Hi,
log from the run is below. I cannot upload it as a “new user”, so sorry for pasting it directly. Only the domain is redacted, the hostnames remain the same (we have 2 DNS names on that particular server).
2017-05-15 03:58:01,731:DEBUG:certbot.main:Root logging level set at 30
2017-05-15 03:58:01,732:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-05-15 03:58:01,732:DEBUG:certbot.main:certbot version: 0.12.0
2017-05-15 03:58:01,732:DEBUG:certbot.main:Arguments: ['--quiet']
2017-05-15 03:58:01,732:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2017-05-15 03:58:01,740:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2017-06-12 10:21:00 UTC.
2017-05-15 03:58:01,741:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2017-05-15 03:58:01,756:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2017-05-15 03:58:02,160:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.configurator:ApacheConfigurator
Initialized: <certbot_apache.configurator.ApacheConfigurator object at 0x315c7d0>
Prep: True
2017-05-15 03:58:02,161:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.configurator:ApacheConfigurator
Initialized: <certbot_apache.configurator.ApacheConfigurator object at 0x315c7d0>
Prep: True
2017-05-15 03:58:02,161:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.configurator.ApacheConfigurator object at 0x315c7d0> and installer <certbot_apache.configurator.ApacheConfigurator object at 0x315c7d0>
2017-05-15 03:58:02,313:DEBUG:certbot.main:Picked account: <Account(f470b685abb1fbed474d020598c88590)>
2017-05-15 03:58:02,314:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2017-05-15 03:58:02,317:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-05-15 03:58:02,661:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 352
2017-05-15 03:58:02,663:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 352
Boulder-Request-Id: w40O5I5hN8CIhNBxQJuV9N2jNqImgVI6wJfrTc3MYFs
Replay-Nonce: 7j-SHOn5PJh6wjJTMuU6DxZCSQzba8Q6kx5JYlO3vlE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 15 May 2017 03:58:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 15 May 2017 03:58:05 GMT
Connection: keep-alive
{
"key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
"revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
2017-05-15 03:58:02,663:INFO:certbot.main:Renewing an existing certificate
2017-05-15 03:58:02,665:DEBUG:acme.client:Requesting fresh nonce
2017-05-15 03:58:02,665:DEBUG:acme.client:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
2017-05-15 03:58:02,864:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2017-05-15 03:58:02,865:DEBUG:acme.client:Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Boulder-Request-Id: IZnyL76eI67MqOxDJb-xfZHq7xxxG1vztnYQP1_cdWg
Replay-Nonce: mtt6PjpzcnDel2gIlOMqQewl1j6KDfMBZP4fieGagc4
Expires: Mon, 15 May 2017 03:58:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 15 May 2017 03:58:05 GMT
Connection: keep-alive
2017-05-15 03:58:02,865:DEBUG:acme.client:Storing nonce: mtt6PjpzcnDel2gIlOMqQewl1j6KDfMBZP4fieGagc4
2017-05-15 03:58:02,865:DEBUG:acme.client:JWS payload:
{
"identifier": {
"type": "dns",
"value": "iotdata.XXX"
},
"resource": "new-authz"
}
2017-05-15 03:58:02,872:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
"header": {
"alg": "RS256",
"jwk": {
"e": "AQAB",
"kty": "RSA",
"n": "rlxONXYWuc3hEuVPk-PGopmFJU7zUmJNyvxXbnxWkF3LjMJZZL9SaydN3KUP0ObjUkEGFDwEyOFGPyOWvwqU9xpR9QHf7sjDkmTsmrbKO8QAYRaYua4eUc2H2ippf62aYvqX2oGbPouXPXLsynGt8Rfw-m4j9d4CEG0xrGupTv_cPdeV366Oiq-7Li7lI2nMB4Ts39xAyCNlUQ5Vw3Tuh3N_JCgifhtzzszmfOongmLTmICquZ0jlRLgay8Ym0GhF75yxIwt3hTKPKCv_Zr7xPcaoIzxVOm1G6-xFml3WxRYqZLBj490HpW2BWa-M-wUvoB0A3jiRR8EmTYwYgcw7w"
}
},
"protected": "eyJub25jZSI6ICJtdHQ2UGpwemNuRGVsMmdJbE9NcVFld2wxajZLRGZNQlpQNGZpZUdhZ2M0In0",
"payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAiaW90ZGF0YS5maXQudnV0YnIuY3oiCiAgfSwgCiAgInJlc291cmNlIjogIm5ldy1hdXRoeiIKfQ",
"signature": "nBfp31kDVZG-c0H6OlhDzS5hUatgGM8V7vf4eZ05D0a1aYkwe8ILVEaKvYKpt7-uTYwHnKmpt-b8RBUVXu1Qkm51c1IpXwqh2ywfcbgqSC45hKFYIkM9L6EgOyaNSA3eLFVEG-jeYG9JwW7R8q9QwxWiRcMzEJTA6UGevMJH4Ubq8Ben7qHs7K5ckBCMGO6ur762UqGriVLqO_ZB6IItVx2t28pFHPn-qpewQK19a4U5KkBK--L-YFk_yvK-bW1jAIKz4MleCrDECABy5NEeR0MINMTvhBF1VyQS-znXEOPm3Yygx8K_V4mxi-z29oor3DgYEykMtLahRApTejYINQ"
}
2017-05-15 03:58:03,088:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 1008
2017-05-15 03:58:03,089:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 1008
Boulder-Request-Id: z1uaokW7enAS6aaBPgL35l4D7QReH6I8ytpWKx9JyTo
Boulder-Requester: 10607561
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/QxPNUyfs8fa4VYyBTK7NKtEsHB1Q4jfzGdLYcIZkASo
Replay-Nonce: FajfGW8PiADCHSn7SMmi1k-NFVNBn-t54Js0aH89qmI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 15 May 2017 03:58:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 15 May 2017 03:58:05 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "iotdata.XXX"
},
"status": "pending",
"expires": "2017-05-22T03:58:05.640801717Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/QxPNUyfs8fa4VYyBTK7NKtEsHB1Q4jfzGdLYcIZkASo/1176510650",
"token": "BEIv3Kx5no5_oN9v88nxRxDmdrM2j7R1vGp0eyaXljA"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/QxPNUyfs8fa4VYyBTK7NKtEsHB1Q4jfzGdLYcIZkASo/1176510651",
"token": "TB6OODfKkRP-uJqt60w5EHIMuITODA__Nmi0V-J0ed0"
},
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/QxPNUyfs8fa4VYyBTK7NKtEsHB1Q4jfzGdLYcIZkASo/1176510652",
"token": "sJn5kk1Pkuc_Z11Hos4J6PyYlcjJUp35HcDtLSk6HMQ"
}
],
"combinations": [
[
2
],
[
0
],
[
1
]
]
}
2017-05-15 03:58:03,089:DEBUG:acme.client:Storing nonce: FajfGW8PiADCHSn7SMmi1k-NFVNBn-t54Js0aH89qmI
2017-05-15 03:58:03,091:DEBUG:acme.client:JWS payload:
{
"identifier": {
"type": "dns",
"value": "antdev.XXX"
},
"resource": "new-authz"
}
2017-05-15 03:58:03,097:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
"header": {
"alg": "RS256",
"jwk": {
"e": "AQAB",
"kty": "RSA",
"n": "rlxONXYWuc3hEuVPk-PGopmFJU7zUmJNyvxXbnxWkF3LjMJZZL9SaydN3KUP0ObjUkEGFDwEyOFGPyOWvwqU9xpR9QHf7sjDkmTsmrbKO8QAYRaYua4eUc2H2ippf62aYvqX2oGbPouXPXLsynGt8Rfw-m4j9d4CEG0xrGupTv_cPdeV366Oiq-7Li7lI2nMB4Ts39xAyCNlUQ5Vw3Tuh3N_JCgifhtzzszmfOongmLTmICquZ0jlRLgay8Ym0GhF75yxIwt3hTKPKCv_Zr7xPcaoIzxVOm1G6-xFml3WxRYqZLBj490HpW2BWa-M-wUvoB0A3jiRR8EmTYwYgcw7w"
}
},
"protected": "eyJub25jZSI6ICJGYWpmR1c4UGlBRENIU243U01taTFrLU5GVk5Cbi10NTRKczBhSDg5cW1JIn0",
"payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAiYW50ZGV2LmZpdC52dXRici5jeiIKICB9LCAKICAicmVzb3VyY2UiOiAibmV3LWF1dGh6Igp9",
"signature": "dyxpxsHpUdzmvyywCuEvzxsEn8_r5bNu_oQE1sblBAr4LQwaFA7RDGNHiWdmVl_fIwRmwo-cl_e92mw3W3dtlNxkNXCwsM67aqX3U9_VzDUOaI8eMvYpC7jXP8J4FKNHHXd7Yl6fiLqpf_yrq4-RjFCdZ7fDFjthRCPv_NsnQ1rUqpUdNoK7XvvyaFCtjjIr5HAF1SmyYeNymVEDgI0nrGZ6WjJqyH7Z7cRbLpB_Xek9IMe_dcYHDZTwgBZkgNxnHizs9KofHKG26j0fZ9X-B2phfVYKrLHxMO8CD_ZhhG04yn5xwPrCpbC37k37jXANJRQpwU9ra7TwbUQ_XHMrfg"
}
2017-05-15 03:58:03,336:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 1007
2017-05-15 03:58:03,337:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 1007
Boulder-Request-Id: -jPymuhYMT0JcUCqkHbQuDIaJf6C9ZdMALQbZ_iNSyY
Boulder-Requester: 10607561
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/5riyoRV9SSRhPukyrlU7uK9Owd6k6tbw78tUJYgiwjo
Replay-Nonce: TuBeMuWFt1omt0RlA8BmcA4P97uDj_wupwq7DG61eKs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 15 May 2017 03:58:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 15 May 2017 03:58:06 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "antdev.XXX"
},
"status": "pending",
"expires": "2017-05-22T03:58:05.891114136Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/5riyoRV9SSRhPukyrlU7uK9Owd6k6tbw78tUJYgiwjo/1176510663",
"token": "H_JnnL6HnjN8LT20RdN9gHOVa8FVJSzGmpjRsvOKCoc"
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/5riyoRV9SSRhPukyrlU7uK9Owd6k6tbw78tUJYgiwjo/1176510665",
"token": "l5PGnI-rYXYVBp5hZpvj2JD2LL48rqbQmMCmCjl3V_E"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/5riyoRV9SSRhPukyrlU7uK9Owd6k6tbw78tUJYgiwjo/1176510666",
"token": "pO82JVV9WjALd5X6UBqbBu70fKVeJ6BASTTQaSMU4Y8"
}
],
"combinations": [
[
1
],
[
2
],
[
0
]
]
}
2017-05-15 03:58:03,337:DEBUG:acme.client:Storing nonce: TuBeMuWFt1omt0RlA8BmcA4P97uDj_wupwq7DG61eKs
2017-05-15 03:58:03,338:INFO:certbot.auth_handler:Performing the following challenges:
2017-05-15 03:58:03,338:INFO:certbot.auth_handler:tls-sni-01 challenge for iotdata.XXX
2017-05-15 03:58:03,338:INFO:certbot.auth_handler:tls-sni-01 challenge for antdev.XXX
2017-05-15 03:58:03,575:DEBUG:certbot_apache.tls_sni_01:Adding Include /etc/httpd/conf.d/le_tls_sni_01_cert_challenge.conf to /files/etc/httpd/conf/httpd.conf
2017-05-15 03:58:03,575:DEBUG:certbot_apache.tls_sni_01:writing a config file with text:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName 149d6ffc82f437ae5b09479b12a5d541.6ba8c946d1905cdd6c174610a1b9956b.acme.invalid
UseCanonicalName on
SSLStrictSNIVHostCheck on
LimitRequestBody 1048576
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /var/lib/letsencrypt/TB6OODfKkRP-uJqt60w5EHIMuITODA__Nmi0V-J0ed0.crt
SSLCertificateKeyFile /var/lib/letsencrypt/TB6OODfKkRP-uJqt60w5EHIMuITODA__Nmi0V-J0ed0.pem
DocumentRoot /var/lib/letsencrypt/tls_sni_01_page/
</VirtualHost>
<VirtualHost *:443>
ServerName 01a0105c6ed58c4b1981b73b7be8596c.4754dff74df8c50baefc6317bb90974e.acme.invalid
UseCanonicalName on
SSLStrictSNIVHostCheck on
LimitRequestBody 1048576
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /var/lib/letsencrypt/pO82JVV9WjALd5X6UBqbBu70fKVeJ6BASTTQaSMU4Y8.crt
SSLCertificateKeyFile /var/lib/letsencrypt/pO82JVV9WjALd5X6UBqbBu70fKVeJ6BASTTQaSMU4Y8.pem
DocumentRoot /var/lib/letsencrypt/tls_sni_01_page/
</VirtualHost>
</IfModule>
2017-05-15 03:58:03,691:DEBUG:certbot.reverter:Creating backup of /etc/httpd/conf/httpd.conf
2017-05-15 03:58:03,972:ERROR:certbot.util:Error while running apachectl graceful.
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
2017-05-15 03:58:03,975:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 111, in _solve_challenges
resp = self.auth.perform(self.achalls)
File "/usr/lib/python2.7/site-packages/certbot_apache/configurator.py", line 1748, in perform
self.restart()
File "/usr/lib/python2.7/site-packages/certbot_apache/configurator.py", line 1658, in restart
self._reload()
File "/usr/lib/python2.7/site-packages/certbot_apache/configurator.py", line 1669, in _reload
raise errors.MisconfigurationError(str(err))
MisconfigurationError: Error while running apachectl graceful.
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
2017-05-15 03:58:03,975:DEBUG:certbot.error_handler:Calling registered functions
2017-05-15 03:58:03,975:INFO:certbot.auth_handler:Cleaning up challenges
2017-05-15 03:58:04,303:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/iotdata.XXX.conf produced an unexpected error: Error while running apachectl graceful.
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
. Skipping.
2017-05-15 03:58:04,304:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/certbot/renewal.py", line 418, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 650, in renew_cert
_get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 87, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python2.7/site-packages/certbot/renewal.py", line 296, in renew_cert
new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 265, in obtain_certificate
self.config.allow_subset_of_names)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 73, in get_authorizations
resp = self._solve_challenges()
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 111, in _solve_challenges
resp = self.auth.perform(self.achalls)
File "/usr/lib/python2.7/site-packages/certbot_apache/configurator.py", line 1748, in perform
self.restart()
File "/usr/lib/python2.7/site-packages/certbot_apache/configurator.py", line 1658, in restart
self._reload()
File "/usr/lib/python2.7/site-packages/certbot_apache/configurator.py", line 1669, in _reload
raise errors.MisconfigurationError(str(err))
MisconfigurationError: Error while running apachectl graceful.
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
2017-05-15 03:58:04,307:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 9, in <module>
load_entry_point('certbot==0.12.0', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 896, in main
return config.func(config, plugins)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 702, in renew
renewal.handle_renewal_request(config)
File "/usr/lib/python2.7/site-packages/certbot/renewal.py", line 435, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)