Hi,
I’ve been attempting to get new certificates for this domain (whose original ones expired in january 12th 2020) on a completely new host and new os version (totally clean thus 
). Despite a thourough check of similar subjects on the forum I did not manage to solve my problem and will update the title as soon as I shall understand what is going on.
The file (catched with a small bash script)
“/var/www/html/.well-known/acme-challenge/Fdi1xpSuoZXr0nTVlT08d5QuzWg1we_9q8oWggL6qvU”
is successfully created during the process and contains:
“Fdi1xpSuoZXr0nTVlT08d5QuzWg1we_9q8oWggL6qvU.hv39oMM_cC4VbCunYeyVvwa1KAVO51Vb7d9vKJBCcBM”
When I create manually this file (and the directory structure), I am able to access it (and download it) from another computer using Chrome or Firefox on a local network.
Although it doesn’t seem to me that there is any redirection, the letsdebug check shows one from http to https, and the same shows up at “check-your-website.server-daten.de” where furthermore it says:
“All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn’t work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <system.webServer></system.webServer>. If you have a redirect http ⇒ https, that’s ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.”
It is not clear to me what I could check more to understand why I cannot generate the certificates for this domain. Could you please have any hint or idea?
Thanks for your time,
Pat
My domain is: acidalia.fr
I ran this command: sudo certbot certonly --dry-run -vvv --debug --rsa-key-size 4096 --webroot --agree-tos --no-eff-email --email xxxxx -w /var/www/html -d acidalia.fr
It produced this output (hope it’s readable otherwise tell me how to improve readability):
Root logging level set at -10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator webroot and installer None
Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f8bd6498400>
Prep: True
Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f8bd6498400> and installer None
Plugins selected: Authenticator webroot, Installer None
Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/12874038', new_authzr_uri=None, terms_of_service=None), 0f2c00155cb6b72af0a4185e87ea593f, Meta(creation_dt=datetime.datetime(2020, 3, 23, 16, 18, 58, tzinfo=<UTC>), creation_host='Olympus'))>
Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 724
Received response:
HTTP 200
Server: nginx
Date: Sat, 28 Mar 2020 15:55:55 GMT
Content-Type: application/json
Content-Length: 724
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"YGn-yx8l_BA": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org/docs/staging-environment/"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
Obtaining a new certificate
Requesting fresh nonce
Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Server: nginx
Date: Sat, 28 Mar 2020 15:55:57 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002dJ7v18Op1S6OJd5-HmAcEVhsh60eq3NefPYrmGVv37U
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Storing nonce: 0002dJ7v18Op1S6OJd5-HmAcEVhsh60eq3NefPYrmGVv37U
JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "acidalia.fr"\n }\n ]\n}'
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMjg3NDAzOCIsICJub25jZSI6ICIwMDAyZEo3djE4T3AxUzZPSmQ1LUhtQWNFVmhzaDYwZXEzTmVmUFlybUdWdjM3VSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "WnTa4isNG1TcKcAILQLFNeboOcmp4PqamtKt5Cz_jgnEv7-MfIKofGDgJu-YgtV6o8VsY7o01sBxIpmEz5jh0BPpD4u_ZAEuLA0Okr4YPuqGJXyjQzIm3RoZqr5Ifk_N87MOBcma_oWVmYSELfr5MDqTpxHVuzJXg65MJcKXicV3n566Iou0KQxB7j1HeGsC9Djh-FxI9dGt8esTYtnmcQwxYUHM0jAU1ewDF4UYtl5cxI294wN-y_zVG10k2i_K_BduJvh2tv2tdhErWgB3Dm82Ii5ok-riX_xtUQxlGKU5rdocI1I0cj6PtXvqL4Xr5PvAassAxqq3Aqwg7W2LCgjdmD8wccA02s05G9GyVJP47DFcXkqDejojy-h2lBvddIgLlfZuQRtjEK6-S16gtt6GF84nQ_xxeYkErI_ZL0QdLY5sRGmMhKi0-NY9514FtrmeaojPtGJz8i3DRsNQIVi-_H_kZG12POO2aDj7jSP1zI3YBN8l1NFnu3XHZ-N6mNT5XZwNzwnOzJS4KakLz0_QCPoEGy02SOrE_BwNYI0j7qxRSOXNn4c6XqJ6LKQpl6GSeqcOdgqb66lp4tfWa8PjJmUpdSxji3ru0Vyh1JABgOLRc0ipUULlDKcxPAh7eNRiUTSKx5-DCFbqlhvMrqFKqHIwalwQzzWSkJoXaqY",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImFjaWRhbGlhLmZyIgogICAgfQogIF0KfQ"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 353
Received response:
HTTP 201
Server: nginx
Date: Sat, 28 Mar 2020 15:55:57 GMT
Content-Type: application/json
Content-Length: 353
Connection: keep-alive
Boulder-Requester: 12874038
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/12874038/81635840
Replay-Nonce: 0001ZXFlBH6oUcyHCs2epbFaZgSvH48ycB9BA7PytrFPYB4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2020-04-04T15:55:57.854329852Z",
"identifiers": [
{
"type": "dns",
"value": "acidalia.fr"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/46010134"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/12874038/81635840"
}
Storing nonce: 0001ZXFlBH6oUcyHCs2epbFaZgSvH48ycB9BA7PytrFPYB4
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/46010134:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMjg3NDAzOCIsICJub25jZSI6ICIwMDAxWlhGbEJINm9VY3lIQ3MyZXBiRmFaZ1N2SDQ4eWNCOUJBN1B5dHJGUFlCNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My80NjAxMDEzNCJ9",
"signature": "PoXKfO5JXtu9yg5dKmzUMo0jX5hoxphTux0XdSSvlOg4ZOLJBzdtWUl7eKMv_bHSrUk_Yjoh8kZ8qD9OdCOyKK0ECOWNxra5Cna6utfpEjxWX8JQBSZyZ2XAUPJvfWO4Wqd0MRdc9Mo7Zuf5tv8tdGCrhVEthQJJo-UwMde9fyJpRADZk-YwbfnDb2-IdBG4jzzb_GaYS04IAtbqCM-H4pYqjVuZUlAlQke85v1oy-arGEYKukHRwHm_2k-BuiIcPi0O6gHrNbI4zR1og00dCOZaAHgDPzClz4DyJkDWP-f360JB6FjMVOrLzWx9Th4dsTTPijXCY9AWYH0kIUkMF4AQAdWd36dqDnkh0Hr6uY61DPVsvqzNbaFolCheO-03bDWStLlUh5weUV96vMJ7pnSGnFpL0h_j3cgDqYZuLu-uMgbhwAx-__WAugLsFzSXdgcGku0sScF5ySrEYTiX_kDJhM5lDXGcKzWlc2XLGgYlWf94v6iYjJNDP5c2Ov-tjax7_iOWc3SMb0iR2rSh5UjHeTkF5ssIotj26DYrFWDVHAXqNsRKkavz5RS50p37gImpJEGXQinbshqC6ZlciAJ6qjfzS25s2CgpMzQuBViWX3QiyQqXnofCM3MtJMizfLn83YJH0hkB9Oi85PVGv4oI4rCRjDNeh0A3dazVNgU",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/46010134 HTTP/1.1" 200 807
Received response:
HTTP 200
Server: nginx
Date: Sat, 28 Mar 2020 15:55:58 GMT
Content-Type: application/json
Content-Length: 807
Connection: keep-alive
Boulder-Requester: 12874038
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001J1y_CaXD61yanNzM6O5k1653JGQwYhCH-waq1zCGr9g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "acidalia.fr"
},
"status": "pending",
"expires": "2020-04-04T15:55:57Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/46010134/YSlrOQ",
"token": "Fdi1xpSuoZXr0nTVlT08d5QuzWg1we_9q8oWggL6qvU"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/46010134/SfGrzQ",
"token": "Fdi1xpSuoZXr0nTVlT08d5QuzWg1we_9q8oWggL6qvU"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/46010134/5l4vDg",
"token": "Fdi1xpSuoZXr0nTVlT08d5QuzWg1we_9q8oWggL6qvU"
}
]
}
Storing nonce: 0001J1y_CaXD61yanNzM6O5k1653JGQwYhCH-waq1zCGr9g
Performing the following challenges:
http-01 challenge for acidalia.fr
Using the webroot path /var/www/html for all unmatched domains.
Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
Attempting to save validation to /var/www/html/.well-known/acme-challenge/Fdi1xpSuoZXr0nTVlT08d5QuzWg1we_9q8oWggL6qvU
Waiting for verification...
JWS payload:
b'{\n "resource": "challenge",\n "type": "http-01"\n}'
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/46010134/YSlrOQ:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMjg3NDAzOCIsICJub25jZSI6ICIwMDAxSjF5X0NhWEQ2MXlhbk56TTZPNWsxNjUzSkdRd1loQ0gtd2FxMXpDR3I5ZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My80NjAxMDEzNC9ZU2xyT1EifQ",
"signature": "a_qsmXu_EkCCW9-P2mUy4ze30JBa4G3b2qbwQYRmjFmRZo5bpJHUhafRUeFbm9_TJGsZFitqhhUQA153upg9HIsfCXcwrI_96tVethmPB176MObCFlQJjzWgD0iLUKI-LYT5gWoktHQBM2P08bRdu9hkRXG-cIb9vvkTEyXOHtDFAce1mW9Zuz5e8JaEgXdYOt4CNl6_yGRRejCWOCNqLQK4Ko8_7b5htaqgSxIiazirb0_6yKlBxxDGSCuCAl_lfZkwE_wFEjgPs_qDsq38QBK8GA6o5Sv4VJh6c3ccorHIe0rSMAbbyD7la9AYh4EysrZb7lkrPay_7_WIcuV-rIzUmKwHot_0KwHXuoti7f68zjo0p4j0-xTlVP6OyKDXiO6RfaN1nepC-smgdwsOLWB9K15hvJ_PgbONt4GrXlEArSohDuRHGMcvfa2S6UP0-atlvl1U8fgZKnosd_hLYi40rCDyy7UlLlJZEQEIvPahv_ESbuP_dBaniVLeUUAsYNIQ21kkPxF0Ey6iaEo7fbx3mn040ASMCt-4ddipgmCDtaLrTyo7HUk2ClHCiZDVKMFOdcRo0GuSZXMZp-U0AawcJVIiJQAoBb2-DzVjuZRwctQp8N7yfsHcXmL-f6mWr1CestHtmjmr9wJ67nfGZYC1Wp1lKY6iu3n5GvY2hWQ",
"payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/46010134/YSlrOQ HTTP/1.1" 200 191
Received response:
HTTP 200
Server: nginx
Date: Sat, 28 Mar 2020 15:55:58 GMT
Content-Type: application/json
Content-Length: 191
Connection: keep-alive
Boulder-Requester: 12874038
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/46010134>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/46010134/YSlrOQ
Replay-Nonce: 0002oLfyE1AYMUjKVB3NdbmwB9BwwSDOsFlSyKK8H1e0yNk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/46010134/YSlrOQ",
"token": "Fdi1xpSuoZXr0nTVlT08d5QuzWg1we_9q8oWggL6qvU"
}
Storing nonce: 0002oLfyE1AYMUjKVB3NdbmwB9BwwSDOsFlSyKK8H1e0yNk
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/46010134:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMjg3NDAzOCIsICJub25jZSI6ICIwMDAyb0xmeUUxQVlNVWpLVkIzTmRibXdCOUJ3d1NET3NGbFN5S0s4SDFlMHlOayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My80NjAxMDEzNCJ9",
"signature": "hRHQMbobXJrpnbTCJ8AUfJq0MN6NUVgh59LutGXOUSamEzE8K95ubgvC5pJruJJP2mpr0XoaI2Rc6zVt6xwS5WIO3DGBM_bmwGPpLZk3m7nu64SXFj1NThsHkBWqEJUqHl8aeiKfqB84tqysp0baVXOzk7q-fiOIicJ-Xiy1lAJc4RxSeNWbbiz_alLSK0g0yGI7IHzRRNVSvJi37PLWkOI5aKt6ghpCGboEAM3Cj9kYuYT7Nt_f4ljQ76iJozVS9QUbOWQT4gImrQ7RE7nGSkRg6oM0jXbafMMX84KxQPVzJ1asLQpjwU9CyAPI5n9Td1kHRr1A7RB9izuiuKugfPtSjNmC_Do-JzprD247SJQ9btbU838IeKgjJCU4Vu-zdGYxC6rbTJ0vYyIfq4h3NGQGKdRTC2iyl6PZCRQaPFM7SvgH8kSEik7gR-7ReIgEyVkAjJMbkKNgog1YGMnjsolbg8M2R2cEk1WKBkwI2eBIWLmR4owpz6cUk3-NiXfprGE_Gpa6t8eL1qZEsAtMLir9ttRRtn0310EPsD-q6D3vbT79MAVKonTDAroiBAUoF3Lo9B3PXFO7uDSdRlcKNmYjUkLWEgfCg52VQTsTKW-BQPZrq2OgUZnKBb-kHlIGjEkbnazKHVACEoPX_MmQ_zKb9UABHjrSKJdWj36qpow",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/46010134 HTTP/1.1" 200 807
Received response:
HTTP 200
Server: nginx
Date: Sat, 28 Mar 2020 15:56:01 GMT
Content-Type: application/json
Content-Length: 807
Connection: keep-alive
Boulder-Requester: 12874038
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001hQrJCrICx0Y34aW6eWQUEP-YSIZfL8H9oBCgeHlw9GY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "acidalia.fr"
},
"status": "pending",
"expires": "2020-04-04T15:55:57Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/46010134/YSlrOQ",
"token": "Fdi1xpSuoZXr0nTVlT08d5QuzWg1we_9q8oWggL6qvU"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/46010134/SfGrzQ",
"token": "Fdi1xpSuoZXr0nTVlT08d5QuzWg1we_9q8oWggL6qvU"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/46010134/5l4vDg",
"token": "Fdi1xpSuoZXr0nTVlT08d5QuzWg1we_9q8oWggL6qvU"
}
]
}
Storing nonce: 0001hQrJCrICx0Y34aW6eWQUEP-YSIZfL8H9oBCgeHlw9GY
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/46010134:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMjg3NDAzOCIsICJub25jZSI6ICIwMDAxaFFySkNySUN4MFkzNGFXNmVXUVVFUC1ZU0laZkw4SDlvQkNnZUhsdzlHWSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My80NjAxMDEzNCJ9",
"signature": "TWCXs3N0DyxOur0EgLm1KZvqxmfFFCILM47O0x2aYJJNG0QDkIcur39X6PfaoZwBqoPjEaT7BYv6a07mxRY_Y8GuSECbuaz4QCqTYTwCr9GnCa47TUmTH9j_xdU1yCkh2xGONnlcqDywmxZQ2SRz31VAEM75Ndn8T1iD_BwwDc8oTS3mE-85gUEutxoYECExuM_WIaE6hVWex4jhIHXVx0yoilnWr3THkeSN18YKT5EZbaxX-ax23vqhGoeFdK7pObjqb9tvC2XNFYWm26MTIOvaIlHiV7PIZmb0L62WypSrol5oZJfHc5hK-Fzbzp3YFAyluGxQXmrQiHIbgGmFchAqh-oqQyPhhwCfW1VtCFDvLr1-kyqV-KKh7UplKeuXxUMzRkDqoqM0PZMlZOWeMvyXOsCeJ3e7FzBtfCDRT-OETNuEfce6kFSmPccKEGDIS_sQcm4BRGPbMU-Xe5ymmQDSiPWhk1vKgqrdn4wWJMCwEdG0t9vf_Q42k0oPp1f-2jMghr8dyTKVndzl9mcfhAReM7xCoqbBhhbtb7_REp3W1xSU0grAKYma6IrxZYzOm0YASBF28QRwC-__E-4BwHryzCifKicTH290qpzBSU8EFvVrXR2axALiQgnUHCr4hkzFBS-sVGZWOFsYM--thzcTwwYXbxgs4OL9iexlq5Q",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/46010134 HTTP/1.1" 200 1555
Received response:
HTTP 200
Server: nginx
Date: Sat, 28 Mar 2020 15:56:04 GMT
Content-Type: application/json
Content-Length: 1555
Connection: keep-alive
Boulder-Requester: 12874038
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002FVbR52QHI2pZfixOkpL_WbzWBbEclphL2I4fxUMm06U
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "acidalia.fr"
},
"status": "invalid",
"expires": "2020-04-04T15:55:57Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from https://acidalia.fr/.well-known/acme-challenge/Fdi1xpSuoZXr0nTVlT08d5QuzWg1we_9q8oWggL6qvU [88.120.30.159]: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody bgcolor=\\\"white\\\"\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003e\"",
"status": 403
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/46010134/YSlrOQ",
"token": "Fdi1xpSuoZXr0nTVlT08d5QuzWg1we_9q8oWggL6qvU",
"validationRecord": [
{
"url": "http://acidalia.fr/.well-known/acme-challenge/Fdi1xpSuoZXr0nTVlT08d5QuzWg1we_9q8oWggL6qvU",
"hostname": "acidalia.fr",
"port": "80",
"addressesResolved": [
"88.120.30.159"
],
"addressUsed": "88.120.30.159"
},
{
"url": "https://acidalia.fr/.well-known/acme-challenge/Fdi1xpSuoZXr0nTVlT08d5QuzWg1we_9q8oWggL6qvU",
"hostname": "acidalia.fr",
"port": "443",
"addressesResolved": [
"88.120.30.159"
],
"addressUsed": "88.120.30.159"
}
]
}
]
}
Storing nonce: 0002FVbR52QHI2pZfixOkpL_WbzWBbEclphL2I4fxUMm06U
Reporting to user: The following errors were reported by the server:
Domain: acidalia.fr
Type: unauthorized
Detail: Invalid response from https://acidalia.fr/.well-known/acme-challenge/Fdi1xpSuoZXr0nTVlT08d5QuzWg1we_9q8oWggL6qvU [88.120.30.159]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. acidalia.fr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://acidalia.fr/.well-known/acme-challenge/Fdi1xpSuoZXr0nTVlT08d5QuzWg1we_9q8oWggL6qvU [88.120.30.159]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"
Calling registered functions
Cleaning up challenges
Removing /var/www/html/.well-known/acme-challenge/Fdi1xpSuoZXr0nTVlT08d5QuzWg1we_9q8oWggL6qvU
All challenges cleaned up
Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1250, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 410, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. acidalia.fr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://acidalia.fr/.well-known/acme-challenge/Fdi1xpSuoZXr0nTVlT08d5QuzWg1we_9q8oWggL6qvU [88.120.30.159]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"
Please see the logfiles in /var/log/letsencrypt for more details.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: acidalia.fr
Type: unauthorized
Detail: Invalid response from
https://acidalia.fr/.well-known/acme-challenge/Fdi1xpSuoZXr0nTVlT08d5QuzWg1we_9q8oWggL6qvU
[88.120.30.159]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
Not Found</h1></center>\r\n<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): NGINX v 1.14.0 (Ubuntu) and my VHost definition:
server {
listen 80 default_server;
#listen [::]:80 default_server;
root /var/www/html;
#index index.html index.htm index.nginx-debian.html;
index index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
include /etc/nginx/snippets/certbot.conf;
}
server {
listen 443 ssl default_server;
server_name _;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
#include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
#index index.html index.htm;
index index-sec.nginx.html;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
include /etc/nginx/snippets/certbot.conf;
}
The operating system my web server runs on is (include version): Kubuntu v 18.04
My hosting provider, if applicable, is: None
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Certbot v 0.31.0
