attempts failed. The following certs could not be renewed:
2020-07-09 14:21:14,231:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/fmk.sk/fullchain.pem (failure)
2020-07-09 14:21:14,236:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/certbot", line 9, in <module>
    load_entry_point('certbot==1.5.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1347, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1255, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/renewal.py", line 473, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)
2020-07-09 14:21:14,238:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
1 Like

That’s an unfortunate very short error from the Let’s Encrypt validation server. Normally, it would include more information about what went wrong. You were correct with your initial error message: it genuinly is all there is… :frowning_face:

No idea what’s happening here.

Hi @mh12

there

is a http status 400 reported, so the webserver didn't sent a correct answer.

But that result is some hours old, there is a newer check of your domain, ~~25 minutes old - https://check-your-website.server-daten.de/?q=fmk.sk#url-checks

/.well-known/acme-challenge/random-filename answers with the expected result 404 - Not found.

What says

apachectl -S

That's not the HTTP status of the request, but a Boulder status number as far as I know.

Solved by using certbot-2 instead of certbot.

1 Like

What's certbot-2

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.