Invalid response creating certificate

But it doesn't do what is in the vhost config file:

OMG!
It does do it!!!

RewriteEngine off

[I so TOTALLY MISSED that]

1 Like

OK let's use this:

with --webroot to avoid the confusion that is likely going on with the multiple instances.

Try:
sudo certbot --webroot -w /var/www/html -d wtxcotton2.uashubs.com --dry-run

1 Like

Response:

--dry-run currently only works with the 'certonly' or 'renew' subcommands ('run')
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/tmp68rn8ubw/log or re-run Certbot with -v for more details.
1 Like

That ALWAYS gets me!

Make that:

sudo certbot certonly \
--webroot -w /var/www/html \
-d wtxcotton2.uashubs.com --dry-run
1 Like
sudo certbot certonly --webroot -w /var/www/html -d wtxcotton2.uashubs.com --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Simulating a certificate request for wtxcotton2.uashubs.com
The dry run was successful.
2 Likes

OK, you can now remove the --dry-run and get a real cert.
If you want certbot to try and install it into apache for you, add:
-i apache

So that would be:

sudo certbot certonly \
-i apache \
--webroot -w /var/www/html \
-d wtxcotton2.uashubs.com --dry-run
1 Like

Can't use an installer (-i) with certonly.

Use this instead:

sudo certbot \
-a webroot -w /var/www/html \
-d "wtxcotton2.uashubs.com" \
-i apache \
--keep
2 Likes

On which version(s) of certbot, I get no such complaint:

sudo certbot certonly \
> -i apache \
> --webroot -w /var/www/html \
> -d wtxcotton2.uashubs.com --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Simulating a certificate request for wtxcotton2.uashubs.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: wtxcotton2.uashubs.com
  Type:   unauthorized
  Detail: Invalid response from http://wtxcotton2.uashubs.com/.well-known/acme-challenge/WQT5dntKKNt24MU-2jjw6LR5RxQTnf5qv2646F0LpS0 [150.136.168.180]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
certbot --version
certbot 1.18.0
1 Like
2021-08-27 01:09:36,593:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2021-08-27 01:09:37,053:DEBUG:certbot._internal.main:certbot version: 1.18.0
2021-08-27 01:09:37,053:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1343/bin/certbot
2021-08-27 01:09:37,053:DEBUG:certbot._internal.main:Arguments: ['-i', 'apache', '--webroot', '-w', '/var/www/html', '-d', 'wtxcotton2.uashubs.com', '--dry-run', '--preconfigured-renewal']
2021-08-27 01:09:37,053:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-08-27 01:09:37,087:DEBUG:certbot._internal.log:Root logging level set at 30
2021-08-27 01:09:37,088:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer apache
2021-08-27 01:09:37,269:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.29
2021-08-27 01:09:37,482:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7fde920b61f0>
Prep: True
2021-08-27 01:09:37,490:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7fde920b60a0>
Prep: True
2021-08-27 01:09:37,490:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7fde
920b60a0> and installer <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7fde920b61f0>
2021-08-27 01:09:37,490:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer apache
2021-08-27 01:09:37,509:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/17913494', new_authzr_uri=None, terms_of_service=None), 5b86cd39dd7291b60c71c8705818fa23, Meta(creation_dt=datetime.datetime(2021, 2, 4, 7, 36, 35, tzinfo=<UTC>), creation_host='ul18ipv46', register_to_eff=None))>
2021-08-27 01:09:37,509:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2021-08-27 01:09:37,511:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2021-08-27 01:09:38,278:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 724
2021-08-27 01:09:38,279:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 27 Aug 2021 01:09:38 GMT
Content-Type: application/json
Content-Length: 724
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "LTxiHnsyK7o": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org/docs/staging-environment/"
  },
  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-08-27 01:09:38,279:DEBUG:certbot._internal.display.obj:Notifying user: Simulating a certificate request for wtxcotton2.uashubs.com
2021-08-27 01:09:38,345:DEBUG:acme.client:Requesting fresh nonce
2021-08-27 01:09:38,345:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2021-08-27 01:09:38,419:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-08-27 01:09:38,419:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 27 Aug 2021 01:09:38 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001Y6oeRgoIF9L8_qVmO87iP5NTSUCcmSq2flgUezeBG9g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-08-27 01:09:38,420:DEBUG:acme.client:Storing nonce: 0001Y6oeRgoIF9L8_qVmO87iP5NTSUCcmSq2flgUezeBG9g
2021-08-27 01:09:38,420:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "wtxcotton2.uashubs.com"\n    }\n  ]\n}'
2021-08-27 01:09:38,422:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNzkxMzQ5NCIsICJub25jZSI6ICIwMDAxWTZvZVJnb0lGOUw4X3FWbU84N2lQNU5UU1VDY21TcTJmbGdVZXplQkc5ZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "TsiXOid9ZgjIi3iWu6NqYIgWWSqjPz1Na6mHrSqipyMvrmd3KLHqErQoK5dSqQ-arHSyhPkJl33-iXRBvpbc4PpdM_XwH7odNgbU_baYke1W55VS4T9X72Bbj66BqDt603zaw3O7JPD_mxyJOrmWePiuprwQe4-paeiy13f1aVkfe0VCwHcEDhzLeXnAqr-g4pCZG_SZj35X3mfQGtBbTWGbHIGnVhka3iGAqSpBCVyuknsqYCOdjCbVC_aMIfR5VrqGuBDRmrj9GpGCcpDybylWCwN_ti1fkgOVp_Kjaab8I4k5qgBKpZUiblmYVbwBaa5YszCm3MVGBwJbQeGqgw",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd0eGNvdHRvbjIudWFzaHVicy5jb20iCiAgICB9CiAgXQp9"
}
2021-08-27 01:09:38,522:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 356
2021-08-27 01:09:38,522:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 27 Aug 2021 01:09:38 GMT
Content-Type: application/json
Content-Length: 356
Connection: keep-alive
Boulder-Requester: 17913494
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/17913494/396537738
Replay-Nonce: 0001q6Uf7920qXp_gFs_Zs4xvgn1fnPAy7GxM1qBvO-34do
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-09-03T01:09:38Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "wtxcotton2.uashubs.com"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/365178378"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/17913494/396537738"
}
2021-08-27 01:09:38,522:DEBUG:acme.client:Storing nonce: 0001q6Uf7920qXp_gFs_Zs4xvgn1fnPAy7GxM1qBvO-34do
2021-08-27 01:09:38,523:DEBUG:acme.client:JWS payload:
b''
2021-08-27 01:09:38,524:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/365178378:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNzkxMzQ5NCIsICJub25jZSI6ICIwMDAxcTZVZjc5MjBxWHBfZ0ZzX1pzNHh2Z24xZm5QQXk3R3hNMXFCdk8tMzRkbyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zNjUxNzgzNzgifQ",
  "signature": "ND4hkFiMAbp9vrXjqFaft9Yaz0lo61thr2p4oseJiB1DrAIm3C8R5j18wK3o8fclx9PRit0K_efYcfJ6hD-q6PrOZrpe1lUxxWVcXHWhvpx1GNmbRBXwSX1Z69Uz7TUHJ199mll4QhYwNEV5h_Q_38nFcOAXRnR7UZRxjcynCiLdNyGA3ZRLSp9usRUk1qYoJCIYclO0uR4e5nBCdsTkN3_XUuWsa_M5h-0cNpva_v8gVQr4c-A5x5nxKdTmDtwOuqydzoFY0NxieXnQcZKxQUspn2PTQmn4dUKl5K0X2daPMHIX5NNJNjIuJZ4LqZH8f8LJR_HDkUDqW74nOTi8OA",
  "payload": ""
}
2021-08-27 01:09:38,602:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/365178378 HTTP/1.1" 200 821
2021-08-27 01:09:38,603:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 27 Aug 2021 01:09:38 GMT
Content-Type: application/json
Content-Length: 821
Connection: keep-alive
Boulder-Requester: 17913494
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002kc7_SW20kYDh6uldAf6RwLXQZEkAgVL6Jcfk1Eb6h8Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "wtxcotton2.uashubs.com"
  },
  "status": "pending",
  "expires": "2021-09-03T01:09:38Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/365178378/R-aicA",
      "token": "WQT5dntKKNt24MU-2jjw6LR5RxQTnf5qv2646F0LpS0"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/365178378/VtoZWw",
      "token": "WQT5dntKKNt24MU-2jjw6LR5RxQTnf5qv2646F0LpS0"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/365178378/5xl3HQ",
      "token": "WQT5dntKKNt24MU-2jjw6LR5RxQTnf5qv2646F0LpS0"
    }
  ]
}
2021-08-27 01:09:38,603:DEBUG:acme.client:Storing nonce: 0002kc7_SW20kYDh6uldAf6RwLXQZEkAgVL6Jcfk1Eb6h8Y
2021-08-27 01:09:38,604:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-08-27 01:09:38,604:INFO:certbot._internal.auth_handler:http-01 challenge for wtxcotton2.uashubs.com
2021-08-27 01:09:38,604:INFO:certbot._internal.plugins.webroot:Using the webroot path /var/www/html for all unmatched domains.
2021-08-27 01:09:38,605:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
2021-08-27 01:09:38,607:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/html/.well-known/acme-challenge/WQT5dntKKNt24MU-2jjw6LR5RxQTnf5qv2646F0LpS0
2021-08-27 01:09:38,608:DEBUG:acme.client:JWS payload:
b'{}'
2021-08-27 01:09:38,611:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/365178378/R-aicA:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNzkxMzQ5NCIsICJub25jZSI6ICIwMDAya2M3X1NXMjBrWURoNnVsZEFmNlJ3TFhRWkVrQWdWTDZKY2ZrMUViNmg4WSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8zNjUxNzgzNzgvUi1haWNBIn0",
  "signature": "zz0le-gObK-RC7373DcKcvDHQpo83ty8bfd7PwxcvhYfaa53uEa8FSGRK6ZLn9gBXzFKQf9cqUSGVmphGvlgsx2Bo5-4E9xCXoFpXRs0oLgdR5dv2WFA8Ft5L1MbzGg1LJwTACMUKa6Oi2eTqs0WT4KBA-9mhIy_7OHAlPUNFeLms4JSDZtz4XOKyDRQeDHtsrtUyxPDTAgC0wB4vbttJrasDnPpDefYmkGBFL_CaiGItVlc777TgvvLqgdCWVuXkcTe5AM3gwOqBgt80vitvPYENJQwlDjoikJ6Qnyo8MvH6g1EoH_z2RpBLSdlmKFcIUikF3ep88-LDfOv3RAnqA",
  "payload": "e30"
}
2021-08-27 01:09:38,692:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/365178378/R-aicA HTTP/1.1" 200
192
2021-08-27 01:09:38,693:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 27 Aug 2021 01:09:38 GMT
Content-Type: application/json
Content-Length: 192
Connection: keep-alive
Boulder-Requester: 17913494
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/365178378>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/365178378/R-aicA
Replay-Nonce: 0001AH7q3KdqD2Xw2Z69Ax5zULDq0_9c7bGS_6Qpl-tcEXc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/365178378/R-aicA",
  "token": "WQT5dntKKNt24MU-2jjw6LR5RxQTnf5qv2646F0LpS0"
}
2021-08-27 01:09:38,694:DEBUG:acme.client:Storing nonce: 0001AH7q3KdqD2Xw2Z69Ax5zULDq0_9c7bGS_6Qpl-tcEXc
2021-08-27 01:09:38,694:INFO:certbot._internal.auth_handler:Waiting for verification...
2021-08-27 01:09:39,696:DEBUG:acme.client:JWS payload:
b''
2021-08-27 01:09:39,699:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/365178378:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNzkxMzQ5NCIsICJub25jZSI6ICIwMDAxQUg3cTNLZHFEMlh3Mlo2OUF4NXpVTERxMF85YzdiR1NfNlFwbC10Y0VYYyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zNjUxNzgzNzgifQ",
  "signature": "O22G2dYc9aF-A1Z44qiQ0eawFVV1_N7r9GX5gLmnFtjND7jwedvMXDXaJBG1JjIdRzw6XWC_DFjuO6zQu2VWhBZOVgDNB4dIdW555G3Oh6dCbxMlZaaxL9laYGhZOcwRRzkdL7cJvK15H7ctK4esYlrM4A47eyl6s9RS2ceh1fE7EPNJn5VWA7VfMe4rrHkDjjDK02evXba27xMy8Vuk04XrMxxyINZtyr9y-GQJbrSBUXbPRzOzOlMuezzbKKsRhqG1Gz6lln4U5iU9qJUvC0fcBpwWFbx-h0KY27d5WjZrlponQscAv6wWRRnTwb164QFxOgt5FyKPunKXLsfavg",
  "payload": ""
}
2021-08-27 01:09:39,778:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/365178378 HTTP/1.1" 200 1308
2021-08-27 01:09:39,778:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 27 Aug 2021 01:09:39 GMT
Content-Type: application/json
Content-Length: 1308
Connection: keep-alive
Boulder-Requester: 17913494
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001ZztA2nw7xNnS_wE9ulZiXI9cWMAVqvwkPSw5TDl3TTk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "wtxcotton2.uashubs.com"
  },
  "status": "invalid",
  "expires": "2021-09-03T01:09:38Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "Invalid response from http://wtxcotton2.uashubs.com/.well-known/acme-challenge/WQT5dntKKNt24MU-2jjw6LR5RxQTnf5qv2646F0LpS0 [150.136.168.180]: \"\u003c!DOCTYPE HTML PUBLIC \\\"-//IETF//DTD HTML 2.0//EN\\\"\u003e\\n\u003chtml\u003e\u003chead\u003e\\n\u003ctitle\u003e404 Not Found\u003c/title\u003e\\n\u003c/head\u003e\u003cbody\u003e\\n\u003ch1\u003eNot Found\u003c/h1\u003e\\n\u003cp\"",
        "status": 403
      },
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/365178378/R-aicA",
      "token": "WQT5dntKKNt24MU-2jjw6LR5RxQTnf5qv2646F0LpS0",
      "validationRecord": [
        {
          "url": "http://wtxcotton2.uashubs.com/.well-known/acme-challenge/WQT5dntKKNt24MU-2jjw6LR5RxQTnf5qv2646F0LpS0",
          "hostname": "wtxcotton2.uashubs.com",
          "port": "80",
          "addressesResolved": [
            "150.136.168.180"
          ],
          "addressUsed": "150.136.168.180"
        }
      ],
      "validated": "2021-08-27T01:09:38Z"
    }
  ]
}
2021-08-27 01:09:39,779:DEBUG:acme.client:Storing nonce: 0001ZztA2nw7xNnS_wE9ulZiXI9cWMAVqvwkPSw5TDl3TTk
2021-08-27 01:09:39,779:INFO:certbot._internal.auth_handler:Challenge failed for domain wtxcotton2.uashubs.com
2021-08-27 01:09:39,779:INFO:certbot._internal.auth_handler:http-01 challenge for wtxcotton2.uashubs.com
2021-08-27 01:09:39,779:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: wtxcotton2.uashubs.com
  Type:   unauthorized
  Detail: Invalid response from http://wtxcotton2.uashubs.com/.well-known/acme-challenge/WQT5dntKKNt24MU-2jjw6LR5RxQTnf5qv2646F0LpS0 [150.136.168.180]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2021-08-27 01:09:39,780:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2021-08-27 01:09:39,780:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-08-27 01:09:39,780:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-08-27 01:09:39,780:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/WQT5dntKKNt24MU-2jjw6LR5RxQTnf5qv2646F0LpS0
2021-08-27 01:09:39,781:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2021-08-27 01:09:39,781:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/1343/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/main.py", line 1566, in main
    return config.func(config, plugins)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/main.py", line 1426, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/main.py", line 128, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/client.py", line 456, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/client.py", line 386, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/client.py", line 436, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-08-27 01:09:39,783:ERROR:certbot._internal.log:Some challenges have failed.
1 Like

:thinking:

Are you actually able to install a certificate using certonly? If so, I'd call that a significant bug as the code for certonly would clearly fail the SoC principle.

Here it is again with an even older client and an actual real domain name:

sudo certbot certonly -i apache --webroot -w /empty -d [redacted] --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer apache
Cert not due for renewal, but simulating renewal for dry run
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for [redacted]
Using the webroot path /hidden for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - The dry run was successful.

certbot --version
certbot 0.31.0
1 Like

A dry run does not install anything.

1 Like
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
1 Like

I got tired if waiting... So I chose "2" and got a new cert:

sudo certbot certonly -i apache --webroot -w /empty -d [redacted]
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer apache
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/[redacted])

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for [redacted]
Using the webroot path /empty for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/[redacted]/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/[redacted]/privkey.pem
   Your cert will expire on 2021-11-25. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
1 Like

Did certbot restart apache?

1 Like

I can check the logs...
But I don't use Apache - LOL
[it's only installed just for these types of circumstances/tests]

I don't see any mention of a restart:

2021-08-26 23:17:37,250:INFO:certbot.main:Renewing an existing certificate
2021-08-26 23:17:37,814:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0085_key-certbot.pem
2021-08-26 23:17:37,823:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0085_csr-certbot.pem
2021-08-26 23:17:37,824:DEBUG:acme.client:Requesting fresh nonce
2021-08-26 23:17:37,824:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-08-26 23:17:37,825:DEBUG:urllib3.connectionpool:Resetting dropped connection: acme-v02.api.letsencrypt.org
2021-08-26 23:17:38,121:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-08-26 23:17:38,122:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 27 Aug 2021 03:17:38 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102oRs41O0xgTVXTDxso8M6VKF5puxff32lsSQJDFEpfTo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-08-26 23:17:38,123:DEBUG:acme.client:Storing nonce: 0102oRs41O0xgTVXTDxso8M6VKF5puxff32lsSQJDFEpfTo
2021-08-26 23:17:38,123:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "[redacted].com"\n    }\n  ]\n}'
2021-08-26 23:17:38,136:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8yMDc0OTk4NiIsICJub25jZSI6ICIwMTAyb1JzNDFPMHhnVFZYVER4c284TTZWS0Y1cHV4ZmYzMmxzU1FKREZFcGZUbyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
  "signature": "E0gq0N47mFihOrFd5wgBDeC_C455Brzjez6qeJvZuwWpbec9PfwCLJhhemGJ8-5uAsy0JyrYSJPL1Nv2ahMGHVg8kPkWyNLXrwgjCOQJK9RLZYI3rRb1-4Qn_a5DqxPv6mu9NGBF08gOZtWdvSraHD6O7alUvI3FOzbdOCJYGR2LDXhXFnSsHfnhWImIjcSj5CtZBqOMtLsk0Nkdb5JEwyaEg18XwIFn-_j11-Nqabh3FUlCxmFBLDlYpzQQ1yUj9HcpS3TMB9mGNIsNBrRwZPp3QKFPZogGcjJ-oYpACvmme5FCATaemkqMC7xbqg_Dp9_Jfu-qSirTVPnm0F8JGA",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIjEwMC5yZ2cuMzA1dHYuY29tIgogICAgfQogIF0KfQ"
}
2021-08-26 23:17:38,418:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 339
2021-08-26 23:17:38,420:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 27 Aug 2021 03:17:38 GMT
Content-Type: application/json
Content-Length: 339
Connection: keep-alive
Boulder-Requester: 20749986
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/20749986/19910911480
Replay-Nonce: 0101xWCJtoZ5lHmp94p5M_PMl2ercOr0Pld7AVS8ywLOKO0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-09-03T03:17:38Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "[redacted].com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/25462400000"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/20749986/19910911480"
}
2021-08-26 23:17:38,420:DEBUG:acme.client:Storing nonce: 0101xWCJtoZ5lHmp94p5M_PMl2ercOr0Pld7AVS8ywLOKO0
2021-08-26 23:17:38,421:DEBUG:acme.client:JWS payload:
b''
2021-08-26 23:17:38,427:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/25462400000:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8yMDc0OTk4NiIsICJub25jZSI6ICIwMTAxeFdDSnRvWjVsSG1wOTRwNU1fUE1sMmVyY09yMFBsZDdBVlM4eXdMT0tPMCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjU0NjI0MDAwMDAifQ",
  "signature": "GMe36I9meN_a3MT8402F9g0ztkvEZL4hdoEPsCut003tQWV-MI0wFNvrMy5PDn0sXsf0EsKVbSbOvRqqlHHIQ4eye1VXbEDKxVTf1ytCgTr-5jFVlj8O_EH5PigkcyyxbMt8NaCUJcNe4eWLhmG4IdJv8SPKnFsLF4M4crrcLfQSYRFn0Sw8L7NSRklkdB2EFnTAS9Ltm7JM52J3Esq2qnIUO2xf84J2v9NPaQNVzl2_49AI_3nFG-PRQ73vQLcIX5Q-LGGiugRFsrthGN3hc50_oYfCXzzWKXFY9VwXQTkOEASvFiLy6rwGXv5o6jOvId7-cldLi6HEDSjk8nX9fA",
  "payload": ""
}
2021-08-26 23:17:38,536:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/25462400000 HTTP/1.1" 200 798
2021-08-26 23:17:38,537:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 27 Aug 2021 03:17:38 GMT
Content-Type: application/json
Content-Length: 798
Connection: keep-alive
Boulder-Requester: 20749986
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 01017Qr4d3tscOucdkXmNoxInd1rSn9tWRsM4Y-3dDt4N74
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "[redacted].com"
  },
  "status": "pending",
  "expires": "2021-09-03T03:17:38Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/25462400000/TnaiaQ",
      "token": "J1dxRTnFOEkfhAMj0o8_23oQzsh0FVWaoctu8WsziGk"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/25462400000/Rg9xmA",
      "token": "J1dxRTnFOEkfhAMj0o8_23oQzsh0FVWaoctu8WsziGk"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/25462400000/O8dQog",
      "token": "J1dxRTnFOEkfhAMj0o8_23oQzsh0FVWaoctu8WsziGk"
    }
  ]
}
2021-08-26 23:17:38,538:DEBUG:acme.client:Storing nonce: 01017Qr4d3tscOucdkXmNoxInd1rSn9tWRsM4Y-3dDt4N74
2021-08-26 23:17:38,539:INFO:certbot.auth_handler:Performing the following challenges:
2021-08-26 23:17:38,540:INFO:certbot.auth_handler:http-01 challenge for [redacted].com
2021-08-26 23:17:38,540:INFO:certbot.plugins.webroot:Using the webroot path /empty for all unmatched domains.
2021-08-26 23:17:38,541:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /empty/.well-known/acme-challenge
2021-08-26 23:17:38,550:DEBUG:certbot.plugins.webroot:Attempting to save validation to /empty/.well-known/acme-challenge/J1dxRTnFOEkfhAMj0o8_23oQzsh0FVWaoctu8WsziGk
2021-08-26 23:17:38,551:INFO:certbot.auth_handler:Waiting for verification...
2021-08-26 23:17:38,552:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "challenge",\n  "type": "http-01"\n}'
2021-08-26 23:17:38,567:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/25462400000/TnaiaQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8yMDc0OTk4NiIsICJub25jZSI6ICIwMTAxN1FyNGQzdHNjT3VjZGtYbU5veEluZDFyU245dFdSc000WS0zZER0NE43NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMjU0NjI0MDAwMDAvVG5haWFRIn0",
  "signature": "cnpjJqGEnjlU-smi1yCMwjrR0Xpvf9Xmv_RXLx-kT3QFy8ByozLyl8a_2oEWiRZGYdVNrVzFnz_PfUYSRudWXYMP2uvInc1_KPb-qdYc55-6IeSmfxFzIkwBXQD7YwGNs_9v8BhhTDN2yhFl-KNIplP_Uubw8bVQqEkTJ3Djy7PlCho8TNNaZM4L5EyPbCcHQm5vwQlwF3wtRu49iwHiN0DuoqupSFS2eNuj4h2pZc8cKDwgFV0nnIee-UCPIlv1YZR6u76t0j9r8m3BBVx7LkQYNXTPivJHNKmdeNTmYPF5wd2dU2vd8_eWAnrFsGYD6BLhplekZnrR-Z8d831QDg",
  "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
2021-08-26 23:17:38,702:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/25462400000/TnaiaQ HTTP/1.1" 200 186
2021-08-26 23:17:38,704:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 27 Aug 2021 03:17:38 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 20749986
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/25462400000>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/25462400000/TnaiaQ
Replay-Nonce: 01024QuFlqOuEYRJL8tqb7kWSzHuKePAUcD_1MpmpGTTQWg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/25462400000/TnaiaQ",
  "token": "J1dxRTnFOEkfhAMj0o8_23oQzsh0FVWaoctu8WsziGk"
}
2021-08-26 23:17:38,704:DEBUG:acme.client:Storing nonce: 01024QuFlqOuEYRJL8tqb7kWSzHuKePAUcD_1MpmpGTTQWg
2021-08-26 23:17:41,708:DEBUG:acme.client:JWS payload:
b''
2021-08-26 23:17:41,715:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/25462400000:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8yMDc0OTk4NiIsICJub25jZSI6ICIwMTAyNFF1RmxxT3VFWVJKTDh0cWI3a1dTekh1S2VQQVVjRF8xTXBtcEdUVFFXZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjU0NjI0MDAwMDAifQ",
  "signature": "h4gBkPPeEe6uPXWf1NQORXDlt-YQHh4MBp7nSfQNZVksrlbf86H1x4VZlih7KHzS6Qa2lrpf3grzXhMs9n7JDPAmQd-fJwFbdR4-Xx0OP2gmwBDM-mcMAHMsahceRHl4b1lMg2jqjYt-BKOPiEg1eNY8EyRecWMrSa5Tztc-dq17TcOb_hAMUF6YeU4eBfbf7VfB0xQ8SNw7ExlVSuhDk1xJoBAnBqIBNVhKtu3PHfKXXiqA2358O4XJp6j8YGSAUAwJbZnzUQ2qLIfASQ55UjZrOcZwdVleVopDB5t_cAvjJsc3T14U8G1pIezcW6TOjGBACei9nualpGXFzdHg6Q",
  "payload": ""
}
2021-08-26 23:17:41,834:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/25462400000 HTTP/1.1" 200 761
2021-08-26 23:17:41,836:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 27 Aug 2021 03:17:41 GMT
Content-Type: application/json
Content-Length: 761
Connection: keep-alive
Boulder-Requester: 20749986
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101Fv4b0-druM-IX6S4hmF_udIa0OepgW2hMJKm25t_UJo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "[redacted].com"
  },
  "status": "valid",
  "expires": "2021-09-26T03:17:39Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "valid",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/25462400000/TnaiaQ",
      "token": "J1dxRTnFOEkfhAMj0o8_23oQzsh0FVWaoctu8WsziGk",
      "validationRecord": [
        {
          "url": "http://[redacted].com/.well-known/acme-challenge/J1dxRTnFOEkfhAMj0o8_23oQzsh0FVWaoctu8WsziGk",
          "hostname": "[redacted].com",
          "port": "80",
          "addressesResolved": [
            "64.251.0.58"
          ],
          "addressUsed": "64.251.0.58"
        }
      ],
      "validated": "2021-08-27T03:17:38Z"
    }
  ]
}
2021-08-26 23:17:41,836:DEBUG:acme.client:Storing nonce: 0101Fv4b0-druM-IX6S4hmF_udIa0OepgW2hMJKm25t_UJo
2021-08-26 23:17:41,837:DEBUG:certbot.error_handler:Calling registered functions
2021-08-26 23:17:41,837:INFO:certbot.auth_handler:Cleaning up challenges
2021-08-26 23:17:41,838:DEBUG:certbot.plugins.webroot:Removing /empty/.well-known/acme-challenge/J1dxRTnFOEkfhAMj0o8_23oQzsh0FVWaoctu8WsziGk
2021-08-26 23:17:41,838:DEBUG:certbot.plugins.webroot:All challenges cleaned up
2021-08-26 23:17:41,839:DEBUG:certbot.client:CSR: CSR(file='/etc/letsencrypt/csr/0085_csr-certbot.pem', data=b'-----BEGIN CERTIFICATE REQUEST-----\nMIICdDCCAVwCAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANvF\n8RhMnHv/88N8weRuEqNrFFmr3TU5YyzBuaz9VSnp1U5mHF+ILPQ4ZCuHySn9t49b\njTfUacIGL5OJHi2DHj+43Np+30DNv52yqUHRA4eo8JOrLAkGzALHqDINZBF9QVGN\n9TM+eqZCpL3ewFGWzr/5ikoPlFZxCqEhBVAECmshztJZSv5gyLAXQtcdTbU4QJrc\nyK0ReYa9Vn7nTRqIr6d8Pd+0J4Bru8+yHIT+ckb9AdrEwCJoQkONDZuAR/COZ19h\nHhFkSOXGxDolfhjgHqZd8aBWj9eOlIZFWsMKLKykKbtwj11p3FL7f/umKcvW+W4G\nZVoxzGt3NlgY27jB8csCAwEAAaAvMC0GCSqGSIb3DQEJDjEgMB4wHAYDVR0RBBUw\nE4IRMTAwLnJnZy4zMDV0di5jb20wDQYJKoZIhvcNAQELBQADggEBAH3em4I63U29\nx83aYjknM4XB3AAdtYwVC5THr3d0B+LxgKOH1N+gIx2lddf8sxsSOqJVpEVvYJ6Q\niwuY9XMOfhyEWuZ56cfJ/TcEMdgTOWs37YToOewHonO2ktRmRiJ3gssf4r+f6dWq\np5hV9+FWhJxp9PkrZ1bpYS97N41uuF415RHW8MTIq90IJtnOxrv8SPgWg4SWcU1W\nVlznNZIYQdjM2f65XwphP9kDXx1pzDx1Ao211E4+aYEATydIyd954zZqsKd29djx\nLy7PpZ/BXfrVhwnuoNVPE8a7Mx3J7XlCupHLCWlstHfD9fT4Zg/piSdY+yqQt+AY\ne8jtDbgtWbA=\n-----END CERTIFICATE REQUEST-----\n', form='pem')
2021-08-26 23:17:41,844:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "new-cert",\n  "csr": "MIICdDCCAVwCAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANvF8RhMnHv_88N8weRuEqNrFFmr3TU5YyzBuaz9VSnp1U5mHF-ILPQ4ZCuHySn9t49bjTfUacIGL5OJHi2DHj-43Np-30DNv52yqUHRA4eo8JOrLAkGzALHqDINZBF9QVGN9TM-eqZCpL3ewFGWzr_5ikoPlFZxCqEhBVAECmshztJZSv5gyLAXQtcdTbU4QJrcyK0ReYa9Vn7nTRqIr6d8Pd-0J4Bru8-yHIT-ckb9AdrEwCJoQkONDZuAR_COZ19hHhFkSOXGxDolfhjgHqZd8aBWj9eOlIZFWsMKLKykKbtwj11p3FL7f_umKcvW-W4GZVoxzGt3NlgY27jB8csCAwEAAaAvMC0GCSqGSIb3DQEJDjEgMB4wHAYDVR0RBBUwE4IRMTAwLnJnZy4zMDV0di5jb20wDQYJKoZIhvcNAQELBQADggEBAH3em4I63U29x83aYjknM4XB3AAdtYwVC5THr3d0B-LxgKOH1N-gIx2lddf8sxsSOqJVpEVvYJ6QiwuY9XMOfhyEWuZ56cfJ_TcEMdgTOWs37YToOewHonO2ktRmRiJ3gssf4r-f6dWqp5hV9-FWhJxp9PkrZ1bpYS97N41uuF415RHW8MTIq90IJtnOxrv8SPgWg4SWcU1WVlznNZIYQdjM2f65XwphP9kDXx1pzDx1Ao211E4-aYEATydIyd954zZqsKd29djxLy7PpZ_BXfrVhwnuoNVPE8a7Mx3J7XlCupHLCWlstHfD9fT4Zg_piSdY-yqQt-AYe8jtDbgtWbA"\n}'
2021-08-26 23:17:41,850:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/finalize/20749986/19910911480:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8yMDc0OTk4NiIsICJub25jZSI6ICIwMTAxRnY0YjAtZHJ1TS1JWDZTNGhtRl91ZElhME9lcGdXMmhNSkttMjV0X1VKbyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvZmluYWxpemUvMjA3NDk5ODYvMTk5MTA5MTE0ODAifQ",
  "signature": "j9q9qdRFgMk5H-pa64bWFk1gmYNdZyehNKi5snTemFu0Eqfa85i0bV_G2707kC4xDzisSTgPp3YnY767vPyAf0NssRYVElxMPDEyRendZLBGYkUsZMOogcupaSuEC6m45wj92azw6PPAMccEKm5UrxnZstiBsvZZ4x31ayZSCf-4SMtEutYYwhsZ1Rohhab_hVp5BaqsYnHrJ-XH6A0_qlsqhkAUy9COStKQRohci3FoI7plJOZCHN-ccyf3qV5lBdhVf2KHpnvsOWRlXcmjtTLRHWYgSGDwaZacHMQzwqhNWbg60ss4rXvs5S96XaxgDlJ6E2cr_6JKbmv3TsuJPw",
  "payload": "ewogICJyZXNvdXJjZSI6ICJuZXctY2VydCIsCiAgImNzciI6ICJNSUlDZERDQ0FWd0NBUUl3QURDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTnZGOFJoTW5Idl84OE44d2VSdUVxTnJGRm1yM1RVNVl5ekJ1YXo5VlNucDFVNW1IRi1JTFBRNFpDdUh5U245dDQ5YmpUZlVhY0lHTDVPSkhpMkRIai00M05wLTMwRE52NTJ5cVVIUkE0ZW84Sk9yTEFrR3pBTEhxRElOWkJGOVFWR045VE0tZXFaQ3BMM2V3RkdXenJfNWlrb1BsRlp4Q3FFaEJWQUVDbXNoenRKWlN2NWd5TEFYUXRjZFRiVTRRSnJjeUswUmVZYTlWbjduVFJxSXI2ZDhQZC0wSjRCcnU4LXlISVQtY2tiOUFkckV3Q0pvUWtPTkRadUFSX0NPWjE5aEhoRmtTT1hHeERvbGZoamdIcVpkOGFCV2o5ZU9sSVpGV3NNS0xLeWtLYnR3ajExcDNGTDdmX3VtS2N2Vy1XNEdaVm94ekd0M05sZ1kyN2pCOGNzQ0F3RUFBYUF2TUMwR0NTcUdTSWIzRFFFSkRqRWdNQjR3SEFZRFZSMFJCQlV3RTRJUk1UQXdMbkpuWnk0ek1EVjBkaTVqYjIwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFIM2VtNEk2M1UyOXg4M2FZamtuTTRYQjNBQWR0WXdWQzVUSHIzZDBCLUx4Z0tPSDFOLWdJeDJsZGRmOHN4c1NPcUpWcEVWdllKNlFpd3VZOVhNT2ZoeUVXdVo1NmNmSl9UY0VNZGdUT1dzMzdZVG9PZXdIb25PMmt0Um1SaUozZ3NzZjRyLWY2ZFdxcDVoVjktRldoSnhwOVBrcloxYnBZUzk3TjQxdXVGNDE1UkhXOE1USXE5MElKdG5PeHJ2OFNQZ1dnNFNXY1UxV1Zsem5OWklZUWRqTTJmNjVYd3BoUDlrRFh4MXB6RHgxQW8yMTFFNC1hWUVBVHlkSXlkOTU0elpxc0tkMjlkanhMeTdQcFpfQlhmclZod251b05WUEU4YTdNeDNKN1hsQ3VwSExDV2xzdEhmRDlmVDRaZ19waVNkWS15cVF0LUFZZThqdERiZ3RXYkEiCn0"
}
2021-08-26 23:17:42,524:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/finalize/20749986/19910911480 HTTP/1.1" 200 441
2021-08-26 23:17:42,525:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 27 Aug 2021 03:17:42 GMT
Content-Type: application/json
Content-Length: 441
Connection: keep-alive
Boulder-Requester: 20749986
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/20749986/19910911480
Replay-Nonce: 0101jPAVevKBJTM5r8Bf5HX6X8dPdMaq5LGfNSlaiZbSAVM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "valid",
  "expires": "2021-09-03T03:17:38Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "[redacted].com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/25462400000"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/20749986/19910911480",
  "certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/04c707a7c6adac9035e8c6eff8035c1f29db"
}
2021-08-26 23:17:42,526:DEBUG:acme.client:Storing nonce: 0101jPAVevKBJTM5r8Bf5HX6X8dPdMaq5LGfNSlaiZbSAVM
2021-08-26 23:17:43,527:DEBUG:acme.client:JWS payload:
b''
2021-08-26 23:17:43,533:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/order/20749986/19910911480:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8yMDc0OTk4NiIsICJub25jZSI6ICIwMTAxalBBVmV2S0JKVE01cjhCZjVIWDZYOGRQZE1hcTVMR2ZOU2xhaVpiU0FWTSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvb3JkZXIvMjA3NDk5ODYvMTk5MTA5MTE0ODAifQ",
  "signature": "c2JEQl-qFKuPFFfVpL3AiH4FP-gPbiXnmAMiWy6U_tgV61yTzNFChzG98oty8g3hMFsODeufgKP_fPwpsuE1XNogq9HmazfYcLoqq8e2a-XcJz7HzbtT7PDfeNr0faUCC0LdvVmIUFnlbdeqNakHDWjH2NJ-Ixpxv2N-u9fBnNgzE1yckj56yCnMfHvWr7c_2ccfPH9d9T-NInURS2b3LJrkz1lGmTfWxRniemtd5DI4yPsm0EQkceN20tWuxkOMsrhkdha1qBFMzbVL8dcRVloTeBcYzB_E0jQa_MU6M9F7kv5QLRHT7bdqFllExLNlzzG6x0k6r9yzgGaQG85syQ",
  "payload": ""
}
2021-08-26 23:17:43,659:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/order/20749986/19910911480 HTTP/1.1" 200 441
2021-08-26 23:17:43,660:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 27 Aug 2021 03:17:43 GMT
Content-Type: application/json
Content-Length: 441
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101ntfUxhcVuSqV7toFNHZUgOwWhQYJEW5KXsv1dmnUbuM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "valid",
  "expires": "2021-09-03T03:17:38Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "[redacted].com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/25462400000"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/20749986/19910911480",
  "certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/04c707a7c6adac9035e8c6eff8035c1f29db"
}
2021-08-26 23:17:43,661:DEBUG:acme.client:Storing nonce: 0101ntfUxhcVuSqV7toFNHZUgOwWhQYJEW5KXsv1dmnUbuM
2021-08-26 23:17:43,663:DEBUG:acme.client:JWS payload:
b''
2021-08-26 23:17:43,671:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/cert/04c707a7c6adac9035e8c6eff8035c1f29db:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8yMDc0OTk4NiIsICJub25jZSI6ICIwMTAxbnRmVXhoY1Z1U3FWN3RvRk5IWlVnT3dXaFFZSkVXNUtYc3YxZG1uVWJ1TSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2VydC8wNGM3MDdhN2M2YWRhYzkwMzVlOGM2ZWZmODAzNWMxZjI5ZGIifQ",
  "signature": "HZ2yDd0iXBoEm6L2uN2kgG9UZAXcMAYnfjZxpptwvsKilu3ercJpuM1xvo781pEVJ1oSZorXyo1S0vPjyZettZtvhopmYwVRms7cFSjcHCZfxJImsaWNl6uMMPV-XIMp6eNkcrefPF3Ju0CDrXTODDqCvgpRSptp2ZmWjUdamAypVVBfv36RzapKVHoHXmbg1Gtee69w_zsRH2Hl18b6QM-qFJ_RYF963kA6k0lE35p6Fpu_UubFvZQ43k6NEBrANP5DYdInp0Bz1EWdEjPfkR_CMVGB1EpDRJ_L1Z2wkMLcI6VZO2WDD1g_k1fWEWVN8hJzJ2eO77KqLzKdDadNhQ",
  "payload": ""
}
2021-08-26 23:17:43,778:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/cert/04c707a7c6adac9035e8c6eff8035c1f29db HTTP/1.1" 200 5601
2021-08-26 23:17:43,780:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 27 Aug 2021 03:17:43 GMT
Content-Type: application/pem-certificate-chain
Content-Length: 5601
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/cert/04c707a7c6adac9035e8c6eff8035c1f29db/1>;rel="alternate"
Replay-Nonce: 0102epT6el21TWadsVEJUg8V8pQZuFTaTR2k1Af-rSnibBU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISBMcHp8atrJA16Mbv+ANcHynbMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
...abbreviated...
jhHAH3HOMm9iYK46prDBVMUWckiUWdF1q+7qKyUKFMkgLclxzTB1BDaYrNoIbeeR
CcfSNvXGdnaxxc6o3Q8LhH1nb6RJuIq9fqv5uQ==
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
...abbreviated...
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
...abbreviated...
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----

2021-08-26 23:17:43,780:DEBUG:acme.client:Storing nonce: 0102epT6el21TWadsVEJUg8V8pQZuFTaTR2k1Af-rSnibBU
2021-08-26 23:17:43,784:DEBUG:certbot.storage:Writing new private key to /etc/letsencrypt/archive/[redacted].com/privkey19.pem.
2021-08-26 23:17:43,785:DEBUG:certbot.storage:Writing certificate to /etc/letsencrypt/archive/[redacted].com/cert19.pem.
2021-08-26 23:17:43,785:DEBUG:certbot.storage:Writing chain to /etc/letsencrypt/archive/[redacted].com/chain19.pem.
2021-08-26 23:17:43,785:DEBUG:certbot.storage:Writing full chain to /etc/letsencrypt/archive/[redacted].com/fullchain19.pem.
2021-08-26 23:17:43,833:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer apache
2021-08-26 23:17:43,890:DEBUG:certbot.cli:Var authenticator=webroot (set by user).
2021-08-26 23:17:43,891:DEBUG:certbot.cli:Var installer=apache (set by user).
2021-08-26 23:17:43,923:DEBUG:certbot.cli:Var webroot_path=/empty (set by user).
2021-08-26 23:17:43,925:DEBUG:certbot.cli:Var webroot_path=/empty (set by user).
2021-08-26 23:17:43,925:DEBUG:certbot.cli:Var webroot_map={'webroot_path'} (set by user).
2021-08-26 23:17:43,928:DEBUG:certbot.storage:Writing new config /etc/letsencrypt/renewal/[redacted].com.conf.new.
2021-08-26 23:17:43,938:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/[redacted].com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/[redacted].com/privkey.pem
Your cert will expire on 2021-11-25. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew"
2021-08-26 23:17:43,938:DEBUG:certbot.reporter:Reporting to user: If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
Donating to EFF:                    https://eff.org/donate-le

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.