Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: mrtosho.com
I ran this command: certbot certonly --manual --preferred-challenges http --dry-run -w /var/www/nextcloud -d mrtosho.com -d www.mrtosho.com -d cloud.mrtosho.com -d api.mrtosho.com
It produced this output:
Domain: mrtosho.com
Type: connection
Detail: Fetching
https://mrtosho.com/.well-known/acme-challenge/Y1SqH1lyLa7ttge_FI4OEDTDaP_i0ehM6bgSOcxlCKo:
Timeout after connect (your server may be slow or overloaded)
My web server is (include version):
Apache/2.4.25 (Raspbian)
The operating system my web server runs on is (include version):
Raspbian GNU/Linux 9 (stretch)
My hosting provider, if applicable, is:
NameCheap
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot 0.28.0
More Information:
I have checked and Port 80 and 443 are open at my router and the site is otherwise working fine. I have previously been renewing with dns-01 and now I want to start renewing with http-01.
When I step through the http-01 challenge interactively I deploy the files in the .well-known/acme-challenge folder and then successfully test that the file displays in a browser.
I have a http to https rewrite rule Apache Virtualhost.
Here it is:
ServerName cloud.mrtosho.com
ServerAlias mrtosho.com www.mrtosho.com api.mrtosho.com
DocumentRoot /var/www/nextcloud
LogLevel warn
ErrorLog /var/www/mrtosho/logs/http-rewrite-error.log
CustomLog /var/www/mrtosho/logs/http-rewrite-access.log combined
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>
Maybe this is interfering but I don’t think so because when I enter the http challenge address in the browser it rewrites to the https address and I see the file in the browser.
Peviously I have been using the dns-01 challenge and I want to start using the http-01 challenge instead. I have a domainname.conf file in etc/letsencrypt/renewal and it is still configured for the dns-01 challenge maybe this is a problem?
Here is the output in /var/log/letsencrypt/letsencrypt.log
(I had to delete some of the lines because this topic post contained too many characters!)
2019-07-16 23:08:41,733:INFO:certbot.auth_handler:Waiting for verification...
2019-07-16 23:08:41,736:DEBUG:acme.client:JWS payload:
b'{\n "type": "http-01",\n "resource": "challenge",\n "keyAuthorization": "ht9UjLCqPtXZr17jMycmuoKSRrrxsQLecYDOHcGO5iI.NFqAlQBQYaW2gfi7d4rZTxgNvoJNU8I3WMS8G1Rwbk0"\n}'
2019-07-16 23:08:41,797:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/challenge/i7rDGaUldM2OWzBzlqXmuPVES-bOwXscQhtAigUwgk0/330655145:
{
"signature": "OziB7VVGx30KqXA54YwPrHvVakNdmtt7_6oCPE5xG1VF6HXLD1TitErfu5KpMxXbbHT198vzYnuKlXy-4fSIG0oC47B8LG6COckLdSaDnEUzwfdKZ5X-8FDKdpEQAW0YFheD0OSBmlXfPfWFeBeHEmh84IkJ5S-B163V8zkD3dT3M45GOEw_DZQb7EUcto2eenj8l6HuIiHvzku9bB-knqLtzZYQuyKu-F9jPLao0Hb6fiuBHONlldIzG8_gckKH11WtPjlgxzjuDabtRpOdkxiUddaM6fb3ibG9TrtMS-2KVVXZoBut2M4ef19MhGQwYiiO8JXmdtK8_tCR4EtAxw",
"payload": "ewogICJ0eXBlIjogImh0dHAtMDEiLAogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJrZXlBdXRob3JpemF0aW9uIjogImh0OVVqTENxUHRYWnIxN2pNeWNtdW9LU1JycnhzUUxlY1lET0hjR081aUkuTkZxQWxRQlFZYVcyZ2ZpN2Q0clpUeGdOdm9KTlU4STNXTVM4RzFSd2JrMCIKfQ",
"protected": "eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvaTdyREdhVWxkTTJPV3pCemxxWG11UFZFUy1iT3dYc2NRaHRBaWdVd2drMC8zMzA2NTUxNDUiLCAiYWxnIjogIlJTMjU2IiwgIm5vbmNlIjogImRiZjM3dlgyOUFNblVvZGxvZUZfVFk1eHpjR2RLVzk3eDhUY0Nnd3BSajgiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMDA4NjUxOCJ9"
}
2019-07-16 23:08:42,004:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/challenge/i7rDGaUldM2OWzBzlqXmuPVES-bOwXscQhtAigUwgk0/330655145 HTTP/1.1" 200 230
2019-07-16 23:08:42,007:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 230
Boulder-Requester: 10086518
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz/i7rDGaUldM2OWzBzlqXmuPVES-bOwXscQhtAigUwgk0>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/challenge/i7rDGaUldM2OWzBzlqXmuPVES-bOwXscQhtAigUwgk0/330655145
Replay-Nonce: CYulBGFDSXkZUY_-YiwoX--1lPLeAx8iyEC6UPC4OO4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 Jul 2019 22:08:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Jul 2019 22:08:41 GMT
Connection: keep-alive
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/i7rDGaUldM2OWzBzlqXmuPVES-bOwXscQhtAigUwgk0/330655145",
"token": "ht9UjLCqPtXZr17jMycmuoKSRrrxsQLecYDOHcGO5iI"
}
2019-07-16 23:08:42,007:DEBUG:acme.client:Storing nonce: CYulBGFDSXkZUY_-YiwoX--1lPLeAx8iyEC6UPC4OO4
2019-07-16 23:08:42,010:DEBUG:acme.client:JWS payload:
b'{\n "type": "http-01",\n "resource": "challenge",\n "keyAuthorization": "ESQ_llBaZvSlnGDCmxxgR_gpuBT4SwO9EVHhtb1tpCI.NFqAlQBQYaW2gfi7d4rZTxgNvoJNU8I3WMS8G1Rwbk0"\n}'
2019-07-16 23:08:42,041:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/challenge/gb4joEtP8Jg4Dwer7Nujdc7geAc1pcNIzzxX4U2qtrQ/330655148:
{
"signature": "hS9fUq4Is9-nwNi9ypifLfgkb1pjVScRvqs98nt2AEYliWYAfjnb5eucb5Hpn4_H10DUVAK7wFWchAwjjxgWnJ3JXVihRJniyYv-NvD15B8zJZSApzVtYtMmXYj5m707Bq_LYHovzp-oYvHiwRaEQ57e6cuYKPemBpIwplCKi3-Q-gSQ0rPB2_MRyJMvDmJ9iyGCMmEeAk9giQCVrmwh6nOqlEXZlc6nlEJtekXCp8IkR0yRUDqLgxeTKz_XKu47yrWw3lI0lVREQqLOorEooDIdesZj2jlMAdQBpLJ8AMwAzV_HP_9u4NLORzhkGKypj8DoGhFTBZ_FrQIsIRp7zA",
"payload": "ewogICJ0eXBlIjogImh0dHAtMDEiLAogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJrZXlBdXRob3JpemF0aW9uIjogIkVTUV9sbEJhWnZTbG5HRENteHhnUl9ncHVCVDRTd085RVZIaHRiMXRwQ0kuTkZxQWxRQlFZYVcyZ2ZpN2Q0clpUeGdOdm9KTlU4STNXTVM4RzFSd2JrMCIKfQ",
"protected": "eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvZ2I0am9FdFA4Smc0RHdlcjdOdWpkYzdnZUFjMXBjTkl6enhYNFUycXRyUS8zMzA2NTUxNDgiLCAiYWxnIjogIlJTMjU2IiwgIm5vbmNlIjogIkNZdWxCR0ZEU1hrWlVZXy1ZaXdvWC0tMWxQTGVBeDhpeUVDNlVQQzRPTzQiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMDA4NjUxOCJ9"
}
2019-07-16 23:08:42,253:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/challenge/gb4joEtP8Jg4Dwer7Nujdc7geAc1pcNIzzxX4U2qtrQ/330655148 HTTP/1.1" 200 230
2019-07-16 23:08:42,256:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 230
Boulder-Requester: 10086518
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz/gb4joEtP8Jg4Dwer7Nujdc7geAc1pcNIzzxX4U2qtrQ>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/challenge/gb4joEtP8Jg4Dwer7Nujdc7geAc1pcNIzzxX4U2qtrQ/330655148
Replay-Nonce: a1L-7uMWM7TFICKHK7iSckPuV_wvgwD3BkhtS_CLIsE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 Jul 2019 22:08:42 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Jul 2019 22:08:42 GMT
Connection: keep-alive
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/gb4joEtP8Jg4Dwer7Nujdc7geAc1pcNIzzxX4U2qtrQ/330655148",
"token": "ESQ_llBaZvSlnGDCmxxgR_gpuBT4SwO9EVHhtb1tpCI"
}
2019-07-16 23:08:42,257:DEBUG:acme.client:Storing nonce: a1L-7uMWM7TFICKHK7iSckPuV_wvgwD3BkhtS_CLIsE
2019-07-16 23:08:42,259:DEBUG:acme.client:JWS payload:
b'{\n "type": "http-01",\n "resource": "challenge",\n "keyAuthorization": "Y1SqH1lyLa7ttge_FI4OEDTDaP_i0ehM6bgSOcxlCKo.NFqAlQBQYaW2gfi7d4rZTxgNvoJNU8I3WMS8G1Rwbk0"\n}'
2019-07-16 23:08:42,290:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/challenge/rK1by_EIOledVXdCeQayQgf0dw70HjB94DUgpAxMbkA/330655152:
{
"signature": "ZrYSgpkPWNEgVpKr1YqUR1cSkGkcJeb4_mKEHrnVNkwzGt58U3QfiTnQwN0jl5RDFHYYbn6bC_BDoxI587qiosHFeymRDroCkFmzCBNixlPfowRXV619INVkDwcTGVb2BuemoDRTdm-pahJ17l-F5inxxF9px0KMl9e_BUF7xPDZ03hGi8Zgg_tD7m7uIhQYRwADhTYFye8hy5gi1Y8_DhfI6Wa3zpQPwKO2PSGOeu3LF6AbDF22GyVfX4jTXeLUmt684IrDN23yHCnan_jb-66X_EbNsSjCukTqi9v5A-UOKfUVOH1cW65jbqcLEQEUo-3DWV8K8NZYNIbgVzuvVA",
"payload": "ewogICJ0eXBlIjogImh0dHAtMDEiLAogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJrZXlBdXRob3JpemF0aW9uIjogIlkxU3FIMWx5TGE3dHRnZV9GSTRPRURURGFQX2kwZWhNNmJnU09jeGxDS28uTkZxQWxRQlFZYVcyZ2ZpN2Q0clpUeGdOdm9KTlU4STNXTVM4RzFSd2JrMCIKfQ",
"protected": "eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvcksxYnlfRUlPbGVkVlhkQ2VRYXlRZ2YwZHc3MEhqQjk0RFVncEF4TWJrQS8zMzA2NTUxNTIiLCAiYWxnIjogIlJTMjU2IiwgIm5vbmNlIjogImExTC03dU1XTTdURklDS0hLN2lTY2tQdVZfd3Znd0QzQmtodFNfQ0xJc0UiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMDA4NjUxOCJ9"
}
2019-07-16 23:08:42,496:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/challenge/rK1by_EIOledVXdCeQayQgf0dw70HjB94DUgpAxMbkA/330655152 HTTP/1.1" 200 230
2019-07-16 23:08:42,498:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 230
Boulder-Requester: 10086518
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz/rK1by_EIOledVXdCeQayQgf0dw70HjB94DUgpAxMbkA>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/challenge/rK1by_EIOledVXdCeQayQgf0dw70HjB94DUgpAxMbkA/330655152
Replay-Nonce: eiVsTPQS4AU6UwOXyAzkPwfbApUp7Tiux-anM3Yw59w
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 Jul 2019 22:08:42 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Jul 2019 22:08:42 GMT
Connection: keep-alive
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/rK1by_EIOledVXdCeQayQgf0dw70HjB94DUgpAxMbkA/330655152",
"token": "Y1SqH1lyLa7ttge_FI4OEDTDaP_i0ehM6bgSOcxlCKo"
}
2019-07-16 23:08:42,499:DEBUG:acme.client:Storing nonce: eiVsTPQS4AU6UwOXyAzkPwfbApUp7Tiux-anM3Yw59w
2019-07-16 23:08:42,501:DEBUG:acme.client:JWS payload:
b'{\n "type": "http-01",\n "resource": "challenge",\n "keyAuthorization": "JfjKltIWcB3tEVm7l6VyFyLG1IBd9cVB__zWH6fAFwA.NFqAlQBQYaW2gfi7d4rZTxgNvoJNU8I3WMS8G1Rwbk0"\n}'
2019-07-16 23:08:42,564:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/challenge/kpMntFgkdhn8oJ5arRVHgMRIhIMS9RYICs_Fu1C3pUs/330655155:
{
"signature": "MdI-hPK1etWPJysFNXk695brDQVBIse4g12ZbpaIHkjbt9VyWW1_F54Vboy13YcDTvFXL2QFxTE7XCtaqoKHHZdrKEaevrkdNFf2CKzgcyasMy5V_6TEaeGae5MORdBXfUNapzRlesIeMisg13gMr0Ath5G55Y4e9bGM1X--cUTnHMXeibVh6O83QLLway1HQ_cF6vOaVXNlqjFROkYTRM4j9L9-ecGZF6HG03k8TyTqfHL-A3D3kAyO5AgLzpLWCsrAbCApb6zxYFy9a6Lq0ryNMptPouoEyZ7Fy6uJgfwfKwlLGLmhwZ6mI3T_e-zo2AMQMSefdWrOhTPq9TB8iw",
"payload": "ewogICJ0eXBlIjogImh0dHAtMDEiLAogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJrZXlBdXRob3JpemF0aW9uIjogIkpmaktsdElXY0IzdEVWbTdsNlZ5RnlMRzFJQmQ5Y1ZCX196V0g2ZkFGd0EuTkZxQWxRQlFZYVcyZ2ZpN2Q0clpUeGdOdm9KTlU4STNXTVM4RzFSd2JrMCIKfQ",
"protected": "eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2Uva3BNbnRGZ2tkaG44b0o1YXJSVkhnTVJJaElNUzlSWUlDc19GdTFDM3BVcy8zMzA2NTUxNTUiLCAiYWxnIjogIlJTMjU2IiwgIm5vbmNlIjogImVpVnNUUFFTNEFVNlV3T1h5QXprUHdmYkFwVXA3VGl1eC1hbk0zWXc1OXciLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMDA4NjUxOCJ9"
}
2019-07-16 23:08:42,775:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/challenge/kpMntFgkdhn8oJ5arRVHgMRIhIMS9RYICs_Fu1C3pUs/330655155 HTTP/1.1" 200 230
2019-07-16 23:08:42,778:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 230
Boulder-Requester: 10086518
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz/kpMntFgkdhn8oJ5arRVHgMRIhIMS9RYICs_Fu1C3pUs>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/challenge/kpMntFgkdhn8oJ5arRVHgMRIhIMS9RYICs_Fu1C3pUs/330655155
Replay-Nonce: NCBgP037pGRWRBwalZM3pFA43Pxe3_jbGBNLeQmdgX8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 Jul 2019 22:08:42 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Jul 2019 22:08:42 GMT
Connection: keep-alive
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/kpMntFgkdhn8oJ5arRVHgMRIhIMS9RYICs_Fu1C3pUs/330655155",
"token": "JfjKltIWcB3tEVm7l6VyFyLG1IBd9cVB__zWH6fAFwA"
}
2019-07-16 23:08:42,779:DEBUG:acme.client:Storing nonce: NCBgP037pGRWRBwalZM3pFA43Pxe3_jbGBNLeQmdgX8
2019-07-16 23:08:45,783:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/i7rDGaUldM2OWzBzlqXmuPVES-bOwXscQhtAigUwgk0.
2019-07-16 23:08:45,993:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /acme/authz/i7rDGaUldM2OWzBzlqXmuPVES-bOwXscQhtAigUwgk0 HTTP/1.1" 200 928
2019-07-16 23:08:45,998:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 928
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 Jul 2019 22:08:45 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Jul 2019 22:08:45 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "api.mrtosho.com"
},
"status": "pending",
"expires": "2019-07-23T22:05:43Z",
"challenges": [
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/i7rDGaUldM2OWzBzlqXmuPVES-bOwXscQhtAigUwgk0/330655144",
"token": "UnCuqUCPG6MeLiGIzzz9fuoz6rCIwYKtp_PjuO-ahLc"
},
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/i7rDGaUldM2OWzBzlqXmuPVES-bOwXscQhtAigUwgk0/330655145",
"token": "ht9UjLCqPtXZr17jMycmuoKSRrrxsQLecYDOHcGO5iI"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/i7rDGaUldM2OWzBzlqXmuPVES-bOwXscQhtAigUwgk0/330655146",
"token": "MBIRDSq590VZo5vVDvLH2lUINTdT9kcFOI88fgFYE2U"
}
]
}
2019-07-16 23:08:46,004:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/gb4joEtP8Jg4Dwer7Nujdc7geAc1pcNIzzxX4U2qtrQ.
2019-07-16 23:08:46,250:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /acme/authz/gb4joEtP8Jg4Dwer7Nujdc7geAc1pcNIzzxX4U2qtrQ HTTP/1.1" 200 930
2019-07-16 23:08:46,255:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 930
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 Jul 2019 22:08:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Jul 2019 22:08:46 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "cloud.mrtosho.com"
},
"status": "pending",
"expires": "2019-07-23T22:05:43Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/gb4joEtP8Jg4Dwer7Nujdc7geAc1pcNIzzxX4U2qtrQ/330655147",
"token": "dkKixW3FrJjAPGoR5yZNttVP245JgIVhuNhvtWKwdRA"
},
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/gb4joEtP8Jg4Dwer7Nujdc7geAc1pcNIzzxX4U2qtrQ/330655148",
"token": "ESQ_llBaZvSlnGDCmxxgR_gpuBT4SwO9EVHhtb1tpCI"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/gb4joEtP8Jg4Dwer7Nujdc7geAc1pcNIzzxX4U2qtrQ/330655149",
"token": "HfjQkRv4Jix-AtyTR7UfksgkoKb6W5J3YiH7T5z-xJI"
}
]
}
2019-07-16 23:08:46,261:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/rK1by_EIOledVXdCeQayQgf0dw70HjB94DUgpAxMbkA.
2019-07-16 23:08:46,479:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /acme/authz/rK1by_EIOledVXdCeQayQgf0dw70HjB94DUgpAxMbkA HTTP/1.1" 200 924
2019-07-16 23:08:46,484:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 924
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 Jul 2019 22:08:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Jul 2019 22:08:46 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "mrtosho.com"
},
"status": "pending",
"expires": "2019-07-23T22:05:43Z",
"challenges": [
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/rK1by_EIOledVXdCeQayQgf0dw70HjB94DUgpAxMbkA/330655150",
"token": "umLQ8GnUu5HnUu5trterqMAsU4izWv61P2tzPGpwWWE"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/rK1by_EIOledVXdCeQayQgf0dw70HjB94DUgpAxMbkA/330655151",
"token": "LAh8YVvXh3yf9wBxQYluo5RSOg7JnavPDfG-8r6RIIs"
},
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/rK1by_EIOledVXdCeQayQgf0dw70HjB94DUgpAxMbkA/330655152",
"token": "Y1SqH1lyLa7ttge_FI4OEDTDaP_i0ehM6bgSOcxlCKo"
}
]
}
2019-07-16 23:08:46,490:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/kpMntFgkdhn8oJ5arRVHgMRIhIMS9RYICs_Fu1C3pUs.
2019-07-16 23:08:46,710:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /acme/authz/kpMntFgkdhn8oJ5arRVHgMRIhIMS9RYICs_Fu1C3pUs HTTP/1.1" 200 928
2019-07-16 23:08:46,715:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 928
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 Jul 2019 22:08:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Jul 2019 22:08:46 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "www.mrtosho.com"
},
"status": "pending",
"expires": "2019-07-23T22:05:43Z",
"challenges": [
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/kpMntFgkdhn8oJ5arRVHgMRIhIMS9RYICs_Fu1C3pUs/330655153",
"token": "LkBu53W7hyCjAeuMHV4Yb5G3myk7xENJtR__Oo18ksQ"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/kpMntFgkdhn8oJ5arRVHgMRIhIMS9RYICs_Fu1C3pUs/330655154",
"token": "KmnG4SE0lCkqgPxBHQdOj95rugd9OMbzRAGjjh2gYAo"
},
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/kpMntFgkdhn8oJ5arRVHgMRIhIMS9RYICs_Fu1C3pUs/330655155",
"token": "JfjKltIWcB3tEVm7l6VyFyLG1IBd9cVB__zWH6fAFwA"
}
]
}
2019-07-16 23:08:54,383:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/kpMntFgkdhn8oJ5arRVHgMRIhIMS9RYICs_Fu1C3pUs.
2019-07-16 23:08:54,598:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /acme/authz/kpMntFgkdhn8oJ5arRVHgMRIhIMS9RYICs_Fu1C3pUs HTTP/1.1" 200 1889
2019-07-16 23:08:54,603:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1889
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 Jul 2019 22:08:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Jul 2019 22:08:54 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "www.mrtosho.com"
},
"status": "invalid",
"expires": "2019-07-23T22:05:43Z",
"challenges": [
{
"type": "tls-alpn-01",
"status": "invalid",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/kpMntFgkdhn8oJ5arRVHgMRIhIMS9RYICs_Fu1C3pUs/330655153",
"token": "LkBu53W7hyCjAeuMHV4Yb5G3myk7xENJtR__Oo18ksQ"
},
{
"type": "dns-01",
"status": "invalid",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/kpMntFgkdhn8oJ5arRVHgMRIhIMS9RYICs_Fu1C3pUs/330655154",
"token": "KmnG4SE0lCkqgPxBHQdOj95rugd9OMbzRAGjjh2gYAo"
},
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "Fetching https://www.mrtosho.com/.well-known/acme-challenge/JfjKltIWcB3tEVm7l6VyFyLG1IBd9cVB__zWH6fAFwA: Timeout after connect (your server may be slow or overloaded)",
"status": 400
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/kpMntFgkdhn8oJ5arRVHgMRIhIMS9RYICs_Fu1C3pUs/330655155",
"token": "JfjKltIWcB3tEVm7l6VyFyLG1IBd9cVB__zWH6fAFwA",
"validationRecord": [
{
"url": "http://www.mrtosho.com/.well-known/acme-challenge/JfjKltIWcB3tEVm7l6VyFyLG1IBd9cVB__zWH6fAFwA",
"hostname": "www.mrtosho.com",
"port": "80",
"addressesResolved": [
"xx.xx.xx.xx"
],
"addressUsed": "xx.xx.xx.xx"
},
{
"url": "https://www.mrtosho.com/.well-known/acme-challenge/JfjKltIWcB3tEVm7l6VyFyLG1IBd9cVB__zWH6fAFwA",
"hostname": "www.mrtosho.com",
"port": "443",
"addressesResolved": [
"xx.xx.xx.xx"
],
"addressUsed": "xx.xx.xx.xx"
}
]
}
]
}
2019-07-16 23:08:54,611:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: www.mrtosho.com
Type: connection
Detail: Fetching https://www.mrtosho.com/.well-known/acme-challenge/JfjKltIWcB3tEVm7l6VyFyLG1IBd9cVB__zWH6fAFwA: Timeout after connect (your server may be slow or overloaded)
Domain: mrtosho.com
Type: connection
Detail: Fetching https://mrtosho.com/.well-known/acme-challenge/Y1SqH1lyLa7ttge_FI4OEDTDaP_i0ehM6bgSOcxlCKo: Timeout after connect (your server may be slow or overloaded)
Domain: cloud.mrtosho.com
Type: connection
Detail: Fetching https://cloud.mrtosho.com/.well-known/acme-challenge/ESQ_llBaZvSlnGDCmxxgR_gpuBT4SwO9EVHhtb1tpCI: Timeout after connect (your server may be slow or overloaded)
Domain: api.mrtosho.com
Type: connection
Detail: Fetching https://api.mrtosho.com/.well-known/acme-challenge/ht9UjLCqPtXZr17jMycmuoKSRrrxsQLecYDOHcGO5iI: Timeout after connect (your server may be slow or overloaded)
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2019-07-16 23:08:54,616:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 161, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 232, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.mrtosho.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://www.mrtosho.com/.well-known/acme-challenge/JfjKltIWcB3tEVm7l6VyFyLG1IBd9cVB__zWH6fAFwA: Timeout after connect (your server may be slow or overloaded), mrtosho.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://mrtosho.com/.well-known/acme-challenge/Y1SqH1lyLa7ttge_FI4OEDTDaP_i0ehM6bgSOcxlCKo: Timeout after connect (your server may be slow or overloaded), cloud.mrtosho.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://cloud.mrtosho.com/.well-known/acme-challenge/ESQ_llBaZvSlnGDCmxxgR_gpuBT4SwO9EVHhtb1tpCI: Timeout after connect (your server may be slow or overloaded), api.mrtosho.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://api.mrtosho.com/.well-known/acme-challenge/ht9UjLCqPtXZr17jMycmuoKSRrrxsQLecYDOHcGO5iI: Timeout after connect (your server may be slow or overloaded)
2019-07-16 23:08:54,617:DEBUG:certbot.error_handler:Calling registered functions
2019-07-16 23:08:54,618:INFO:certbot.auth_handler:Cleaning up challenges
2019-07-16 23:08:54,620:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.28.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1340, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1225, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 392, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 335, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 371, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 161, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 232, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.mrtosho.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://www.mrtosho.com/.well-known/acme-challenge/JfjKltIWcB3tEVm7l6VyFyLG1IBd9cVB__zWH6fAFwA: Timeout after connect (your server may be slow or overloaded), mrtosho.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://mrtosho.com/.well-known/acme-challenge/Y1SqH1lyLa7ttge_FI4OEDTDaP_i0ehM6bgSOcxlCKo: Timeout after connect (your server may be slow or overloaded), cloud.mrtosho.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://cloud.mrtosho.com/.well-known/acme-challenge/ESQ_llBaZvSlnGDCmxxgR_gpuBT4SwO9EVHhtb1tpCI: Timeout after connect (your server may be slow or overloaded), api.mrtosho.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://api.mrtosho.com/.well-known/acme-challenge/ht9UjLCqPtXZr17jMycmuoKSRrrxsQLecYDOHcGO5iI: Timeout after connect (your server may be slow or overloaded)
I redacted my routers external ip address… I know kinda pointless, anyway, the “addressesResolved” does correctly map to the external ip address of my router.
Of note, it refers to the “Server” as nginx but I have apache2? And further down there is an “Identifier” section that mentions dns but I want to use http… is this a clue to the problem?
How do I get the http-01 challenge to work with my apache?
Cheers,
Flex