Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
ichimura.uk
www.ichimura.uk
I ran this command: sudo certbot certonly --force-renew -d ichimura.uk -d www.ichimura.uk
(also tried sudo ./certbot-auto certonly --force-renew -d ichimura.uk -d www.ichimura.uk)
It produced this output:
$ sudo certbot certonly --force-renew -d ichimura.uk -d www.ichimura.uk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Nginx Web Server plugin - Alpha (nginx)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator nginx, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for ichimura.uk
tls-sni-01 challenge for www.ichimura.uk
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.ichimura.uk (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 62beb7b6df2dd90714393d7d43730e64.c6cde69247651550fec682ac07e2063d.acme.invalid from 151.101.70.217:443. Received 2 certificate(s), first certificate had names "e.sni.fastly.net", ichimura.uk (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested a5f8b06233c3aa8bf4760a05a20aee10.2aea1664f31dec266d3b50e5806ce677.acme.invalid from 151.101.194.217:443. Received 2 certificate(s), first certificate had names "e.sni.fastly.net"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.ichimura.uk
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
62beb7b6df2dd90714393d7d43730e64.c6cde69247651550fec682ac07e2063d.acme.invalid
from 151.101.70.217:443. Received 2 certificate(s), first
certificate had names "e.sni.fastly.net"
Domain: ichimura.uk
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
a5f8b06233c3aa8bf4760a05a20aee10.2aea1664f31dec266d3b50e5806ce677.acme.invalid
from 151.101.194.217:443. Received 2 certificate(s), first
certificate had names "e.sni.fastly.net"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
$ sudo ./certbot-auto certonly --force-renew -d ichimura.uk -d www.ichimura.uk
Bootstrapping dependencies for Debian-based OSes... (you can skip this with --no-bootstrap)
Hit:1 http://security.ubuntu.com/ubuntu xenial-security InRelease
Hit:2 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial InRelease
Hit:3 http://ppa.launchpad.net/ondrej/nginx-mainline/ubuntu xenial InRelease
Hit:4 http://eu-west-2.ec2.archive.ubuntu.com/ubuntu xenial InRelease
Hit:5 http://ppa.launchpad.net/ondrej/php/ubuntu xenial InRelease
Hit:6 http://eu-west-2.ec2.archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:7 http://eu-west-2.ec2.archive.ubuntu.com/ubuntu xenial-backports InRelease
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
gcc is already the newest version (4:5.3.1-1ubuntu1).
libffi-dev is already the newest version (3.2.1-4).
augeas-lenses is already the newest version (1.4.0-0ubuntu1.1).
ca-certificates is already the newest version (20170717~16.04.1).
libaugeas0 is already the newest version (1.4.0-0ubuntu1.1).
python is already the newest version (2.7.12-1~16.04).
python-dev is already the newest version (2.7.12-1~16.04).
python-virtualenv is already the newest version (15.0.1+ds-3ubuntu1).
virtualenv is already the newest version (15.0.1+ds-3ubuntu1).
libssl-dev is already the newest version (1.1.0h-2.0+ubuntu16.04.1+deb.sury.org+1).
openssl is already the newest version (1.1.0h-2.0+ubuntu16.04.1+deb.sury.org+1).
The following packages were automatically installed and are no longer required:
linux-aws-headers-4.4.0-1062 linux-aws-headers-4.4.0-1065 linux-aws-headers-4.4.0-1066
linux-headers-4.4.0-1062-aws linux-headers-4.4.0-1065-aws linux-headers-4.4.0-1066-aws
linux-image-4.4.0-1062-aws linux-image-4.4.0-1065-aws linux-image-4.4.0-1066-aws
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 105 not upgraded.
Creating virtual environment...
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/virtualenv.py", line 2363, in <module>
main()
File "/usr/lib/python3/dist-packages/virtualenv.py", line 719, in main
symlink=options.symlink)
File "/usr/lib/python3/dist-packages/virtualenv.py", line 988, in create_environment
download=download,
File "/usr/lib/python3/dist-packages/virtualenv.py", line 918, in install_wheel
call_subprocess(cmd, show_stdout=False, extra_env=env, stdin=SCRIPT)
File "/usr/lib/python3/dist-packages/virtualenv.py", line 812, in call_subprocess
% (cmd_desc, proc.returncode))
OSError: Command /opt/eff.org/certbot/venv/bin/python2.7 - setuptools pkg_resources pip wheel failed with error code 1
My web server is (include version):
nginx 1.15.0
The operating system my web server runs on is (include version):
Ubuntu 16.04.4
My hosting provider, if applicable, is:
go daddy
I can login to a root shell on my machine (yes or no, or I don’t know):
i dont know - I don’t think so
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No