I cannot get certicate, http-01 challenge fails

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: office.betfarm.com

I ran this command: sudo certbot-auto certonly --agree-tos --email admin@betfarm.com --webroot -w /var/lib/letsencrypt/ -d office.betfarm.com

It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for office.betfarm.com
Using the webroot path /var/lib/letsencrypt for all unmatched domains.
Waiting for verification…
Challenge failed for domain office.betfarm.com
http-01 challenge for office.betfarm.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version): ubuntu 18.04

The operating system my web server runs on is (include version): linux

My hosting provider, if applicable, is:digital ocean

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.23.0

i got a certificate done and renewed it but afterwards i could not renew it anymore, so i deleted it, now i cannot get another certificate, am i noob to ubuntu:
i have been following this tutorial and it had been working until now: https://linuxize.com/post/secure-nginx-with-let-s-encrypt-on-ubuntu-18-04/

Hi @gistblize

the tutorial uses a location definition

location ^~ /.well-known/acme-challenge/ {
  allow all;
  root /var/lib/letsencrypt/;
  default_type "text/plain";
  try_files $uri =404;
}

That may be possible. But it makes things more complicated.

Remove that location definition.

Then use your root (perhaps first define one) directly:

sudo certbot-auto certonly --agree-tos --email admin@betfarm.com --webroot -w yourRoot -d office.betfarm.com

To check your root, create the two subdirectories

yourRoot/.well-known/acme-challenge

there a file (file name 1234), then try to check that file via

http://office.betfarm.com/.well-known/acme-challenge/1234
1 Like

@JuergenAuer thank you so much for taking out time to reply me, this is my first in the community, and am feeling very much cared for, thanks again but issues still abound:

  1. am a noob
  2. i don’t know what the local definition is or how to remove it :
    location ^~ /.well-known/acme-challenge/ {
    allow all;
    root /var/lib/letsencrypt/;
    default_type “text/plain”;
    try_files $uri =404;
    }
  3. how do i this :

use your root (perhaps first define one) directly

  1. lastly, how do i do this :

To check your root, create the two subdirectories

Thank you!

1 Like

2: From your tutorial, you added this location block to /etc/nginx/snippets/letsencrypt.conf.

location ^~ /.well-known/acme-challenge/ {
allow all;
root /var/lib/letsencrypt/;
default_type “text/plain”;
try_files $uri =404;
}

Remove that list of lines from /etc/nginx/snippets/letsencrypt.conf. Then

mkdir /var/lib/letsencrypt/.well-known/acme-challenge
touch /var/lib/letsencrypt/.well-known/acme-challenge/1234

Then try to visit that http://office.betfarm.com/.well-known/acme-challenge/1234 URL in a browser and confirm you don’t get a 404 error result.

Thanks @mproto for your comment, i have done this but nothing loads at : https://office.betfarm.com/.well-known/acme-challenge/1234

So you get just a blank page? That means it is very likely working. Try running your certbot command again and see if it renews this time.

Hmm well maybe…

When I try https://office.betfarm.com/.well-known/acme-challenge/1234 I get a connection-refused, as your HTTPS isn’t setup.

When I try http://office.betfarm.com/.well-known/acme-challenge/1234 I get a 404-not-found error which means its still having a problem seeing your acme-challenge location (or you deleted the 1234 file before I could check on it).

What does /var/log/nginx/error.log say?

I don’t think /var/lib/letsencrypt is the correct root.

@gistblize : Please share your nginx config file. There should be your root defined.

1 Like

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
worker_connections 768;
# multi_accept on;
}

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
    client_max_body_size 20M;              

}

#mail {

# See sample authentication script at:

# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript

# auth_http localhost/auth.php;

# pop3_capabilities “TOP” “USER”;

# imap_capabilities “IMAP4rev1” “UIDPLUS”;

server {

listen localhost:110;

protocol pop3;

proxy on;

}

server {

listen localhost:143;

protocol imap;

proxy on;

}

#}

@JuergenAuer, @mproto; if it would help am running odoo 11 on the server!

What's the content of

Is there a file like office.betfarm.com.conf? There the root should be defined.

yes i will post it now. Thanks!

HTTP -> HTTPS

server {
listen 80;
server_name office.betfarm.com;

include snippets/letsencrypt.conf;
return 301 https://office.betfarm.com$request_uri;

}

WWW -> NON WWW

server {
listen 443 ssl http2;
server_name www.office.betfarm.com;

ssl_certificate /etc/letsencrypt/live/office.betfarm.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/office.betfarm.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/office.betfarm.com/chain.pem;
include snippets/ssl.conf;

return 301 https://office.betfarm.com$request_uri;

}

server {
listen 443 ssl http2;
server_name office.betfarm.com;

proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;

# Proxy headers
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;

SSL parameters

ssl_certificate /etc/letsencrypt/live/office.betfarm.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/office.betfarm.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/office.betfarm.com/chain.pem;
include snippets/ssl.conf;

# log files
access_log /var/log/nginx/odoo.access.log;
error_log /var/log/nginx/odoo.error.log;

# Handle longpoll requests
location /longpolling {
    proxy_pass http://odoochat;
}

# Handle / requests
location / {
   proxy_redirect off;
   proxy_pass http://odoo;
}

Cache static files

location ~* /web/static/ {
    proxy_cache_valid 200 90m;
    proxy_buffering on;
    expires 864000;
    proxy_pass http://odoo;
}

# Gzip
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
gzip on;

}

server {
listen 80;
server_name www.office.betfarm.com office.betfarm.com;

include snippets/letsencrypt.conf;
return 301 https://$host$request_uri;

}

server {
listen 443 ssl http2;
server_name www.office.betfarm.com;

ssl_certificate /etc/letsencrypt/live/office.betfarm.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/office.betfarm.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/office.betfarm.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;

return 301 https://office.betfarm.com$request_uri;

}

server {
listen 443 ssl http2;
server_name office.betfarm.com;

ssl_certificate /etc/letsencrypt/live/office.betfarm.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/office.betfarm.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/office.betfarm.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;

# . . . other code

}

server {
listen 80;
listen [::]:80;

root /var/www/office.betfarm.com/public_html;

index index.html;

server_name office.betfarm.com www.office.betfarm.com;

access_log /var/log/nginx/office.betfarm.com.access.log;
error_log /var/log/nginx/office.betfarm.com.error.log;

location / {
    try_files $uri $uri/ =404;
}

}

server {
listen 80;
server_name ofice.betfarm.com www.office.betfarm.com;

include snippets/letsencrypt.conf;
}

@JuergenAuer so i ran this command and it still did not work:

sudo certbot-auto certonly --agree-tos --email admin@betfarm.com --webroot -w /var/www/office.betfarm.com/ -d office.betfarm.com

This is what i got:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for office.betfarm.com
Using the webroot path /var/www/office.betfarm.com for all unmatched domains.
Waiting for verification…
Challenge failed for domain office.betfarm.com
http-01 challenge for office.betfarm.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

There you use /var/www/office.betfarm.com/

But there

is another directory defined.

What's your real root?

1 Like

i guess it’s office.betfarm.com, i used to access the site from: office.betfarm.com

but i can see this on the server: image

Create the two subdirectories

yourRoot/.well-known/acme-challenge

there a file (file name 1234) and try to load that file via

http://office.betfarm.com/.well-known/acme-challenge/1234

Then you know if this is your root.

Perhaps define the root in your https port if you have a redirect http -> https.

@JuergenAuer , @mproto

HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 913
Boulder-Requester: 46597101
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: e_8ESgzTzeyQDTZ6ECDeRFKOKjWa8kMREQrOUCXqtzM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 30 May 2019 08:12:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 30 May 2019 08:12:05 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “office.betfarm.com
},
“status”: “pending”,
“expires”: “2019-06-06T08:12:05Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/7S3Ee8A_QzdtCoRIFSuYjvUV1E5G6fhaAJv6_oxgi1E/16452293944”,
“token”: “0-Zxe9eAi56GePUqsj1rJ_iGJbq4LxpVXrTNhxIz0hc”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/7S3Ee8A_QzdtCoRIFSuYjvUV1E5G6fhaAJv6_oxgi1E/16452293945”,
“token”: “XwsJO5oZMCyhfVTcO9Ev-nQh7jaSTt4n8ocBKOUOegE”
},
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/7S3Ee8A_QzdtCoRIFSuYjvUV1E5G6fhaAJv6_oxgi1E/16452293946”,
“token”: “osldxJnzX6UkYnlNjlsou0gfJaJOqIO9jEM3M5rysmc”
}
]
}
2019-05-30 08:12:05,702:DEBUG:acme.client:Storing nonce: e_8ESgzTzeyQDTZ6ECDeRFKOKjWa8kMREQrOUCXqtzM
2019-05-30 08:12:05,703:INFO:certbot.auth_handler:Performing the following challenges:
2019-05-30 08:12:05,704:INFO:certbot.auth_handler:http-01 challenge for office.betfarm.com
2019-05-30 08:12:05,704:INFO:certbot.plugins.webroot:Using the webroot path /var/www/office.betfarm.com for all unmatched domains.
2019-05-30 08:12:05,705:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /var/www/office.betfarm.com/.well-known/acme-challenge
2019-05-30 08:12:05,717:DEBUG:certbot.plugins.webroot:Attempting to save validation to /var/www/office.betfarm.com/.well-known/acme-challenge/osldxJnzX6UkYnlNjlsou0gfJaJOqIO9jEM3M5rysmc
2019-05-30 08:12:05,718:INFO:certbot.auth_handler:Waiting for verification…
2019-05-30 08:12:05,719:DEBUG:acme.client:JWS payload:
{
“type”: “http-01”,
“resource”: “challenge”
}
2019-05-30 08:12:05,722:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/challenge/7S3Ee8A_QzdtCoRIFSuYjvUV1E5G6fhaAJv6_oxgi1E/16452293946:
{
“protected”: “eyJub25jZSI6ICJlXzhFU2d6VHpleVFEVFo2RUNEZVJGS09LaldhOGtNUkVRck9VQ1hxdHpNIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvN1MzRWU4QV9RemR0Q29SSUZTdVlqdlVWMUU1RzZmaGFBSnY2X294Z2kxRS8xNjQ1MjI5Mzk0NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMS5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvcmVnLzQ2NTk3MTAxIiwgImFsZyI6ICJSUzI1NiJ9”,
“payload”: “ewogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9”,
“signature”: “F-ibrKpv5oi1z9jfKqjxtofl4x6gowb16E5Qug9D5c8a2ZGTN2g1fYAsX0xE8Eiyd1pikDqS0dVNhCl2N0wAOkJd-NQMRc5DR7bdgTvcN92ez6RigPt5cqy1Mpxek7D2Zgp2ecCowsYGVMBlXjVgf3HEx4gjdpdxh0iGoEjEW86UpZJ3ApgxhwaJY_HNBv4vN6o9POibEiwNpSIi9KqNIEdPdpfRh4tPgKMD_w7JoUCm5AUisct0noKeVb9i8cR2ddS50HYf5Gh_GeDPgK4DV-c9_14vrvOBcwnqJFiicJHACxPvVypgMj-puVsb5MGO8xEbq6Q6tN6aVOWYIplhlg”
}
2019-05-30 08:12:05,882:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/challenge/7S3Ee8A_QzdtCoRIFSuYjvUV1E5G6fhaAJv6_oxgi1E/16452293946 HTTP/1.1” 200 224
2019-05-30 08:12:05,884:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 224
Boulder-Requester: 46597101
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”, https://acme-v02.api.letsencrypt.org/acme/authz/7S3Ee8A_QzdtCoRIFSuYjvUV1E5G6fhaAJv6_oxgi1E;rel=“up”
Location: https://acme-v02.api.letsencrypt.org/acme/challenge/7S3Ee8A_QzdtCoRIFSuYjvUV1E5G6fhaAJv6_oxgi1E/16452293946
Replay-Nonce: 2sjwiENzjA_Nz_wd8x816YzaGwceI_nuazctw9nzXTo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 30 May 2019 08:12:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 30 May 2019 08:12:05 GMT
Connection: keep-alive

{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/7S3Ee8A_QzdtCoRIFSuYjvUV1E5G6fhaAJv6_oxgi1E/16452293946”,
“token”: “osldxJnzX6UkYnlNjlsou0gfJaJOqIO9jEM3M5rysmc”
}
2019-05-30 08:12:05,884:DEBUG:acme.client:Storing nonce: 2sjwiENzjA_Nz_wd8x816YzaGwceI_nuazctw9nzXTo
2019-05-30 08:12:06,886:DEBUG:acme.client:JWS payload:

2019-05-30 08:12:06,893:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/7S3Ee8A_QzdtCoRIFSuYjvUV1E5G6fhaAJv6_oxgi1E:
{
“protected”: “eyJub25jZSI6ICIyc2p3aUVOempBX056X3dkOHg4MTZZemFHd2NlSV9udWF6Y3R3OW56WFRvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei83UzNFZThBX1F6ZHRDb1JJRlN1WWp2VVYxRTVHNmZoYUFKdjZfb3hnaTFFIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9yZWcvNDY1OTcxMDEiLCAiYWxnIjogIlJTMjU2In0”,
“payload”: “”,
“signature”: “fgxQT1J7rPSYDVNWJ5A0PLv-E10aHMhWWNQFHWyJTRhSddHz9WG8GOvC1HrVDLyxRnWUrDUAOp8MFrzuXjcL1HqvQSoGmuSYIEkILOvCykb4HhEuk952ex3QtNNUmJi2IhXbUo0Py9QT3kVKfgD6Bt-Bt-tJY24XxS1WqlT0g5KGO8F23z-QZLOoAaHCr8uVS4uS-z14PKCWZRvxtHal2ntbPXWxVL3THztpK3D_eWYtwxOgCHksHXcqsP9msWf4NgdbdKSKw5Gi0dRjao6AtgluW-UlmYxUp_ZFn5kZO3qn7rPYTI24PiJ1XDle1GmFIW8HAxQS1V0f9givNERqww”
}
2019-05-30 08:12:07,050:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/authz/7S3Ee8A_QzdtCoRIFSuYjvUV1E5G6fhaAJv6_oxgi1E HTTP/1.1” 200 1809
2019-05-30 08:12:07,052:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1809
Boulder-Requester: 46597101
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 5ladvHeg9cuqLBVEIXETHS8fcacs8MRSuRTYSA9mIcg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 30 May 2019 08:12:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 30 May 2019 08:12:07 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “office.betfarm.com
},
“status”: “invalid”,
“expires”: “2019-06-06T08:12:05Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “invalid”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/7S3Ee8A_QzdtCoRIFSuYjvUV1E5G6fhaAJv6_oxgi1E/16452293944”,
“token”: “0-Zxe9eAi56GePUqsj1rJ_iGJbq4LxpVXrTNhxIz0hc”
},
{
“type”: “tls-alpn-01”,
“status”: “invalid”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/7S3Ee8A_QzdtCoRIFSuYjvUV1E5G6fhaAJv6_oxgi1E/16452293945”,
“token”: “XwsJO5oZMCyhfVTcO9Ev-nQh7jaSTt4n8ocBKOUOegE”
},
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from http://office.betfarm.com/.well-known/acme-challenge/osldxJnzX6UkYnlNjlsou0gfJaJOqIO9jEM3M5rysmc [159.203.27.48]: “\u003chtml\u003e\r\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\r\n\u003cbody bgcolor=\“white\”\u003e\r\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\r\n\u003chr\u003e\u003ccenter\u003e””,
“status”: 403
},
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/7S3Ee8A_QzdtCoRIFSuYjvUV1E5G6fhaAJv6_oxgi1E/16452293946”,
“token”: “osldxJnzX6UkYnlNjlsou0gfJaJOqIO9jEM3M5rysmc”,
“validationRecord”: [
{
“url”: “http://office.betfarm.com/.well-known/acme-challenge/osldxJnzX6UkYnlNjlsou0gfJaJOqIO9jEM3M5rysmc”,
“hostname”: “office.betfarm.com”,
“port”: “80”,
“addressesResolved”: [
“159.203.27.48”
],
“addressUsed”: “159.203.27.48”
}
]
}
]
}
2019-05-30 08:12:07,053:DEBUG:acme.client:Storing nonce: 5ladvHeg9cuqLBVEIXETHS8fcacs8MRSuRTYSA9mIcg
2019-05-30 08:12:07,054:WARNING:certbot.auth_handler:Challenge failed for domain office.betfarm.com
2019-05-30 08:12:07,054:INFO:certbot.auth_handler:http-01 challenge for office.betfarm.com
2019-05-30 08:12:07,055:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: office.betfarm.com
Type: unauthorized
Detail: Invalid response from http://office.betfarm.com/.well-known/acme-challenge/osldxJnzX6UkYnlNjlsou0gfJaJOqIO9jEM3M5rysmc [159.203.27.48]: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2019-05-30 08:12:07,056:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 154, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.

2019-05-30 08:12:07,056:DEBUG:certbot.error_handler:Calling registered functions
2019-05-30 08:12:07,057:INFO:certbot.auth_handler:Cleaning up challenges
2019-05-30 08:12:07,057:DEBUG:certbot.plugins.webroot:Removing /var/www/office.betfarm.com/.well-known/acme-challenge/osldxJnzX6UkYnlNjlsou0gfJaJOqIO9jEM3M5rysmc
2019-05-30 08:12:07,058:DEBUG:certbot.plugins.webroot:All challenges cleaned up
2019-05-30 08:12:07,058:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 1379, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 1262, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 120, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 406, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 349, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 385, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 154, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.
2019-05-30 08:58:29,882:DEBUG:certbot.main:certbot version: 0.23.0
2019-05-30 08:58:29,884:DEBUG:certbot.main:Arguments: [’-q’]
2019-05-30 08:58:29,885:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-05-30 08:58:29,952:DEBUG:certbot.log:Root logging level set at 30
2019-05-30 08:58:29,954:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-05-30 08:58:29,966:DEBUG:certbot.renewal:no renewal failures

i just realized that my nginx server is not active:

● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2019-05-30 10:09:07 UTC; 28s ago
Docs: man:nginx(8)
Process: 20087 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)

May 30 10:09:07 Betfarm-odoo1 systemd[1]: Starting A high performance web server and a reverse proxy server…
May 30 10:09:07 Betfarm-odoo1 nginx[20087]: nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/office.betfarm.com/fullchain.pem") failed (SSL: error:02001002:system lib
May 30 10:09:07 Betfarm-odoo1 nginx[20087]: nginx: configuration file /etc/nginx/nginx.conf test failed
May 30 10:09:07 Betfarm-odoo1 systemd[1]: nginx.service: Control process exited, code=exited status=1
May 30 10:09:07 Betfarm-odoo1 systemd[1]: nginx.service: Failed with result ‘exit-code’.
May 30 10:09:07 Betfarm-odoo1 systemd[1]: Failed to start A high performance web server and a reverse proxy server.
~

This is normal when there is no ssl running on the server?

@JuergenAuer, @mproto : Thank you so much for all your care, it finally worked, i reinstalled the location definition and ran the following command:
sudo certbot certonly --agree-tos --email admin@betfarm.com --webroot -w /var/lib/letsencrypt/ -d office.betfarm.com

3 Likes