My domain is: wigoltingen.schaelchli.ch
I ran this command: certbot-auto renew -v
It produced this output:
nolink=https
…
Sending GET request to nolink://acme-v01.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
nolink://acme-v01.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 561
Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 561
Replay-Nonce: 0gE_Sf8ID0tzzyfWMG1n-mSpIY06SgSTLSaud01loic
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sat, 07 Oct 2017 12:10:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 07 Oct 2017 12:10:49 GMT
Connection: keep-alive
{
“Kp8XL5LKoag”: “nolink://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417”,
“key-change”: “nolink://acme-v01.api.letsencrypt.org/acme/key-change”,
“meta”: {
“terms-of-service”: “nolink://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf”
},
“new-authz”: “nolink://acme-v01.api.letsencrypt.org/acme/new-authz”,
“new-cert”: “nolink://acme-v01.api.letsencrypt.org/acme/new-cert”,
“new-reg”: “nolink://acme-v01.api.letsencrypt.org/acme/new-reg”,
“revoke-cert”: “nolink://acme-v01.api.letsencrypt.org/acme/revoke-cert”
}
Renewing an existing certificate
Requesting fresh nonce
Sending HEAD request to nolink://acme-v01.api.letsencrypt.org/acme/new-authz.
nolink://acme-v01.api.letsencrypt.org:443 “HEAD /acme/new-authz HTTP/1.1” 405 0
Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Replay-Nonce: ePdN55WC6iaihnqySzBT32j3x4BfHkkexPTLTrfnPVA
Expires: Sat, 07 Oct 2017 12:10:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 07 Oct 2017 12:10:49 GMT
Connection: keep-alive
…
Performing the following challenges:
http-01 challenge for wigoltingen.schaelchli.ch
Creating root challenges validation dir at /var/www/ssl.req/.well-known/acme-challenge
Attempting to save validation to /var/www/ssl.req/.well-known/acme-challenge/sCI44mNzdLCZg1iXpH-RpXQsf3_ci6o47b6N8dvTlkY
Waiting for verification…
…
Sending GET request to nolink://acme-v01.api.letsencrypt.org/acme/authz/Fg3b0UMDE-o-vl2E65xZqky_NCtLFnO7ESdiu4vSNGs.
nolink://acme-v01.api.letsencrypt.org:443 “GET /acme/authz/Fg3b0UMDE-o-vl2E65xZqky_NCtLFnO7ESdiu4vSNGs HTTP/1.1” 200 1759
Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1759
Link: nolink://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Replay-Nonce: I7c6A7bUK0FUnOcVJw3Wk8TfMIPlh8bJg60aSFSYItI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sat, 07 Oct 2017 12:10:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 07 Oct 2017 12:10:57 GMT
Connection: keep-alive
{
“identifier”: {
“type”: “dns”,
“value”: “wigoltingen.schaelchli.ch”
},
“status”: “invalid”,
“expires”: “2017-10-14T12:10:50Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “nolink://acme-v01.api.letsencrypt.org/acme/challenge/Fg3b0UMDE-o-vl2E65xZqky_NCtLFnO7ESdiu4vSNGs/2150071447”,
“token”: “8vD3g3dTwK2YL4uHUsVnBx6SwcHYcdLS1EnpMdiYnCE”
},
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:connection”,
“detail”: “Fetching http://wigoltingen.schaelchli.ch/.well-known/acme-challenge/sCI44mNzdLCZg1iXpH-RpXQsf3_ci6o47b6N8dvTlkY: Timeout”,
“status”: 400
},
“uri”: “nolink://acme-v01.api.letsencrypt.org/acme/challenge/Fg3b0UMDE-o-vl2E65xZqky_NCtLFnO7ESdiu4vSNGs/2150071457”,
“token”: “sCI44mNzdLCZg1iXpH-RpXQsf3_ci6o47b6N8dvTlkY”,
“keyAuthorization”: “sCI44mNzdLCZg1iXpH-RpXQsf3_ci6o47b6N8dvTlkY.P4g78kig4VWlE5t408I7yIz16LwHP5rhbCT2pOWrBuE”,
“validationRecord”: [
{
“url”: “http://wigoltingen.schaelchli.ch/.well-known/acme-challenge/sCI44mNzdLCZg1iXpH-RpXQsf3_ci6o47b6N8dvTlkY”,
“hostname”: “wigoltingen.schaelchli.ch”,
“port”: “80”,
“addressesResolved”: [
“212.203.43.46”
],
“addressUsed”: “212.203.43.46”,
“addressesTried”: []
}
]
},
{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “nolink://acme-v01.api.letsencrypt.org/acme/challenge/Fg3b0UMDE-o-vl2E65xZqky_NCtLFnO7ESdiu4vSNGs/2150071462”,
“token”: “ZQ_YkzmXSRdsTIysesyiplFT3PIA0psxxY-o1eD1Oko”
}
],
“combinations”: [
[
2
],
[
0
],
[
1
]
]
}
…
My web server is (include version): nginx/1.6.2
The operating system my web server runs on is (include version): Debian 3.16.43-2 jessie
My hosting provider, if applicable, is: My ISP is leucom.ch
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
I can get the letsencrypt verification-File via SSH and WGET on a Server in France (no Timeout).
Script:
#!/bin/bash
while :
do
sleep 1
file=$(ls /var/www/ssl.req/.well-known/acme-challenge/ 2>/dev/null)
f_o=$(echo $file | grep -e “.{1,}” | wc -l)
if [ $f_o -eq 1 ]
then
echo "$f_o ==> $file"
break;
fi
done
ssh user@server “wget http://wigoltingen.schaelchli.ch/.well-known/acme-challenge/${file}”