I run a homelab and as reverse proxy I use Nginx Proxy Manager (NPM). The machine running NPM dies and I just got the export of the SSL certificates from NPM and I can't import them like I thought to. All certificates are still valid and that is the reason why I can't get new ones for each domain (14 domains). How can I delete the certificates of the domains to be able getting new ones ?
I would be appriciate for any kind of help.
Thank you in advance.
I don't follow: what exactly is hindering you from getting certs? A rate limits perhaps? Because revoking/deleting certs won't have ANY effect on rate limits.
Also:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
No, it isn't. Whatever problem you're having (and you've given us no indication of what that is), it has nothing to do with extant valid certificates for your domain(s). Deleting or revoking the certs, even if that were possible, similarly has no effect on your ability to get new certs.
My domain is: Like said before 14 Domains. All dynamic DNS from ddnss.de
I ran this command: Setting up the NPM new
It produced this output: zip Files of all 14 Doamins
My web server is (include version): Proxmox 7.1.7 with Debian 10 and 11 LXCs and VMs
The operating system my web server runs on is (include version): Debian 10 and 11
My hosting provider, if applicable, is: Homelab
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Proxmox and NPM nothing else
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Don't know it.
My problem is to get no new certificates for my ddnss domains. Everytime I request a new cert for a domain that exists in my "old" NPM it show's me just the Message: "Internal Error" without further details. A complete new cert for a ddnss domain that doesn't exists before will work. So I thought that regards to the still existing domains.
Those details are of utmost importance. I'm pretty sure NPM (which is a terrible piece of software if you'd ask me..) uses Certbot under the hood. And it usually refers to the Certbot log files in /var/log/letsencrypt/. Please see if you can retreive the Certbot log file from somewhere and if that's not possible, please open a support ticket/threat with NPM on how you can access more detailed logging.
If there is a besser and reliable alternative to NPM let me know. Traeffik seems to be more complicated as NPM to me.
The log I found in the docker is the following:
2023-01-28 15:51:59,545:DEBUG:certbot._internal.main:certbot version: 1.31.0
2023-01-28 15:51:59,545:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2023-01-28 15:51:59,545:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-7', '--agree-tos', '--authenticator', 'webroot', '--email', 'xxxx@xxxx.xxx', '--preferred-challenges', 'dns,http', '--domains', 'xxxx.xxxx.xx']
2023-01-28 15:51:59,545:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-01-28 15:51:59,552:DEBUG:certbot._internal.log:Root logging level set at 30
2023-01-28 15:51:59,552:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2023-01-28 15:51:59,554:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7fdc34cef048>
Prep: True
2023-01-28 15:51:59,554:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7fdc34cef048> and installer None
2023-01-28 15:51:59,554:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2023-01-28 15:51:59,565:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/936696287', new_authzr_uri=None, terms_of_service=None), 271b7036b7adb59a7591d13751178693, Meta(creation_dt=datetime.datetime(2023, 1, 27, 21, 33, 6, tzinfo=<UTC>), creation_host='8ec48262e077', register_to_eff=None))>
2023-01-28 15:51:59,565:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-01-28 15:51:59,566:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2023-01-28 15:52:00,075:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 659
2023-01-28 15:52:00,076:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 28 Jan 2023 15:51:59 GMT
Content-Type: application/json
Content-Length: 659
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"kaP0u5C4Avg": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2023-01-28 15:52:00,076:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for xxxx.xxxx.xx
2023-01-28 15:52:00,077:DEBUG:certbot.crypto_util:Generating ECDSA key (2048 bits): /etc/letsencrypt/keys/0005_key-certbot.pem
2023-01-28 15:52:00,079:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0005_csr-certbot.pem
2023-01-28 15:52:00,079:DEBUG:acme.client:Requesting fresh nonce
2023-01-28 15:52:00,079:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2023-01-28 15:52:00,236:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2023-01-28 15:52:00,237:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 28 Jan 2023 15:52:00 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: C400InCIioeRZTQfJRb1NUqTW6rNaLjvUVDjVXg-L0NcQi4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2023-01-28 15:52:00,237:DEBUG:acme.client:Storing nonce: C400InCIioeRZTQfJRb1NUqTW6rNaLjvUVDjVXg-L0NcQi4
2023-01-28 15:52:00,237:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "xxxx.xxxx.xx"\n }\n ]\n}'
2023-01-28 15:52:00,238:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTM2Njk2Mjg3IiwgIm5vbmNlIjogIkM0MDBJbkNJaW9lUlpUUWZKUmIxTlVxVFc2ck5hTGp2VVZEalZYZy1MME5jUWk0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "WvVcTgBg074mHBPuuzGM2mFfZWkeLtIyJv4Ss29aa6h8LRDlGGtyx89U70HQxp94krrmOOs-18bwRs278xKvtEOQXTKJ2PQhOQmJT1fLcD3dpvH6aexY2LdE7NRqf-9bnhFBc9_0XlVE6C7fbqTi8qfwVMpxYpoemD4I9NyBZkAmFag8x0kk66jBc6XMMtZ7dFsV980EKNm0SewrLJydh5QWZ8fma4zbpu0EGOfvoW6D9CHU995OdHUeV2Eo_NeQhz_UWoQvOvpMQV0rb703OyYiutTvwZu5HpLq4vlHPKcTUsBK074AZsldIYlNB4ZSfAVXGQTbxjlulpRM7Hsupw",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInB1bmsuZGRuc3MuZXUiCiAgICB9CiAgXQp9"
}
2023-01-28 15:52:00,421:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 338
2023-01-28 15:52:00,422:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sat, 28 Jan 2023 15:52:00 GMT
Content-Type: application/json
Content-Length: 338
Connection: keep-alive
Boulder-Requester: 936696287
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/936696287/161515480907
Replay-Nonce: A5FEiUwBgQHsaG1JfP0PiUUFSxoM7SMMjDnrSuDy4uq6buI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2023-02-04T15:52:00Z",
"identifiers": [
{
"type": "dns",
"value": "xxxx.xxxx.xx"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/198933228377"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/936696287/161515480907"
}
2023-01-28 15:52:00,422:DEBUG:acme.client:Storing nonce: A5FEiUwBgQHsaG1JfP0PiUUFSxoM7SMMjDnrSuDy4uq6buI
2023-01-28 15:52:00,422:DEBUG:acme.client:JWS payload:
b''
2023-01-28 15:52:00,423:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/198933228377:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTM2Njk2Mjg3IiwgIm5vbmNlIjogIkE1RkVpVXdCZ1FIc2FHMUpmUDBQaVVVRlN4b003U01NakRuclN1RHk0dXE2YnVJIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xOTg5MzMyMjgzNzcifQ",
"signature": "mKnwZ2ochzDRsy7ZxyQTTuEqNFkH8mngl5OrtuwJNg_m5myDVgRsXDAAOMC2pnu9uitQ0kRHhmQZNY22DN1vzJyQpY6h6sEVSM5eb_wQ4uLzQtqIgz4l3mGS8OCgvVcfBynPz-cDS3rlqpqh6N91oKchTLzY9bhNrSSSyK0wqhvH4-0HpvCRfvedi1Y2QgSxBc7p2Y2tdM2C0YDlLFLTERhrWeweJkygxl6hrKQOKCDsuKSOV9FL2054xS0WGVv4idC3nmwRgoCxwOzMgc7N73uMz8szcMtawafbNT9HpRRl1W__7-ywskuOCOkR5Vg37OvOnK5kC4fUMAweeByJaQ",
"payload": ""
}
2023-01-28 15:52:00,593:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/198933228377 HTTP/1.1" 200 797
2023-01-28 15:52:00,594:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 28 Jan 2023 15:52:00 GMT
Content-Type: application/json
Content-Length: 797
Connection: keep-alive
Boulder-Requester: 936696287
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: C4005vkiz0QJduKXxwPDokeN4vWp0njhj0IFtEnINyJ4lNQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "xxxx.xxxx.xx"
},
"status": "pending",
"expires": "2023-02-04T15:52:00Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/198933228377/bg8NOw",
"token": "xbf_n-Xf4oCRRjeS2Dd3-w0ksJYuLtS9jV9KlYYVDOo"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/198933228377/ko_mHQ",
"token": "xbf_n-Xf4oCRRjeS2Dd3-w0ksJYuLtS9jV9KlYYVDOo"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/198933228377/1U6YZw",
"token": "xbf_n-Xf4oCRRjeS2Dd3-w0ksJYuLtS9jV9KlYYVDOo"
}
]
}
2023-01-28 15:52:00,594:DEBUG:acme.client:Storing nonce: C4005vkiz0QJduKXxwPDokeN4vWp0njhj0IFtEnINyJ4lNQ
2023-01-28 15:52:00,594:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-01-28 15:52:00,594:INFO:certbot._internal.auth_handler:http-01 challenge for xxxx.xxxx.xx
2023-01-28 15:52:00,595:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2023-01-28 15:52:00,595:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2023-01-28 15:52:00,596:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/xbf_n-Xf4oCRRjeS2Dd3-w0ksJYuLtS9jV9KlYYVDOo
2023-01-28 15:52:00,596:DEBUG:acme.client:JWS payload:
b'{}'
2023-01-28 15:52:00,597:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/198933228377/bg8NOw:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTM2Njk2Mjg3IiwgIm5vbmNlIjogIkM0MDA1dmtpejBRSmR1S1h4d1BEb2tlTjR2V3AwbmpoajBJRnRFbklOeUo0bE5RIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xOTg5MzMyMjgzNzcvYmc4Tk93In0",
"signature": "K-FfOC2b0liPFwZAOfS35NDcdnP6Ckuhs5otDuEfasJoJZqGb9_Se1csXSqjicbYFiWUOELG6BCtBemZ7f7iswE63wwvjna8NDuhlfejL0qOlfhT5tYKDw8rbzxkTShQT2flPcNp93P1H5r45nJgbSM1FF6eFN_Z7u49BqtvlwwHJtpMPpgPEv_aWlZWCwL_-yfn3yf0MUGbvaCiot0gaOTG2R__Q87vuWc5jjz4V894KoGvqoNPL5z9UA25oFvEYxBFWbJWwzd5jDP6365G-NVtEB4F6jOaHf8ltBYMRbku5JQP5XPo8Gb0-pvDso_CigaRKEA8GiVVOgDfuCJRZw",
"payload": "e30"
}
2023-01-28 15:52:00,767:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/198933228377/bg8NOw HTTP/1.1" 200 187
2023-01-28 15:52:00,767:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 28 Jan 2023 15:52:00 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 936696287
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/198933228377>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/198933228377/bg8NOw
Replay-Nonce: 27126eS27lMM5941lwg7VNjqIuO7CgGeE6nM0CFcv3VYWkY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/198933228377/bg8NOw",
"token": "xbf_n-Xf4oCRRjeS2Dd3-w0ksJYuLtS9jV9KlYYVDOo"
}
2023-01-28 15:52:00,767:DEBUG:acme.client:Storing nonce: 27126eS27lMM5941lwg7VNjqIuO7CgGeE6nM0CFcv3VYWkY
2023-01-28 15:52:00,768:INFO:certbot._internal.auth_handler:Waiting for verification...
2023-01-28 15:52:01,769:DEBUG:acme.client:JWS payload:
b''
2023-01-28 15:52:01,770:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/198933228377:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTM2Njk2Mjg3IiwgIm5vbmNlIjogIjI3MTI2ZVMyN2xNTTU5NDFsd2c3Vk5qcUl1TzdDZ0dlRTZuTTBDRmN2M1ZZV2tZIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xOTg5MzMyMjgzNzcifQ",
"signature": "KP1VaActXYYc_WVw4t5c2SYJ2K_8ZGDl_p0ypvijsnhv249dbuL4vClJp-PvNMSgVlb6z2cRD-Mu8NWTmlmqqkSJTGmjdNTAl3rkx2FY-7O014ExkHU-Md-CGuWFyby9H1OhSOTRMpuzT8lWK7g8rw4rxNojbnMqKxjCk2-Mif5kw6TWYI1KJpX1zKASOypDkHeRELMEIgIE_M61wVDzCEtVXtkSdIjvaEmmofJZ7ijEwh77blqCtlSVgPkOvZr2fWa0EXAp5gMFLyY9fcboFVRoknzcNmDqd9UdO0x4xAgZcEqXqWIW1ganlh4puWWKNfXvRt1Vrlx-DFSHk0IiDQ",
"payload": ""
}
2023-01-28 15:52:01,926:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/198933228377 HTTP/1.1" 200 738
2023-01-28 15:52:01,926:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 28 Jan 2023 15:52:01 GMT
Content-Type: application/json
Content-Length: 738
Connection: keep-alive
Boulder-Requester: 936696287
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 2712CT-MdXzckJ2GuukeyvG73eky-U4ZQVMm8PQEbU3CFq0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "xxxx.xxxx.xx"
},
"status": "invalid",
"expires": "2023-02-04T15:52:00Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:dns",
"detail": "DNS problem: NXDOMAIN looking up A for xxxx.xxxx.xx - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for xxxx.xxxx.xx - check that a DNS record exists for this domain",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/198933228377/bg8NOw",
"token": "xbf_n-Xf4oCRRjeS2Dd3-w0ksJYuLtS9jV9KlYYVDOo",
"validated": "2023-01-28T15:52:00Z"
}
]
}
2023-01-28 15:52:01,927:DEBUG:acme.client:Storing nonce: 2712CT-MdXzckJ2GuukeyvG73eky-U4ZQVMm8PQEbU3CFq0
2023-01-28 15:52:01,927:INFO:certbot._internal.auth_handler:Challenge failed for domain xxxx.xxxx.xx
2023-01-28 15:52:01,927:INFO:certbot._internal.auth_handler:http-01 challenge for xxxx.xxxx.xx
2023-01-28 15:52:01,927:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: xxxx.xxxx.xx
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for xxxx.xxxx.xx - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for xxxx.xxxx.xx - check that a DNS record exists for this domain
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
2023-01-28 15:52:01,927:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-01-28 15:52:01,927:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-01-28 15:52:01,927:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-01-28 15:52:01,927:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/xbf_n-Xf4oCRRjeS2Dd3-w0ksJYuLtS9jV9KlYYVDOo
2023-01-28 15:52:01,927:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2023-01-28 15:52:01,928:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 8, in <module>
sys.exit(main())
File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1744, in main
return config.func(config, plugins)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1591, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 530, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 442, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 510, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-01-28 15:52:01,928:ERROR:certbot._internal.log:Some challenges have failed.
The domain name an mail address mentioned correctly in the log file and was just cencored by myself.
This error message speaks for itself if you'd ask me.
Not sure how revoking a certificate would fix the DNS issue for that hostname though. (Revoking never makes issuance possible anyway, so..)
I checked it twice and the A record at the ddns service is set and delete and recreate a existing domain at ddns service doesn't help either. What am I do wrong or what is the solution I'm not able to see ?
I have no idea, please share the hostname so we can check too.
Okay, I will delete the name later but in this case it is
I know it's just one and I got 13 more domains but I think when the problem could be solved for this domain for the others it work also.
That subdomain does not exist on the public DNS tree:
https://unboundtest.com/m/A/pirat.ddnss.eu/OSK24OSM
https://dnsviz.net/d/pirat.ddnss.eu/dnssec/
In fact, that entire domain (ddnss.eu) does not exist.
Didn't you mean pirat.ddns.eu instead?
No, http://pirat.ddnss.eu is right. It is a domain that is provided by ddns service http://ddnss.de
Hm, I can see the hostname resolving at ns1.ddnss.de (and ns2/ns3), but I believe they've messed something up with regard to the DNS of their ddnss.eu domain. Because the eu nameservers don't have any notion of the existance of ddnss.eu.
You probably want to take this up with the people at ddnss.de and ask them about the fact ddnss.eu seems to be broken. You could show them ddnss.eu | DNSViz as evidence.
Thank you Osiris for your help. I've contacted the ddns provider and I'll let you know what they told me.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.