I cannot get a new certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cotizaya.pe

I ran this command:

certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-4" --agree-tos --authenticator webroot --email "anonymous@gmail.com" --preferred-challenges "dns,http" --domains "www.cotizaya.pe"

It produced this output:

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-4" --agree-tos --authenticator webroot --email "anonymous@gmail.com" --preferred-challenges "dns,http" --domains "www.cotizaya.pe" 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

    at ChildProcess.exithandler (node:child_process:399:12)
    at ChildProcess.emit (node:events:526:28)
    at maybeClose (node:internal/child_process:1092:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5)

My web server is (include version): I'm using latest version of NGINX Proxy Manager (Docker image)

The operating system my web server runs on is (include version): Debian 10

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): yes, NGINX Proxy Manager has one

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.25.0

Output of /var/log/letsencrypt/letsencrypt.log:

2022-06-16 16:08:02,147:DEBUG:certbot._internal.main:certbot version: 1.25.0
2022-06-16 16:08:02,147:DEBUG:certbot._internal.main:Location of certbot entry t
2022-06-16 16:08:02,147:DEBUG:certbot._internal.main:Arguments: ['--non-interac]
2022-06-16 16:08:02,148:DEBUG:certbot._internal.main:Discovered plugins: Plugin)
2022-06-16 16:08:02,159:DEBUG:certbot._internal.log:Root logging level set at 40
2022-06-16 16:08:02,160:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-06-16 16:08:02,160:DEBUG:certbot._internal.display.obj:Notifying user: No .
2022-06-16 16:08:02,160:DEBUG:certbot._internal.display.obj:Notifying user: - --
2022-06-16 16:08:02,160:DEBUG:certbot._internal.renewal:no renewal failures

MORE DETAILS ABOUT PROBLEM

I have two hostings with Linode, one is using the domain name famarca-systems.stream with 4 subdomains (for 4 linodes, one of them is the NGINX Proxy Manager), and all of them were working fine. I cloned the linode containing NGINX Proxy Manager and exported to my second hosting. In this second hosting, I ran that linode and entered to the WebPanel of this NGINX Proxy Manager and deleted all existing proxys and SSL certificates, then I wanted to create a new proxy with its SSL certificate, and my tragedy started from that moment. I could not create new SSL certificates, and in my first hosting I cannot get my sites, for any browser I get this message:

Your connection is not private
Attackers might be trying to steal your information from xyz.famarca-systems.stream (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_REVOKED

I've trying to renew every certificate but I get this message in my Dashboard "Internal Error". So I deleted one proxy with its SSL certificate (in my first hosting) and tried to create a new certificate, and I'm getting a similar message than my second hosting:

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-7" --agree-tos --authenticator webroot --email "anonymous@gmail.com" --preferred-challenges "dns,http" --domains "proxy.famarca-systems.stream" 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

    at ChildProcess.exithandler (node:child_process:399:12)
    at ChildProcess.emit (node:events:526:28)
    at maybeClose (node:internal/child_process:1092:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5)

I hope this extra info can be of any help.

1 Like

Hi @warcayac , and welcome to the LE community forum :slight_smile:

Your domain seems to only have NS records, no A, AAAA, or CNAME records; there is no "www.cotizaya.pe".
Details are here: DNS Lookup - Check DNS Records

2 Likes

That's not true: the www subdomain does have an A RR. It's just the apex domain which does not have such a RR. But that shouldn´t matter, as OP is not requesting a cert for the apex domain.

That said, OP is using "Nginx Proxy Manager", a terrible to debug piece of software, so don't expect actual input about this issue from me besides the above. :slight_smile:

3 Likes

Also https://check-your-website.server-daten.de/?q=cotizaya.pe shows Connect failure

Andhttps://www.hardenize.com/report/cotizaya.pe/1655398171#www_http also show connection failure.

2 Likes

Ok I can see the A record with Hardenize Report: cotizaya.pe

But DNS Lookup - Check DNS Records does not.

2 Likes

It does if you add the www subdomain: DNS Lookup - Check DNS Records

DNSViz also does not have an issue with the hostname: www.cotizaya.pe | DNSViz nor does Unboundtest: https://unboundtest.com/m/A/www.cotizaya.pe/B6MKJEQZ

2 Likes

I would have thought www is the hostname of the fqdn and not a subdomain.

1 Like

I'm not sure I follow. The term "hostname" and FQDN are commonly used for the same thing.

In any case, OP requested a cert for www.cotizaya.pe and www.cotizaya.pe resolves to an IP address. So that's not the issue here.

3 Likes

Yep!

2 Likes
2 Likes

Offtopic: when I said that the term "hostname" and FQDN are commonly used for the same thing, I didn't say it was technically correct.

2 Likes

First off, thanks for your help.
Second, I've added more details about my problem in the original post.

2 Likes

I've noted this text in your image: IP blocked by dnsbl.spfbl.net, is it relevant to this problem?

2 Likes

I would think so, but others on this forum may know better.

2 Likes

Probably not. Let's Encrypt doesn't use block lists from 3rd parties to block issuance.

I'm more interested in the entire log file, as it seems to be clipped/truncated now.

4 Likes

2 Likes

I've checked the log file again and this is the output:

2022-06-16 23:08:02,226:DEBUG:certbot._internal.main:certbot version: 1.25.0
2022-06-16 23:08:02,226:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2022-06-16 23:08:02,226:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '--quiet', '--config', '/etc/letsencrypt.ini', '--preferred-challenges', 'dns,http', '--disable-hook-validation']
2022-06-16 23:08:02,227:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-06-16 23:08:02,239:DEBUG:certbot._internal.log:Root logging level set at 40
2022-06-16 23:08:02,240:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-06-16 23:08:02,240:DEBUG:certbot._internal.display.obj:Notifying user: No renewals were attempted.
2022-06-16 23:08:02,240:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-06-16 23:08:02,240:DEBUG:certbot._internal.renewal:no renewal failures

The log file doesn't show which domain was being requested.
I see multiple domains in this topic:

2 Likes

My original post is about certificates for subdomains using cotizaya.pe. The log is for this domain, I've copied it such as is. And this problem is also happening with my another domain famarca-systems.stream.

the log file for my second hosting (cotizaya.pe) is short, but for my first hosting (famarca-systems.stream) it is long, this is its content:

cat /var/log/letsencrypt/letsencrypt.log
2022-06-17 02:12:57,677:DEBUG:certbot._internal.main:certbot version: 1.25.0
2022-06-17 02:12:57,678:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2022-06-17 02:12:57,678:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-9', '--agree-tos', '--authenticator', 'webroot', '--email', 'famarca.systems@gmail.com', '--preferred-challenges', 'dns,http', '--domains', 'proxy.famarca-systems.stream']
2022-06-17 02:12:57,679:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-06-17 02:12:57,721:DEBUG:certbot._internal.log:Root logging level set at 30
2022-06-17 02:12:57,722:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2022-06-17 02:12:57,727:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f6fd7f6f860>
Prep: True
2022-06-17 02:12:57,727:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f6fd7f6f860> and installer None
2022-06-17 02:12:57,728:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2022-06-17 02:12:57,731:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/487460440', new_authzr_uri=None, terms_of_service=None), 424df6e1ea25f306c65beb445a8405a7, Meta(creation_dt=datetime.datetime(2022, 4, 7, 21, 26, 38, tzinfo=<UTC>), creation_host='f9995fbb1144', register_to_eff=None))>
2022-06-17 02:12:57,733:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-06-17 02:12:57,737:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-06-17 02:12:57,872:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2022-06-17 02:12:57,873:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 17 Jun 2022 02:12:57 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "13gLmCpoVe8": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2022-06-17 02:12:57,873:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for proxy.famarca-systems.stream
2022-06-17 02:12:57,888:DEBUG:certbot.crypto_util:Generating ECDSA key (2048 bits): /etc/letsencrypt/keys/0995_key-certbot.pem
2022-06-17 02:12:57,903:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0995_csr-certbot.pem
2022-06-17 02:12:57,905:DEBUG:acme.client:Requesting fresh nonce
2022-06-17 02:12:57,905:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2022-06-17 02:12:57,949:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-06-17 02:12:57,950:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 17 Jun 2022 02:12:57 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102-2Q0i5zxB__HZReqctcWmbdfUm6PN5TxFmO8IhiPAZA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2022-06-17 02:12:57,951:DEBUG:acme.client:Storing nonce: 0102-2Q0i5zxB__HZReqctcWmbdfUm6PN5TxFmO8IhiPAZA
2022-06-17 02:12:57,951:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "proxy.famarca-systems.stream"\n    }\n  ]\n}'
2022-06-17 02:12:57,953:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDg3NDYwNDQwIiwgIm5vbmNlIjogIjAxMDItMlEwaTV6eEJfX0haUmVxY3RjV21iZGZVbTZQTjVUeEZtTzhJaGlQQVpBIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "Grf1eAay7CVvHD7Y4hfWfyzVe8yKHRVUxUa0DqVWO1r7yAId5ok2hSieePzHWy8bc_BvVIWxI7JAARyTZNdxxpG4ifa6-CaDTkBU7acRZZpr2MIRb6kWiVpVOFo99IZA8Z45AjT-dX6ttvwuanv3RuYgVZhoZSo_fK9MEOQ08fa9Gp9YosOS0Osm8vTAZfl38z-ln0kGSp-zFsDntyjaaFBX1CdM5wd9xj1zzfD9ksB4e6AIgZDVcjBX0CwHlj2S2vjciaYkXSjmz_CPdBRu69v53Jzs8ZqvIu8ZQ86GTm91J0GxVrXSf3PgPnmM5Z2JpGfc1jhUvBrWZBbI1dHgvg",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInByb3h5LmZhbWFyY2Etc3lzdGVtcy5zdHJlYW0iCiAgICB9CiAgXQp9"
}
2022-06-17 02:12:58,231:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 352
2022-06-17 02:12:58,232:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 17 Jun 2022 02:12:58 GMT
Content-Type: application/json
Content-Length: 352
Connection: keep-alive
Boulder-Requester: 487460440
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/487460440/98426528326
Replay-Nonce: 01013L-yPM8ydNyyNSASJAae1VbcsjLEzTtyv29YWLKQKsE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2022-06-24T02:12:58Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "proxy.famarca-systems.stream"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/120475455106"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/487460440/98426528326"
}
2022-06-17 02:12:58,233:DEBUG:acme.client:Storing nonce: 01013L-yPM8ydNyyNSASJAae1VbcsjLEzTtyv29YWLKQKsE
2022-06-17 02:12:58,233:DEBUG:acme.client:JWS payload:
b''
2022-06-17 02:12:58,235:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/120475455106:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDg3NDYwNDQwIiwgIm5vbmNlIjogIjAxMDEzTC15UE04eWROeXlOU0FTSkFhZTFWYmNzakxFelR0eXYyOVlXTEtRS3NFIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMjA0NzU0NTUxMDYifQ",
  "signature": "TezwonbqPGZLJwIIpxePVTY4IICAis18dQs5qlm6liHzGOKdSwrJPoqK4gYcY9xXFQKJKHn-VqslEtak8xvvn1Ut5rW7vCVJIiufBEqC_eTK1u_bxUeUVKjwflX9atpZeexws3CW82DkSM70-tbIu8GWOH3sfjFX8Ua-JvI_GqSZCCgW1UVsHN97M0XusKMvMO58giMnf0QzxQikV-H9zlIGsLYwaVyJvmj37F-CRpxIqDLVnsOKTAB1SRSfyDeqL7GgRG1KU84pzzxWVDluqUffa2awdtN8avnBS3MClyyvXb2_c2duH-h8o8KCCeNf3syR9ySbD6NAqtTSVYYArQ",
  "payload": ""
}
2022-06-17 02:12:58,297:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/120475455106 HTTP/1.1" 200 812
2022-06-17 02:12:58,298:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 17 Jun 2022 02:12:58 GMT
Content-Type: application/json
Content-Length: 812
Connection: keep-alive
Boulder-Requester: 487460440
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102K191ue1Z_Vy3SiZNXE5NzI-xcHoG0sZx7ivHquOXh68
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "proxy.famarca-systems.stream"
  },
  "status": "pending",
  "expires": "2022-06-24T02:12:58Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/120475455106/6SuLOg",
      "token": "bmDFSbp-NIx0dG8BvzpIymtSmm42R8imvd0XprJlhzo"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/120475455106/3evPtw",
      "token": "bmDFSbp-NIx0dG8BvzpIymtSmm42R8imvd0XprJlhzo"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/120475455106/_8V1Bw",
      "token": "bmDFSbp-NIx0dG8BvzpIymtSmm42R8imvd0XprJlhzo"
    }
  ]
}
2022-06-17 02:12:58,298:DEBUG:acme.client:Storing nonce: 0102K191ue1Z_Vy3SiZNXE5NzI-xcHoG0sZx7ivHquOXh68
2022-06-17 02:12:58,299:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-06-17 02:12:58,299:INFO:certbot._internal.auth_handler:http-01 challenge for proxy.famarca-systems.stream
2022-06-17 02:12:58,299:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2022-06-17 02:12:58,299:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2022-06-17 02:12:58,302:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/bmDFSbp-NIx0dG8BvzpIymtSmm42R8imvd0XprJlhzo
2022-06-17 02:12:58,303:DEBUG:acme.client:JWS payload:
b'{}'
2022-06-17 02:12:58,305:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/120475455106/6SuLOg:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDg3NDYwNDQwIiwgIm5vbmNlIjogIjAxMDJLMTkxdWUxWl9WeTNTaVpOWEU1TnpJLXhjSG9HMHNaeDdpdkhxdU9YaDY4IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xMjA0NzU0NTUxMDYvNlN1TE9nIn0",
  "signature": "ieA0LwShpJbUOHmG-_SPC0Y4yeEI2aRmvcOvYgBV4pdPQFF9ICvx7txcC3mgW6wUa3IxccQ1-t7de7JXPLyxrYxyNytBky63wybKUu7z6py_VWPeaTpBRQvngnYiZ4s8DTIxpRXFWwNWdAZttCu3_pOzxm68y7hbnzRBW-yf6NqWZRQV4k5-K5Oa8ORsHA2zOC2FghBG759XPtUGfi0FZ2t_8r9c6jsu2MQE_XpM1PqtCFo2WseOAqW5tF9wva87MBa2WJa4TlPKX0xVBJfvL6BVzj2z7AHvM0ZA7AHjqu1VCSDNqm_eQm75spQqD57YqSC48wJ1Tc6mwc0iBidxoQ",
  "payload": "e30"
}
2022-06-17 02:12:58,381:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/120475455106/6SuLOg HTTP/1.1" 200 187
2022-06-17 02:12:58,382:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 17 Jun 2022 02:12:58 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 487460440
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/120475455106>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/120475455106/6SuLOg
Replay-Nonce: 0102enhXu43w0NfVRMyMQnk8TIZko2aoDs_Bmx_ifsf2PiQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/120475455106/6SuLOg",
  "token": "bmDFSbp-NIx0dG8BvzpIymtSmm42R8imvd0XprJlhzo"
}
2022-06-17 02:12:58,382:DEBUG:acme.client:Storing nonce: 0102enhXu43w0NfVRMyMQnk8TIZko2aoDs_Bmx_ifsf2PiQ
2022-06-17 02:12:58,382:INFO:certbot._internal.auth_handler:Waiting for verification...
2022-06-17 02:12:59,384:DEBUG:acme.client:JWS payload:
b''
2022-06-17 02:12:59,386:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/120475455106:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDg3NDYwNDQwIiwgIm5vbmNlIjogIjAxMDJlbmhYdTQzdzBOZlZSTXlNUW5rOFRJWmtvMmFvRHNfQm14X2lmc2YyUGlRIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMjA0NzU0NTUxMDYifQ",
  "signature": "UGY6ZJ3fmjVdkv0k2tgdA1YUoAEJqMjoAnvg76kSQSwxxc4dxQ_XfCqc8CiVFr2IkP1hdG_cMcs8IQJX3t-QNxo1M8u78BJHyRk059bwRt2nmwKSNvX0el2OLmFiuRPjO7Q7OASe8STgq0v8RsnoaKmhH15ZrS8CRxyp9PcieHZlra_GY0-XEa61kDr2o1x8tkVhDQ9gGKIStRuPYbPpI8bCUw66yt_JKjOE6OOPjcsVEXh7CPAXIIaZ_LTluj0kUfpkDf-UuhzUMsXiO82Tx5P1Dl9PMe35O7lthceM48lFoLwM0TauwMxIRBC7r0AfrdUMl00i6Cj8Eajq7X23Zg",
  "payload": ""
}
2022-06-17 02:12:59,480:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/120475455106 HTTP/1.1" 200 1080
2022-06-17 02:12:59,482:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 17 Jun 2022 02:12:59 GMT
Content-Type: application/json
Content-Length: 1080
Connection: keep-alive
Boulder-Requester: 487460440
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101lTtXRTCPV1Z3mV0a72WkaeHl9FN1w330_fNmoYp77Jw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "proxy.famarca-systems.stream"
  },
  "status": "invalid",
  "expires": "2022-06-24T02:12:58Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "192.155.95.54: Fetching http://proxy.famarca-systems.stream/.well-known/acme-challenge/bmDFSbp-NIx0dG8BvzpIymtSmm42R8imvd0XprJlhzo: Connection refused",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/120475455106/6SuLOg",
      "token": "bmDFSbp-NIx0dG8BvzpIymtSmm42R8imvd0XprJlhzo",
      "validationRecord": [
        {
          "url": "http://proxy.famarca-systems.stream/.well-known/acme-challenge/bmDFSbp-NIx0dG8BvzpIymtSmm42R8imvd0XprJlhzo",
          "hostname": "proxy.famarca-systems.stream",
          "port": "80",
          "addressesResolved": [
            "192.155.95.54"
          ],
          "addressUsed": "192.155.95.54"
        }
      ],
      "validated": "2022-06-17T02:12:58Z"
    }
  ]
}
2022-06-17 02:12:59,482:DEBUG:acme.client:Storing nonce: 0101lTtXRTCPV1Z3mV0a72WkaeHl9FN1w330_fNmoYp77Jw
2022-06-17 02:12:59,482:INFO:certbot._internal.auth_handler:Challenge failed for domain proxy.famarca-systems.stream
2022-06-17 02:12:59,483:INFO:certbot._internal.auth_handler:http-01 challenge for proxy.famarca-systems.stream
2022-06-17 02:12:59,483:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: proxy.famarca-systems.stream
  Type:   connection
  Detail: 192.155.95.54: Fetching http://proxy.famarca-systems.stream/.well-known/acme-challenge/bmDFSbp-NIx0dG8BvzpIymtSmm42R8imvd0XprJlhzo: Connection refused

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2022-06-17 02:12:59,484:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2022-06-17 02:12:59,484:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-06-17 02:12:59,484:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-06-17 02:12:59,484:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/bmDFSbp-NIx0dG8BvzpIymtSmm42R8imvd0XprJlhzo
2022-06-17 02:12:59,485:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2022-06-17 02:12:59,485:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1715, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1574, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 139, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 513, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 441, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 493, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-06-17 02:12:59,487:ERROR:certbot._internal.log:Some challenges have failed.
1 Like