Failed authorization procedure.

05:39:30 ubuntu@ubuntu-VirtualBox:~/letsencrypt$ sudo cat /var/log/letsencrypt/letsencrypt.log
2015-12-04 10:37:48,274:DEBUG:letsencrypt.cli:Root logging level set at 20
2015-12-04 10:37:48,275:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2015-12-04 10:37:48,283:DEBUG:letsencrypt.cli:letsencrypt version: 0.1.0
2015-12-04 10:37:48,283:DEBUG:letsencrypt.cli:Arguments: [’–verbose’]
2015-12-04 10:37:48,286:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2015-12-04 10:37:48,290:DEBUG:letsencrypt.cli:Requested authenticator None and installer None
2015-12-04 10:37:48,489:DEBUG:letsencrypt.display.ops:Single candidate plugin: * apache
Description: Apache Web Server - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = letsencrypt_apache.configurator:ApacheConfigurator
Initialized: <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7f3c17a80f90>
Prep: True
2015-12-04 10:37:48,490:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7f3c17a80f90> and installer <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7f3c17a80f90>
2015-12-04 10:38:00,209:DEBUG:letsencrypt.cli:Picked account: <Account(be34f148c62dba707c6c26cb58311eee)>
2015-12-04 10:38:00,211:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2015-12-04 10:38:00,218:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-04 10:38:00,540:DEBUG:requests.packages.urllib3.connectionpool:“GET /directory HTTP/1.1” 200 263
2015-12-04 10:38:00,544:DEBUG:root:Received <Response [200]>. Headers: {‘Content-Length’: ‘263’, ‘Expires’: ‘Fri, 04 Dec 2015 10:38:00 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Fri, 04 Dec 2015 10:38:00 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘vBypyUaA3TvTJrcFO7orAnHhjnebgH1d68AAfMnCEuk’}. Content: '{“new-authz”:“https://acme-v01.api.letsencrypt.org/acme/new-authz",“new-cert”:“https://acme-v01.api.letsencrypt.org/acme/new-cert”,“new-reg”:“https://acme-v01.api.letsencrypt.org/acme/new-reg”,“revoke-cert”:"https://acme-v01.api.letsencrypt.org/acme/revoke-cert”}'
2015-12-04 10:38:00,545:DEBUG:acme.client:Received response <Response [200]> (headers: {‘Content-Length’: ‘263’, ‘Expires’: ‘Fri, 04 Dec 2015 10:38:00 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Fri, 04 Dec 2015 10:38:00 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘vBypyUaA3TvTJrcFO7orAnHhjnebgH1d68AAfMnCEuk’}): ‘{“new-authz”:“https://acme-v01.api.letsencrypt.org/acme/new-authz",“new-cert”:“https://acme-v01.api.letsencrypt.org/acme/new-cert”,“new-reg”:“https://acme-v01.api.letsencrypt.org/acme/new-reg”,“revoke-cert”:"https://acme-v01.api.letsencrypt.org/acme/revoke-cert”}‘
2015-12-04 10:38:00,752:INFO:letsencrypt.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0001_key-letsencrypt.pem
2015-12-04 10:38:00,762:INFO:letsencrypt.crypto_util:Creating CSR: /etc/letsencrypt/csr/0001_csr-letsencrypt.pem
2015-12-04 10:38:00,770:DEBUG:letsencrypt.client:CSR: CSR(file=’/etc/letsencrypt/csr/0001_csr-letsencrypt.pem’, data=‘0\x82\x02\x9e0\x82\x01\x86\x02\x01\x000#1!0\x1f\x06\x03U\x04\x03\x0c\x18puppetmaster.duckdns.org0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xda\xbd/\xa1%\x00\xc7g\xd0\x06;\xe4\x10\x98U\x05|s*\x1b\x8a\xb4\xf6\xa8\x01\xc4\x04\xfc\xc4\x1cn|\xcd\x88K\xb6tOz\x94\xe7\xa1QmX{\xb4\n\xa4\xd3\x8df\xdb>\x88\x06<\xbf\xfa\x84>\x08t\x8b\x02K\xa6)G\xcb#z\x87\xe0\xe2\xedz\xd1\xc5\x8a\xaf\x0eF}zi\xd7f\x07\xac\x14\x9e\xa5\x014\xed\xf4\xe8\xeeW\xde:\xa5\x9aXst\xbc\x031\x0e)\x98\xc8\x87E\x89\x17\xd6\xbe\\xef\xc5\x19\xe8\xa0\x0b\x8a\xb4\xa1{\x9ehv\x84hle\xd1R\x85\xad\xea!1\n\xe8\x80\r\xe0\x07A*:\xa1\xa2;\xe0h\x9f\xb6\xdanI\xdf\xc5\xe6n/\xe05>bl\x80\xd8\x17\x9fB\x99\xd8\xf1\x18\r\xe9x\x86|\t\x0eN\xa9\x19\xc7\x15\xa2\xde2f\x84\xb5\x1b:O\xcdM\x0ewy.k\x1b\x1a!\x86<=\x8f\x9b{|f\t\x06\xb8\x8d1\x86\xc0\x83\xb6\xc41\xef\x02\xb4\xd8\x8e\xc7o\x08\x01\x7fc\x193[&\xebeh\xa4\t\x02\x03\x01\x00\x01\xa0604\x06\t*\x86H\x86\xf7\r\x01\t\x0e1’0%0#\x06\x03U\x1d\x11\x04\x1c0\x1a\x82\x18puppetmaster.duckdns.org0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x90\x95d\x01\xd1ZTTHh\x1c\xb4\xf6\x7f\x1d\x1b\x03\x052u\x94\x03\xb6\x1e\xa9\x7f\x96\x9e\x8f\xbd2\xee,\x8a\xe1d\x14\x9d\xe5\x0c\x1f\x8a\xf6(\x95\xf6IG\x84\xd7F\xcc\xf5\x10\x02\x02\xd25\x83D\x92\xd4\nz\x01\xdap\x96*\xc4\xa3\xc8\x17I\xbar_\x8a\xfb\xb4\xa5\x8e\xe3\x9e\xc9\xe1\xac\xa8\xdf\xf3\xa0\xf0\x08v\x03\xdbhDeT\x0c`{A\xf8\xc0CR\x14\x08\xf2e\xd9&\xdfN\xc1/\xd7\x03\x16\x00\x8a<P%\xe9q\x07\xc1\x99Y\xeb\x16WS\xb2\xf5\xa3\xd3\xcfS@\x0c\x0f\x91\xdb\xfa\xeb\xda\x81\xd7l\x8f\xed/\x9a\xf9\xa6\x9b\xcfT\x14\xe7\xaf\xe9\x82\s\xfc\xb3\xdc\x1d\x9a\x117\x16_u\x12\xde|\xfa\x0b\x81\xac\xf6f\xa1^\xe6T\xd8\x14&T\nTq\xf5\xa2\xa9!5\xa5\x96\xb7\xe7\x9c\xc7f\xf3\x8f|\xc7\xa7\x87\x00\x0bA\x8c\xfb\x9a\xf7\xc9\xde*//\x97/\/\x96\x91\tX\xcaEFE\x19\xa7,lI\xe1 \xadX\xc2\xf9\xf7\xbc\xe7\x8c’, form=‘der’), domains: [‘puppetmaster.duckdns.org’]
2015-12-04 10:38:00,771:DEBUG:root:Requesting fresh nonce
2015-12-04 10:38:00,771:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2015-12-04 10:38:00,772:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-04 10:38:01,086:DEBUG:requests.packages.urllib3.connectionpool:“HEAD /acme/new-authz HTTP/1.1” 405 0
2015-12-04 10:38:01,090:DEBUG:root:Received <Response [405]>. Headers: {‘Content-Length’: ‘0’, ‘Pragma’: ‘no-cache’, ‘Expires’: ‘Fri, 04 Dec 2015 10:38:01 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Allow’: ‘POST’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Fri, 04 Dec 2015 10:38:01 GMT’, ‘Content-Type’: ‘application/problem+json’, ‘Replay-Nonce’: ‘vsDLmSNphohMjEPxPtUuLpR_vrhioa56QbRTgdk1wLw’}. Content: ''
2015-12-04 10:38:01,091:DEBUG:acme.client:Storing nonce: '\xbe\xc0\xcb\x99#i\x86\x88L\x8cC\xf1>\xd5…\x94\x7f\xbe\xb8b\xa1\xaezA\xb4S\x81\xd95\xc0\xbc’
2015-12-04 10:38:01,091:DEBUG:acme.jose.json_util:Omitted empty fields: status=None, combinations=None, expires=None, challenges=None
2015-12-04 10:38:01,092:DEBUG:acme.client:Serialized JSON: {“identifier”: {“type”: “dns”, “value”: “puppetmaster.duckdns.org”}, “resource”: “new-authz”}
2015-12-04 10:38:01,094:DEBUG:acme.jose.json_util:Omitted empty fields: cty=None, x5t=None, crit=(), x5tS256=None, x5u=None, x5c=(), alg=None, jku=None, typ=None, kid=None, jwk=None
2015-12-04 10:38:01,098:DEBUG:acme.jose.json_util:Omitted empty fields: cty=None, x5t=None, crit=(), x5tS256=None, x5u=None, x5c=(), jku=None, typ=None, kid=None, nonce=None
2015-12-04 10:38:01,098:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {‘data’: ‘{“header”: {“alg”: “RS256”, “jwk”: {“e”: “AQAB”, “kty”: “RSA”, “n”: “zOPbHl7gK2VAJmKr9O4mc5h_-GbhEWCiHKGtnYB8PosgbrbSzg05EwKfAAWqgJfXNbvmBMe0RnoB_IJ0Lsl5HgoKJR_Q2ZZ0DiqOvJEpbTdvJHashP1lJU1tPvlK2YFRRC_1Dp2hWEzeN3yayR9cX8hunSiF24woqARJi7lktU1GKvmmxopr2G_uVbbKiOwnObR7JSvXc5hVuGCiRh3RqmE8kVr0Q89mP1OM_FBxahk4vZvMq1Ev8EYXONSXDkxdxa7A_4OQGKwUDzvLyUZgGOmp2PiQqUmHQ_BflsmU_MyiCU7OZxLL8ovZnqYTXZi96dOUyuMGtDPnXVx5ZnXGFQ”}}, “protected”: “eyJub25jZSI6ICJ2c0RMbVNOcGhvaE1qRVB4UHRVdUxwUl92cmhpb2E1NlFiUlRnZGsxd0x3In0”, “payload”: “eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJwdXBwZXRtYXN0ZXIuZHVja2Rucy5vcmcifSwgInJlc291cmNlIjogIm5ldy1hdXRoeiJ9”, “signature”: “Tsf6e-mmipv5UjZi4KbkveMEZD9edQfsTgAxOJQZLxgzOMP4-yqKvmuHbrJHt2Unzmp1dSOrAbWRSy5RMKdNXsRRvnFaZIK2jgjc1rmeQotAvGqixFUljgPzvIfNuWMzICQEvfmA91gNh0w6lGdModT7QZVNksmWV_flEcG2X6ogUl9fwjsxL206gS_WirwIi8Z-57jx2r93yALkvAhmEqCUy-m-vWWRXqidiyPlqYhJnGXqAXoIVMBMGtY1Bll6k_-qZop3z39DX8OtupVPx-Ans7dvWCGkQYNDFyldhVBpm5Bo0BKB-NEYOf-Jpm_RegFLEDaY9oV8CwOyKOc–Q”}’}
2015-12-04 10:38:01,100:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-04 10:38:01,436:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-authz HTTP/1.1” 201 575
2015-12-04 10:38:01,440:DEBUG:root:Received <Response [201]>. Headers: {‘Content-Length’: ‘575’, ‘Expires’: ‘Fri, 04 Dec 2015 10:38:01 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Fri, 04 Dec 2015 10:38:01 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: 'opd5-GGDmhGi4VJS6Lmgs567bzL63V1IZazWOPCXtk’}. Content: '{“identifier”:{“type”:“dns”,“value”:“puppetmaster.duckdns.org”},“status”:“pending”,“expires”:“2015-12-11T10:38:01.322233554Z”,“challenges”:[{“type”:“http-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk/711833",“token”:“nfL7UGrDmub0JoV8I7WdcuxeL4wRCVgbXt4QK5zcH7U”},{“type”:“tls-sni-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk/711834”,“token”:“Bjb3731uMi8BPUWu6TZS1JfWkVYRwvM6v4nS320iU_E”}],"combinations”:[[1],[0]]}'
2015-12-04 10:38:01,441:DEBUG:acme.client:Storing nonce: '\xa2\x97y\xfb\xf1\x86\x0ehF\x8b\x85IK\xa2\xe6\x82\xcez\xed\xbc\xcb\xebuu!\x96\xb3X\xe3\xc2^\xd9’
2015-12-04 10:38:01,441:DEBUG:acme.client:Received response <Response [201]> (headers: {‘Content-Length’: ‘575’, ‘Expires’: ‘Fri, 04 Dec 2015 10:38:01 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Fri, 04 Dec 2015 10:38:01 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘opd5-GGDmhGi4VJS6Lmgs567bzL63V1IZazWOPCXtk’}): '{“identifier”:{“type”:“dns”,“value”:“puppetmaster.duckdns.org”},“status”:“pending”,“expires”:“2015-12-11T10:38:01.322233554Z”,“challenges”:[{“type”:“http-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk/711833",“token”:“nfL7UGrDmub0JoV8I7WdcuxeL4wRCVgbXt4QK5zcH7U”},{“type”:“tls-sni-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk/711834”,“token”:“Bjb3731uMi8BPUWu6TZS1JfWkVYRwvM6v4nS320iU_E”}],"combinations”:[[1],[0]]}'
2015-12-04 10:38:01,442:INFO:letsencrypt.auth_handler:Performing the following challenges:
2015-12-04 10:38:01,458:INFO:letsencrypt.auth_handler:tls-sni-01 challenge for puppetmaster.duckdns.org
2015-12-04 10:38:01,507:DEBUG:letsencrypt_apache.configurator:Enabled dependency of ssl module - socache_shmcb
2015-12-04 10:38:01,539:INFO:letsencrypt_apache.configurator:Enabled Apache ssl module
2015-12-04 10:38:01,815:DEBUG:letsencrypt.reverter:Creating backup of /etc/apache2/apache2.conf
2015-12-04 10:38:04,908:INFO:letsencrypt.auth_handler:Waiting for verification…
2015-12-04 10:38:04,925:DEBUG:acme.client:Serialized JSON: {“keyAuthorization”: “Bjb3731uMi8BPUWu6TZS1JfWkVYRwvM6v4nS320iU_E.FMkr84zxmKVoCZGF6ShoBT_2TbFDVM3Y-n5nDxloS28”, “type”: “tls-sni-01”, “resource”: “challenge”}
2015-12-04 10:38:04,927:DEBUG:acme.jose.json_util:Omitted empty fields: cty=None, x5t=None, crit=(), x5tS256=None, x5u=None, x5c=(), alg=None, jku=None, typ=None, kid=None, jwk=None
2015-12-04 10:38:04,932:DEBUG:acme.jose.json_util:Omitted empty fields: cty=None, x5t=None, crit=(), x5tS256=None, x5u=None, x5c=(), jku=None, typ=None, kid=None, nonce=None
2015-12-04 10:38:04,932:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk/711834. args: (), kwargs: {‘data’: '{“header”: {“alg”: “RS256”, “jwk”: {“e”: “AQAB”, “kty”: “RSA”, “n”: "zOPbHl7gK2VAJmKr9O4mc5h-GbhEWCiHKGtnYB8PosgbrbSzg05EwKfAAWqgJfXNbvmBMe0RnoB_IJ0Lsl5HgoKJR_Q2ZZ0DiqOvJEpbTdvJHashP1lJU1tPvlK2YFRRC_1Dp2hWEzeN3yayR9cX8hunSiF24woqARJi7lktU1GKvmmxopr2G_uVbbKiOwnObR7JSvXc5hVuGCiRh3RqmE8kVr0Q89mP1OM_FBxahk4vZvMq1Ev8EYXONSXDkxdxa7A_4OQGKwUDzvLyUZgGOmp2PiQqUmHQ_BflsmU_MyiCU7OZxLL8ovZnqYTXZi96dOUyuMGtDPnXVx5ZnXGFQ"}}, “protected”: “eyJub25jZSI6ICJvcGQ1LV9HR0RtaEdpNFZKUzZMbWdzNTY3YnpMNjNWMUlaYXpXT1BDWHRrIn0”, “payload”: “eyJrZXlBdXRob3JpemF0aW9uIjogIkJqYjM3MzF1TWk4QlBVV3U2VFpTMUpmV2tWWVJ3dk02djRuUzMyMGlVX0UuRk1rcjg0enhtS1ZvQ1pHRjZTaG9CVF8yVGJGRFZNM1ktbjVuRHhsb1MyOCIsICJ0eXBlIjogInRscy1zbmktMDEiLCAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIn0”, “signature”: “W7JkuS3ChdMBZTv4WByfliV-qWvUQuLIB7UZXrclYX9SMdYt6Q-dDdOE4K6vZ5MC0ev5iKIZ2W-Gysw8P3rkyEdwWOsAvqNsZWXqUl4hI37MifEjFlmO_vui9gFbMTsT-l1MmsZ7D3sN2IYv99aqep5v5aNwi9JKdRDLXHJshBTw3z30HqQEHWR_MIz8V8H0UjieIVY4mSkJRzW2UTVpOwN3oIx6xfU7wu8bkvpPQ6NDnMkR3ycvKwUbmzdiD-AjRrfHnxJBCzW80m0vQ1ZPe1xBu0lNfmkoU2D9TuQL8nSqJX5rEH7TnybUhVOR9e_LgngDIKxStGOSj-hyNf3ZpQ”}’}
2015-12-04 10:38:04,934:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-04 10:38:05,267:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/challenge/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk/711834 HTTP/1.1” 202 314
2015-12-04 10:38:05,270:DEBUG:root:Received <Response [202]>. Headers: {‘Content-Length’: ‘314’, ‘Expires’: ‘Fri, 04 Dec 2015 10:38:05 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk;rel=“up”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/challenge/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk/711834’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Fri, 04 Dec 2015 10:38:05 GMT’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘hx7az7IJI5NStwTa-nm5qqHoptRuR1cVrKjadF_ZSk4’}. Content: '{“type”:“tls-sni-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk/711834",“token”:“Bjb3731uMi8BPUWu6TZS1JfWkVYRwvM6v4nS320iU_E”,“keyAuthorization”:"Bjb3731uMi8BPUWu6TZS1JfWkVYRwvM6v4nS320iU_E.FMkr84zxmKVoCZGF6ShoBT_2TbFDVM3Y-n5nDxloS28”}'
2015-12-04 10:38:05,271:DEBUG:acme.client:Storing nonce: '\x87\x1e\xda\xcf\xb2\t#\x93R\xb7\x04\xda\xfay\xb9\xaa\xa1\xe8\xa6\xd4nGW\x15\xac\xa8\xdat\xd9JN’
2015-12-04 10:38:05,272:DEBUG:acme.client:Received response <Response [202]> (headers: {‘Content-Length’: ‘314’, ‘Expires’: ‘Fri, 04 Dec 2015 10:38:05 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk;rel=“up”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/challenge/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk/711834’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Fri, 04 Dec 2015 10:38:05 GMT’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘hx7az7IJI5NStwTa-nm5qqHoptRuR1cVrKjadF_ZSk4’}): '{“type”:“tls-sni-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk/711834",“token”:“Bjb3731uMi8BPUWu6TZS1JfWkVYRwvM6v4nS320iU_E”,“keyAuthorization”:"Bjb3731uMi8BPUWu6TZS1JfWkVYRwvM6v4nS320iU_E.FMkr84zxmKVoCZGF6ShoBT_2TbFDVM3Y-n5nDxloS28”}'
2015-12-04 10:38:08,277:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk. args: (), kwargs: {}
2015-12-04 10:38:08,279:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-04 10:38:08,635:DEBUG:requests.packages.urllib3.connectionpool:“GET /acme/authz/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk HTTP/1.1” 200 674
2015-12-04 10:38:08,638:DEBUG:root:Received <Response [200]>. Headers: {‘Content-Length’: ‘674’, ‘Expires’: ‘Fri, 04 Dec 2015 10:38:08 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Fri, 04 Dec 2015 10:38:08 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘L2X-u4iKwUbp3ZJ9o4v8egLVp9wDoNEcwc6mh0j86Ww’}. Content: '{“identifier”:{“type”:“dns”,“value”:“puppetmaster.duckdns.org”},“status”:“pending”,“expires”:“2015-12-11T10:38:01Z”,“challenges”:[{“type”:“http-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk/711833",“token”:“nfL7UGrDmub0JoV8I7WdcuxeL4wRCVgbXt4QK5zcH7U”},{“type”:“tls-sni-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk/711834”,“token”:“Bjb3731uMi8BPUWu6TZS1JfWkVYRwvM6v4nS320iU_E”,“keyAuthorization”:“Bjb3731uMi8BPUWu6TZS1JfWkVYRwvM6v4nS320iU_E.FMkr84zxmKVoCZGF6ShoBT_2TbFDVM3Y-n5nDxloS28”}],"combinations”:[[1],[0]]}'
2015-12-04 10:38:08,639:DEBUG:acme.client:Received response <Response [200]> (headers: {‘Content-Length’: ‘674’, ‘Expires’: ‘Fri, 04 Dec 2015 10:38:08 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Fri, 04 Dec 2015 10:38:08 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘L2X-u4iKwUbp3ZJ9o4v8egLVp9wDoNEcwc6mh0j86Ww’}): '{“identifier”:{“type”:“dns”,“value”:“puppetmaster.duckdns.org”},“status”:“pending”,“expires”:“2015-12-11T10:38:01Z”,“challenges”:[{“type”:“http-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk/711833",“token”:“nfL7UGrDmub0JoV8I7WdcuxeL4wRCVgbXt4QK5zcH7U”},{“type”:“tls-sni-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk/711834”,“token”:“Bjb3731uMi8BPUWu6TZS1JfWkVYRwvM6v4nS320iU_E”,“keyAuthorization”:“Bjb3731uMi8BPUWu6TZS1JfWkVYRwvM6v4nS320iU_E.FMkr84zxmKVoCZGF6ShoBT_2TbFDVM3Y-n5nDxloS28”}],"combinations”:[[1],[0]]}'
2015-12-04 10:38:11,644:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk. args: (), kwargs: {}
2015-12-04 10:38:11,647:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-04 10:38:11,992:DEBUG:requests.packages.urllib3.connectionpool:“GET /acme/authz/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk HTTP/1.1” 200 918
2015-12-04 10:38:11,995:DEBUG:root:Received <Response [200]>. Headers: {‘Content-Length’: ‘918’, ‘Expires’: ‘Fri, 04 Dec 2015 10:38:11 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Fri, 04 Dec 2015 10:38:11 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘ugWOT8xg3UYo2D2z_Cl9w2TxTxr83-lhddtQ_-oGdQk’}. Content: '{“identifier”:{“type”:“dns”,“value”:“puppetmaster.duckdns.org”},“status”:“invalid”,“expires”:“2015-12-11T10:38:01Z”,“challenges”:[{“type”:“http-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk/711833",“token”:“nfL7UGrDmub0JoV8I7WdcuxeL4wRCVgbXt4QK5zcH7U”},{“type”:“tls-sni-01”,“status”:“invalid”,“error”:{“type”:“urn:acme:error:connection”,“detail”:"Failed to connect to host for DVSNI challenge”},“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk/711834",“token”:“Bjb3731uMi8BPUWu6TZS1JfWkVYRwvM6v4nS320iU_E”,“keyAuthorization”:“Bjb3731uMi8BPUWu6TZS1JfWkVYRwvM6v4nS320iU_E.FMkr84zxmKVoCZGF6ShoBT_2TbFDVM3Y-n5nDxloS28”,“validationRecord”:[{“hostname”:“puppetmaster.duckdns.org”,“port”:“443”,“addressesResolved”:[“82.131.86.232”],“addressUsed”:“82.131.86.232”}]}],"combinations”:[[1],[0]]}'
2015-12-04 10:38:11,996:DEBUG:acme.client:Received response <Response [200]> (headers: {‘Content-Length’: ‘918’, ‘Expires’: ‘Fri, 04 Dec 2015 10:38:11 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Fri, 04 Dec 2015 10:38:11 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘ugWOT8xg3UYo2D2z_Cl9w2TxTxr83-lhddtQ_-oGdQk’}): '{“identifier”:{“type”:“dns”,“value”:“puppetmaster.duckdns.org”},“status”:“invalid”,“expires”:“2015-12-11T10:38:01Z”,“challenges”:[{“type”:“http-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk/711833",“token”:“nfL7UGrDmub0JoV8I7WdcuxeL4wRCVgbXt4QK5zcH7U”},{“type”:“tls-sni-01”,“status”:“invalid”,“error”:{“type”:“urn:acme:error:connection”,“detail”:"Failed to connect to host for DVSNI challenge”},“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/tu-8IbSz-wtDO2c1cWPuBvsEcd_Pg0VLTgmEBqfu1bk/711834",“token”:“Bjb3731uMi8BPUWu6TZS1JfWkVYRwvM6v4nS320iU_E”,“keyAuthorization”:“Bjb3731uMi8BPUWu6TZS1JfWkVYRwvM6v4nS320iU_E.FMkr84zxmKVoCZGF6ShoBT_2TbFDVM3Y-n5nDxloS28”,“validationRecord”:[{“hostname”:“puppetmaster.duckdns.org”,“port”:“443”,“addressesResolved”:[“82.131.86.232”],“addressUsed”:“82.131.86.232”}]}],"combinations”:[[1],[0]]}'
2015-12-04 10:38:11,998:INFO:letsencrypt.reporter:Reporting to user: The following ‘urn:acme:error:connection’ errors were reported by the server:

Domains: puppetmaster.duckdns.org
Error: The server could not connect to the client for DV
2015-12-04 10:38:12,015:INFO:letsencrypt.auth_handler:Cleaning up challenges
2015-12-04 10:38:12,263:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
File “/home/ubuntu/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/home/ubuntu/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 1283, in main
return args.func(args, config, plugins)
File “/home/ubuntu/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 470, in run
lineage = _auth_from_domains(le_client, config, domains)
File “/home/ubuntu/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 336, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File “/home/ubuntu/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 283, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File “/home/ubuntu/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 266, in obtain_certificate
return self._obtain_certificate(domains, csr) + (key, csr)
File “/home/ubuntu/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 224, in _obtain_certificate
authzr = self.auth_handler.get_authorizations(domains)
File “/home/ubuntu/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 84, in get_authorizations
self._respond(cont_resp, dv_resp, best_effort)
File “/home/ubuntu/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 142, in _respond
self._poll_challenges(chall_update, best_effort)
File “/home/ubuntu/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 204, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. puppetmaster.duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client for DV :: Failed to connect to host for DVSNI challenge

05:39:37 ubuntu@ubuntu-VirtualBox:~/letsencrypt$

It seems like the host where you try to issue the certificate for is not reachable from the internet. From your hostname I assume you’re running a virtual machine on your computer at home or your office, is that right?
let’s encrypt needs to connect to your virtual machines webserver in order to validate you own the domain you wanna issue the certificate for.

i have open port 80, do i need open port 443?

Opened port 443 same error.

Is your machine directly accessible from the internet on that port and under the domain you request the certificate for?
Only if that is the case you can get a certificate.

Thank you RouL, i went to irc channel and figured out
that both ports
80 and 433 must be opened. I use port forwarding in firewall.

then i managed to get certificate using command:

./letsencrypt-auto certonly --standalone --email esc@kelder.ee -d puppetmaster.duckdns.org

when i tried
./letsencrypt-auto

i got error Failed authorization procedure. puppetmaster.duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client for DV :: Failed to connect to host for DVSNI challenge

My Setup:

05:20:50 ubuntu@ubuntu-VirtualBox:~/letsencrypt$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 15.04
Release: 15.04
Codename: vivid

08:40:11 ubuntu@ubuntu-VirtualBox:~/letsencrypt$ apachectl -V
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
Server version: Apache/2.4.10 (Ubuntu)
Server built: Mar 9 2015 11:53:48
Server’s Module Magic Number: 20120211:37
Server loaded: APR 1.5.1, APR-UTIL 1.5.4
Compiled using: APR 1.5.1, APR-UTIL 1.5.4
Architecture: 64-bit
Server MPM: prefork
threaded: no
forked: yes (variable process count)
Server compiled with…
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/etc/apache2"
-D SUEXEC_BIN="/usr/lib/apache2/suexec"
-D DEFAULT_PIDLOG="/var/run/apache2.pid"
-D DEFAULT_SCOREBOARD=“logs/apache_runtime_status”
-D DEFAULT_ERRORLOG=“logs/error_log”
-D AP_TYPES_CONFIG_FILE=“mime.types”
-D SERVER_CONFIG_FILE="apache2.conf"
08:40:12 ubuntu@ubuntu-VirtualBox:~/letsencrypt$

Apache ssl listener is unconfigured maybe this is problem?

You’re trying to get the certificate with the standalone authorization plugin? Did you turned off the apache for it? Because you have to when using standalone. You could also try using the webroot authorization plugin. Instead of using --standalone you can use --webroot -w /path/to/webroot/of/the/used/web. Also I’ve seen, I can establish a connection with HTTP to your web, but not with HTTPS. The errorcode, firefox is showing is “ssl_error_rx_record_too_long”.