I’m attempting to setup a wildcard certificate however it’s giving me troubles
My domain is: gavinc.dev
I ran this command:
sudo certbot --dns-google --dns-google-credentials ~/.secrets/certbot/google.json -d ‘*.gavinc.dev’ -i nginx
It produced this output:
Failed to retrieve access token: {“error”:“invalid_grant”,“error_description”:“Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values in the JWT claim.”}
Cleaning up challenges
Attempting refresh to obtain initial access_token
Refreshing access_token
Failed to retrieve access token: {“error”:“invalid_grant”,“error_description”:“Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values in the JWT claim.”}
Encountered exception during recovery:
Traceback (most recent call last):
File “/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py”, line 70, in handle_authorizations
resps = self.auth.perform(achalls)
File “/usr/lib/python3.8/site-packages/certbot/plugins/dns_common.py”, line 57, in perform
self._perform(domain, validation_domain_name, validation)
File “/usr/lib/python3.8/site-packages/certbot_dns_google/_internal/dns_google.py”, line 70, in _perform
self._get_google_client().add_txt_record(domain, validation_name, validation, self.ttl)
File “/usr/lib/python3.8/site-packages/certbot_dns_google/_internal/dns_google.py”, line 113, in add_txt_record
zone_id = self._find_managed_zone_id(domain)
File “/usr/lib/python3.8/site-packages/certbot_dns_google/_internal/dns_google.py”, line 271, in _find_managed_zone_id
response = request.execute()
File “/usr/lib/python3.8/site-packages/googleapiclient/_helpers.py”, line 134, in positional_wrapper
return wrapped(*args, **kwargs)
File “/usr/lib/python3.8/site-packages/googleapiclient/http.py”, line 892, in execute
resp, content = _retry_request(
File “/usr/lib/python3.8/site-packages/googleapiclient/http.py”, line 177, in _retry_request
resp, content = http.request(uri, method, *args, **kwargs)
File “/usr/lib/python3.8/site-packages/oauth2client/transport.py”, line 159, in new_request
credentials._refresh(orig_request_method)
File “/usr/lib/python3.8/site-packages/oauth2client/client.py”, line 749, in _refresh
self._do_refresh_request(http)
File “/usr/lib/python3.8/site-packages/oauth2client/client.py”, line 819, in _do_refresh_request
raise HttpAccessTokenRefreshError(error_msg, status=resp.status)
oauth2client.client.HttpAccessTokenRefreshError: invalid_grant: Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values in the JWT claim.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/lib/python3.8/site-packages/certbot/_internal/error_handler.py”, line 125, in _call_registered
self.funcs-1
File “/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py”, line 243, in _cleanup_challenges
self.auth.cleanup(achalls)
File “/usr/lib/python3.8/site-packages/certbot/plugins/dns_common.py”, line 76, in cleanup
self._cleanup(domain, validation_domain_name, validation)
File “/usr/lib/python3.8/site-packages/certbot_dns_google/_internal/dns_google.py”, line 73, in _cleanup
self._get_google_client().del_txt_record(domain, validation_name, validation, self.ttl)
File “/usr/lib/python3.8/site-packages/certbot_dns_google/_internal/dns_google.py”, line 180, in del_txt_record
zone_id = self._find_managed_zone_id(domain)
File “/usr/lib/python3.8/site-packages/certbot_dns_google/_internal/dns_google.py”, line 271, in _find_managed_zone_id
response = request.execute()
File “/usr/lib/python3.8/site-packages/googleapiclient/_helpers.py”, line 134, in positional_wrapper
return wrapped(*args, **kwargs)
File “/usr/lib/python3.8/site-packages/googleapiclient/http.py”, line 892, in execute
resp, content = _retry_request(
File “/usr/lib/python3.8/site-packages/googleapiclient/http.py”, line 177, in _retry_request
resp, content = http.request(uri, method, *args, **kwargs)
File “/usr/lib/python3.8/site-packages/oauth2client/transport.py”, line 159, in new_request
credentials._refresh(orig_request_method)
File “/usr/lib/python3.8/site-packages/oauth2client/client.py”, line 749, in _refresh
self._do_refresh_request(http)
File “/usr/lib/python3.8/site-packages/oauth2client/client.py”, line 819, in _do_refresh_request
raise HttpAccessTokenRefreshError(error_msg, status=resp.status)
oauth2client.client.HttpAccessTokenRefreshError: invalid_grant: Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values in the JWT claim.
An unexpected error occurred:
oauth2client.client.HttpAccessTokenRefreshError: invalid_grant: Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values in the JWT claim.
My web server is (include version): nginx 1.18.0
The operating system my web server runs on is (include version): up to date arch linux
I can login to a root shell on my machine (yes or no, or I don’t know): yes, it is my home pc
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.7.0