Letsencrypt certonly webroot domain verification trouble


#1

Please fill out the fields below so we can help you better.

My domain is: mastodon.fm

I ran this command: “letsencrypt certonly” then when it asked for webroot I entered “/msvps/”

It produced this output: Failed authorization procedure. mastodon.fm (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to mastodon.fm

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: mastodon.fm
    Type: connection
    Detail: Could not connect to mastodon.fm

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My operating system is (include version): Debian 8.7 stable (Jessie) (stable) (64bits)

My web server is (include version): So you Start - 32G E3-1245v2 SoftRaid 2x2TB Server

My hosting provider, if applicable, is: So You Start/OVH

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): ISPconfig 3

More info: I’m trying to install a vps running a mastodon instance that is separate to the partition where standard websites via the ISPconfig control panel is installed. Partition is set out at install as 250GB /var 15GB /tmp 20GB / Rest of space /msvps for the separate VPS install. Approx 2.7TB

When I ping mastodon.fm it’s appearing at the correct IP 158.69.243.238


#2

If it helps here’s my log :slight_smile:

2017-04-18 00:49:36,249:DEBUG:certbot.main:Root logging level set at 20
2017-04-18 00:49:36,249:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-04-18 00:49:36,255:DEBUG:certbot.main:certbot version: 0.9.3
2017-04-18 00:49:36,255:DEBUG:certbot.main:Arguments: []
2017-04-18 00:49:36,255:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2017-04-18 00:49:36,259:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2017-04-18 00:49:36,519:DEBUG:certbot.plugins.selection:Multiple candidate plugins: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x6f70ea7de7d0>
Prep: True

  • standalone
    Description: Spin up a temporary webserver
    Interfaces: IAuthenticator, IPlugin
    Entry point: standalone = certbot.plugins.standalone:Authenticator
    Initialized: <certbot.plugins.standalone.Authenticator object at 0x6f70ea7e6f90>
    Prep: True
    2017-04-18 00:49:41,210:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x6f70ea7de7d0> and installer None
    2017-04-18 00:49:41,409:DEBUG:certbot.main:Picked account: <Account(b918a88ed5283987141eddd2e6403fcb)>
    2017-04-18 00:49:41,411:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
    2017-04-18 00:49:41,412:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
    2017-04-18 00:49:42,189:DEBUG:requests.packages.urllib3.connectionpool:“GET /directory HTTP/1.1” 200 352
    2017-04-18 00:49:42,190:DEBUG:root:Received <Response [200]>. Headers: {‘Content-Length’: ‘352’, ‘Expires’: ‘Tue, 18 Apr 2017 00:49:42 GMT’, ‘Boulder-Request-Id’: ‘uR4k0aSRi11CF_PdbrrRo1P9jWQ1XL82N4Jimw1ncOw’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Tue, 18 Apr 2017 00:49:42 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘eoBpmZyv8RFxJ2hf1WwH7IHDeTNJptek-jxL8W3VjNc’}. Content: '{\n “key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”,\n “new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”,\n “new-cert”: “https://acme-v01.api.letsencrypt.org/acme/new-cert”,\n “new-reg”: “https://acme-v01.api.letsencrypt.org/acme/new-reg”,\n “revoke-cert”: “https://acme-v01.api.letsencrypt.org/acme/revoke-cert”\n}'
    2017-04-18 00:49:42,191:DEBUG:acme.client:Received response <Response [200]> (headers: {‘Content-Length’: ‘352’, ‘Expires’: ‘Tue, 18 Apr 2017 00:49:42 GMT’, ‘Boulder-Request-Id’: ‘uR4k0aSRi11CF_PdbrrRo1P9jWQ1XL82N4Jimw1ncOw’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Tue, 18 Apr 2017 00:49:42 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘eoBpmZyv8RFxJ2hf1WwH7IHDeTNJptek-jxL8W3VjNc’}): '{\n “key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”,\n “new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”,\n “new-cert”: “https://acme-v01.api.letsencrypt.org/acme/new-cert”,\n “new-reg”: “https://acme-v01.api.letsencrypt.org/acme/new-reg”,\n “revoke-cert”: “https://acme-v01.api.letsencrypt.org/acme/revoke-cert”\n}'
    2017-04-18 00:49:42,192:DEBUG:certbot.display.ops:No installer, picking names manually
    2017-04-18 00:49:48,660:INFO:certbot.main:Obtaining a new certificate
    2017-04-18 00:49:48,669:DEBUG:root:Requesting fresh nonce
    2017-04-18 00:49:48,669:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
    2017-04-18 00:49:48,740:DEBUG:requests.packages.urllib3.connectionpool:“HEAD /acme/new-authz HTTP/1.1” 405 0
    2017-04-18 00:49:48,741:DEBUG:root:Received <Response [405]>. Headers: {‘Content-Length’: ‘91’, ‘Pragma’: ‘no-cache’, ‘Boulder-Request-Id’: ‘JBPC-V3uOdLUzMuzbe88xJx2fv9j0draXi5RNufSbJY’, ‘Expires’: ‘Tue, 18 Apr 2017 00:49:48 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Allow’: ‘POST’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Tue, 18 Apr 2017 00:49:48 GMT’, ‘Content-Type’: ‘application/problem+json’, ‘Replay-Nonce’: ‘8Gr6YR3WMdd01_h0Uwwrkl5QbInGCLYXaZNCLapESVU’}. Content: ''
    2017-04-18 00:49:48,741:DEBUG:acme.client:Storing nonce: '\xf0j\xfaa\x1d\xd61\xd7t\xd7\xf8tS\x0c+\x92^Pl\x89\xc6\x08\xb6\x17i\x93B-\xaaDIU’
    2017-04-18 00:49:48,743:DEBUG:acme.jose.json_util:Omitted empty fields: status=None, combinations=None, expires=None, challenges=None
    2017-04-18 00:49:48,743:DEBUG:acme.client:Serialized JSON: {“identifier”: {“type”: “dns”, “value”: “mastodon.fm”}, “resource”: “new-authz”}
    2017-04-18 00:49:48,746:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, cty=None, x5t=None, alg=None, x5tS256=None, x5u=None, kid=None, jwk=None
    2017-04-18 00:49:48,751:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, nonce=None, cty=None, x5t=None, kid=None, x5tS256=None, x5u=None
    2017-04-18 00:49:48,751:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {‘data’: ‘{“header”: {“alg”: “RS256”, “jwk”: {“e”: “AQAB”, “kty”: “RSA”, “n”: “qgyuK1-LZuTQeiTZ3Aw15L0VFd8H3JfDLO90lNiznQ6XfClvfgAppw72iJKKtfjLe_x5M-nQj5bvqQqGvIRCwwVoZr6rwKdMYlnJbukj2QZeQpSgSeMAoFFcs_9Ku_P9Mjsymzw3a4mz0ysFgWdus2ErG7_ZdYTAhcQOJFctBBivd44tK7ZJcRxdv5Ga7TXAji6zKulgzZL1HmtA5I1hhbsm4ky4_Axx-NT72gSMnte9WMLNdxx99foIlDH_Ng63syV73f17H9v7UwSMMLekjTvk_9vEpaBpsNJ0GmM5wisGMGrSc55iKOs5-XqzIud5qOrLSkMV9ollJW5zqXSn3w”}}, “protected”: “eyJub25jZSI6ICI4R3I2WVIzV01kZDAxX2gwVXd3cmtsNVFiSW5HQ0xZWGFaTkNMYXBFU1ZVIn0”, “payload”: “eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJtYXN0b2Rvbi5mbSJ9LCAicmVzb3VyY2UiOiAibmV3LWF1dGh6In0”, “signature”: “dow4RSFgvPRvy4wg3GkGkdTryCpJtLbKKliHQl6X5r3lHOetFJKtEeoTZ0fatPV8vtiotCE7A7s1mdvGJ-cxe2krYUdKghnUgYaZoslcfljQ9ctzqCRoj0oy5kV1sf4owJNd0c_3NE8lh8ontL-2uNAf7qAQ90coFcehHOQzm59PpvZHQuNKSu8yYyZj5ThUv7hFuAWYAR_yb0VToiKmyqwfaJFDIaUsAKpmsjH6xV9cYOT3gf02NqfvBbEZthD_gEdlFpmQluZ7fN56htIr0tq2ASNoZusZYHRV53nEK1NGZ8KIums2g3qQCIskmIyYiLtREY2sBnrdPQqVVlXNHw”}’}
    2017-04-18 00:49:48,882:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-authz HTTP/1.1” 201 999
    2017-04-18 00:49:48,883:DEBUG:root:Received <Response [201]>. Headers: {‘Content-Length’: ‘999’, ‘Expires’: ‘Tue, 18 Apr 2017 00:49:48 GMT’, ‘Boulder-Request-Id’: ‘6Hx-ZQ34SlgpUcfY7oR1xQnVg4rXQntQV-vuv-p7lBA’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY’, ‘Pragma’: ‘no-cache’, ‘Boulder-Requester’: ‘12674350’, ‘Date’: ‘Tue, 18 Apr 2017 00:49:48 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘bOyQgeHejZWd-cLn4yQehTH_NbnfYcdAI28oESSaM20’}. Content: '{\n “identifier”: {\n “type”: “dns”,\n “value”: “mastodon.fm”\n },\n “status”: “pending”,\n “expires”: “2017-04-25T00:49:48.814969356Z”,\n “challenges”: [\n {\n “type”: “tls-sni-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY/1041474200”,\n “token”: “akhSVNgnegtJxvIdXbhPe9nVeqLUxKrR_kBp2rHOmpI”\n },\n {\n “type”: “dns-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY/1041474202”,\n “token”: “aeY0NHFyi50Jjyq0YZUvsJ_B2_iDg6ELDEfyMZ9YVL0”\n },\n {\n “type”: “http-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY/1041474203”,\n “token”: “25MLJbjkupTID_JO7AQMGP-uSPq39pOcQndT5lDC9XY”\n }\n ],\n “combinations”: [\n [\n 0\n ],\n [\n 2\n ],\n [\n 1\n ]\n ]\n}'
    2017-04-18 00:49:48,883:DEBUG:acme.client:Storing nonce: 'l\xec\x90\x81\xe1\xde\x8d\x95\x9d\xf9\xc2\xe7\xe3$\x1e\x851\xff5\xb9\xdfa\xc7@#o(\x11$\x9a3m’
    2017-04-18 00:49:48,884:DEBUG:acme.client:Received response <Response [201]> (headers: {‘Content-Length’: ‘999’, ‘Expires’: ‘Tue, 18 Apr 2017 00:49:48 GMT’, ‘Boulder-Request-Id’: ‘6Hx-ZQ34SlgpUcfY7oR1xQnVg4rXQntQV-vuv-p7lBA’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY’, ‘Pragma’: ‘no-cache’, ‘Boulder-Requester’: ‘12674350’, ‘Date’: ‘Tue, 18 Apr 2017 00:49:48 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘bOyQgeHejZWd-cLn4yQehTH_NbnfYcdAI28oESSaM20’}): '{\n “identifier”: {\n “type”: “dns”,\n “value”: “mastodon.fm”\n },\n “status”: “pending”,\n “expires”: “2017-04-25T00:49:48.814969356Z”,\n “challenges”: [\n {\n “type”: “tls-sni-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY/1041474200”,\n “token”: “akhSVNgnegtJxvIdXbhPe9nVeqLUxKrR_kBp2rHOmpI”\n },\n {\n “type”: “dns-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY/1041474202”,\n “token”: “aeY0NHFyi50Jjyq0YZUvsJ_B2_iDg6ELDEfyMZ9YVL0”\n },\n {\n “type”: “http-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY/1041474203”,\n “token”: “25MLJbjkupTID_JO7AQMGP-uSPq39pOcQndT5lDC9XY”\n }\n ],\n “combinations”: [\n [\n 0\n ],\n [\n 2\n ],\n [\n 1\n ]\n ]\n}'
    2017-04-18 00:49:48,885:INFO:certbot.auth_handler:Performing the following challenges:
    2017-04-18 00:49:48,894:INFO:certbot.auth_handler:http-01 challenge for mastodon.fm
    2017-04-18 00:52:57,448:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /msvps/.well-known/acme-challenge
    2017-04-18 00:52:57,458:DEBUG:certbot.plugins.webroot:Attempting to save validation to /msvps/.well-known/acme-challenge/25MLJbjkupTID_JO7AQMGP-uSPq39pOcQndT5lDC9XY
    2017-04-18 00:52:57,458:INFO:certbot.auth_handler:Waiting for verification…
    2017-04-18 00:52:57,467:DEBUG:acme.client:Serialized JSON: {“keyAuthorization”: “25MLJbjkupTID_JO7AQMGP-uSPq39pOcQndT5lDC9XY.3-z1FNbYAZb8fnX89YKdVR2jIqe6OxMQRmVapFR35h8”, “type”: “http-01”, “resource”: “challenge”}
    2017-04-18 00:52:57,469:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, cty=None, x5t=None, alg=None, x5tS256=None, x5u=None, kid=None, jwk=None
    2017-04-18 00:52:57,473:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, nonce=None, cty=None, x5t=None, kid=None, x5tS256=None, x5u=None
    2017-04-18 00:52:57,474:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY/1041474203. args: (), kwargs: {‘data’: ‘{“header”: {“alg”: “RS256”, “jwk”: {“e”: “AQAB”, “kty”: “RSA”, “n”: “qgyuK1-LZuTQeiTZ3Aw15L0VFd8H3JfDLO90lNiznQ6XfClvfgAppw72iJKKtfjLe_x5M-nQj5bvqQqGvIRCwwVoZr6rwKdMYlnJbukj2QZeQpSgSeMAoFFcs_9Ku_P9Mjsymzw3a4mz0ysFgWdus2ErG7_ZdYTAhcQOJFctBBivd44tK7ZJcRxdv5Ga7TXAji6zKulgzZL1HmtA5I1hhbsm4ky4_Axx-NT72gSMnte9WMLNdxx99foIlDH_Ng63syV73f17H9v7UwSMMLekjTvk_9vEpaBpsNJ0GmM5wisGMGrSc55iKOs5-XqzIud5qOrLSkMV9ollJW5zqXSn3w”}}, “protected”: “eyJub25jZSI6ICJiT3lRZ2VIZWpaV2QtY0xuNHlRZWhUSF9OYm5mWWNkQUkyOG9FU1NhTTIwIn0”, “payload”: “eyJrZXlBdXRob3JpemF0aW9uIjogIjI1TUxKYmprdXBUSURfSk83QVFNR1AtdVNQcTM5cE9jUW5kVDVsREM5WFkuMy16MUZOYllBWmI4Zm5YODlZS2RWUjJqSXFlNk94TVFSbVZhcEZSMzVoOCIsICJ0eXBlIjogImh0dHAtMDEiLCAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIn0”, “signature”: “gIRGWBjBO8wVl_K2Eggrov-3TJ7BUoMlXxRuCK7ZxJItQl9BVrieRg_nSU19cT0x4vUcqEEYRBKyG1fdgj8bYvQM7nE2FYXm0aslT6QYrDg5l9YbcDrPe8HZKkQgFNLHZDo9w4mwAnjjjXP_zufs79ZC_F6ATB9-3pia1YbPaH92J-hvggOV8g3n85Uh8kZKCsidV7v0P2cvF8ch_IG-d74Zb2BRIXIUt5ylMg2F8DaQm-C2-u7cVMYBcENQRz3G77tCURYyaabI6lv64EZCYF-B9zpP71f6aMcNhXisvpejCMlM6YvHIYcHynPX1xyABhQVa2Lk0008YppyeJrlzQ”}’}
    2017-04-18 00:52:57,685:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/challenge/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY/1041474203 HTTP/1.1” 202 336
    2017-04-18 00:52:57,686:DEBUG:root:Received <Response [202]>. Headers: {‘Content-Length’: ‘336’, ‘Boulder-Request-Id’: ‘esoT9zHnLXreHsjQip02q2CjWXnWh3czOD-E2tkQW60’, ‘Expires’: ‘Tue, 18 Apr 2017 00:52:57 GMT’, ‘Server’: ‘nginx’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY;rel=“up”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/challenge/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY/1041474203’, ‘Pragma’: ‘no-cache’, ‘Boulder-Requester’: ‘12674350’, ‘Date’: ‘Tue, 18 Apr 2017 00:52:57 GMT’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘BnnSRWuWg41Drh2dh0Lqb12B8I84yKHZY1GQJEQo35g’}. Content: '{\n “type”: “http-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY/1041474203”,\n “token”: “25MLJbjkupTID_JO7AQMGP-uSPq39pOcQndT5lDC9XY”,\n “keyAuthorization”: “25MLJbjkupTID_JO7AQMGP-uSPq39pOcQndT5lDC9XY.3-z1FNbYAZb8fnX89YKdVR2jIqe6OxMQRmVapFR35h8”\n}'
    2017-04-18 00:52:57,686:DEBUG:acme.client:Storing nonce: '\x06y\xd2Ek\x96\x83\x8dC\xae\x1d\x9d\x87B\xeao]\x81\xf0\x8f8\xc8\xa1\xd9cQ\x90$D(\xdf\x98’
    2017-04-18 00:52:57,687:DEBUG:acme.client:Received response <Response [202]> (headers: {‘Content-Length’: ‘336’, ‘Boulder-Request-Id’: ‘esoT9zHnLXreHsjQip02q2CjWXnWh3czOD-E2tkQW60’, ‘Expires’: ‘Tue, 18 Apr 2017 00:52:57 GMT’, ‘Server’: ‘nginx’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY;rel=“up”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/challenge/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY/1041474203’, ‘Pragma’: ‘no-cache’, ‘Boulder-Requester’: ‘12674350’, ‘Date’: ‘Tue, 18 Apr 2017 00:52:57 GMT’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘BnnSRWuWg41Drh2dh0Lqb12B8I84yKHZY1GQJEQo35g’}): '{\n “type”: “http-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY/1041474203”,\n “token”: “25MLJbjkupTID_JO7AQMGP-uSPq39pOcQndT5lDC9XY”,\n “keyAuthorization”: “25MLJbjkupTID_JO7AQMGP-uSPq39pOcQndT5lDC9XY.3-z1FNbYAZb8fnX89YKdVR2jIqe6OxMQRmVapFR35h8”\n}'
    2017-04-18 00:53:00,690:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY. args: (), kwargs: {}
    2017-04-18 00:53:00,798:DEBUG:requests.packages.urllib3.connectionpool:“GET /acme/authz/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY HTTP/1.1” 200 1598
    2017-04-18 00:53:00,799:DEBUG:root:Received <Response [200]>. Headers: {‘Content-Length’: ‘1598’, ‘Expires’: ‘Tue, 18 Apr 2017 00:53:00 GMT’, ‘Boulder-Request-Id’: ‘HGZQix0bUfRVp34q7DULpOZhy7I8btxOn1z11By-pqI’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Tue, 18 Apr 2017 00:53:00 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘Mu2ygdxCIB_WSbjVDRQ7aNoYvrc9ZFHV3lB4BO6A-bw’}. Content: '{\n “identifier”: {\n “type”: “dns”,\n “value”: “mastodon.fm”\n },\n “status”: “invalid”,\n “expires”: “2017-04-25T00:49:48Z”,\n “challenges”: [\n {\n “type”: “tls-sni-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY/1041474200”,\n “token”: “akhSVNgnegtJxvIdXbhPe9nVeqLUxKrR_kBp2rHOmpI”\n },\n {\n “type”: “dns-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY/1041474202”,\n “token”: “aeY0NHFyi50Jjyq0YZUvsJ_B2_iDg6ELDEfyMZ9YVL0”\n },\n {\n “type”: “http-01”,\n “status”: “invalid”,\n “error”: {\n “type”: “urn:acme:error:connection”,\n “detail”: “Could not connect to mastodon.fm”,\n “status”: 400\n },\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY/1041474203”,\n “token”: “25MLJbjkupTID_JO7AQMGP-uSPq39pOcQndT5lDC9XY”,\n “keyAuthorization”: “25MLJbjkupTID_JO7AQMGP-uSPq39pOcQndT5lDC9XY.3-z1FNbYAZb8fnX89YKdVR2jIqe6OxMQRmVapFR35h8”,\n “validationRecord”: [\n {\n “url”: “http://mastodon.fm/.well-known/acme-challenge/25MLJbjkupTID_JO7AQMGP-uSPq39pOcQndT5lDC9XY”,\n “hostname”: “mastodon.fm”,\n “port”: “80”,\n “addressesResolved”: [\n “158.69.243.238”\n ],\n “addressUsed”: “158.69.243.238”\n }\n ]\n }\n ],\n “combinations”: [\n [\n 0\n ],\n [\n 2\n ],\n [\n 1\n ]\n ]\n}'
    2017-04-18 00:53:00,800:DEBUG:acme.client:Received response <Response [200]> (headers: {‘Content-Length’: ‘1598’, ‘Expires’: ‘Tue, 18 Apr 2017 00:53:00 GMT’, ‘Boulder-Request-Id’: ‘HGZQix0bUfRVp34q7DULpOZhy7I8btxOn1z11By-pqI’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Tue, 18 Apr 2017 00:53:00 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘Mu2ygdxCIB_WSbjVDRQ7aNoYvrc9ZFHV3lB4BO6A-bw’}): '{\n “identifier”: {\n “type”: “dns”,\n “value”: “mastodon.fm”\n },\n “status”: “invalid”,\n “expires”: “2017-04-25T00:49:48Z”,\n “challenges”: [\n {\n “type”: “tls-sni-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY/1041474200”,\n “token”: “akhSVNgnegtJxvIdXbhPe9nVeqLUxKrR_kBp2rHOmpI”\n },\n {\n “type”: “dns-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY/1041474202”,\n “token”: “aeY0NHFyi50Jjyq0YZUvsJ_B2_iDg6ELDEfyMZ9YVL0”\n },\n {\n “type”: “http-01”,\n “status”: “invalid”,\n “error”: {\n “type”: “urn:acme:error:connection”,\n “detail”: “Could not connect to mastodon.fm”,\n “status”: 400\n },\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/SS_tjkUheEfOe2d298ip8nNWvzkj6CktB6Fl9l-dGPY/1041474203”,\n “token”: “25MLJbjkupTID_JO7AQMGP-uSPq39pOcQndT5lDC9XY”,\n “keyAuthorization”: “25MLJbjkupTID_JO7AQMGP-uSPq39pOcQndT5lDC9XY.3-z1FNbYAZb8fnX89YKdVR2jIqe6OxMQRmVapFR35h8”,\n “validationRecord”: [\n {\n “url”: “http://mastodon.fm/.well-known/acme-challenge/25MLJbjkupTID_JO7AQMGP-uSPq39pOcQndT5lDC9XY”,\n “hostname”: “mastodon.fm”,\n “port”: “80”,\n “addressesResolved”: [\n “158.69.243.238”\n ],\n “addressUsed”: “158.69.243.238”\n }\n ]\n }\n ],\n “combinations”: [\n [\n 0\n ],\n [\n 2\n ],\n [\n 1\n ]\n ]\n}'
    2017-04-18 00:53:00,802:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: mastodon.fm
Type: connection
Detail: Could not connect to mastodon.fm

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you’re using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2017-04-18 00:53:00,802:INFO:certbot.auth_handler:Cleaning up challenges
2017-04-18 00:53:00,811:DEBUG:certbot.plugins.webroot:Removing /msvps/.well-known/acme-challenge/25MLJbjkupTID_JO7AQMGP-uSPq39pOcQndT5lDC9XY
2017-04-18 00:53:00,812:INFO:certbot.plugins.webroot:Unable to clean up challenge directory /msvps/.well-known/acme-challenge
2017-04-18 00:53:00,820:DEBUG:certbot.plugins.webroot:Error was: [Errno 39] Directory not empty: '/msvps/.well-known/acme-challenge’
2017-04-18 00:53:00,823:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/letsencrypt”, line 9, in
load_entry_point(‘certbot==0.9.3’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 776, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 563, in obtain_cert
action, _ = _auth_from_domains(le_client, config, domains, lineage)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 100, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 281, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 253, in obtain_certificate
self.config.allow_subset_of_names)
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 78, in get_authorizations
self._respond(resp, best_effort)
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 135, in _respond
self._poll_challenges(chall_update, best_effort)
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 199, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. mastodon.fm (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to mastodon.fm


#3

Hi,

Do you have an existing web server listening on port 80?

Does it serve documents directly out of the directory /msvps?

(Both of these are requirements for using the webroot method the way that you did.)


#4

I have no idea, I’ve decided to reinstall the server and stick with a standard partitioning, I’m hoping that I can run a mastodon instance under ISPconfig. I’m going to try installing everything that way hoping that will help.


#5

Well, I’m not sure of everything that was going wrong before, but just to clarify for future reference:

  • To use webroot you have to have a web server already running on the machine. It has to be serving files from some directory in the local filesystem. That directory is called the webroot directory and is specified with -w or in response to an interactive question from Certbot.

If you’re trying to get a certificate for example.com, and you’ve told Certbot that the webroot is /var/www/example, then creating a file /var/www/example/test.txt on your system should result in that same file being visible at http://example.com/test.txt; if this isn’t true then you can’t use webroot this way (and perhaps need to figure out how to change your web server configuration to make it true).


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.