I am getting errors when trying to use Letsencrypt

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:www.regency-cloud.co.uk

I ran this command: sudo certbot --apache -v

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): www.regcny-cloud.co.uk
Requesting a certificate for www.regcny-cloud.co.uk
Performing the following challenges:
http-01 challenge for www.regcny-cloud.co.uk
Enabled Apache rewrite module
Waiting for verification...
Challenge failed for domain www.regcny-cloud.co.uk
http-01 challenge for www.regcny-cloud.co.uk

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: www.regcny-cloud.co.uk
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for www.regcny-cloud.co.uk - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.regcny-cloud.co.uk - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): Apache2 2.4

The operating system my web server runs on is (include version): Raspberry Pi OS Bookworm

My hosting provider, if applicable, is: Mythic Beast via DDNS at no-ip.

I can login to a root shell on my machine (yes or no, or I don't know): Don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): RealVNC

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Don't understand

2

You've made two typos in the domain names you're requesting a certificate for: it's missing an e and the n and c are the wrong way around.

2 Likes
3

Yes, you are right.
This is the output when the name was spelt correctly!

hyfypi4-2@raspberrypi:~ $ sudo certbot --apache -v
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): www.regency-cloud.co.uk
Requesting a certificate for www.regency-cloud.co.uk
Performing the following challenges:
http-01 challenge for www.regency-cloud.co.uk
Enabled Apache rewrite module
Waiting for verification...
Challenge failed for domain www.regency-cloud.co.uk
http-01 challenge for www.regency-cloud.co.uk

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: www.regency-cloud.co.uk
Type: unauthorized
Detail: 2a00:1098:1::25: Invalid response from http://www.regency-cloud.co.uk/.well-known/acme-challenge/MNx-f-DjYwrMUNUSTLgXZhx6vhH1kLTk6Vp9F1fcdHo: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Apologies...

1 Like
4

Hi @HyFy,

For some reason, your HTTP redirect from http://www.regency-cloud.co.uk/ to http://regency1.ddns.net/ does not apply to the specific path /.well-known/acme-challenge/ used by Let's Encrypt for this challenge. Content there is instead being served directly by the original server.

In order to get the certificate, you'll need to get the HTTP redirect to apply to URLs like http://www.regency-cloud.co.uk/.well-known/acme-challenge/example.txt as well.

2 Likes
5

Thanks for that. I will look to see what I have to do.
HyFy

1 Like
6

I have taken out the rediect to http://regency1.ddns.net/ I am still getting an error:

Given the results of the attempts to get a certificate for my server, perhaps if I explain what I have and maybe someone can tell me why I am getting the rejection and what I can do to sort it out.

I have two servers on two separate Pi4Bs, say, server A and server B. They are both on the same home network. They are not servers for public use and are for my use alone. The server A is being rejected is for Nextcloud and uses the domain www.regency-cloud.co.uk. I have not attempted to apply for a certificate with regard to the second server B yet.

I have one external IP. The “cloud domain name” is directed to a DDNS hostname which arrives at the network router.

At the router the cloud domain used an external port 8080 and internal port 80 in the “Nextcloud Pi” (server A). That works just fine. The server B uses external port 80 and internal port 80 on the second Pi (B). That again works fine but not if I swap the use of the 8080 port to the second server and the external port 80 to the cloud server. The cloud server A works but not the server (B).

There is no other server using port 80 on the Pi (A) being used by the Nextcloud server.

The Nextcloud server A is accessible from the internet.

The apache2 index page is currently directly accessible from the domain A.

The Letsencrypt log summarises the last try:

ERROR:certbot._internal.log:Some challenges have failed

Let's Debug reports “All OK”

HyFy

7

And what do the details say? It matters.

But, here is an overview of an HTTP Challenge

  • Certbot (the ACME Client) makes a cert request to the Let's Encrypt ACME Server
  • Certbot sets up the challenge token on your server
  • The LE Server looks up the IP for the domain requested in the public DNS
  • The LE Server makes an HTTP request (port 80) to that IP
  • It expects a reply that includes the challenge token placed by Certbot

So, you must handle incoming requests on port 80. You can re-route them to a different internal port (and/or local IP). Or, even HTTP redirect them elsewhere. But the ultimate destination must reply with the token placed by Certbot. A 404 is an HTTP Not Found meaning the replying server could not find that token to return it to LE.

You could use the DNS Challenge instead. This checks a record in your DNS rather than doing an HTTP request. But, to automate cert renewals your DNS provider must support an API to update TXT records. You can do a manual method but this is not recommended as people get tired of doing that every 60 days. Or they forget. I am not familiar with your DNS provider (Mythic Beast?) to make suggestion about it. Maybe consider using a DNS provider like Cloudflare (free) which offers an API for this and is well supported by Certbot.

3 Likes
8

Thanks for that.
Do I read that the external port on the router must be 80 but that the internal port can be redirected?

The log for the last request was:

2024-03-25 14:53:17,063:DEBUG:certbot._internal.main:certbot version: 2.1.0
2024-03-25 14:53:17,064:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2024-03-25 14:53:17,064:DEBUG:certbot._internal.main:Arguments: ['--apache', '-v']
2024-03-25 14:53:17,064:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-03-25 14:53:17,084:DEBUG:certbot._internal.log:Root logging level set at 20
2024-03-25 14:53:17,086:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2024-03-25 14:53:17,163:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.57
2024-03-25 14:53:17,459:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7fab2146d0>
Prep: True
2024-03-25 14:53:17,460:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7fab2146d0> and installer <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7fab2146d0>
2024-03-25 14:53:17,461:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2024-03-25 14:53:17,774:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='[https://acme-v02.api.letsencrypt.org/acme/acct/1632511197](https://acme-v02.api.letsencrypt.org/acme/acct/1632511197)', new_authzr_uri=None, terms_of_service=None), 83b2e26a30ea60e2300cd8267ae66ee8, Meta(creation_dt=datetime.datetime(2024, 3, 22, 20, 12, 6, tzinfo=<UTC>), creation_host='raspberrypi', register_to_eff='[regency@btinternet.com](mailto:regency@btinternet.com)'))>
2024-03-25 14:53:17,776:DEBUG:acme.client:Sending GET request to [https://acme-v02.api.letsencrypt.org/directory](https://acme-v02.api.letsencrypt.org/directory).
2024-03-25 14:53:17,780:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): [acme-v02.api.letsencrypt.org:443](http://acme-v02.api.letsencrypt.org:443)
2024-03-25 14:53:18,230:DEBUG:urllib3.connectionpool:[https://acme-v02.api.letsencrypt.org:443](https://acme-v02.api.letsencrypt.org:443) "GET /directory HTTP/1.1" 200 752
2024-03-25 14:53:18,231:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"6dPTE42LHbw": "[https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417](https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417)",
"keyChange": "[https://acme-v02.api.letsencrypt.org/acme/key-change](https://acme-v02.api.letsencrypt.org/acme/key-change)",
"meta": {
"caaIdentities": [
"[letsencrypt.org](http://letsencrypt.org)"
],
"termsOfService": "[https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf](https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf)",
"website": "[https://letsencrypt.org](https://letsencrypt.org)"
},
"newAccount": "[https://acme-v02.api.letsencrypt.org/acme/new-acct](https://acme-v02.api.letsencrypt.org/acme/new-acct)",
"newNonce": "[https://acme-v02.api.letsencrypt.org/acme/new-nonce](https://acme-v02.api.letsencrypt.org/acme/new-nonce)",
"newOrder": "[https://acme-v02.api.letsencrypt.org/acme/new-order](https://acme-v02.api.letsencrypt.org/acme/new-order)",
"renewalInfo": "[https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/](https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/)",
"revokeCert": "[https://acme-v02.api.letsencrypt.org/acme/revoke-cert](https://acme-v02.api.letsencrypt.org/acme/revoke-cert)"
}
2024-03-25 14:53:53,559:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for [www.regency-cloud.co.uk](http://www.regency-cloud.co.uk) and [regency-cloud.co.uk](http://regency-cloud.co.uk)
2024-03-25 14:53:53,567:DEBUG:certbot.crypto_util:Generating ECDSA key (2048 bits): /etc/letsencrypt/keys/0010_key-certbot.pem
2024-03-25 14:53:53,573:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0010_csr-certbot.pem
2024-03-25 14:53:53,577:DEBUG:acme.client:Requesting fresh nonce
2024-03-25 14:53:53,577:DEBUG:acme.client:Sending HEAD request to [https://acme-v02.api.letsencrypt.org/acme/new-nonce](https://acme-v02.api.letsencrypt.org/acme/new-nonce).
2024-03-25 14:53:53,719:DEBUG:urllib3.connectionpool:[https://acme-v02.api.letsencrypt.org:443](https://acme-v02.api.letsencrypt.org:443) "HEAD /acme/new-nonce HTTP/1.1" 200 0
2024-03-25 14:53:53,720:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <[https://acme-v02.api.letsencrypt.org/directory](https://acme-v02.api.letsencrypt.org/directory)>;rel="index"
Replay-Nonce: XcnlB1etACyp7wnBJ02hVbpvm-y_-Nx0qzYEj6xWBgfc_6Jirl4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2024-03-25 14:53:53,720:DEBUG:acme.client:Storing nonce: XcnlB1etACyp7wnBJ02hVbpvm-y_-Nx0qzYEj6xWBgfc_6Jirl4
2024-03-25 14:53:53,721:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "[www.regency-cloud.co.uk](http://www.regency-cloud.co.uk)"\n },\n {\n "type": "dns",\n "value": "[regency-cloud.co.uk](http://regency-cloud.co.uk)"\n }\n ]\n}'
2024-03-25 14:53:53,731:DEBUG:acme.client:Sending POST request to [https://acme-v02.api.letsencrypt.org/acme/new-order](https://acme-v02.api.letsencrypt.org/acme/new-order):
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTYzMjUxMTE5NyIsICJub25jZSI6ICJYY25sQjFldEFDeXA3d25CSjAyaFZicHZtLXlfLU54MHF6WUVqNnhXQmdmY182SmlybDQiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "BEImoElhILUeYNSZac-lyyB8Vi2H6Zg7x_FZZtua_55F02VxBa1rxtmN7yk2kYSrdQAGMkaDtIyqYdnrixmjrMq9HuO6O0wap2CwtZD07qAwOUctKbhGOQ3Phj0aJroyWH1cMhM4BjN2fR7b9oW1_EOzQG204KxJSdTp1deNEW_gNXBqTdZ3ugEsxCNuFvvZK5oqMW2RmtHKV0doB3iwB7jPtepcIHEwmaIa79qEp9s-EmMQaXqw879E0k2vJFvLleQ-8pNGSAqfm63brjCwNCliEw5_cEUKslUOFbuYAP_7D0AN-6QG5R7rFaqpHrC2JQItekrMSo3xh03kHTecJQ",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5yZWdlbmN5LWNsb3VkLmNvLnVrIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInJlZ2VuY3ktY2xvdWQuY28udWsiCiAgICB9CiAgXQp9"
}
2024-03-25 14:53:54,086:DEBUG:urllib3.connectionpool:[https://acme-v02.api.letsencrypt.org:443](https://acme-v02.api.letsencrypt.org:443) "POST /acme/new-order HTTP/1.1" 201 491
2024-03-25 14:53:54,087:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 491
Connection: keep-alive
Boulder-Requester: 1632511197
Cache-Control: public, max-age=0, no-cache
Link: <[https://acme-v02.api.letsencrypt.org/directory](https://acme-v02.api.letsencrypt.org/directory)>;rel="index"
Location: [https://acme-v02.api.letsencrypt.org/acme/order/1632511197/255307361977](https://acme-v02.api.letsencrypt.org/acme/order/1632511197/255307361977)
Replay-Nonce: XcnlB1et3z_jpc6lp4uSjsd5hQ7dve9ovgqqELoIUWDpi1MCLgM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2024-04-01T14:53:53Z",
"identifiers": [
{
"type": "dns",
"value": "[regency-cloud.co.uk](http://regency-cloud.co.uk)"
},
{
"type": "dns",
"value": "[www.regency-cloud.co.uk](http://www.regency-cloud.co.uk)"
}
],
"authorizations": [
"[https://acme-v02.api.letsencrypt.org/acme/authz-v3/330549299587](https://acme-v02.api.letsencrypt.org/acme/authz-v3/330549299587)",
"[https://acme-v02.api.letsencrypt.org/acme/authz-v3/330549299597](https://acme-v02.api.letsencrypt.org/acme/authz-v3/330549299597)"
],
"finalize": "[https://acme-v02.api.letsencrypt.org/acme/finalize/1632511197/255307361977](https://acme-v02.api.letsencrypt.org/acme/finalize/1632511197/255307361977)"
}
2024-03-25 14:53:54,087:DEBUG:acme.client:Storing nonce: XcnlB1et3z_jpc6lp4uSjsd5hQ7dve9ovgqqELoIUWDpi1MCLgM
2024-03-25 14:53:54,088:DEBUG:acme.client:JWS payload:
b''
2024-03-25 14:53:54,094:DEBUG:acme.client:Sending POST request to [https://acme-v02.api.letsencrypt.org/acme/authz-v3/330549299587](https://acme-v02.api.letsencrypt.org/acme/authz-v3/330549299587):
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTYzMjUxMTE5NyIsICJub25jZSI6ICJYY25sQjFldDN6X2pwYzZscDR1U2pzZDVoUTdkdmU5b3ZncXFFTG9JVVdEcGkxTUNMZ00iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMzMDU0OTI5OTU4NyJ9",
"signature": "PeGg8gIaf8wswFN5a38604nvf99CjgKD_ityiiboq8Vhb1yf0riEN3kd1_dlk2LDgNmkO0i-___d-y8jfRNUQcKk1YSnWS2QtWKdAnoFw_UqxyWE1BHMcH0Gu0Jh6I-liJ-4B0dJG8r3rpz38Cjv_A3IpD8LQNRwreXOuEYTaNXLqZy3BDNh4LnHbhIq-Rya9poDy0FFyl6ip-n6XK1GlSspBvtn3yvSIgieB9uA3Vvu277oCm9CFx-l3hLcahfrjU1lOtiyfF7Dp9-qRjAXCoK7XJ52fcOYYO3yhnX75a5PpRrijlyjUVY2HH2tZXK4xV6Wc8nyWHrtYi_FQC2VAA",
"payload": ""
}
2024-03-25 14:53:54,244:DEBUG:urllib3.connectionpool:[https://acme-v02.api.letsencrypt.org:443](https://acme-v02.api.letsencrypt.org:443) "POST /acme/authz-v3/330549299587 HTTP/1.1" 200 803
2024-03-25 14:53:54,245:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 803
Connection: keep-alive
Boulder-Requester: 1632511197
Cache-Control: public, max-age=0, no-cache
Link: <[https://acme-v02.api.letsencrypt.org/directory](https://acme-v02.api.letsencrypt.org/directory)>;rel="index"
Replay-Nonce: 4POMExAUyZuMXknDEbIy2xzimQhFtaOwRkdS0vfEXUChCW8Lu5c
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "[regency-cloud.co.uk](http://regency-cloud.co.uk)"
},
"status": "pending",
"expires": "2024-04-01T14:53:53Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "[https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299587/FofjeA](https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299587/FofjeA)",
"token": "NtF-KSwFGp0dZ9yL2gJ7OlYdoVwMujXS_DLQxGbJrHI"
},
{
"type": "dns-01",
"status": "pending",
"url": "[https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299587/MyJDHQ](https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299587/MyJDHQ)",
"token": "NtF-KSwFGp0dZ9yL2gJ7OlYdoVwMujXS_DLQxGbJrHI"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "[https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299587/3iyCJQ](https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299587/3iyCJQ)",
"token": "NtF-KSwFGp0dZ9yL2gJ7OlYdoVwMujXS_DLQxGbJrHI"
}
]
}
2024-03-25 14:53:54,245:DEBUG:acme.client:Storing nonce: 4POMExAUyZuMXknDEbIy2xzimQhFtaOwRkdS0vfEXUChCW8Lu5c
2024-03-25 14:53:54,246:DEBUG:acme.client:JWS payload:
b''
2024-03-25 14:53:54,252:DEBUG:acme.client:Sending POST request to [https://acme-v02.api.letsencrypt.org/acme/authz-v3/330549299597](https://acme-v02.api.letsencrypt.org/acme/authz-v3/330549299597):
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTYzMjUxMTE5NyIsICJub25jZSI6ICI0UE9NRXhBVXladU1Ya25ERWJJeTJ4emltUWhGdGFPd1JrZFMwdmZFWFVDaENXOEx1NWMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMzMDU0OTI5OTU5NyJ9",
"signature": "Di27g4vEm4AkzlbSj9MLzE6u-sCL2XpKSzp68d6xlsZI82CoNnXZ-vad_89lPqNrtVFbaP8RkcflF1OoDn8_x6ctKAMZzersOen9_DqCCXrZcSVTWBYupUzqfHHPUYCvAh1Ao06vOl3gHzQCw6sOZePND0qz0PoTyJ4ewvWkp4rEjqK1-RnZiQVUlV-HTl3LRuGG3DklSHmFYT1rKF1YlSQ5c79SY46EOYXzsOHdR8-Pb1VOX_bdrhwSwm4FuoDUlt2bs69AhJiqf6ePo2X1O2j0if7P62STUxSDqp6IRKt3_hVAduK7_X4_hAaP8Zznkgh00vg0q-jqLr8uSnuDgA",
"payload": ""
}
2024-03-25 14:53:54,402:DEBUG:urllib3.connectionpool:[https://acme-v02.api.letsencrypt.org:443](https://acme-v02.api.letsencrypt.org:443) "POST /acme/authz-v3/330549299597 HTTP/1.1" 200 807
2024-03-25 14:53:54,403:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 807
Connection: keep-alive
Boulder-Requester: 1632511197
Cache-Control: public, max-age=0, no-cache
Link: <[https://acme-v02.api.letsencrypt.org/directory](https://acme-v02.api.letsencrypt.org/directory)>;rel="index"
Replay-Nonce: XcnlB1etojdAwsvJh_OvmKfph7wyXsm508OPNHGDWxFP1LEg3Rs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "[www.regency-cloud.co.uk](http://www.regency-cloud.co.uk)"
},
"status": "pending",
"expires": "2024-04-01T14:53:53Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "[https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299597/JZu4HQ](https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299597/JZu4HQ)",
"token": "4Sf1fxBxbScB9k_nblhRuj4Ndqtq1HCq3b0epLBtAoQ"
},
{
"type": "dns-01",
"status": "pending",
"url": "[https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299597/hgeK0w](https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299597/hgeK0w)",
"token": "4Sf1fxBxbScB9k_nblhRuj4Ndqtq1HCq3b0epLBtAoQ"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "[https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299597/3QuR_w](https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299597/3QuR_w)",
"token": "4Sf1fxBxbScB9k_nblhRuj4Ndqtq1HCq3b0epLBtAoQ"
}
]
}
2024-03-25 14:53:54,404:DEBUG:acme.client:Storing nonce: XcnlB1etojdAwsvJh_OvmKfph7wyXsm508OPNHGDWxFP1LEg3Rs
2024-03-25 14:53:54,404:INFO:certbot._internal.auth_handler:Performing the following challenges:
2024-03-25 14:53:54,405:INFO:certbot._internal.auth_handler:http-01 challenge for [regency-cloud.co.uk](http://regency-cloud.co.uk)
2024-03-25 14:53:54,405:INFO:certbot._internal.auth_handler:http-01 challenge for [www.regency-cloud.co.uk](http://www.regency-cloud.co.uk)
2024-03-25 14:53:54,507:INFO:certbot_apache._internal.override_debian:Enabled Apache rewrite module
2024-03-25 14:53:54,681:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: None in: /etc/apache2/sites-enabled/000-default.conf
2024-03-25 14:53:54,682:DEBUG:certbot_apache._internal.http_01:writing a pre config file with text:
RewriteEngine on
RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]

2024-03-25 14:53:54,683:DEBUG:certbot_apache._internal.http_01:writing a post config file with text:
<Directory /var/lib/letsencrypt/http_challenges>
Require all granted
</Directory>
<Location /.well-known/acme-challenge>
Require all granted
</Location>

2024-03-25 14:53:54,716:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/000-default.conf
2024-03-25 14:53:57,904:DEBUG:acme.client:JWS payload:
b'{}'
2024-03-25 14:53:57,911:DEBUG:acme.client:Sending POST request to [https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299587/FofjeA](https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299587/FofjeA):
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTYzMjUxMTE5NyIsICJub25jZSI6ICJYY25sQjFldG9qZEF3c3ZKaF9Pdm1LZnBoN3d5WHNtNTA4T1BOSEdEV3hGUDFMRWczUnMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMzMDU0OTI5OTU4Ny9Gb2ZqZUEifQ",
"signature": "FHQFFUq0TKxzBwxzH-L0MZX8it4dWKJdFYtBPf6ijh_jmJsjPvkeuMYy6iv5NnZg14aHgxRNpZWRxWqgovQZjZPzR9-FMCDe1BhJgfwz5fGWjE_q7mtndpAgsz4z-drO_gRm3k8AMt2UPXX7mUmSD2s4TFxG6ZImV5YwqaNS5br8Gl6qscf0v-euNwM6Sl0dI7JmIYPUmiwLx5vr-Ks-yQWat3sGBP-iHajmmFjkf9_TSAUYRROKMF2cuSRIFz_0wyN04eSuGDpfmg1dcEfXvJm407aQBL3D2BETg_2zPAsDWicodYWqF-BSFuLTCrZsRHF1ZKuLasRX-HInzFd6ww",
"payload": "e30"
}
2024-03-25 14:53:58,070:DEBUG:urllib3.connectionpool:[https://acme-v02.api.letsencrypt.org:443](https://acme-v02.api.letsencrypt.org:443) "POST /acme/chall-v3/330549299587/FofjeA HTTP/1.1" 200 187
2024-03-25 14:53:58,071:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1632511197
Cache-Control: public, max-age=0, no-cache
Link: <[https://acme-v02.api.letsencrypt.org/directory](https://acme-v02.api.letsencrypt.org/directory)>;rel="index", <[https://acme-v02.api.letsencrypt.org/acme/authz-v3/330549299587](https://acme-v02.api.letsencrypt.org/acme/authz-v3/330549299587)>;rel="up"
Location: [https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299587/FofjeA](https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299587/FofjeA)
Replay-Nonce: 4POMExAURXvk2VVl93EI8snEzWNL8NAYzUpVjbUuo2xZZCKEoQo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"status": "pending",
"url": "[https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299587/FofjeA](https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299587/FofjeA)",
"token": "NtF-KSwFGp0dZ9yL2gJ7OlYdoVwMujXS_DLQxGbJrHI"
}
2024-03-25 14:53:58,071:DEBUG:acme.client:Storing nonce: 4POMExAURXvk2VVl93EI8snEzWNL8NAYzUpVjbUuo2xZZCKEoQo
2024-03-25 14:53:58,072:DEBUG:acme.client:JWS payload:
b'{}'
2024-03-25 14:53:58,078:DEBUG:acme.client:Sending POST request to [https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299597/JZu4HQ](https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299597/JZu4HQ):
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTYzMjUxMTE5NyIsICJub25jZSI6ICI0UE9NRXhBVVJYdmsyVlZsOTNFSThzbkV6V05MOE5BWXpVcFZqYlV1bzJ4WlpDS0VvUW8iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMzMDU0OTI5OTU5Ny9KWnU0SFEifQ",
"signature": "KGztSpG2hVKDe0ii1-D1oNfJCPTQpzJU7eZThUV8VNtFcuRjWQ5tA6_f_fTaR7zsUmY6et_QcWZ2zoFm2oJ52MTJ0lrme98jzBss3BpxNusImgudGGwMfB-vQz8fZ7OFcc5OJT2qa6WQ0UuglM6nok3tob5B5CiUGn8vD44P9D0k6MNrm-JAc-fIVjDQmvlNeY_PUj9lsBUuvJ2VrFOHUUCTa7NMBFYgwJgi5aIUkYVVBYHjKFUgPyeqFQPvb2DvqMbXnLjqqRWl5r3C8SjhPxY38eJb1WH5yes2yF1Ipxx13w8h9H6jekoL2s-b0SGj-ATCKjMEUvtLD2PB9vzD0w",
"payload": "e30"
}
2024-03-25 14:53:58,237:DEBUG:urllib3.connectionpool:[https://acme-v02.api.letsencrypt.org:443](https://acme-v02.api.letsencrypt.org:443) "POST /acme/chall-v3/330549299597/JZu4HQ HTTP/1.1" 200 187
2024-03-25 14:53:58,238:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1632511197
Cache-Control: public, max-age=0, no-cache
Link: <[https://acme-v02.api.letsencrypt.org/directory](https://acme-v02.api.letsencrypt.org/directory)>;rel="index", <[https://acme-v02.api.letsencrypt.org/acme/authz-v3/330549299597](https://acme-v02.api.letsencrypt.org/acme/authz-v3/330549299597)>;rel="up"
Location: [https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299597/JZu4HQ](https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299597/JZu4HQ)
Replay-Nonce: XcnlB1et1-Gq3Yo-f045eRYYKHy-picPGpgWhs4KVSkrMt66uQw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"status": "pending",
"url": "[https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299597/JZu4HQ](https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299597/JZu4HQ)",
"token": "4Sf1fxBxbScB9k_nblhRuj4Ndqtq1HCq3b0epLBtAoQ"
}
2024-03-25 14:53:58,238:DEBUG:acme.client:Storing nonce: XcnlB1et1-Gq3Yo-f045eRYYKHy-picPGpgWhs4KVSkrMt66uQw
2024-03-25 14:53:58,238:INFO:certbot._internal.auth_handler:Waiting for verification...
2024-03-25 14:53:59,239:DEBUG:acme.client:JWS payload:
b''
2024-03-25 14:53:59,246:DEBUG:acme.client:Sending POST request to [https://acme-v02.api.letsencrypt.org/acme/authz-v3/330549299587](https://acme-v02.api.letsencrypt.org/acme/authz-v3/330549299587):
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTYzMjUxMTE5NyIsICJub25jZSI6ICJYY25sQjFldDEtR3EzWW8tZjA0NWVSWVlLSHktcGljUEdwZ1doczRLVlNrck10NjZ1UXciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMzMDU0OTI5OTU4NyJ9",
"signature": "C02u68LdG1Vhah_LUiCvjjqI66HXw6ZIDbj7MKIo6dlnaSKlrDOLfXNv6iAgJ-G210feO0b9hTBhkPmaqHjZ8Dn7uyL5Vv6KVj7G3QhemvBBHJXFPuyI19ysG-wjLxgWahEcnYO7KrkirVFBK_FG1LyX7khcZVnpaBW9Uwk8j_xhTqXZMRxYboa2Dhc9XQ_yfiYtySDpcAXfdf6on_HhuD3c5Z22KsCWUJk7uYb23uJ3M6WUvmjvd_GEMk_YPjwq5PK3aLMJK-gMwHdr0gr3PyaxMHuF7RTXKcx5TwTAkB6nY55_q1em6HnGZQd2CkJZVt3kxz7264o8dEpSdFOCGA",
"payload": ""
}
2024-03-25 14:53:59,400:DEBUG:urllib3.connectionpool:[https://acme-v02.api.letsencrypt.org:443](https://acme-v02.api.letsencrypt.org:443) "POST /acme/authz-v3/330549299587 HTTP/1.1" 200 1192
2024-03-25 14:53:59,401:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1192
Connection: keep-alive
Boulder-Requester: 1632511197
Cache-Control: public, max-age=0, no-cache
Link: <[https://acme-v02.api.letsencrypt.org/directory](https://acme-v02.api.letsencrypt.org/directory)>;rel="index"
Replay-Nonce: 4POMExAUnRkNuaNKIznJ8FbYwsQPqG254k3UizmQx7eXS8IaJPY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "[regency-cloud.co.uk](http://regency-cloud.co.uk)"
},
"status": "invalid",
"expires": "2024-04-01T14:53:53Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "2a00:1098:1::25: Invalid response from [http://regency-cloud.co.uk/.well-known/acme-challenge/NtF-KSwFGp0dZ9yL2gJ7OlYdoVwMujXS_DLQxGbJrHI](http://regency-cloud.co.uk/.well-known/acme-challenge/NtF-KSwFGp0dZ9yL2gJ7OlYdoVwMujXS_DLQxGbJrHI): 404",
"status": 403
},
"url": "[https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299587/FofjeA](https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299587/FofjeA)",
"token": "NtF-KSwFGp0dZ9yL2gJ7OlYdoVwMujXS_DLQxGbJrHI",
"validationRecord": [
{
"url": "[http://regency-cloud.co.uk/.well-known/acme-challenge/NtF-KSwFGp0dZ9yL2gJ7OlYdoVwMujXS_DLQxGbJrHI](http://regency-cloud.co.uk/.well-known/acme-challenge/NtF-KSwFGp0dZ9yL2gJ7OlYdoVwMujXS_DLQxGbJrHI)",
"hostname": "[regency-cloud.co.uk](http://regency-cloud.co.uk)",
"port": "80",
"addressesResolved": [
"46.235.229.240",
"2a00:1098:1::25"
],
"addressUsed": "2a00:1098:1::25",
"resolverAddrs": [
"A:[10.1.12.82:28098](http://10.1.12.82:28098)",
"AAAA:[10.1.12.89:26534](http://10.1.12.89:26534)"
]
}
],
"validated": "2024-03-25T14:53:57Z"
}
]
}
2024-03-25 14:53:59,402:DEBUG:acme.client:Storing nonce: 4POMExAUnRkNuaNKIznJ8FbYwsQPqG254k3UizmQx7eXS8IaJPY
2024-03-25 14:53:59,402:DEBUG:acme.client:JWS payload:
b''
2024-03-25 14:53:59,409:DEBUG:acme.client:Sending POST request to [https://acme-v02.api.letsencrypt.org/acme/authz-v3/330549299597](https://acme-v02.api.letsencrypt.org/acme/authz-v3/330549299597):
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTYzMjUxMTE5NyIsICJub25jZSI6ICI0UE9NRXhBVW5Sa051YU5LSXpuSjhGYll3c1FQcUcyNTRrM1Vpem1ReDdlWFM4SWFKUFkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMzMDU0OTI5OTU5NyJ9",
"signature": "ExuglsVxcNjAt9ERieJba8QMdc8UbTVUXlrHveSF1L0Qawj3zn6uL44p2U3u2UqIkaBGQqiEdge43E8gqoRsqURNr1IlZrrI3qiImC82LHBTOI1ZKBFEjMGG6q0norZ6psep3ulN70RLKlRjKSdlMp0UlFmmuNoyaGEC-RrByTcJHb0FpxJybvCXkKVyNPlFUpA6oJcCx0uNZLlSCM3r86iRyuboOc0Ipd3r1XAFCBigBXVx5kJ72LMlFD2YuDZyhSUlqxAwnDt6LJIQlD0uMxFSeufpJxpNb9u_aaSYIr-uG6UDTRLVHvsEmaiE6vtqvX8R-_INxXpUTYjEM6VkmA",
"payload": ""
}
2024-03-25 14:53:59,558:DEBUG:urllib3.connectionpool:[https://acme-v02.api.letsencrypt.org:443](https://acme-v02.api.letsencrypt.org:443) "POST /acme/authz-v3/330549299597 HTTP/1.1" 200 1208
2024-03-25 14:53:59,559:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1208
Connection: keep-alive
Boulder-Requester: 1632511197
Cache-Control: public, max-age=0, no-cache
Link: <[https://acme-v02.api.letsencrypt.org/directory](https://acme-v02.api.letsencrypt.org/directory)>;rel="index"
Replay-Nonce: XcnlB1etsLtp4nALK0ZJxv7-PIP64qB8ki0rrmB_SbamZzxcIpk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "[www.regency-cloud.co.uk](http://www.regency-cloud.co.uk)"
},
"status": "invalid",
"expires": "2024-04-01T14:53:53Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "2a00:1098:1::25: Invalid response from [http://www.regency-cloud.co.uk/.well-known/acme-challenge/4Sf1fxBxbScB9k_nblhRuj4Ndqtq1HCq3b0epLBtAoQ](http://www.regency-cloud.co.uk/.well-known/acme-challenge/4Sf1fxBxbScB9k_nblhRuj4Ndqtq1HCq3b0epLBtAoQ): 404",
"status": 403
},
"url": "[https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299597/JZu4HQ](https://acme-v02.api.letsencrypt.org/acme/chall-v3/330549299597/JZu4HQ)",
"token": "4Sf1fxBxbScB9k_nblhRuj4Ndqtq1HCq3b0epLBtAoQ",
"validationRecord": [
{
"url": "[http://www.regency-cloud.co.uk/.well-known/acme-challenge/4Sf1fxBxbScB9k_nblhRuj4Ndqtq1HCq3b0epLBtAoQ](http://www.regency-cloud.co.uk/.well-known/acme-challenge/4Sf1fxBxbScB9k_nblhRuj4Ndqtq1HCq3b0epLBtAoQ)",
"hostname": "[www.regency-cloud.co.uk](http://www.regency-cloud.co.uk)",
"port": "80",
"addressesResolved": [
"46.235.229.240",
"2a00:1098:1::25"
],
"addressUsed": "2a00:1098:1::25",
"resolverAddrs": [
"A:[10.1.12.82:28103](http://10.1.12.82:28103)",
"AAAA:[10.1.12.87:28704](http://10.1.12.87:28704)"
]
}
],
"validated": "2024-03-25T14:53:58Z"
}
]
}
2024-03-25 14:53:59,560:DEBUG:acme.client:Storing nonce: XcnlB1etsLtp4nALK0ZJxv7-PIP64qB8ki0rrmB_SbamZzxcIpk
2024-03-25 14:53:59,560:INFO:certbot._internal.auth_handler:Challenge failed for domain [regency-cloud.co.uk](http://regency-cloud.co.uk)
2024-03-25 14:53:59,561:INFO:certbot._internal.auth_handler:Challenge failed for domain [www.regency-cloud.co.uk](http://www.regency-cloud.co.uk)
2024-03-25 14:53:59,561:INFO:certbot._internal.auth_handler:http-01 challenge for [regency-cloud.co.uk](http://regency-cloud.co.uk)
2024-03-25 14:53:59,561:INFO:certbot._internal.auth_handler:http-01 challenge for [www.regency-cloud.co.uk](http://www.regency-cloud.co.uk)
2024-03-25 14:53:59,562:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: [regency-cloud.co.uk](http://regency-cloud.co.uk)
Type: unauthorized
Detail: 2a00:1098:1::25: Invalid response from [http://regency-cloud.co.uk/.well-known/acme-challenge/NtF-KSwFGp0dZ9yL2gJ7OlYdoVwMujXS_DLQxGbJrHI](http://regency-cloud.co.uk/.well-known/acme-challenge/NtF-KSwFGp0dZ9yL2gJ7OlYdoVwMujXS_DLQxGbJrHI): 404

Domain: [www.regency-cloud.co.uk](http://www.regency-cloud.co.uk)
Type: unauthorized
Detail: 2a00:1098:1::25: Invalid response from [http://www.regency-cloud.co.uk/.well-known/acme-challenge/4Sf1fxBxbScB9k_nblhRuj4Ndqtq1HCq3b0epLBtAoQ](http://www.regency-cloud.co.uk/.well-known/acme-challenge/4Sf1fxBxbScB9k_nblhRuj4Ndqtq1HCq3b0epLBtAoQ): 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

2024-03-25 14:53:59,563:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2024-03-25 14:53:59,564:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-03-25 14:53:59,564:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-03-25 14:53:59,920:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in <module>
sys.exit(load_entry_point('certbot==2.1.0', 'console_scripts', 'certbot')())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1736, in main
return config.func(config, plugins)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1440, in run
new_lineage = _get_and_save_cert(le_client, config, domains,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 138, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 516, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 428, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2024-03-25 14:53:59,924:ERROR:certbot._internal.log:Some challenges have failed.

I understand that Mythic Beasts do all of the work for Raspberry Pi.

Any help gratefully accepted...

HyFy

1 Like
9

Yes

Are you sure you route the IPv6 incoming requests to the correct server? Because Let's Encrypt servers prefer the IPv6 when you have an AAAA record for them in your DNS.

The 2a00:1098... address in the error message is an IPv6 address

Maybe check each server's public IPv6 address by running this on each one

curl -6 https://ifconfig.io
2 Likes
10

I will check this out but I can see that I am going to fall at the first hurdle. If I have to have the external port set as 80 I can't have two servers using the same external public IP address.

I will look at this and get back.

Thanks again.

HyFy

1 Like
11

Have one of your servers handle all the incoming requests. Act as a reverse proxy to your other server for just certain requests. That is the typical setup for this.

3 Likes
12

Thanks for that. I will have to look at my networking. I thought that I had that!
HyFy

2 Likes
14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.