Letsencrypt and no-ip

ok. what makes you think your site has been hacked?

show us whatever else certbot told you when the challenges failed

4 Likes

because of the red screen and the deceptive site ahead warning

that might be a false alarm, check your website and reinstall it from scratch if you're not sure.

3 Likes

the rest of certbot log file is big and it also has my ip address listed...is this wise to put it on here ?

If you want your IP to stay private, don't host a website using a publicly trusted certificate.

All certificates are publicly logged, including domain names. Your IP would be just a DNS query away.

5 Likes
2023-08-04 15:58:08,063:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2023-08-04 15:58:09,531:DEBUG:certbot._internal.main:certbot version: 2.6.0
2023-08-04 15:58:09,532:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3025/bin/certbot
2023-08-04 15:58:09,532:DEBUG:certbot._internal.main:Arguments: ['--apache', '--preconfigured-renewal']
2023-08-04 15:58:09,533:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,Plugin$
2023-08-04 15:58:09,606:DEBUG:certbot._internal.log:Root logging level set at 30
2023-08-04 15:58:09,609:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2023-08-04 15:58:09,894:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.38
2023-08-04 15:58:10,799:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7331dfb8>
Prep: True
2023-08-04 15:58:10,801:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7331dfb8> and installer <c$
2023-08-04 15:58:10,802:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2023-08-04 15:58:10,872:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agr$
2023-08-04 15:58:10,875:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-08-04 15:58:10,883:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2023-08-04 15:58:11,353:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2023-08-04 15:58:11,356:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 04 Aug 2023 14:58:11 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "5mAncaJ43hI": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}

2023-08-04 15:59:35,288:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for footie.ddns.net
2023-08-04 15:59:35,312:DEBUG:acme.client:Requesting fresh nonce
2023-08-04 15:59:35,313:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2023-08-04 15:59:35,473:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2023-08-04 15:59:35,477:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 04 Aug 2023 14:59:35 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 891F7MLLXEcoaOQFgPcaSGb9qwr8vzsBnNN7cXyJWjwhvzo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2023-08-04 15:59:35,478:DEBUG:acme.client:Storing nonce: 891F7MLLXEcoaOQFgPcaSGb9qwr8vzsBnNN7cXyJWjwhvzo
2023-08-04 15:59:35,479:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "footie.ddns.net"\n    }\n  ]\n}'
2023-08-04 15:59:35,519:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MTExNzg0NiIsICJub25jZSI6ICI4OTFGN01MTFhFY29hT1FGZ1BjYVNHYjlxd3I4dnpzQm5O$
  "signature": "g9njCMl7cLt7vTly9VcJM4kcg0uxSb_SUJbBONDozUL1abCuJCdhp6SNIDauhQpH-qW8iQJ_BTHebehF83Eu4KP5pwofqjtIg2v4DyL9kATaFpXlghUB85iwvsaEWsrBJMnRl3AhfVpjL7kZKneS7-bUZwb1fgepUtOC_7AxgRlb$
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImZvb3RpZS5kZG5zLm5ldCIKICAgIH0KICBdCn0"
}
2023-08-04 15:59:35,909:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 341
2023-08-04 15:59:35,911:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 04 Aug 2023 14:59:35 GMT
Content-Type: application/json
Content-Length: 341
Connection: keep-alive
Boulder-Requester: 1241117846
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1241117846/199393461456
Replay-Nonce: 891FESroi_9kpmbX4DCvYVtxCKEg1e1cQl6YPGkWEAqKy4g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2023-08-11T14:59:35Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "footie.ddns.net"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/251900250236"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1241117846/199393461456"
}
2023-08-04 15:59:35,911:DEBUG:acme.client:Storing nonce: 891FESroi_9kpmbX4DCvYVtxCKEg1e1cQl6YPGkWEAqKy4g
2023-08-04 15:59:35,912:DEBUG:acme.client:JWS payload:
b''
2023-08-04 15:59:35,927:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/251900250236:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MTExNzg0NiIsICJub25jZSI6ICI4OTFGRVNyb2lfOWtwbWJYNERDdllWdHhDS0VnMWUxY1Fs$
  "signature": "UZC1-wwJ_kyH__Vg9YFTJ6s70Dm59xSaIW0969-By846_89dq7bTxskmyuNbheGyWIHdpxkHEWbJYcED9QjBu2kvKpemWkl-WIi3Ba5SUKZGAaRYwZrXTCDP3IB4peJZz8mnrpHaHPSfZi2-mNVSPdaXUCcdP60tdODtbAXTUxl_$
  "payload": ""
}
2023-08-04 15:59:36,098:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/251900250236 HTTP/1.1" 200 799
2023-08-04 15:59:36,100:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 04 Aug 2023 14:59:36 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 1241117846
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 371CGVTV8RccWtdjbkQxohIQCtm6YAmtsiNKpLQCyQGV97w
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "footie.ddns.net"
  },
  "status": "pending",
  "expires": "2023-08-11T14:59:35Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251900250236/q0LSVw",
      "token": "JSfFDqqOrcXhf_dMadSyjuopD3ksEBLysTwghOUO91E"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251900250236/nq9fYg",
      "token": "JSfFDqqOrcXhf_dMadSyjuopD3ksEBLysTwghOUO91E"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251900250236/B8CHBQ",
      "token": "JSfFDqqOrcXhf_dMadSyjuopD3ksEBLysTwghOUO91E"
    }
  ]
}
2023-08-04 15:59:36,101:DEBUG:acme.client:Storing nonce: 371CGVTV8RccWtdjbkQxohIQCtm6YAmtsiNKpLQCyQGV97w
2023-08-04 15:59:36,103:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-08-04 15:59:36,103:INFO:certbot._internal.auth_handler:http-01 challenge for footie.ddns.net
2023-08-04 15:59:36,352:INFO:certbot_apache._internal.override_debian:Enabled Apache rewrite module
2023-08-04 15:59:36,879:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: None in: /etc/apache2/sites-enabled/000-default.conf
2023-08-04 15:59:36,881:DEBUG:certbot_apache._internal.http_01:writing a pre config file with text:
         RewriteEngine on
        RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]

2023-08-04 15:59:36,882:DEBUG:certbot_apache._internal.http_01:writing a post config file with text:
         <Directory /var/lib/letsencrypt/http_challenges>
            Require all granted
        </Directory>
        <Location /.well-known/acme-challenge>
            Require all granted
        </Location>

2023-08-04 15:59:36,953:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/000-default.conf
2023-08-04 15:59:40,537:DEBUG:acme.client:JWS payload:
b'{}'
2023-08-04 15:59:40,553:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/251900250236/q0LSVw:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MTExNzg0NiIsICJub25jZSI6ICIzNzFDR1ZUVjhSY2NXdGRqYmtReG9oSVFDdG02WUFtdHNp$
  "signature": "A9JKYGLyrOMPkdpOyp7g1jJ6F_CgbYT4heX0UqxKf3N5yx_wh--0o91nxgsgfVTHMlwjKpnWntKWV-EJZaRWjlY2w3IHymiPXdfDSuFnoMcoRwoIaUWTwuZp4tJNxz-AC-fboSFHoJqrVAEKLZE5Jxy7x0NZbtopZDqA1EOEE9os$
  "payload": "e30"
}
2023-08-04 15:59:40,714:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/251900250236/q0LSVw HTTP/1.1" 200 187
2023-08-04 15:59:40,716:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 04 Aug 2023 14:59:40 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1241117846
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/251900250236>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/251900250236/q0LSVw
Replay-Nonce: 891FhPX2KgHmO30TUOM8eDXj4txe-p4gyE_Mg3OUwBWDFog
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251900250236/q0LSVw",
  "token": "JSfFDqqOrcXhf_dMadSyjuopD3ksEBLysTwghOUO91E"
}
2023-08-04 15:59:40,716:DEBUG:acme.client:Storing nonce: 891FhPX2KgHmO30TUOM8eDXj4txe-p4gyE_Mg3OUwBWDFog
2023-08-04 15:59:40,718:INFO:certbot._internal.auth_handler:Waiting for verification...
2023-08-04 15:59:41,720:DEBUG:acme.client:JWS payload:
b''
2023-08-04 15:59:41,735:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/251900250236:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MTExNzg0NiIsICJub25jZSI6ICI4OTFGaFBYMktnSG1PMzBUVU9NOGVEWGo0dHhlLXA0Z3lF$
  "signature": "q6MLlVp19b0gUseJvYEL6bJwop_r4CuaU2NGi9CQ-Sv4WyB14_wGwsc0XM33REQpCqMJRxzksB3LdxHkG8JXsC2QhWGF4r8aORNxAY706lcSjZR78M9ZkP15ChlYRckPx03ckxCpf0XjNz7RLG5jj0aJgo6rmZS95d_fOo9Uso6N$
  "payload": ""
}
2023-08-04 15:59:41,905:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/251900250236 HTTP/1.1" 200 799
2023-08-04 15:59:41,907:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 04 Aug 2023 14:59:41 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 1241117846
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 371CGLlsHMKUmkyoV9ANS0b34Axu6Pq0YcFpOz7am27mx44
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "footie.ddns.net"
  },
  "status": "pending",
  "expires": "2023-08-11T14:59:35Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251900250236/q0LSVw",
      "token": "JSfFDqqOrcXhf_dMadSyjuopD3ksEBLysTwghOUO91E"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251900250236/nq9fYg",
      "token": "JSfFDqqOrcXhf_dMadSyjuopD3ksEBLysTwghOUO91E"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251900250236/B8CHBQ",
      "token": "JSfFDqqOrcXhf_dMadSyjuopD3ksEBLysTwghOUO91E"
    }
  ]
}
2023-08-04 15:59:41,907:DEBUG:acme.client:Storing nonce: 371CGLlsHMKUmkyoV9ANS0b34Axu6Pq0YcFpOz7am27mx44
2023-08-04 15:59:44,913:DEBUG:acme.client:JWS payload:
b''
2023-08-04 15:59:44,935:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/251900250236:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MTExNzg0NiIsICJub25jZSI6ICIzNzFDR0xsc0hNS1Vta3lvVjlBTlMwYjM0QXh1NlBxMFlj$
  "signature": "UQVUBsYQXPUzgU_7xJ5rsirICWz9sV5rarFB4aAEpKoCiJXxh-YtA9UrEmdQvSzSvnXel38BDSUAZ-dXwmyTt1V5262nprORsjs2yeDL_9d3660uiv9CRospiBpEd3m2o2FfXEbjqG3hiJ5k4K3dz3q9zKj3yvv2qMHMjohft6eR$
  "payload": ""
}
2023-08-04 15:59:45,096:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/251900250236 HTTP/1.1" 200 799
2023-08-04 15:59:45,099:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 04 Aug 2023 14:59:45 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 1241117846
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 371C97kXDitA-WXEeCrK6CpET5ak3yWyF5iubsyb32wUgPI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "footie.ddns.net"
  },
  "status": "pending",
  "expires": "2023-08-11T14:59:35Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251900250236/q0LSVw",
      "token": "JSfFDqqOrcXhf_dMadSyjuopD3ksEBLysTwghOUO91E"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251900250236/nq9fYg",
      "token": "JSfFDqqOrcXhf_dMadSyjuopD3ksEBLysTwghOUO91E"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251900250236/B8CHBQ",
      "token": "JSfFDqqOrcXhf_dMadSyjuopD3ksEBLysTwghOUO91E"
    }
  ]
}
2023-08-04 15:59:45,100:DEBUG:acme.client:Storing nonce: 371C97kXDitA-WXEeCrK6CpET5ak3yWyF5iubsyb32wUgPI
2023-08-04 15:59:48,106:DEBUG:acme.client:JWS payload:
b''
2023-08-04 15:59:48,133:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/251900250236:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MTExNzg0NiIsICJub25jZSI6ICIzNzFDOTdrWERpdEEtV1hFZUNySzZDcEVUNWFrM3lXeUY1$
  "signature": "a90Cdy7ewVWLc6Y3anCWADleUjsnSyeZH10OGbwd7cs1qaCBRCdCxiToMlsZjFrLBeWXoRSba04XxYYJDR-n0BzPWVRmqLQY38QgsC77q0WGr0ICSoHJt_rQVLhBIcUXo75W909UqI_ipX8awfBbokJt9rTcOklQ6wc7AqVBXKab$
  "payload": ""
}
2023-08-04 15:59:48,294:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/251900250236 HTTP/1.1" 200 799
2023-08-04 15:59:48,297:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 04 Aug 2023 14:59:48 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 1241117846
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 891FnJWIRSnY2-pkcVydvYQPvElETY36JbI5jWrfBT0XMLU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "footie.ddns.net"
  },
  "status": "pending",
  "expires": "2023-08-11T14:59:35Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251900250236/q0LSVw",
      "token": "JSfFDqqOrcXhf_dMadSyjuopD3ksEBLysTwghOUO91E"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251900250236/nq9fYg",
      "token": "JSfFDqqOrcXhf_dMadSyjuopD3ksEBLysTwghOUO91E"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251900250236/B8CHBQ",
      "token": "JSfFDqqOrcXhf_dMadSyjuopD3ksEBLysTwghOUO91E"
    }
  ]
}
2023-08-04 15:59:45,100:DEBUG:acme.client:Storing nonce: 371C97kXDitA-WXEeCrK6CpET5ak3yWyF5iubsyb32wUgPI
2023-08-04 15:59:48,106:DEBUG:acme.client:JWS payload:
b''
2023-08-04 15:59:48,133:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/251900250236:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MTExNzg0NiIsICJub25jZSI6ICIzNzFDOTdrWERpdEEtV1hFZUNySzZDcEVUNWFrM3lXeUY1$
  "signature": "a90Cdy7ewVWLc6Y3anCWADleUjsnSyeZH10OGbwd7cs1qaCBRCdCxiToMlsZjFrLBeWXoRSba04XxYYJDR-n0BzPWVRmqLQY38QgsC77q0WGr0ICSoHJt_rQVLhBIcUXo75W909UqI_ipX8awfBbokJt9rTcOklQ6wc7AqVBXKab$
  "payload": ""
}
2023-08-04 15:59:48,294:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/251900250236 HTTP/1.1" 200 799
2023-08-04 15:59:48,297:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 04 Aug 2023 14:59:48 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 1241117846
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 891FnJWIRSnY2-pkcVydvYQPvElETY36JbI5jWrfBT0XMLU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "footie.ddns.net"
  },
  "status": "pending",
  "expires": "2023-08-11T14:59:35Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251900250236/q0LSVw",
      "token": "JSfFDqqOrcXhf_dMadSyjuopD3ksEBLysTwghOUO91E"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251900250236/nq9fYg",
      "token": "JSfFDqqOrcXhf_dMadSyjuopD3ksEBLysTwghOUO91E"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251900250236/B8CHBQ",
      "token": "JSfFDqqOrcXhf_dMadSyjuopD3ksEBLysTwghOUO91E"
    }
  ]
}
2023-08-04 15:59:48,298:DEBUG:acme.client:Storing nonce: 891FnJWIRSnY2-pkcVydvYQPvElETY36JbI5jWrfBT0XMLU
2023-08-04 15:59:51,304:DEBUG:acme.client:JWS payload:
b''
2023-08-04 15:59:51,326:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/251900250236:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MTExNzg0NiIsICJub25jZSI6ICI4OTFGbkpXSVJTblkyLXBrY1Z5ZHZZUVB2RWxFVFkzNkpi$
  "signature": "PvTcNzqLQnNU_i0LPbv_OaAtJe1mUF5PEdSuIOybvqJXJ26tAPp9PCPAkIzpnOiv10IVhTBmU2X-mnNmnv9AOhB5DB7dm0-Z11V61iK4dm9mUpX11iQK40jksFRpSeGr46E5u6sVSGpad04UVUPtH_-QwCPp8y745v3ssVERLtys$
  "payload": ""
}
2023-08-04 15:59:51,488:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/251900250236 HTTP/1.1" 200 1064
2023-08-04 15:59:51,492:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 04 Aug 2023 14:59:51 GMT
Content-Type: application/json
Content-Length: 1064
Connection: keep-alive
Boulder-Requester: 1241117846
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 891FbtnfxNo8SCumdl2DnjNSa1DkSMY8VaT6O_V8NCwI2Ck
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
  "identifier": {
    "type": "dns",
    "value": "footie.ddns.net"
  },
  "status": "invalid",
  "expires": "2023-08-11T14:59:35Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "185.217.112.172: Fetching http://footie.ddns.net/.well-known/acme-challenge/JSfFDqqOrcXhf_dMadSyjuopD3ksEBLysTwghOUO91E: Timeout during connect (likely firewall problem)$
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251900250236/q0LSVw",
      "token": "JSfFDqqOrcXhf_dMadSyjuopD3ksEBLysTwghOUO91E",
      "validationRecord": [
        {
          "url": "http://footie.ddns.net/.well-known/acme-challenge/JSfFDqqOrcXhf_dMadSyjuopD3ksEBLysTwghOUO91E",
          "hostname": "footie.ddns.net",
          "port": "80",
          "addressesResolved": [
            "185.217.112.172"
          ],
          "addressUsed": "185.217.112.172"
        }
      ],
      "validated": "2023-08-04T14:59:40Z"
    }
  ]
}
2023-08-04 15:59:51,493:DEBUG:acme.client:Storing nonce: 891FbtnfxNo8SCumdl2DnjNSa1DkSMY8VaT6O_V8NCwI2Ck
2023-08-04 15:59:51,496:INFO:certbot._internal.auth_handler:Challenge failed for domain footie.ddns.net
2023-08-04 15:59:51,497:INFO:certbot._internal.auth_handler:http-01 challenge for footie.ddns.net
2023-08-04 15:59:51,498:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: footie.ddns.net
  Type:   connection
  Detail: 185.217.112.172: Fetching http://footie.ddns.net/.well-known/acme-challenge/JSfFDqqOrcXhf_dMadSyjuopD3ksEBLysTwghOUO91E: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is acces$

2023-08-04 15:59:51,506:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-08-04 15:59:51,507:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-08-04 15:59:51,507:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-08-04 15:59:52,503:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/3025/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/_internal/main.py", line 1864, in main
    return config.func(config, plugins)
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/_internal/main.py", line 1447, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-08-04 15:59:52,508:ERROR:certbot._internal.log:Some challenges have failed.

Ok, this is what I was looking for.

Is it possible you need to forward port 80 from your router to your webserver? (Save time and forward 443 too)

5 Likes

Is the IP address correct?

I.e., does the output of curl ifconfig.co correspond with the IP address 185.217.112.172?

2 Likes

OK, you mean change external from port 93 to external port 80 and point to internal port 80. How do I route 443 to the server ??

Same way, external 443 to internal 443

3 Likes

OK, thanks for your help but I have to take a rest from this now and will come back tomorrow. Your help has been invaluable....kind regards Don...

1 Like

Hi, I have changed the ports as you suggested and re-reun the sudo certbot --apache -v command and still fails, any suggestions. One other thing is when i look up my dns record in ICANN it says not found ??:

2023-08-05 08:29:33,363:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2023-08-05 08:29:34,802:DEBUG:certbot._internal.main:certbot version: 2.6.0
2023-08-05 08:29:34,803:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3025/bin/certbot
2023-08-05 08:29:34,803:DEBUG:certbot._internal.main:Arguments: ['--apache', '-v', '--preconfigured-renewal']
2023-08-05 08:29:34,804:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,Plugin$
2023-08-05 08:29:34,880:DEBUG:certbot._internal.log:Root logging level set at 20
2023-08-05 08:29:34,883:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2023-08-05 08:29:35,178:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.38
2023-08-05 08:29:36,094:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0x733b3fe8>
Prep: True
2023-08-05 08:29:36,096:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_debian.DebianConfigurator object at 0x733b3fe8> and installer <c$
2023-08-05 08:29:36,096:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2023-08-05 08:29:36,167:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agr$
2023-08-05 08:29:36,170:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-08-05 08:29:36,178:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2023-08-05 08:29:36,647:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2023-08-05 08:29:36,651:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 05 Aug 2023 07:29:36 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "5nK-iE-9dWc": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2023-08-05 08:29:55,427:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for footie.ddns.net
2023-08-05 08:29:55,450:DEBUG:acme.client:Requesting fresh nonce
2023-08-05 08:29:55,451:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2023-08-05 08:29:55,609:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2023-08-05 08:29:55,611:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 05 Aug 2023 07:29:55 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 371Ci8quLk7gz0yWSw2JcYe2KjC3RTueHYwHRs0sYwogmNI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2023-08-05 08:29:55,612:DEBUG:acme.client:Storing nonce: 371Ci8quLk7gz0yWSw2JcYe2KjC3RTueHYwHRs0sYwogmNI
2023-08-05 08:29:55,614:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "footie.ddns.net"\n    }\n  ]\n}'
2023-08-05 08:29:55,643:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MTExNzg0NiIsICJub25jZSI6ICIzNzFDaThxdUxrN2d6MHlXU3cySmNZZTJLakMzUlR1ZUhZ$
  "signature": "dsGB_b8IrkiMyMQe9xcEb-SELLNL71tp8UxLDUHRjQsCJVhbOhdZl8X_NbxlVGLxKn5pEO7_0ypxF_guNkwq8KSCi9rZh2a-LSgs7JsZjOCH3BsdeMYQiSaX48P3IG_IuEtl5xELs4aMc1gT25HQUdskn7IPs5Jbldeu1dltplkA$
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImZvb3RpZS5kZG5zLm5ldCIKICAgIH0KICBdCn0"
}
2023-08-05 08:29:55,960:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 341
2023-08-05 08:29:55,964:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sat, 05 Aug 2023 07:29:55 GMT
Content-Type: application/json
Content-Length: 341
Connection: keep-alive
Boulder-Requester: 1241117846
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1241117846/199543488446
Replay-Nonce: 371CslL3RPvh6XJcxy0Al8iaNDhJW0WAoqtUWDX7UI6bnZE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2023-08-12T07:29:55Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "footie.ddns.net"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/252110082806"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1241117846/199543488446"
}
2023-08-05 08:29:55,965:DEBUG:acme.client:Storing nonce: 371CslL3RPvh6XJcxy0Al8iaNDhJW0WAoqtUWDX7UI6bnZE
2023-08-05 08:29:55,966:DEBUG:acme.client:JWS payload:
b''
2023-08-05 08:29:55,995:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/252110082806:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MTExNzg0NiIsICJub25jZSI6ICIzNzFDc2xMM1JQdmg2WEpjeHkwQWw4aWFORGhKVzBXQW9x$
  "signature": "mjRCWaQlxCgMepvjO4eVr6QDbgTObYIgvPqXF9qcafXVs3gPsa2lRUrdgFfpr7ac5JVYDNGFG1Ybw2hAsnRt6AjnmTCD56eLZ_Tbwi5425FQuMNm3NTdwMqJ6l_shFHGivDUWE277HvdVO4cUhq10LXWnTHb-wtrZ_isG0fKybzq$
  "payload": ""
}
2023-08-05 08:29:56,159:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/252110082806 HTTP/1.1" 200 799
2023-08-05 08:29:56,162:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 05 Aug 2023 07:29:56 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 1241117846
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 891FI5u67IKdXbqTzAYB9kgUdJUg97lMV5bsq3vaON3y1II
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "footie.ddns.net"
  },
  "status": "pending",
  "expires": "2023-08-12T07:29:55Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/252110082806/moVaTQ",
      "token": "YpWNE0TYKB3WS-NK2HY0uJRsa0SVN3mknABAuHraDLc"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/252110082806/RwCmeA",
      "token": "YpWNE0TYKB3WS-NK2HY0uJRsa0SVN3mknABAuHraDLc"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/252110082806/khQ25w",
      "token": "YpWNE0TYKB3WS-NK2HY0uJRsa0SVN3mknABAuHraDLc"
    }
  ]
}
2023-08-05 08:29:56,163:DEBUG:acme.client:Storing nonce: 891FI5u67IKdXbqTzAYB9kgUdJUg97lMV5bsq3vaON3y1II
2023-08-05 08:29:56,165:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-08-05 08:29:56,166:INFO:certbot._internal.auth_handler:http-01 challenge for footie.ddns.net
2023-08-05 08:29:56,372:INFO:certbot_apache._internal.override_debian:Enabled Apache rewrite module
2023-08-05 08:29:56,906:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: None in: /etc/apache2/sites-enabled/000-default.conf
2023-08-05 08:29:56,908:DEBUG:certbot_apache._internal.http_01:writing a pre config file with text:
         RewriteEngine on
        RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]

2023-08-05 08:29:56,909:DEBUG:certbot_apache._internal.http_01:writing a post config file with text:
         <Directory /var/lib/letsencrypt/http_challenges>
            Require all granted
        </Directory>
        <Location /.well-known/acme-challenge>
            Require all granted
        </Location>

2023-08-05 08:29:56,981:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/000-default.conf
2023-08-05 08:30:00,593:DEBUG:acme.client:JWS payload:
b'{}'
2023-08-05 08:30:00,608:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/252110082806/moVaTQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MTExNzg0NiIsICJub25jZSI6ICI4OTFGSTV1NjdJS2RYYnFUekFZQjlrZ1VkSlVnOTdsTVY1$
  "signature": "Ns-PnsTEX9kzxOYdFnpH44aehoJ6jjuKp2zZVkukPdj4RFL72sAYcGPDUnwMfx-qEscG6vkT_Da0zxABOLNBwsyfDu4un3BrHsQPoSC_fTJyUw2MFr2xsg5SpXGVCpHrRIiRHc06KciX7Zs12RB-feX7kprQqouoh2x1kxoJ89S4$
  "payload": "e30"
}
2023-08-05 08:30:00,771:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/252110082806/moVaTQ HTTP/1.1" 200 187
2023-08-05 08:30:00,773:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 05 Aug 2023 07:30:00 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1241117846
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/252110082806>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/252110082806/moVaTQ
Replay-Nonce: 891FQ0xwIY-BJ1xw1wL9_RyivOjb-5cWmK46xxWCy8AKFQY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/252110082806/moVaTQ",
  "token": "YpWNE0TYKB3WS-NK2HY0uJRsa0SVN3mknABAuHraDLc"
}
2023-08-05 08:30:00,774:DEBUG:acme.client:Storing nonce: 891FQ0xwIY-BJ1xw1wL9_RyivOjb-5cWmK46xxWCy8AKFQY
2023-08-05 08:30:00,775:INFO:certbot._internal.auth_handler:Waiting for verification...
2023-08-05 08:30:01,777:DEBUG:acme.client:JWS payload:
b''
2023-08-05 08:30:01,800:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/252110082806:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MTExNzg0NiIsICJub25jZSI6ICI4OTFGUTB4d0lZLUJKMXh3MXdMOV9SeWl2T2piLTVjV21L$
  "signature": "A5Tpb3gnXITmMiK4H7UVd9iS-O3LfH2Pcf2zZeckpVoUWPW2YOEvWJkU14qFcz63Gy_JIwV9a229vDMah76gKPuDfjLI_xurJDmM0Ti0ICDCxzaJT19oASnZ_mPIz9VD52H6_VUea4WO_6L8uBaAn5UujZtFpTSu7-TvW9jmODtY$
  "payload": ""
}
2023-08-05 08:30:01,992:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/252110082806 HTTP/1.1" 200 799
2023-08-05 08:30:01,995:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 05 Aug 2023 07:30:01 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 1241117846
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 891FmggI6jAfARP4xzrtIoG3CzFGVSEiZW26s9LSepI7JB4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "footie.ddns.net"
  },
  "status": "pending",
  "expires": "2023-08-12T07:29:55Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/252110082806/moVaTQ",
      "token": "YpWNE0TYKB3WS-NK2HY0uJRsa0SVN3mknABAuHraDLc"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/252110082806/RwCmeA",
      "token": "YpWNE0TYKB3WS-NK2HY0uJRsa0SVN3mknABAuHraDLc"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/252110082806/khQ25w",
      "token": "YpWNE0TYKB3WS-NK2HY0uJRsa0SVN3mknABAuHraDLc"
    }
  ]
}
2023-08-05 08:30:01,997:DEBUG:acme.client:Storing nonce: 891FmggI6jAfARP4xzrtIoG3CzFGVSEiZW26s9LSepI7JB4
2023-08-05 08:30:05,004:DEBUG:acme.client:JWS payload:
b''
2023-08-05 08:30:05,019:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/252110082806:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MTExNzg0NiIsICJub25jZSI6ICI4OTFGbWdnSTZqQWZBUlA0eHpydElvRzNDekZHVlNFaVpX$
  "signature": "BJKNQNYqVuCoqCQKXELteJU3L9VTMt_Ly5si6mRnfqMTJ4z-hJgnCwFuQp_b0kalY_djydXs66zyp3QftJrpsxo2EI9ZlbJ-L_LXtITtXBbWKpETiJAhzSUsUaNtuacuaofON8GJEBmg9Y6lDS1htXRrpmvuejvt0CDfZBOAeSNl$
  "payload": ""
}
2023-08-05 08:30:05,193:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/252110082806 HTTP/1.1" 200 799
2023-08-05 08:30:05,196:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 05 Aug 2023 07:30:05 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 1241117846
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 891FtSyhYVJfClQyqxSb16cFODQzpX4oe0-huq9i_vC5NU4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "footie.ddns.net"
  },
  "status": "pending",
  "expires": "2023-08-12T07:29:55Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/252110082806/moVaTQ",
      "token": "YpWNE0TYKB3WS-NK2HY0uJRsa0SVN3mknABAuHraDLc"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/252110082806/RwCmeA",
      "token": "YpWNE0TYKB3WS-NK2HY0uJRsa0SVN3mknABAuHraDLc"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/252110082806/khQ25w",
      "token": "YpWNE0TYKB3WS-NK2HY0uJRsa0SVN3mknABAuHraDLc"
    }
  ]
}
2023-08-05 08:30:05,197:DEBUG:acme.client:Storing nonce: 891FtSyhYVJfClQyqxSb16cFODQzpX4oe0-huq9i_vC5NU4
2023-08-05 08:30:08,203:DEBUG:acme.client:JWS payload:
b''
2023-08-05 08:30:08,232:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/252110082806:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MTExNzg0NiIsICJub25jZSI6ICI4OTFGdFN5aFlWSmZDbFF5cXhTYjE2Y0ZPRFF6cFg0b2Uw$
  "signature": "oI9enH8CpMkmDbAZbNIlitcic2VwE5jaG6eQ0RCbZcYaoRzF0_FwOYouVIjIOJ9lJrNDBeUeMDmj1gLHfRQY3c0tI5IMIoO9Qqsy1WeIpvQ84E1IDUasDXkvgRO1d1MzNiQJcfH8VBWY37QIpmL-Xrr9Ckf1UxfJzygpV4NQjPVe$
  "payload": ""
}
2023-08-05 08:30:08,396:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/252110082806 HTTP/1.1" 200 799
2023-08-05 08:30:08,398:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 05 Aug 2023 07:30:08 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 1241117846
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 371CHBawEzdtqsBpe5QjAd1zxY-qz1clnXAKdWF2ujU0EzI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "footie.ddns.net"
  },
  "status": "pending",
  "expires": "2023-08-12T07:29:55Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/252110082806/moVaTQ",
      "token": "YpWNE0TYKB3WS-NK2HY0uJRsa0SVN3mknABAuHraDLc"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/252110082806/RwCmeA",
      "token": "YpWNE0TYKB3WS-NK2HY0uJRsa0SVN3mknABAuHraDLc"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/252110082806/khQ25w",
      "token": "YpWNE0TYKB3WS-NK2HY0uJRsa0SVN3mknABAuHraDLc"
    }
  ]
}
2023-08-05 08:30:08,399:DEBUG:acme.client:Storing nonce: 371CHBawEzdtqsBpe5QjAd1zxY-qz1clnXAKdWF2ujU0EzI
2023-08-05 08:30:11,404:DEBUG:acme.client:JWS payload:
b''
2023-08-05 08:30:11,419:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/252110082806:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MTExNzg0NiIsICJub25jZSI6ICIzNzFDSEJhd0V6ZHRxc0JwZTVRakFkMXp4WS1xejFjbG5Y$
  "signature": "ESyLsn46MhRgNBuN7YgmVbNW8i5cTwUqZFInUGIQtZdVnEZPDdx_SOeG6d4GPWVaOdmSSgs15LM06QmPZzuBOIknyI7rQQ-TiASvrQTLNtfEOzibDr9Qv9SCEsnhGwjewwMludWbWB2GQx-ux6jCs6oC8-EJ0XJe6zMWgYNHq1Zd$
  "payload": ""
}
2023-08-05 08:30:11,595:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/252110082806 HTTP/1.1" 200 1064
2023-08-05 08:30:11,597:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 05 Aug 2023 07:30:11 GMT
Content-Type: application/json
Content-Length: 1064
Connection: keep-alive
Boulder-Requester: 1241117846
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 891FPjiZFWAUk2GLXo96Vr6lMfnCv_MNv1_NQ00jZ3wznqo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "footie.ddns.net"
  },
  "status": "invalid",
  "expires": "2023-08-12T07:29:55Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "185.217.112.172: Fetching http://footie.ddns.net/.well-known/acme-challenge/YpWNE0TYKB3WS-NK2HY0uJRsa0SVN3mknABAuHraDLc: Timeout during connect (likely firewall problem)$
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/252110082806/moVaTQ",
      "token": "YpWNE0TYKB3WS-NK2HY0uJRsa0SVN3mknABAuHraDLc",
      "validationRecord": [
        {
          "url": "http://footie.ddns.net/.well-known/acme-challenge/YpWNE0TYKB3WS-NK2HY0uJRsa0SVN3mknABAuHraDLc",
          "hostname": "footie.ddns.net",
          "port": "80",
          "addressesResolved": [
            "185.217.112.172"
          ],
          "addressUsed": "185.217.112.172"
        }
      ],
      "validated": "2023-08-05T07:30:00Z"
    }
  ]
}
2023-08-05 08:30:11,597:DEBUG:acme.client:Storing nonce: 891FPjiZFWAUk2GLXo96Vr6lMfnCv_MNv1_NQ00jZ3wznqo
2023-08-05 08:30:11,599:INFO:certbot._internal.auth_handler:Challenge failed for domain footie.ddns.net
2023-08-05 08:30:11,600:INFO:certbot._internal.auth_handler:http-01 challenge for footie.ddns.net
2023-08-05 08:30:11,600:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: footie.ddns.net
  Type:   connection
  Detail: 185.217.112.172: Fetching http://footie.ddns.net/.well-known/acme-challenge/YpWNE0TYKB3WS-NK2HY0uJRsa0SVN3mknABAuHraDLc: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is acces$

2023-08-05 08:30:11,602:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-08-05 08:30:11,603:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-08-05 08:30:11,603:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-08-05 08:30:12,593:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/3025/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/_internal/main.py", line 1864, in main
    return config.func(config, plugins)
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/_internal/main.py", line 1447, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3025/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-08-05 08:30:12,598:ERROR:certbot._internal.log:Some challenges have failed.

Can you see your unencrypted website if you connect to your domain?

2 Likes

Hi, I decided to buy a real domain name and I tried again but still failed with this:

pi@raspberrypi:~ $ sudo certbot --apache -v

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/serve                                                                                                             r block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: footiefantasy.eu
2: www.footiefantasy.eu
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Requesting a certificate for footiefantasy.eu and www.footiefantasy.eu
Performing the following challenges:
http-01 challenge for footiefantasy.eu
http-01 challenge for www.footiefantasy.eu
Enabled Apache rewrite module
Waiting for verification...
Challenge failed for domain footiefantasy.eu
Challenge failed for domain www.footiefantasy.eu
http-01 challenge for footiefantasy.eu
http-01 challenge for www.footiefantasy.eu

Certbot failed to authenticate some domains (authenticator: apache). The Certifi                                                                                                             cate Authority reported these problems:
  Domain: footiefantasy.eu
  Type:   connection
  Detail: 185.217.112.172: Fetching http://footiefantasy.eu/.well-known/acme-cha                                                                                                             llenge/U2YtAMOdKxgo8F9eEcV3muCo-AfkOFzKWWRzb5PZR3g: Timeout during connect (like                                                                                                             ly firewall problem)

  Domain: www.footiefantasy.eu
  Type:   connection
  Detail: 185.217.112.172: Fetching http://www.footiefantasy.eu/.well-known/acme                                                                                                             -challenge/bBRTn13sC0OBNzO2PZfv80eTnJIUlIgyTFTOI7j_Qfk: Timeout during connect (                                                                                                             likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configurat                                                                                                             ion changes made by Certbot. Ensure that the listed domains point to this Apache                                                                                                              server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See t                                                                                                             he logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for mo                                                                                                             re details.
  • Is the IP address correct?
  • Are port 80 and 443 allowed in any firewall? (There could be multiple.)
  • Are port 80 and 443 portmapped in your router, if applicable?
  • Does your ISP allow incoming connections to port 80 and 443?
  • Is your ISP using CG-NAT by any chance?
1 Like

Hi,
The ip address is correct as the website works
I had modsecurity installed but I disabled that when I started to install the SSL
I have both 80 and 443 mapped. Again if the port 80 mapping didnt work the website wont work (not sure about 443)
ISP must allow 80, how do I check if 443 is allowed
Dont know if my ISP is using CG-NAT...how do I check that ?
curl ifconfig.co returns my public ip address

One thing I notice is that with sudo I cant cd into the letsencrypt directory but I can read the letsencrypt error log with nano.

Thank you for your help and patience and I really do want to get SSL installed

1 Like

traceroute ifconfig.co

And see if your public IP is the last before your internal LAN.

4 Likes

pi@raspberrypi:~ $ sudo traceroute ifconfig.co
traceroute to ifconfig.co (172.64.136.12), 30 hops max, 60 byte packets
1 192.168.0.1 (192.168.0.1) 0.648 ms 0.924 ms 1.199 ms
2 129.red-185-217-112.telecablesantapola.es (185.217.112.129) 8.286 ms 8.363 ms 8.428 ms
3 192.168.121.161 (192.168.121.161) 7.672 ms 7.762 ms 7.817 ms
4 192.168.113.73 (192.168.113.73) 12.370 ms 12.609 ms 13.012 ms
5 31.25.179.17 (31.25.179.17) 13.675 ms 14.084 ms 14.392 ms
6 cloudflare.as13335.xe0.mad.ixplay.global (185.1.90.13) 15.201 ms 10.413 ms 10.688 ms
7 172.70.58.2 (172.70.58.2) 10.426 ms 172.70.60.2 (172.70.60.2) 10.636 ms 172.70.56.3 (172.70.56.3) 11.992 ms
8 172.64.136.12 (172.64.136.12) 10.823 ms 12.010 ms 12.097 ms

I think your public IP changed.

It was 185.217.112.172

It now is 185.217.112.129

3 Likes

Hi, just checked and it hasnt changed. Its still 185.217.112.172

pi@raspberrypi:~ $ sudo curl ifconfig.co
185.217.112.172