very odd log:
[root@seafile conf.d]# /opt/letsencrypt/letsencrypt-auto renew -v
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/seafile.swamp.xyz.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x7f23f6bec690> and installer <certbot._internal.cli.cli_utils._Default object at 0x7f23f6bec690>
Starting new HTTP connection (1): ocsp.int-x3.letsencrypt.org:80
http://ocsp.int-x3.letsencrypt.org:80 "POST / HTTP/1.1" 200 527
OCSP response for certificate /etc/letsencrypt/archive/seafile.swamp.xyz/cert3.pem is signed by the certificate's issuer.
OCSP certificate status for /etc/letsencrypt/archive/seafile.swamp.xyz/cert3.pem is: OCSPCertStatus.GOOD
Should renew, less than 30 days before certificate expiry 2020-04-01 15:10:12 UTC.
Cert is due for renewal, auto-renewing...
Requested authenticator webroot and installer None
Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f23f6c16050>
Prep: True
Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f23f6c16050> and installer None
Plugins selected: Authenticator webroot, Installer None
Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None, external_account_binding=None), uri=u'https://acm e-v02.api.letsencrypt.org/acme/acct/74783491', new_authzr_uri=None, terms_of_service=None), 94db95cce3fbf9302b330026072a727a, Meta(creation_host=u'seafile.swamp.xyz', creation_dt=datetime.datetime(2019, 12, 30, 0, 43, 25, tzinfo=<UTC>)))>
Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
Received response:
HTTP 200
Server: nginx
Date: Sun, 15 Mar 2020 02:25:07 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"pBaiMYi2b-U": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
Renewing an existing certificate
Generating key (2048 bits): /etc/letsencrypt/keys/0009_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0009_csr-certbot.pem
Requesting fresh nonce
Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Server: nginx
Date: Sun, 15 Mar 2020 02:25:07 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002YMWR0IEVlAlhASHBck6WpejjNxGlKd_LY_NFM_H2gjo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Storing nonce: 0002YMWR0IEVlAlhASHBck6WpejjNxGlKd_LY_NFM_H2gjo
JWS payload:
{
"identifiers": [
{
"type": "dns",
"value": "seafile.swamp.xyz"
}
]
}
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJub25jZSI6ICIwMDAyWU1XUjBJRVZsQWxoQVNIQmNrNldwZWpqTnhHbEtkX0xZX05GTV9IMmdqbyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZ XRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzc0NzgzNDkxIiwgImFsZyI6ICJSUzI1NiJ9",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICJzZWFmaWxlLnN3YW1wLnh5eiIKICAgIH0KICBdCn0",
"signature": "jdC6aGUZYSevv-vKvo-jB4Mja3jVP615GDNW13B5YMGwZh2uSmzgQxZrxQURPtyntKDMF_GFLKoKBtLVbFRN8KkyLTFtJUA6ASgZe3ydGq5FUOcLTHO9tt5UxxWIL-f7A4_UeEXT842818nyac8CW40l4OgSecf2cwmUPZNzJJhEMwum03zEtRuxWZoyq0HnwLDLc883Fyjdp oe70J34d8t_PJ9chnOB7OUVVfH0B_0KhHHLk8c19Lo1Z0jZFauV7_CIYMIqfi0L4-wGc-YF22MZfxwPruLss_wWRkyw7ZXg8HdqtJpMIQMj6valBTwXujYKmTn9v6CEN-8XPb7uPQ"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 347
Received response:
HTTP 201
Server: nginx
Date: Sun, 15 Mar 2020 02:25:07 GMT
Content-Type: application/json
Content-Length: 347
Connection: keep-alive
Boulder-Requester: 74783491
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/74783491/2659347282
Replay-Nonce: 0002hQPzw2XtrWF7HgBidsT_vzXZ7xy74Pcad4mdnF9E3hA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2020-03-22T02:25:07.914301285Z",
"identifiers": [
{
"type": "dns",
"value": "seafile.swamp.xyz"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/3364863675"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/74783491/2659347282"
}
Storing nonce: 0002hQPzw2XtrWF7HgBidsT_vzXZ7xy74Pcad4mdnF9E3hA
JWS payload:
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/3364863675:
{
"protected": "eyJub25jZSI6ICIwMDAyaFFQencyWHRyV0Y3SGdCaWRzVF92elhaN3h5NzRQY2FkNG1kbkY5RTNoQSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzM2NDg2MzY3NSIsICJraWQiOiAiaHR0cHM6Ly9hY21lL XYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC83NDc4MzQ5MSIsICJhbGciOiAiUlMyNTYifQ",
"payload": "",
"signature": "rzgUXn95neXyeegYAO15vOZFbRngv5XB9AvTFSQeu1pn_KbfW64NfxZUjEEPvWF2F8zwWB8to_LHnhOijv3sk-0Fyin7Z6kNsjRfuceocdGD19BUjxRuYFKyI5e_kBaTw2NVZ5xSrk7bY11d6cRysJfTB6s9bwbhhMmGKbFiuP6nsTJqWJq0c4Z07kCer2jg3gAYQ3s2icnQe _NMUpcAtMiAE4-UYKYIE7gAf7YNw-JHxhXf8i2fzuVzh3iNC5JTt1XMygD_j35tYN5lypzXTbiVr5MaIRiFWyaloPNVcNChx5AtBYHppeEYCTuRXO_YLZVkvfaCdzMgC8SARrBnsw"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/3364863675 HTTP/1.1" 200 795
Received response:
HTTP 200
Server: nginx
Date: Sun, 15 Mar 2020 02:25:08 GMT
Content-Type: application/json
Content-Length: 795
Connection: keep-alive
Boulder-Requester: 74783491
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002bOHZMSB0fyTyqFqOQeQ2udVtF-X6Nru0_WfdAZmx_Io
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "seafile.swamp.xyz"
},
"status": "pending",
"expires": "2020-03-22T02:25:07Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3364863675/SJlgwQ",
"token": "Kw4bryZFH2DiQD4_A6eN4dlxOz-Ol9frj0RfNBugv4s"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3364863675/GFDt4Q",
"token": "Kw4bryZFH2DiQD4_A6eN4dlxOz-Ol9frj0RfNBugv4s"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3364863675/4k7nEg",
"token": "Kw4bryZFH2DiQD4_A6eN4dlxOz-Ol9frj0RfNBugv4s"
}
]
}
Storing nonce: 0002bOHZMSB0fyTyqFqOQeQ2udVtF-X6Nru0_WfdAZmx_Io
Performing the following challenges:
http-01 challenge for seafile.swamp.xyz
Using the webroot path /usr/share/nginx/html for all unmatched domains.
Creating root challenges validation dir at /usr/share/nginx/html/.well-known/acme-challenge
Attempting to save validation to /usr/share/nginx/html/.well-known/acme-challenge/Kw4bryZFH2DiQD4_A6eN4dlxOz-Ol9frj0RfNBugv4s
Waiting for verification...
JWS payload:
{
"type": "http-01",
"resource": "challenge"
}