Meu nome de domínio é: camaratimbiras.ma.gov.br.sistemas.assesi.com

Executei esse comando: certbot -d camaratimbiras.ma.gov.br.sistemas.assesi.com

Produziu essa saída:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for camaratimbiras.ma.gov.br.sistemas.assesi.com

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
*** Domain: camaratimbiras.ma.gov.br.sistemas.assesi.com***
*** Type: connection***
*** Detail: ***********: Fetching //error: Invalid hostname in redirect target, must end in IANA registered TLD

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

{
"identifier": {
"type": "dns",
"value": "camaratimbiras.ma.gov.br.sistemas.assesi.com"
},
"status": "invalid",
"expires": "2022-12-29T12:42:55Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": ": Fetching //error: Invalid hostname in redirect target, must end in IANA registered TLD",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/189068581097/dDIWWw",
"token": "EfKtHlUG9d7bx5DUGbl_1k0DPEBcmdcPVYq61cLPTC4",
"validationRecord": [
{
"url": "http://camaratimbiras.ma.gov.br.sistemas.assesi.com/.well-known/acme-challenge/EfKtHlUG9d7bx5DUGbl_1k0DPEBcmdcPVYq61cLPTC4",
"hostname": "camaratimbiras.ma.gov.br.sistemas.assesi.com",
"port": "80",
"addressesResolved": [
""
],
"addressUsed": ""
},
{
"url": "https://camaratimbiras.ma.gov.br.sistemas.assesi.com/ops/404",
"hostname": "camaratimbiras.ma.gov.br.sistemas.assesi.com",
"port": "443",
"addressesResolved": [
""
],
"addressUsed": ""
},
{
"url": "https://www.camaratimbiras.ma.gov.br.sistemas.assesi.com/ops/404",
"hostname": "www.camaratimbiras.ma.gov.br.sistemas.assesi.com",
"port": "443",
"addressesResolved": [
""
],
"addressUsed": "**********"
}
],
"validated": "2022-12-22T12:42:58Z"
}
]
}
2022-12-22 09:43:02,957:DEBUG:acme.client:Storing nonce: 20F6FSDKzEotQ4QYz3Vs2PUFvXyCocBpFhHZ4m66ApMYiYs
2022-12-22 09:43:02,957:INFO:certbot._internal.auth_handler:Challenge failed for domain camaratimbiras.ma.gov.br.sistemas.assesi.com
2022-12-22 09:43:02,957:INFO:certbot._internal.auth_handler:http-01 challenge for camaratimbiras.ma.gov.br.sistemas.assesi.com
2022-12-22 09:43:02,958:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: camaratimbiras.ma.gov.br.sistemas.assesi.com
Type: connection
Detail: *************: Fetching //error: Invalid hostname in redirect target, must end in IANA registered TLD

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

2022-12-22 09:43:02,958:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/certbot/_internal/auth_handler.py", line 105, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3.6/site-packages/certbot/_internal/auth_handler.py", line 205, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2022-12-22 09:43:02,958:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-12-22 09:43:02,958:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-12-22 09:43:12,047:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/bin/certbot", line 11, in
load_entry_point('certbot==1.22.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3.6/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/usr/lib/python3.6/site-packages/certbot/_internal/main.py", line 1632, in main
return config.func(config, plugins)
File "/usr/lib/python3.6/site-packages/certbot/_internal/main.py", line 1342, in run
certname, lineage)
File "/usr/lib/python3.6/site-packages/certbot/_internal/main.py", line 139, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3.6/site-packages/certbot/_internal/client.py", line 496, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3.6/site-packages/certbot/_internal/client.py", line 424, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3.6/site-packages/certbot/_internal/client.py", line 476, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/usr/lib/python3.6/site-packages/certbot/_internal/auth_handler.py", line 105, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3.6/site-packages/certbot/_internal/auth_handler.py", line 205, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-12-22 09:43:12,048:ERROR:certbot._internal.log:Some challenges have failed.

Meu servidor web é (com versão): certbot 1.22.0

O sistema operacional no meu servidor web é (com versão): Oracle Linux Server release 8.6

O serviço de hospedagem do meu site (se aplicável) é: nginx reverse + apache

Posso acessar um shell root na minha máquina (sim ou não, ou não sei): não

Uso um painel de controle para administrar meu site (não, ou indique o nome e a versão do painel de controle): não

Consigui atualizar manualmente seguindo o link: Erro ativação certificado - #8 by nicolascloss

O problema é que parou de atualizar automatico com renew

I hope you can read responses in English. Your system is redirecting the HTTP Challenge from the Let's Encrypt servers wrong. See below for a sample test challenge which sees a 302 Found redirect for //error. Your system should return the challenge token value instead.

The second problem is it looks like you used the nginx authenticator. That should have avoided the redirects we see in your post. Could something be in front of your server to do these redirects?

If you don't know why these redirects happen, can you upload the entire letsencrypt.log file? You will need to copy it to a .txt file for uploading.

(this is format of http challenge but Location removes the .well-known part)
curl -iLk camaratimbiras.ma.gov.br.sistemas.assesi.com/.well-known/acme-challenge/ForumTest123
HTTP/1.1 302 Found
Server: nginx
Location: https://camaratimbiras.ma.gov.br.sistemas.assesi.com/ops/404

HTTP/1.1 301 Moved Permanently
Server: nginx
Location: https://www.camaratimbiras.ma.gov.br.sistemas.assesi.com/ops/404

HTTP/1.1 302 Found
Server: nginx
X-Powered-By: PHP/7.4.3
Location: //error

curl: (6) Could not resolve host: error

ping camaratimbiras.ma.gov.br.sistemas.assesi.com

PING camaratimbiras.ma.gov.br.sistemas.assesi.com (129.148.24.140) 56(84) bytes of data.
64 bytes from 129.148.24.140 (129.148.24.140): icmp_seq=1 ttl=63 time=0.436 ms
64 bytes from 129.148.24.140 (129.148.24.140): icmp_seq=2 ttl=63 time=0.361 ms
64 bytes from 129.148.24.140 (129.148.24.140): icmp_seq=3 ttl=63 time=0.423 ms
64 bytes from 129.148.24.140 (129.148.24.140): icmp_seq=4 ttl=63 time=0.390 ms

letsencrypt.tar.gz

Do you get any error messages from this command?

sudo nginx -t

nginx -t

nginx: [warn] could not build optimal proxy_headers_hash, you should increase either proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring proxy_headers_hash_bucket_size
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Your nginx server should not be responding with redirects so I don't know why that is happening. Certbot nginx plug-in changed your server block to look like below and you can see it should reply with the value in the return clause at the bottom. I am stepping away and can make further suggestions later. Or, maybe another volunteer will assist

From the log file you provided these are the temp changes made to your config

2022-12-22 11:48:12,947:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to
/etc/nginx/conf.d/camaratimbiras.ma.gov.br.sistemas.assesi.com.conf:

server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot

    server_name camaratimbiras.ma.gov.br.sistemas.assesi.com;
    access_log /var/log/nginx/camaratimbiras.ma.gov.br.sistemas.assesi.com-access.log;
    error_log /var/log/nginx/camaratimbiras.ma.gov.br.sistemas.assesi.com-error.log;
    location / {
        proxy_pass http://127.0.0.1:7030;
        include /etc/nginx/proxy_params;
    }
    listen 80;
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";

location = /.well-known/acme-challenge/-_3M11QXyDrMSU2WXXZELc2Phw4zUtm1BlyLc4LBhB4{default_type text/plain;return 200 -_3M11QXyDrMSU2WXXZELc2Phw4zUtm1BlyLc4LBhB4.pnDJmonWqCXAjjkttStrgoE8IP9GZWgjtircZYdPNeo;} # managed by Certbot

}

thanks for the effort, i believe it is a nginx bug/limitation.

we were able to identify the problem in the limits for the s.o in the nginx user.

we identified in the error log.log in nginx

"[emerg] 210594#0: open() "/var/log/nginx/www.xxx.xxx.xx.xx.xx-access.log" failed (24: Too many open files)"

Credits go to: Link

problem solved at home

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.