Error renew certificate docker

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: santte.com.br

Docker compose file:
version: '3.4'
services:
db:
image: postgis/postgis:13-3.1-alpine
environment:
POSTGRES_USER: ${DB_USER}
POSTGRES_PASSWORD: ${DB_PASSWORD}
volumes:
- postgres_data:/var/lib/postgresql/data
deploy:
replicas: 1
restart_policy:
condition: on-failure
web:
image: docker.io/...
env_file:
- .env
environment:
PORT: 4000
deploy:
replicas: 1
restart_policy:
condition: on-failure
ports:
- "4000:4000"
depends_on:
- db
nginx:
image: nginx:stable-alpine
depends_on:
- web
volumes:
- /etc/letsencrypt:/etc/letsencrypt
- /root/nginx.conf:/etc/nginx/nginx.conf
deploy:
mode: global
placement:
constraints:
- node.role == manager
ports:
- 80:80
- 443:443
volumes:
postgres_data:

Docker command to create the certificate:

docker run --rm
-p 443:443 -p 80:80 --name letsencrypt
-v "/etc/letsencrypt:/etc/letsencrypt"
-v "/var/lib/letsencrypt:/var/lib/letsencrypt"
certbot/certbot certonly -n
-m "@gmail.com"
-d santte.com.br
--standalone --agree-tos

I ran this command to renew:
docker run --rm --name letsencrypt
-v "/etc/letsencrypt:/etc/letsencrypt"
-v "/var/lib/letsencrypt:/var/lib/letsencrypt"
-v "/usr/share/nginx/html:/usr/share/nginx/html"
certbot/certbot:latest
renew

It produced this output:

Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Notifying user: Processing /etc/letsencrypt/renewal/santte.com.br.conf

Processing /etc/letsencrypt/renewal/santte.com.br.conf

Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x7f3fb3692490> and installer <certbot._internal.cli.cli_utils._Default object at 0x7f3fb3692490>
Starting new HTTP connection (1): r3.o.lencr.org:80
http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
OCSP response for certificate /etc/letsencrypt/archive/santte.com.br/cert1.pem is signed by the certificate's issuer.
OCSP certificate status for /etc/letsencrypt/archive/santte.com.br/cert1.pem is: OCSPCertStatus.GOOD
Should renew, less than 30 days before certificate expiry 2022-01-25 10:46:07 UTC.
Certificate is due for renewal, auto-renewing...
Non-interactive renewal: random delay of 441.4921377476611 seconds
Requested authenticator standalone and installer None
Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: Authenticator, Plugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x7f3fb1ee68e0>
Prep: True
Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x7f3fb1ee68e0> and installer None
Plugins selected: Authenticator standalone, Installer None
Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/256947670', new_authzr_uri=None, terms_of_service=None), 27c2008039145fbac469199a85e9c523, Meta(creation_dt=datetime.datetime(2021, 10, 27, 11, 46, 2, tzinfo=), creation_host='07ee060b7075', register_to_eff=None))>
Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jan 2022 00:06:32 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"_RssiXRDEzE": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
Notifying user: Renewing an existing certificate for santte.com.br
Renewing an existing certificate for santte.com.br
Generating RSA key (2048 bits): /etc/letsencrypt/keys/0053_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0053_csr-certbot.pem
Requesting fresh nonce
Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jan 2022 00:06:32 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0102ZuMtn-Flm5oeBDTlZR1FwT8ncUgrXVF8twUGwTMUVdk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

Storing nonce: 0102ZuMtn-Flm5oeBDTlZR1FwT8ncUgrXVF8twUGwTMUVdk
JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "santte.com.br"\n }\n ]\n}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjU2OTQ3NjcwIiwgIm5vbmNlIjogIjAxMDJadU10bi1GbG01b2VCRFRsWlIxRndUOG5jVWdyWFZGOHR3VUd3VE1VVmRrIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "hYMRdWaVUvZJJxSuyHMJE4XX64sbfVvB8nV77CxvsCZeA7RkcqTQqzQw6qzPvL4IO7XzLQnjXgYyEsSDzb3xicjnOlJLxlr4QinaJlX3KLLbZfWbKg_NRFSCQF45cCD0rvnvWw807xLjC0icrQPbjS09LauHGUctBc7J6S-iKeJWF1lJaaDNofo8rYA2ipNN7CAEveGTeC_6c5IBbRWX7e5MiDkcCfVrwpzOAbTOjYy9HTYvPUPZRUdDV_wkFuatlP5hzlcSYSnUtU6jDBmObpsVgZrWom42LOlOhxaMtIVdKJsxAt_3gQTOc53G_-xD24DcItNLc9CxVYpyQvJYgw",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNhbnR0ZS5jb20uYnIiCiAgICB9CiAgXQp9"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 336
Received response:
HTTP 201
Server: nginx
Date: Thu, 20 Jan 2022 00:06:33 GMT
Content-Type: application/json
Content-Length: 336
Connection: keep-alive
Boulder-Requester: 256947670
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/256947670/56815594500
Replay-Nonce: 0101cJH46kydzT2TL7WlSIyV_nOf1jhxsmYzBeezul5Id4I
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2022-01-27T00:06:33Z",
"identifiers": [
{
"type": "dns",
"value": "santte.com.br"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/69981091160"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/256947670/56815594500"
}
Storing nonce: 0101cJH46kydzT2TL7WlSIyV_nOf1jhxsmYzBeezul5Id4I
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/69981091160:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjU2OTQ3NjcwIiwgIm5vbmNlIjogIjAxMDFjSkg0Nmt5ZHpUMlRMN1dsU0l5Vl9uT2Yxamh4c21ZekJlZXp1bDVJZDRJIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My82OTk4MTA5MTE2MCJ9",
"signature": "Sllw6yMWbwVOLzV88gMzWvKlps4Q3Z3TTKdprPRdDAosojWNUGHUOpHijbuBBI56cd38fO8p8cy3nQGjdJLisSorVr07T6u6vaAPxuyVR5h0KYeEtj6bYd9kOw5XLmggGwrniqQs5HLvLVLLlcL0AJPkrArpSnD4lEVVhCZ_UJtz1wJlTsf7VutemUd8OWqzyaMeMdS5-Q2WP1uEiC_ehyns6rhabCnb65qr1QrxNq1Oj0EvTJHbmYNEhZHMTrvj6Rx_0jEjrbBhG2UifjNbZV85PDnB0ELWOAMTin8PFsZOoQ7L3Oe1njblCiXrVbhQEL7m0ZhX6PNGui8cGZrOFg",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/69981091160 HTTP/1.1" 200 794
Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jan 2022 00:06:33 GMT
Content-Type: application/json
Content-Length: 794
Connection: keep-alive
Boulder-Requester: 256947670
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0102XDVjyhUB0wdbzqD7NncWNTchtjz7DBFUo2Fec_cr5so
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "santte.com.br"
},
"status": "pending",
"expires": "2022-01-27T00:06:33Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/69981091160/krSUOQ",
"token": "Va3qr_XJdmAU9sQKU5lYnFtdBuoEbF4OwPzHlW4OaQw"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/69981091160/82XGnQ",
"token": "Va3qr_XJdmAU9sQKU5lYnFtdBuoEbF4OwPzHlW4OaQw"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/69981091160/VRd2iA",
"token": "Va3qr_XJdmAU9sQKU5lYnFtdBuoEbF4OwPzHlW4OaQw"
}
]
}
Storing nonce: 0102XDVjyhUB0wdbzqD7NncWNTchtjz7DBFUo2Fec_cr5so
Performing the following challenges:
http-01 challenge for santte.com.br
Successfully bound to :80 using IPv6
Certbot wasn't able to bind to :80 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
JWS payload:
b'{}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/69981091160/krSUOQ:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjU2OTQ3NjcwIiwgIm5vbmNlIjogIjAxMDJYRFZqeWhVQjB3ZGJ6cUQ3Tm5jV05UY2h0ano3REJGVW8yRmVjX2NyNXNvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My82OTk4MTA5MTE2MC9rclNVT1EifQ",
"signature": "c4-CHHmVMzZcnIgCqVPEQ7kmkVjtWD14oYPxDPKYYHUVhqNcZp6RDXaKwwNtUggjJIZ40g8ePb8lkIhA4k9bJFQVk6AhUyJKepPx0utqoQlXPI9KRLcaGcCZA8D-EQ67gGUkT2iMolDFy6EfR_BOUrGK-p3KPfypkwGo5BTrtCaWKb6DRstJ5SyKN4dRwqzMXYswg6PnJ89k6tuiOppbk5HJ092xRzPIisYVtTPLTm6f_4RSwCwTsWpEttxvhCimnqeD1TrC9yYnJat9_fkdk9f6Cfn3BNnvGr9Rkg5-s1LereVAgXPyzUQ6TF_WYbQ4aCxiIlmf41NinM1IOIf8cQ",
"payload": "e30"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/69981091160/krSUOQ HTTP/1.1" 200 186
Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jan 2022 00:06:33 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 256947670
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz-v3/69981091160;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/69981091160/krSUOQ
Replay-Nonce: 0101tCKNjqTVVlHCm1S2_q9sdRZ7KE4Z7glLPx1h929abtY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/69981091160/krSUOQ",
"token": "Va3qr_XJdmAU9sQKU5lYnFtdBuoEbF4OwPzHlW4OaQw"
}
Storing nonce: 0101tCKNjqTVVlHCm1S2_q9sdRZ7KE4Z7glLPx1h929abtY
Waiting for verification...
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/69981091160:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjU2OTQ3NjcwIiwgIm5vbmNlIjogIjAxMDF0Q0tOanFUVlZsSENtMVMyX3E5c2RSWjdLRTRaN2dsTFB4MWg5MjlhYnRZIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My82OTk4MTA5MTE2MCJ9",
"signature": "tUPMH0cDaj62SaGHCncqQuvWbzBDBHJNdtpf5JOeNTYYfKX0nc-OdyIh919dUKx45oE2pGM5RPxE4K7-2aCiJiGpg_EIjsWZ9dg56OEEYSjQugekdhnY1LnWqJ7AXWFGKYPcWOXRR5jbzEvaLbXKub_pAHSnrK1S4WAtUQ9YhEHHNSC3qoFK0TLgC3UzNyJxwMdmnneQFnOR7YbyTEqkLevp2xmjs4lMJV3gXrnLUJ25kGGMHKSAFb6-VhJF0wxsi6PXSpEzFSsnAlAZrKdpiiC1gwHy9VjYiZy63Ya6UjfvmMn9QrXDnXQAoThbvD7MQ0bV4k2UGctugaeTNVfI5A",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/69981091160 HTTP/1.1" 200 794
Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jan 2022 00:06:34 GMT
Content-Type: application/json
Content-Length: 794
Connection: keep-alive
Boulder-Requester: 256947670
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0101lxsGkY3CqEebXsCKdfjbcWAd8QQylYa8BxiEyJNHJXk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "santte.com.br"
},
"status": "pending",
"expires": "2022-01-27T00:06:33Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/69981091160/krSUOQ",
"token": "Va3qr_XJdmAU9sQKU5lYnFtdBuoEbF4OwPzHlW4OaQw"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/69981091160/82XGnQ",
"token": "Va3qr_XJdmAU9sQKU5lYnFtdBuoEbF4OwPzHlW4OaQw"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/69981091160/VRd2iA",
"token": "Va3qr_XJdmAU9sQKU5lYnFtdBuoEbF4OwPzHlW4OaQw"
}
]
}
Storing nonce: 0101lxsGkY3CqEebXsCKdfjbcWAd8QQylYa8BxiEyJNHJXk
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/69981091160:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjU2OTQ3NjcwIiwgIm5vbmNlIjogIjAxMDFseHNHa1kzQ3FFZWJYc0NLZGZqYmNXQWQ4UVF5bFlhOEJ4aUV5Sk5ISlhrIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My82OTk4MTA5MTE2MCJ9",
"signature": "adi3WOQTpLWpvfefeUrIbPhLINon83f2VBViJc3eFy4sloYVqK73O-1koxMq_-l3sWOWTJywbk9kenp3UoZ6_ZeIPpja9k4_0QkLIaIlKbWAA1qFnuXmvx23VodQx5-XlxTS4zRI6UMivH0NmL2RB_hcyD6s56oavanH761e9kWj0v8bT4iadYDjYPf2EHI8eXmzdf0c3wqmBzX2yhGXKswOt_o4ywoe2SKzU3Rb6WFm1I7rpEndBftG4SsGEixwJlQCmcjCZytrgjsRgfxSvovmyA_nR2CRkhfESy36PvbwUIgWTC_r2gaHHmqFkqJZD9ILP5gnbZ3EJvFzNCA9rQ",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/69981091160 HTTP/1.1" 200 1614
Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jan 2022 00:06:38 GMT
Content-Type: application/json
Content-Length: 1614
Connection: keep-alive
Boulder-Requester: 256947670
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0101FomrKyNuOmk68P6cMrJKdG4L44CCaTp3zZnAyhazaDU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "santte.com.br"
},
"status": "invalid",
"expires": "2022-01-27T00:06:33Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from https://santte.com.br/.well-known/acme-challenge/Va3qr_XJdmAU9sQKU5lYnFtdBuoEbF4OwPzHlW4OaQw [191.252.218.173]: "\u003chtml\u003e\r\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\r\n\u003cbody\u003e\r\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\r\n\u003chr\u003e\u003ccenter\u003enginx/1.20.1\u003c/ce"",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/69981091160/krSUOQ",
"token": "Va3qr_XJdmAU9sQKU5lYnFtdBuoEbF4OwPzHlW4OaQw",
"validationRecord": [
{
"url": "http://santte.com.br/.well-known/acme-challenge/Va3qr_XJdmAU9sQKU5lYnFtdBuoEbF4OwPzHlW4OaQw",
"hostname": "santte.com.br",
"port": "80",
"addressesResolved": [
"191.252.218.173"
],
"addressUsed": "191.252.218.173"
},
{
"url": "https://santte.com.br/.well-known/acme-challenge/Va3qr_XJdmAU9sQKU5lYnFtdBuoEbF4OwPzHlW4OaQw",
"hostname": "santte.com.br",
"port": "443",
"addressesResolved": [
"191.252.218.173"
],
"addressUsed": "191.252.218.173"
}
],
"validated": "2022-01-20T00:06:33Z"
}
]
}
Storing nonce: 0101FomrKyNuOmk68P6cMrJKdG4L44CCaTp3zZnAyhazaDU
Challenge failed for domain santte.com.br
http-01 challenge for santte.com.br
Notifying user:
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: santte.com.br
Type: unauthorized
Detail: Invalid response from https://santte.com.br/.well-known/acme-challenge/Va3qr_XJdmAU9sQKU5lYnFtdBuoEbF4OwPzHlW4OaQw [191.252.218.173]: "\r\n404 Not Found\r\n\r\n

404 Not Found

\r\n
nginx/1.20.1</ce"

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: santte.com.br
Type: unauthorized
Detail: Invalid response from https://santte.com.br/.well-known/acme-challenge/Va3qr_XJdmAU9sQKU5lYnFtdBuoEbF4OwPzHlW4OaQw [191.252.218.173]: "\r\n404 Not Found\r\n\r\n

404 Not Found

\r\n
nginx/1.20.1</ce"

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Encountered exception:
Traceback (most recent call last):
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

Calling registered functions
Cleaning up challenges
Stopping server at :::80...
Failed to renew certificate santte.com.br with error: Some challenges have failed.
Traceback was:
Traceback (most recent call last):
File "/opt/certbot/src/certbot/certbot/_internal/renewal.py", line 475, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1386, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 122, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/opt/certbot/src/certbot/certbot/_internal/renewal.py", line 335, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 384, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 434, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

Notifying user:

All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/santte.com.br/fullchain.pem (failure)
Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 33, in
sys.exit(load_entry_point('certbot', 'console_scripts', 'certbot')())
File "/opt/certbot/src/certbot/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1574, in main
return config.func(config, plugins)
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1460, in renew
renewal.handle_renewal_request(config)
File "/opt/certbot/src/certbot/certbot/_internal/renewal.py", line 500, in handle_renewal_request
raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My hosting provider, if applicable, is: LOCAWEB

I can login to a root shell on my machine (yes or no, or I don't know): YES

2

Bom dia @ohashijr,

Did you obtain the original certificate before installing nginx? The --standalone method is not very useful for renewing certificates when there is an active web server listening on port 80 (as seen by the rest of the Internet), which seems to be the case for your nginx server.

It would probably be more appropriate to use --nginx (if it's OK for Certbot to edit your nginx configuration and if it can access that configuration from inside of Docker) or --webroot otherwise, instead of the --standalone method here.

3 Likes
3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.