Hello everyone! H
I have had a serious problem for some time (in fact since I had to buy my natora.net domain and thus reconfigure the DNS zone (as identical).
The problem is that I am now unable to obtain an SSL certificate with Letsencrypt when I want to apply it on the www of my domains ...
Ex.:
certbot certonly --webroot -w / var / www -d natora.net works but
certbot certonly --webroot -w /var/www/natora.net -d www.natora.net NO!
Here are the commands and logs, this procedure having been done without problems before that, I have no solution!
Thanks for your help;)
===========================================================
DNS
Sous-domaine Ttl Type Adresse IP / Nom d'hôte
14400 A pointe sur 51.15.2.244
-
14400 CNAME est un alias de dedi.natora.net.
todo 14400 A pointe sur 51.15.2.244
===========================================================
root@dedi:/var/www/# ls -l
total 24
-rw-r--r-- 1 www-data www-data 12 Dec 7 09:25 index.html
-rw-r--r-- 1 www-data www-data 16 Dec 7 09:25 index.php
-rw-r--r-- 1 www-data www-data 20 Dec 7 09:26 info.php
drwxr-sr-x 2 www-data www-data 4096 Dec 7 13:21 natora.net
drwxr-xr-x 12 www-data www-data 4096 Oct 15 14:07 phpmyadmin
drwxr-sr-x 2 www-data www-data 4096 Dec 7 08:37 the-catz.org
root@dedi:/var/www/natora.net/# ls -l
-rw-r--r-- 1 www-data www-data 21 Dec 7 09:35 index.html
-rw-r--r-- 1 www-data www-data 21 Dec 7 09:36 index.php
root@dedi:/etc/lighttpd/# nano lighttpd.conf
server.modules = (
"mod_indexfile",
"mod_auth",
"mod_setenv",
"mod_access",
"mod_accesslog",
"mod_alias",
"mod_redirect",
"mod_openssl",
"mod_proxy",
"mod_fastcgi",
)
server.tag = ""
server.document-root = "/var/www"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
strict parsing and normalization of URL for consistency and security
https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
(might need to explicitly set "url-path-2f-decode" = "disable"
if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
"header-strict" => "enable",# default
"host-strict" => "enable",# default
"host-normalize" => "enable",# default
"url-normalize-unreserved"=> "enable",# recommended highly
"url-normalize-required" => "enable",# recommended
"url-ctrls-reject" => "enable",# recommended
"url-path-2f-decode" => "enable",# recommended highly (unless breaks app)
#"url-path-2f-reject" => "enable",
"url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app)
#"url-path-dotseg-reject" => "enable",
#"url-query-20-plus" => "enable",# consistency in query string
)
Start an FastCGI server for php
fastcgi.server += ( ".php" =>
((
"socket" => "/var/run/php/php7.4-fpm.sock",
"broken-scriptfilename" => "enable"
))
)
index-file.names = ( "index.html", "index.htm", "index.php" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
Directory listings
dir-listing.encoding = "utf-8"
server.dir-listing = "disable"
Deny access to version control system directories.
$HTTP["url"] =~ "/.svn|/.git" {
url.access-deny = ( "" )
}
Deny access to apache configuration files.
$HTTP["url"] =~ "/.htaccess|/.htpasswd|/.htgroups" {
url.access-deny = ( "" )
}
default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"
#server.compat-module-load = "disable"
server.modules += (
"mod_compress",
"mod_dirlisting",
"mod_staticfile",
root@dedi:/etc/lighttpd/conf-enabled# ls -l
total 0
lrwxrwxrwx 1 root root 29 Dec 7 07:45 natora.net.conf -> ../conf-hosts/natora.net.conf
lrwxrwxrwx 1 root root 31 Dec 7 07:45 the-catz.org.conf -> ../conf-hosts/the-catz.org.conf
root@dedi:/etc/lighttpd/conf-enabled# nano natora.net.conf
#$HTTP["host"] == "natora.net" {
server.name = "natora.net"
server.document-root = "/var/www/"
#}
$HTTP["host"] == "www.natora.net" {
server.name = "www.natora.net"
server.document-root = "/var/www/natora.net/"
}
root@dedi:/root/# echo '' > /var/log/letsencrypt/letsencrypt.log
root@dedi:/root/# certbot certonly --webroot -w /var/www/natora.net -d www.natora.net -d natora.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for natora.net
http-01 challenge for www.natora.net
Using the webroot path /var/www/natora.net for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. natora.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://natora.net/.well-known/acme-challenge/ZOxYm1xryqaPqwfJzwQg768N-1CX-iZBb24cirh2UjU [51.15.2.244]: "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"\n "http://www.", www.natora.net (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for www.natora.net - the domain's nameservers may be malfunctioning
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: natora.net
Type: unauthorized
Detail: Invalid response from
http://natora.net/.well-known/acme-challenge/ZOxYm1xryqaPqwfJzwQg768N-1CX-iZBb24cirh2UjU
[51.15.2.244]: "<?xml version="1.0"
encoding="iso-8859-1"?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD
XHTML 1.0 Transitional//EN"\n "http://www."To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. -
The following errors were reported by the server:
Domain: www.natora.net
Type: None
Detail: DNS problem: SERVFAIL looking up A for www.natora.net - the
domain's nameservers may be malfunctioning
root@dedi:/var/log/letsencrypt/# nano letsencrypt.log
2020-12-07 13:20:55,919:DEBUG:certbot.main:certbot version: 0.31.0
2020-12-07 13:20:55,923:DEBUG:certbot.main:Arguments: ['--webroot', '-w', '/var/www/natora.net', '-d', 'www.natora.net', '-d', 'natora.net']
2020-12-07 13:20:55,924:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoi$
2020-12-07 13:20:55,955:DEBUG:certbot.log:Root logging level set at 20
2020-12-07 13:20:55,956:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-12-07 13:20:55,958:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2020-12-07 13:20:55,959:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7fcee301ec88>
Prep: True
2020-12-07 13:20:55,960:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7fcee301ec88> and installer None
2020-12-07 13:20:55,960:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2020-12-07 13:20:55,972:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_$
2020-12-07 13:20:55,974:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2020-12-07 13:20:55,979:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2020-12-07 13:20:56,528:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2020-12-07 13:20:56,530:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 07 Dec 2020 12:20:56 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"aMtUs9RN7tg": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2020-12-07 13:20:56,536:INFO:certbot.main:Obtaining a new certificate
2020-12-07 13:20:57,359:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0005_key-certbot.pem
2020-12-07 13:20:57,370:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0005_csr-certbot.pem
2020-12-07 13:20:57,371:DEBUG:acme.client:Requesting fresh nonce
2020-12-07 13:20:57,372:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2020-12-07 13:20:57,508:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2020-12-07 13:20:57,509:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 07 Dec 2020 12:20:57 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0004YTaxseuGHIdSixb5XclVebmt2Kizuk64lWSINruBaIw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2020-12-07 13:20:57,510:DEBUG:acme.client:Storing nonce: 0004YTaxseuGHIdSixb5XclVebmt2Kizuk64lWSINruBaIw
2020-12-07 13:20:57,511:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "www.natora.net"\n },\n {\n "type": "dns",\n "value": "natora.net"\n }\n ]\n}'
2020-12-07 13:20:57,520:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA1NDA5NDk0IiwgIm5vbmNlIjogIjAwMDRZVGF4c2V1R0hJZFNpeGI$
"signature": "kd_5WE8_siwpc7fZ_woft3WEdv1O8U_dRaDrFe33GMrcjFq3-5kt6ZT1-_Sgbarz7gOg4SyaWnA1ESbX6aeEgzgGrhwLNFVrxaD0naNlLCOba-6aFpOUycv0K-9GK3SUz5y2qQbpkxj4R4IJtPnf-fU$
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5uYXRvcmEubmV0IgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKI$
}
2020-12-07 13:20:57,756:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 476
2020-12-07 13:20:57,757:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Mon, 07 Dec 2020 12:20:57 GMT
Content-Type: application/json
Content-Length: 476
Connection: keep-alive
Boulder-Requester: 105409494
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/105409494/6612843165
Replay-Nonce: 0004BT9c6l2ZKpk89omAeTRytTyrNPf8YnvtJ3l7GkYLdHU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2020-12-14T12:20:57.672109603Z",
"identifiers": [
{
"type": "dns",
"value": "natora.net"
},
{
"type": "dns",
"value": "www.natora.net"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/9136160706",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/9136160707"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/105409494/6612843165"
}
2020-12-07 13:20:57,758:DEBUG:acme.client:Storing nonce: 0004BT9c6l2ZKpk89omAeTRytTyrNPf8YnvtJ3l7GkYLdHU
2020-12-07 13:20:57,759:DEBUG:acme.client:JWS payload:
b''
2020-12-07 13:20:57,767:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/9136160706:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA1NDA5NDk0IiwgIm5vbmNlIjogIjAwMDRCVDljNmwyWktwazg5b21$
"signature": "XrdD4vW7sQToP7wB587nO6P77qMrWblYl6SzfQDsvRA01QOnUnZZbs6oXhrdwzAIcrNCTacHPOzmntKN_pyY5Hu4iOsDz8HUnPu7Y601TT5E6_T6x7l1HxrISB4mX1wcApctALhQo2ZjzvEQ-9KR2N_$
"payload": ""
}
2020-12-07 13:20:57,912:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/9136160706 HTTP/1.1" 200 788
2020-12-07 13:20:57,913:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 07 Dec 2020 12:20:57 GMT
Content-Type: application/json
Content-Length: 788
Connection: keep-alive
Boulder-Requester: 105409494
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0004bu3KOgDQHzWMNauO_hnU5vzhWu--kELDBvnifU2-UZI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "natora.net"
},
"status": "pending",
"expires": "2020-12-14T12:20:57Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9136160706/HaKizg",
"token": "hyLztAB5URxDwODEmnrpnVSvVspOUQPVZFi77y1NoPY"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9136160706/G3Rfxg",
"token": "hyLztAB5URxDwODEmnrpnVSvVspOUQPVZFi77y1NoPY"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9136160706/iGr1gg",
"token": "hyLztAB5URxDwODEmnrpnVSvVspOUQPVZFi77y1NoPY"
}
]
}
2020-12-07 13:20:57,914:DEBUG:acme.client:Storing nonce: 0004bu3KOgDQHzWMNauO_hnU5vzhWu--kELDBvnifU2-UZI
2020-12-07 13:20:57,915:DEBUG:acme.client:JWS payload:
b''
2020-12-07 13:20:57,923:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/9136160707:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA1NDA5NDk0IiwgIm5vbmNlIjogIjAwMDRidTNLT2dEUUh6V01OYXV$
"signature": "ELpjAbpKhKsLLOm5cW1BA2dyHpyv2lIlVKgLzOxoS_93bNKU88QtgZhkSXhO7jE3YYdoWsuOzOiN7n7bsczFE7Q35gJcWehFoAR8t84rQp13Eufz4WxdFYbxWXlSEmjdtL0h1QH-l33XM2hEfYOa9h6$
"payload": ""
}
2020-12-07 13:20:58,075:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/9136160707 HTTP/1.1" 200 792
2020-12-07 13:20:58,076:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 07 Dec 2020 12:20:58 GMT
Content-Type: application/json
Content-Length: 792
Connection: keep-alive
Boulder-Requester: 105409494
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 00041D5RIizOGrhTam_DRYyvBr1QHZc6InKQ0XOEWCGQyXg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "www.natora.net"
},
"status": "pending",
"expires": "2020-12-14T12:20:57Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9136160707/2NKqFA",
"token": "8ipm2lQt2kZAz0l5GaoykAEgS9aOaLMSINjmudphy-o"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9136160707/1_M0Hg",
"token": "8ipm2lQt2kZAz0l5GaoykAEgS9aOaLMSINjmudphy-o"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9136160707/OEyBfw",
"token": "8ipm2lQt2kZAz0l5GaoykAEgS9aOaLMSINjmudphy-o"
}
]
}
2020-12-07 13:20:58,076:DEBUG:acme.client:Storing nonce: 00041D5RIizOGrhTam_DRYyvBr1QHZc6InKQ0XOEWCGQyXg
2020-12-07 13:20:58,078:INFO:certbot.auth_handler:Performing the following challenges:
2020-12-07 13:20:58,078:INFO:certbot.auth_handler:http-01 challenge for natora.net
2020-12-07 13:20:58,079:INFO:certbot.auth_handler:http-01 challenge for www.natora.net
2020-12-07 13:20:58,080:INFO:certbot.plugins.webroot:Using the webroot path /var/www/natora.net for all unmatched domains.
2020-12-07 13:20:58,080:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /var/www/natora.net/.well-known/acme-challenge
2020-12-07 13:20:58,081:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /var/www/natora.net/.well-known/acme-challenge
2020-12-07 13:20:58,090:DEBUG:certbot.plugins.webroot:Attempting to save validation to /var/www/natora.net/.well-kn
2020-12-07 13:20:58,098:DEBUG:certbot.plugins.webroot:Attempting to save validation to /var/www/natora.net/.well-known/acme-challenge/8ipm2lQt2kZAz0l5GaoykAEgS9aOaLMSI$
2020-12-07 13:20:58,099:INFO:certbot.auth_handler:Waiting for verification...
2020-12-07 13:20:58,100:DEBUG:acme.client:JWS payload:
b'{\n "resource": "challenge",\n "type": "http-01"\n}'
2020-12-07 13:20:58,109:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/9136160706/HaKizg:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA1NDA5NDk0IiwgIm5vbmNlIjogIjAwMDQxRDVSSWl6T0dyaFRhbV9$
"signature": "Rv5AB3n1tPsBkq5VOUJm_vYZ8Ew8XsLMw4cjSEUmbKI4mt-FE-3RN0_EhxysddAlW9VX4Q2vKRXnsYFuNH5n2Tswz78J9o1czbsHjMvQ1tN3Cr8oHLWOm0QYnX6Ry426C-BXry1KzjfZcvxZCNIW3PJ$
"payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
2020-12-07 13:20:58,289:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/9136160706/HaKizg HTTP/1.1" 200 185
2020-12-07 13:20:58,290:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 07 Dec 2020 12:20:58 GMT
Content-Type: application/json
Content-Length: 185
Connection: keep-alive
Boulder-Requester: 105409494
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz-v3/9136160706;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/9136160706/HaKizg
Replay-Nonce: 0004DMgZRo-W7V37-X_He8ypKQXwWtN_P9QMg_EHV2H1_u8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9136160706/HaKizg",
"token": "hyLztAB5URxDwODEmnrpnVSvVspOUQPVZFi77y1NoPY"
}
2020-12-07 13:20:58,291:DEBUG:acme.client:Storing nonce: 0004DMgZRo-W7V37-X_He8ypKQXwWtN_P9QMg_EHV2H1_u8
2020-12-07 13:20:58,292:DEBUG:acme.client:JWS payload:
b'{\n "resource": "challenge",\n "type": "http-01"\n}'
2020-12-07 13:20:58,300:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/9136160707/2NKqFA:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA1NDA5NDk0IiwgIm5vbmNlIjogIjAwMDRETWdaUm8tVzdWMzctWF9$
"signature": "LpwGu8nSFLUPGrG8BJTfIYAu3I0JixYBjTaFLTmKqp4kah5Oz5eztugyCYqeRbvw1plkWbdPxWqdfvjHOMfGvWW5_XmJtFd_pCEY_r3IcDxZZvXEuxeT8VOF9FeeJdz1CQdqFvHP-M1-haItyjHc1vy$
"payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
2020-12-07 13:20:58,486:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/9136160707/2NKqFA HTTP/1.1" 200 185
2020-12-07 13:20:58,488:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 07 Dec 2020 12:20:58 GMT
Content-Type: application/json
Content-Length: 185
Connection: keep-alive
Boulder-Requester: 105409494
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz-v3/9136160707;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/9136160707/2NKqFA
Replay-Nonce: 0004BTsJipbQUZScuDwu-UCZ8rdRBUutINL7Jp-gZ6qqMfE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9136160707/2NKqFA",
"token": "8ipm2lQt2kZAz0l5GaoykAEgS9aOaLMSINjmudphy-o"
}
2020-12-07 13:20:58,488:DEBUG:acme.client:Storing nonce: 0004BTsJipbQUZScuDwu-UCZ8rdRBUutINL7Jp-gZ6qqMfE
2020-12-07 13:21:01,492:DEBUG:acme.client:JWS payload:
b''
2020-12-07 13:21:01,501:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/9136160706:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA1NDA5NDk0IiwgIm5vbmNlIjogIjAwMDRCVHNKaXBiUVVaU2N1RHd$
"signature": "TaDKGzcFamot6g3g7_-C2UlDmnwWtig_9M2tELjCFQiTcVe6hpLhW9fL8e1LxllOou62e7uuKPqhLUbEsqP0na3RcO7zFz2aevZOUdFxPj3FhmUgr1wGv7cdNSvBOEglby8-Zdb2D-VlUgitOLOroVT$
"payload": ""
}
2020-12-07 13:21:01,680:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/9136160706 HTTP/1.1" 200 1127
2020-12-07 13:21:01,681:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 07 Dec 2020 12:21:01 GMT
Content-Type: application/json
Content-Length: 1127
Connection: keep-alive
Boulder-Requester: 105409494
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 00038MUXT9zCk5mqOSaWaIWxokWMULb163PfmxRXSbj2pkg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "natora.net"
},
"status": "invalid",
"expires": "2020-12-14T12:20:57Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://natora.net/.well-known/acme-challenge/hyLztAB5URxDwODEmnrpnVSvVspOUQPVZFi77y1NoPY [51.15.2.244]: "\u003c?xml version=$
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9136160706/HaKizg",
"token": "hyLztAB5URxDwODEmnrpnVSvVspOUQPVZFi77y1NoPY",
"validationRecord": [
{
"url": "http://natora.net/.well-known/acme-challenge/hyLztAB5URxDwODEmnrpnVSvVspOUQPVZFi77y1NoPY",
"hostname": "natora.net",
"port": "80",
"addressesResolved": [
"51.15.2.244"
],
"addressUsed": "51.15.2.244"
}
]
}
]
}
2020-12-07 13:21:01,682:DEBUG:acme.client:Storing nonce: 00038MUXT9zCk5mqOSaWaIWxokWMULb163PfmxRXSbj2pkg
2020-12-07 13:21:01,683:DEBUG:acme.client:JWS payload:
b''
2020-12-07 13:21:01,692:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/9136160707:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA1NDA5NDk0IiwgIm5vbmNlIjogIjAwMDM4TVVYVDl6Q2s1bXFPU2F$
"signature": "NlYVbBkkQMSFDgpJOoEX-cnJmoKN_fC28W8O0QsavSVn7YXMl6Kvu7zl0dwAcdArp_sRPJcMkgPVLVJiA4mLlpdLPnrTU_jWrWJg2s8wCT5cg_VbvDF-71hqn60Y5TH-HkrTefd3f4slTUuBJdEWvve$
"payload": ""
}
2020-12-07 13:21:01,843:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/9136160707 HTTP/1.1" 200 589
2020-12-07 13:21:01,844:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 07 Dec 2020 12:21:01 GMT
Content-Type: application/json
Content-Length: 589
Connection: keep-alive
Boulder-Requester: 105409494
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 00044RrbkjBNqzd6zVIwkWqlINYGky40amZTK_qygrLmljQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "www.natora.net"
},
"status": "invalid",
"expires": "2020-12-14T12:20:57Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:dns",
"detail": "DNS problem: SERVFAIL looking up A for www.natora.net - the domain's nameservers may be malfunctioning",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9136160707/2NKqFA",
"token": "8ipm2lQt2kZAz0l5GaoykAEgS9aOaLMSINjmudphy-o"
}
]
}
2020-12-07 13:21:01,845:DEBUG:acme.client:Storing nonce: 00044RrbkjBNqzd6zVIwkWqlINYGky40amZTK_qygrLmljQ
2020-12-07 13:21:01,847:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: www.natora.net
Type: None
Detail: DNS problem: SERVFAIL looking up A for www.natora.net - the domain's nameservers may be malfunctioning
2020-12-07 13:21:01,847:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: natora.net
Type: unauthorized
Detail: Invalid response from http://natora.net/.well-known/acme-challenge/hyLztAB5URxDwODEmnrpnVSvVspOUQPVZFi77y1NoPY [51.15.2.244]: "<?xml version="1.0" encoding=$
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2020-12-07 13:21:01,849:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.natora.net (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for www$
2020-12-07 13:21:01,849:DEBUG:certbot.error_handler:Calling registered functions
2020-12-07 13:21:01,849:INFO:certbot.auth_handler:Cleaning up challenges
2020-12-07 13:21:01,850:DEBUG:certbot.plugins.webroot:Removing /var/www/natora.net/.well-known/acme-challenge/hyLztAB5URxDwODEmnrpnVSvVspOUQPVZFi77y1NoPY
2020-12-07 13:21:01,850:DEBUG:certbot.plugins.webroot:Removing /var/www/natora.net/.well-known/acme-challenge/8ipm2lQt2kZAz0l5GaoykAEgS9aOaLMSINjmudphy-o
2020-12-07 13:21:01,851:DEBUG:certbot.plugins.webroot:All challenges cleaned up
2020-12-07 13:21:01,852:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1250, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 410, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.natora.net (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for www$
===========================================================