[root@qa-atm letsencrypt]# ./letsencrypt-auto renew --verbose --apache
Upgrading certbot-auto 0.33.1 to 1.3.0…
Replacing certbot-auto…
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/lnkjuv4.com.conf
Requested authenticator apache and installer apache
Var authenticator=apache (set by user).
Var installer=apache (set by user).
Should renew, less than 30 days before certificate expiry 2019-07-16 06:45:47 UTC.
Cert is due for renewal, auto-renewing…
Requested authenticator apache and installer apache
Apache version is 2.2.15
Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f75bb1b7810>
Prep: True
Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f75bb1b7810>
Prep: True
Selected authenticator <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f75bb1b7810> and installer <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f75bb1b7810>
Plugins selected: Authenticator apache, Installer apache
Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None, external_account_binding=None), uri=u’https://acme-v02.api.letsencrypt.org/acme/acct/50191541’, new_authzr_uri=None, terms_of_service=None), ff43518b0977b2587c383d06c3f368e6, Meta(creation_host=u’ip-172-16-8-15.ec2.internal’, creation_dt=datetime.datetime(2019, 1, 25, 6, 42, 23, tzinfo=)))>
Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
https://acme-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 658
Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Apr 2020 13:22:44 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
“HNpeI4ZUXqQ”: “Adding random entries to the directory”,
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
“letsencrypt.org”
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org”
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert”
}
Renewing an existing certificate
Generating key (2048 bits): /etc/letsencrypt/keys/0004_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0004_csr-certbot.pem
Requesting fresh nonce
Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-v02.api.letsencrypt.org:443 “HEAD /acme/new-nonce HTTP/1.1” 200 0
Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Apr 2020 13:22:45 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0102VEa3WuCaa_IjJ1Fi__sDG4ddARSBSU4WjAZi0_UHfL8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Storing nonce: 0102VEa3WuCaa_IjJ1Fi__sDG4ddARSBSU4WjAZi0_UHfL8
JWS payload:
{
“identifiers”: [
{
“type”: “dns”,
“value”: “lnkjuv4.com”
}
]
}
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJub25jZSI6ICIwMTAyVkVhM1d1Q2FhX0lqSjFGaV9fc0RHNGRkQVJTQlNVNFdqQVppMF9VSGZMOCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzUwMTkxNTQxIiwgImFsZyI6ICJSUzI1NiJ9”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICJsbmtqdXY0LmNvbSIKICAgIH0KICBdCn0”,
“signature”: “NF9HBQ1wgIV1rH1bIFYRbyrz1KN_nE_8KkggHIE-mPM-oUWyl0Ys1sQQAStQCuLGtc1iJRxUYcMGn-t8ydsQBzGPMhXNjFk6Ekjdb0Kj24a_KeIZoDyDAZOmox6TJrqeoJG_RBn5BobpioILpFkC-TbL6IVyaKOrlYQwpazNXqLz0k1v9HQ7j345VYalOyU1UyFJlGgAH5em-NdqK_mjDu_9ev9DolyYPKAdoG_6IrsYuldFwK4wbpIf4tU82Tsb0_q9Z5NvDKF19Kg4yvARS98P9KsmfZFm2jPC-PXM40qYMCLyOHj-jJNusUBbPRYWbWEHNbK6GrPjsAfEjReVQw”
}
https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 341
Received response:
HTTP 201
Server: nginx
Date: Fri, 03 Apr 2020 13:22:45 GMT
Content-Type: application/json
Content-Length: 341
Connection: keep-alive
Boulder-Requester: 50191541
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Location: https://acme-v02.api.letsencrypt.org/acme/order/50191541/2877321230
Replay-Nonce: 0101RjtItOaBmJ6O16x7vU81VfKvuXK84BpSXuUE2jPrd_o
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
“status”: “pending”,
“expires”: “2020-04-10T13:22:45.180844956Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “lnkjuv4.com”
}
],
“authorizations”: [
“https://acme-v02.api.letsencrypt.org/acme/authz-v3/3736872318”
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/50191541/2877321230”
}
Storing nonce: 0101RjtItOaBmJ6O16x7vU81VfKvuXK84BpSXuUE2jPrd_o
JWS payload:
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/3736872318:
{
“protected”: “eyJub25jZSI6ICIwMTAxUmp0SXRPYUJtSjZPMTZ4N3ZVODFWZkt2dVhLODRCcFNYdVVFMmpQcmRfbyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzczNjg3MjMxOCIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81MDE5MTU0MSIsICJhbGciOiAiUlMyNTYifQ”,
“payload”: “”,
“signature”: “eT0QMi79qhA2c__LoWGx55dN3a1-aTpvkxyapgIMsJR1ssibvwZQArFLt2bFKghfn_RYoVC14gdKEtXtDnIr6jo5DdYkz-GN27QgicKMmM3QZCHTVQoyzGnJKvMG4f6nnKNJHOVE6-nXBRppza0KTvqLtyiH-ywEg97aCYY90UcboUrWKfp-vxFMWFR310dt7G7Nyvv0vNf9O2sP65C5A8zGe03KqidXVPYRwBcxjjaOX5ZzhlzIQpbrXMWp6E-iMZRowukHpQus8D71lG_kyIPK5cx75jhMWHU4El5cgltsdnYk2KDmg-JpnvejNKPyzUn2wIoKA7dfEPlqLfyStg”
}
https://acme-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/3736872318 HTTP/1.1” 200 789
Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Apr 2020 13:22:45 GMT
Content-Type: application/json
Content-Length: 789
Connection: keep-alive
Boulder-Requester: 50191541
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0101yhDs8HUWM2PcO9QoF2CujUIsZ2HSWHmjaZc9ac79pU8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
“identifier”: {
“type”: “dns”,
“value”: “lnkjuv4.com”
},
“status”: “pending”,
“expires”: “2020-04-10T13:22:45Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/3736872318/XhQl9w”,
“token”: “DGYw81FjlStVtM-hpkRm6azXJLyGjnrvDsR0KxfkTrI”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/3736872318/04R4FA”,
“token”: “DGYw81FjlStVtM-hpkRm6azXJLyGjnrvDsR0KxfkTrI”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/3736872318/LGdBZQ”,
“token”: “DGYw81FjlStVtM-hpkRm6azXJLyGjnrvDsR0KxfkTrI”
}
]
}
Storing nonce: 0101yhDs8HUWM2PcO9QoF2CujUIsZ2HSWHmjaZc9ac79pU8
Performing the following challenges:
http-01 challenge for lnkjuv4.com
Adding a temporary challenge validation Include for name: lnkjuv4.com:443 in: /etc/httpd/conf.d/ssl.conf
Adding a temporary challenge validation Include for name: 172.16.8.118 in: /etc/httpd/conf/httpd.conf
Adding a temporary challenge validation Include for name: link1.aprsnd1.com in: /etc/httpd/conf/httpd.conf
Adding a temporary challenge validation Include for name: 52.44.195.201 in: /etc/httpd/conf/httpd.conf
Adding a temporary challenge validation Include for name: qa-api.juvlon.com in: /etc/httpd/conf/httpd.conf
Adding a temporary challenge validation Include for name: app7.e-juvlon.com in: /etc/httpd/conf/httpd.conf
writing a pre config file with text:
RewriteEngine on
RewriteRule ^/.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [L]
writing a post config file with text:
<Directory /var/lib/letsencrypt/http_challenges>
Order Allow,Deny
Allow from all
<Location /.well-known/acme-challenge>
Order Allow,Deny
Allow from all
Creating backup of /etc/httpd/conf/httpd.conf
Creating backup of /etc/httpd/conf.d/ssl.conf
Waiting for verification…
JWS payload:
{
“type”: “http-01”,
“resource”: “challenge”
}
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/3736872318/XhQl9w:
{
“protected”: “eyJub25jZSI6ICIwMTAxeWhEczhIVVdNMlBjTzlRb0YyQ3VqVUlzWjJIU1dIbWphWmM5YWM3OXBVOCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMzczNjg3MjMxOC9YaFFsOXciLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNTAxOTE1NDEiLCAiYWxnIjogIlJTMjU2In0”,
“payload”: “ewogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9”,
“signature”: “IywPsOWmZGZtk4Hh86VuEyA8IqCt6Cmcl2OyijVh42yJ2eSiPfPJd11DMvqJPhFTWfWSi1JIclIsROpSF6PkQpiC2H3IFhQeaSliJUggMXnL88IvrR_k7tQVrY2JmueRfRBbsjyrrtqG4MeiNSaPvM4OBDKeuFK8r4O9b6bSDbykmLX9W5M5o9Cbm-ue_F6_tKs9eET5q7oDLexAQpsMDy1K1jhphdFlru1Qj6uct6bv9tVLbTlowLbXmI0Qs2nWyq3CorCebk3NIfeytp7ZhBUTTxucRvj9KlPSzotcA8xvtnALB_5AWYbYMykXIav7gmcsrCNQ6S5nW1VOJHXBxg”
}
https://acme-v02.api.letsencrypt.org:443 “POST /acme/chall-v3/3736872318/XhQl9w HTTP/1.1” 200 185
Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Apr 2020 13:22:48 GMT
Content-Type: application/json
Content-Length: 185
Connection: keep-alive
Boulder-Requester: 50191541
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”, https://acme-v02.api.letsencrypt.org/acme/authz-v3/3736872318;rel=“up”
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/3736872318/XhQl9w
Replay-Nonce: 0101OJMwEDlXyiESWlKcHGGDRa4USHlrwT00V0QvRmiGbfk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/3736872318/XhQl9w”,
“token”: “DGYw81FjlStVtM-hpkRm6azXJLyGjnrvDsR0KxfkTrI”
}
Storing nonce: 0101OJMwEDlXyiESWlKcHGGDRa4USHlrwT00V0QvRmiGbfk
JWS payload:
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/3736872318:
{
“protected”: “eyJub25jZSI6ICIwMTAxT0pNd0VEbFh5aUVTV2xLY0hHR0RSYTRVU0hscndUMDBWMFF2Um1pR2JmayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzczNjg3MjMxOCIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81MDE5MTU0MSIsICJhbGciOiAiUlMyNTYifQ”,
“payload”: “”,
“signature”: “sqeVvmbRMLyHYZyXOk51cwijCq_HXEBVu9RUxs0sHatu3V4kHuR-O5ifYyiBCW6Mz5So6Tnslwt1esD9oqBetC_Adgrlcu9XhwXr-JCfPMNbxYPz_7P4b4Ohmz4u7Ohj0IqUhpOOV9Qso-z_oG7oF9yFYB92__iwxHmBgNCYtrr_uRsXLW7MVwlyTyY9vCA09owQ0ttgBdNrKMC9sXJlCktn2pn390Hdi_-M6NAxykdPb-_HYwFqJEWIYicJ4WeHk5xBTvix54HhslCB3yqlp-_qjpQfwIk7JOW2TlIP9kflzf7hVQx4jnP-QYhjwj3ctCJZhcwpUkgx-zIxuox-aw”
}
https://acme-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/3736872318 HTTP/1.1” 200 583
Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Apr 2020 13:22:49 GMT
Content-Type: application/json
Content-Length: 583
Connection: keep-alive
Boulder-Requester: 50191541
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0102Kwbn5E9luMntchEh58jDfxDGoqHye_nTJzF3Qv6GKKA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
“identifier”: {
“type”: “dns”,
“value”: “lnkjuv4.com”
},
“status”: “invalid”,
“expires”: “2020-04-10T13:22:45Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:dns”,
“detail”: “DNS problem: NXDOMAIN looking up A for lnkjuv4.com - check that a DNS record exists for this domain”,
“status”: 400
},
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/3736872318/XhQl9w”,
“token”: “DGYw81FjlStVtM-hpkRm6azXJLyGjnrvDsR0KxfkTrI”
}
]
}
Storing nonce: 0102Kwbn5E9luMntchEh58jDfxDGoqHye_nTJzF3Qv6GKKA
Challenge failed for domain lnkjuv4.com
http-01 challenge for lnkjuv4.com
Reporting to user: The following errors were reported by the server:
Domain: lnkjuv4.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for lnkjuv4.com - check that a DNS record exists for this domain
Encountered exception:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.
Calling registered functions
Cleaning up challenges
Attempting to renew cert (lnkjuv4.com) from /etc/letsencrypt/renewal/lnkjuv4.com.conf produced an unexpected error: Some challenges have failed… Skipping.
Traceback was:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/renewal.py”, line 448, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1176, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py”, line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/renewal.py”, line 306, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/client.py”, line 344, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/client.py”, line 391, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.
Processing /etc/letsencrypt/renewal/qa-api.juvlon.com.conf
Var authenticator=apache (set by user).
Starting new HTTP connection (1): ocsp.int-x3.letsencrypt.org:80
http://ocsp.int-x3.letsencrypt.org:80 “POST / HTTP/1.1” 200 527
OCSP response for certificate /etc/letsencrypt/archive/qa-api.juvlon.com/cert1.pem is signed by the certificate’s issuer.
OCSP certificate status for /etc/letsencrypt/archive/qa-api.juvlon.com/cert1.pem is: OCSPCertStatus.GOOD
Cert not yet due for renewal
Requested authenticator apache and installer apache
Selecting plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f75b55c1710>
Plugin storage file /etc/letsencrypt/.pluginstorage.json was empty, no values loaded
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/lnkjuv4.com/fullchain.pem (failure)
The following certs are not due for renewal yet:
/etc/letsencrypt/live/qa-api.juvlon.com/fullchain.pem expires on 2020-07-02 (skipped)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/lnkjuv4.com/fullchain.pem (failure)
Exiting abnormally:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py”, line 15, in main
return internal_main.main(cli_args)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1347, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1255, in renew
renewal.handle_renewal_request(config)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/renewal.py”, line 473, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: lnkjuv4.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for lnkjuv4.com - check
that a DNS record exists for this domain