Letsencrypt tries to validate a wrong doman name when dash is in domain name

Help
5

Hi @JuergenAuer,
Thanks for you answer again.
I am still confused on what is happening, I tried to provide as elaborate logging as possible
I would appreciate if you would look at the issue agian.
Thanks in advance.

When I run
curl -X GET -I maharishi-ajurveda.com -v

I get this response

  • Rebuilt URL to: maharishi-ajurveda.com/
  • Trying 193.91.67.242…
  • TCP_NODELAY set
  • Trying 2a00:c760:83:def:aced:fff0:0:7cd…
  • TCP_NODELAY set
  • Immediate connect fail for 2a00:c760:83:def:aced:fff0:0:7cd: Network is unreachable
  • connect to 193.91.67.242 port 80 failed: Connection refused
  • Trying 2a00:c760:83:def:aced:fff0:0:7cd…
  • TCP_NODELAY set
  • Immediate connect fail for 2a00:c760:83:def:aced:fff0:0:7cd: Network is unreachable
  • Trying 2a00:c760:83:def:aced:fff0:0:7cd…
  • TCP_NODELAY set
  • Immediate connect fail for 2a00:c760:83:def:aced:fff0:0:7cd: Network is unreachable
  • Failed to connect to maharishi-ajurveda.com port 80: Connection refused
  • Closing connection 0
    curl: (7) Failed to connect to maharishi-ajurveda.com port 80: Connection refused

Which means maharishi-ajurveda.com is resolved to 193.91.67.242 and no webserver is running there

dig maharishi-ajurveda.com

; <<>> DiG 9.11.4-3ubuntu5.4-Ubuntu <<>> maharishi-ajurveda.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34091
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;maharishi-ajurveda.com. IN A

;; ANSWER SECTION:
maharishi-ajurveda.com. 5 IN A 193.91.67.242

;; Query time: 7 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Thu Jul 23 01:46:29 EDT 2020
;; MSG SIZE rcvd: 67

At the same time on the server:

/usr/bin/certbot-auto certonly -d maharishi-ajurveda.com -vvv

Root logging level set at -10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator None and installer None
Failed to find executable apachectl in PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/opt/puppetlabs/bin:/root/bin
No installation (PluginEntryPoint#apache): Cannot find Apache executable apachectl
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/plugins/disco.py”, line 136, in prepare
self._initialized.prepare()
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_apache/_internal/configurator.py”, line 318, in prepare
self._verify_exe_availability(self.option(“ctl”))
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_apache/_internal/configurator.py”, line 436, in _verify_exe_availability
‘Cannot find Apache executable {0}’.format(exe))
NoInstallationError: Cannot find Apache executable apachectl
Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/maharishiajurveda.com-0001/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/etc/letsencrypt/live/maharishiajurveda.com-0001/fullchain.pem’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

Misconfigured PluginEntryPoint#nginx: Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/maharishiajurveda.com-0001/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/etc/letsencrypt/live/maharishiajurveda.com-0001/fullchain.pem’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/plugins/disco.py”, line 136, in prepare
self._initialized.prepare()
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_nginx/_internal/configurator.py”, line 186, in prepare
self.config_test()
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_nginx/_internal/configurator.py”, line 926, in config_test
raise errors.MisconfigurationError(str(err))
MisconfigurationError: Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/maharishiajurveda.com-0001/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/etc/letsencrypt/live/maharishiajurveda.com-0001/fullchain.pem’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

Multiple candidate plugins: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f4bce54f0d0>
Prep: Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/maharishiajurveda.com-0001/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/etc/letsencrypt/live/maharishiajurveda.com-0001/fullchain.pem’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

  • standalone
    Description: Spin up a temporary webserver
    Interfaces: IAuthenticator, IPlugin
    Entry point: standalone = certbot._internal.plugins.standalone:Authenticator
    Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x7f4bce5497d0>
    Prep: True

  • webroot
    Description: Place files in webroot directory
    Interfaces: IAuthenticator, IPlugin
    Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
    Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f4bce549d10>
    Prep: True

How would you like to authenticate with the ACME CA?

1: Nginx Web Server plugin (nginx) [Misconfigured]
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)

Select the appropriate number [1-3] then [enter] (press ‘c’ to cancel): 2
Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x7f4bce5497d0> and installer None
Plugins selected: Authenticator standalone, Installer None
Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None, external_account_binding=None), uri=u’https://acme-v02.api.letsencrypt.org/acme/acct/92072270’, new_authzr_uri=None, terms_of_service=None), ae120835076389f0ca4abea169f7787e, Meta(creation_host=u’maharishiajurveda.com’, register_to_eff=u’varga.ferenc.andras@gmail.com’, creation_dt=datetime.datetime(2020, 7, 23, 5, 9, 44, tzinfo=)))>
Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
https://acme-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 658
Received response:
HTTP 200
Server: nginx
Date: Thu, 23 Jul 2020 06:02:03 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“k1XFL3xjKdw”: “Adding random entries to the directory”,
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
letsencrypt.org
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert
}
Obtaining a new certificate
Generating key (2048 bits): /etc/letsencrypt/keys/0004_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0004_csr-certbot.pem
Requesting fresh nonce
Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-v02.api.letsencrypt.org:443 “HEAD /acme/new-nonce HTTP/1.1” 200 0
Received response:
HTTP 200
Server: nginx
Date: Thu, 23 Jul 2020 06:02:03 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0001Y-8P5js27sTF6i7sMHP3tIaehvTE5zxdJ_6k97SgEUY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

Storing nonce: 0001Y-8P5js27sTF6i7sMHP3tIaehvTE5zxdJ_6k97SgEUY
JWS payload:
{
“identifiers”: [
{
“type”: “dns”,
“value”: “maharishi-ajurveda.com
}
]
}
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJub25jZSI6ICIwMDAxWS04UDVqczI3c1RGNmk3c01IUDN0SWFlaHZURTV6eGRKXzZrOTdTZ0VVWSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzkyMDcyMjcwIiwgImFsZyI6ICJSUzI1NiJ9”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICJtYWhhcmlzaGktYWp1cnZlZGEuY29tIgogICAgfQogIF0KfQ”,
“signature”: “eOTBEL9UEYAS78GUX2abx83guTzcGnbrFS1r4dFp6lEYM3lUwGxm3beo9pcYgH8J5-Bbmzj2w9feJe1nlklA5bG-lq7e9NJSkMxOk9OD76B-VsGQUqjs0s-Z3yotW0qQBhv9Gp5495pWTB9pjRNHrOxVGyf7d80BIlGoUr_cITi4nIWQwEKw0cx0QIRMWQhw03BoR0I0xCSOSL_lBZcNvIQAIqG8SRmx9pqbH4aBS68v_of2fFcU8g0L9cMrlTtWDqJysbT13-nLwFtFv-PbpOHI4hp6YD8lGlbIkQ_72D7x3Shcka0JR2FBL6ZUtw4GQ44K_eKKMXCbTkMl61f70w”
}
https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 351
Received response:
HTTP 201
Server: nginx
Date: Thu, 23 Jul 2020 06:02:04 GMT
Content-Type: application/json
Content-Length: 351
Connection: keep-alive
Boulder-Requester: 92072270
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Location: https://acme-v02.api.letsencrypt.org/acme/order/92072270/4334394818
Replay-Nonce: 0001fpItTun5pAzA0O7X5XM50RP4kPTnPqZE5AWLFTTI4yc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“status”: “pending”,
“expires”: “2020-07-30T06:02:04.17248525Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “maharishi-ajurveda.com
}
],
“authorizations”: [
https://acme-v02.api.letsencrypt.org/acme/authz-v3/6055574344
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/92072270/4334394818
}
Storing nonce: 0001fpItTun5pAzA0O7X5XM50RP4kPTnPqZE5AWLFTTI4yc
JWS payload:

Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/6055574344:
{
“protected”: “eyJub25jZSI6ICIwMDAxZnBJdFR1bjVwQXpBME83WDVYTTUwUlA0a1BUblBxWkU1QVdMRlRUSTR5YyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNjA1NTU3NDM0NCIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85MjA3MjI3MCIsICJhbGciOiAiUlMyNTYifQ”,
“payload”: “”,
“signature”: “rfWXHROKMtpR4WPVHp09PbwQh_r7qYkBeqequuWMdTfQRtJJvtDpyjkOwfEpPKXvy0n4ho1zKvg7fFeq4cMcV8rhXhKo3BrPDRPPiT4BnbGIJlCn0ec7uXqI1oz_9RU1cuYXtUTvi0Ukr9mxB1LEKASN3_sgT7ka7Af1gCyQFUEE3_fBqzG1p-_gJN6pSmTUoSk479mZJ9-SJqVTzBdnp0_8pS62orNvZAMOrLY58pw20gqMY9e4ZkhKbAngA2Kp2NQVbcW-hqC_FcrYu2KC4E9P0uObA5kO-vZKQiF2tUYvD0Pwkfx0HrE-sr1kKSS2KxnoO7rqTw0iDmQg7rUzww”
}
https://acme-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/6055574344 HTTP/1.1” 200 800
Received response:
HTTP 200
Server: nginx
Date: Thu, 23 Jul 2020 06:02:04 GMT
Content-Type: application/json
Content-Length: 800
Connection: keep-alive
Boulder-Requester: 92072270
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0002GDh2ziNmRL23HobydxAq3pAkwEfGNFAyxpgi9ADaPb8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “maharishi-ajurveda.com
},
“status”: “pending”,
“expires”: “2020-07-30T06:02:04Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6055574344/L5L0Nw”,
“token”: “JzR0duw0dS-5lDr7KfzHBL_s74x76lp9e8k_r4U5f7A”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6055574344/xor4tw”,
“token”: “JzR0duw0dS-5lDr7KfzHBL_s74x76lp9e8k_r4U5f7A”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6055574344/tTGQLA”,
“token”: “JzR0duw0dS-5lDr7KfzHBL_s74x76lp9e8k_r4U5f7A”
}
]
}
Storing nonce: 0002GDh2ziNmRL23HobydxAq3pAkwEfGNFAyxpgi9ADaPb8
Performing the following challenges:
http-01 challenge for maharishi-ajurveda.com
Successfully bound to :80 using IPv6
Certbot wasn’t able to bind to :80 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
Waiting for verification…
JWS payload:
{}
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/6055574344/L5L0Nw:
{
“protected”: “eyJub25jZSI6ICIwMDAyR0RoMnppTm1STDIzSG9ieWR4QXEzcEFrd0VmR05GQXl4cGdpOUFEYVBiOCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvNjA1NTU3NDM0NC9MNUwwTnciLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTIwNzIyNzAiLCAiYWxnIjogIlJTMjU2In0”,
“payload”: “e30”,
“signature”: “HTwxwI-SMTqXDBnp5XNi3k2fG3C4ONN1poQWtgsUaxDE89R27TSENhjUHIrIHzsWZd3qJCy3JyNVWo2XrjFIRJtob0cSkqPdpD91yW6yUcpvBCsQzNVywuqjSVSyYl7xEPsYGMvaQzPlxYpCvO-Y5tYrjNRfxoFogd1hNyvnTZ_JdgWEcq67sQOnjeRECBkdkCLWHK4daQK3RinHG14d6APpehyfctP5F3cnVNDacK-3Y-XCaCmAt0C48hnIDBeVEuxjA1BJDt9Z6RAnUR-aibvWO6vLxplTPUIEcPuRtkBwvv-KEwaX4ZRHKn7W2A4LxhXNP2QcJC1GJLzFKd25gA”
}
https://acme-v02.api.letsencrypt.org:443 “POST /acme/chall-v3/6055574344/L5L0Nw HTTP/1.1” 200 185
Received response:
HTTP 200
Server: nginx
Date: Thu, 23 Jul 2020 06:02:04 GMT
Content-Type: application/json
Content-Length: 185
Connection: keep-alive
Boulder-Requester: 92072270
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”, https://acme-v02.api.letsencrypt.org/acme/authz-v3/6055574344;rel=“up”
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/6055574344/L5L0Nw
Replay-Nonce: 0001pTXkXpYgZW5bM8mBKj8lzeEPQpd9wb0VT_9x8zaDv0Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6055574344/L5L0Nw”,
“token”: “JzR0duw0dS-5lDr7KfzHBL_s74x76lp9e8k_r4U5f7A”
}
Storing nonce: 0001pTXkXpYgZW5bM8mBKj8lzeEPQpd9wb0VT_9x8zaDv0Y
JWS payload:

Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/6055574344:
{
“protected”: “eyJub25jZSI6ICIwMDAxcFRYa1hwWWdaVzViTThtQktqOGx6ZUVQUXBkOXdiMFZUXzl4OHphRHYwWSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNjA1NTU3NDM0NCIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85MjA3MjI3MCIsICJhbGciOiAiUlMyNTYifQ”,
“payload”: “”,
“signature”: “rOcYwvGzYsAJBuhUZB2qkB1WoRXiDj0h8DWNVr-LSyJmw3U18KkHpMQf5OONmhzEe1u4_nyFsUEetnfwynpGQPSdCljzXFLwLra5RnW-x2Kpjw1aJpk_K2MXRaPIj7Ah1a_kZI7A6Y_s1ChWt62fDwfbNHbxOhuCY5CLgxTJ5gdJaGzeUD0z6QzBK_l0NF4xRzW1q5jlDzAfvAwD6pPFsDoxnXjUSGTlcYhKn36BUaOmVEYA2f_GO_Y3uO6OFOyTxi1l4gqBWulHFmhHWN6izSxf05M-MGFMaATtfFyAIfeGtuN_hYmEUPGN3iqlyioTTYKO786K_B7p5Cm7IDFx2Q”
}
https://acme-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/6055574344 HTTP/1.1” 200 800
Received response:
HTTP 200
Server: nginx
Date: Thu, 23 Jul 2020 06:02:05 GMT
Content-Type: application/json
Content-Length: 800
Connection: keep-alive
Boulder-Requester: 92072270
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0002scTqIiJ8Jutdtbb5tF-lfeEbX8rK2xRZoPmbbG8uqlM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “maharishi-ajurveda.com
},
“status”: “pending”,
“expires”: “2020-07-30T06:02:04Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6055574344/L5L0Nw”,
“token”: “JzR0duw0dS-5lDr7KfzHBL_s74x76lp9e8k_r4U5f7A”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6055574344/xor4tw”,
“token”: “JzR0duw0dS-5lDr7KfzHBL_s74x76lp9e8k_r4U5f7A”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6055574344/tTGQLA”,
“token”: “JzR0duw0dS-5lDr7KfzHBL_s74x76lp9e8k_r4U5f7A”
}
]
}
Storing nonce: 0002scTqIiJ8Jutdtbb5tF-lfeEbX8rK2xRZoPmbbG8uqlM
JWS payload:

Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/6055574344:
{
“protected”: “eyJub25jZSI6ICIwMDAyc2NUcUlpSjhKdXRkdGJiNXRGLWxmZUViWDhySzJ4UlpvUG1iYkc4dXFsTSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNjA1NTU3NDM0NCIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85MjA3MjI3MCIsICJhbGciOiAiUlMyNTYifQ”,
“payload”: “”,
“signature”: “KOpUHbYrgDIecSBYyEF3akZrYEQuilgWyqCLdavI5gCTP8rTs1oWymCqaanlcM9Qt5omNdr_22BMVjVnXilJpJ-g2KqdtUCeFwgWepoxiy65UOE6BOst3AgJibnoS1rg_WMGwZ-PhSDMcF_d1KUxcHvqY7VOXrAdaJ6lj7-KJUNSMAnjixBVjpY5EnBEtDx7m59ByHXzDgSwJJPmz2Mve0EF_hr0zmoC7qdyM36I9RElsycLadvLat6qLcBT1l_ksLKOiaRfmnn2wd2IdJjOwgxApzj5YRDeofPieWZ-hyArRvgxLqQ40CZKZrxtwCtC-CJ1pFv9ChaBKzGkbn-saQ”
}
https://acme-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/6055574344 HTTP/1.1” 200 1716
Received response:
HTTP 200
Server: nginx
Date: Thu, 23 Jul 2020 06:02:09 GMT
Content-Type: application/json
Content-Length: 1716
Connection: keep-alive
Boulder-Requester: 92072270
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0002ueSziJsOCbomEWkFpUb98POEEUG8fhgii18X_ap6nnw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “maharishi-ajurveda.com
},
“status”: “invalid”,
“expires”: “2020-07-30T06:02:04Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from https://maharishiajurveda.com/ [52.209.3.224]: “\u003c!DOCTYPE html\u003e\n\u003c!–[if lt IE 7]\u003e \u003chtml class=\“no-js lt-ie10 lt-ie9 lt-ie8 lt-ie7\” lang=\“hu\” dir=\“ltr\”\u003e \u003c![endif]–\u003e\n\u003c!–[i\””, “status”: 403 }, “url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6055574344/L5L0Nw”, “token”: “JzR0duw0dS-5lDr7KfzHBL_s74x76lp9e8k_r4U5f7A”, “validationRecord”: [ { “url”: “http://maharishi-ajurveda.com/.well-known/acme-challenge/JzR0duw0dS-5lDr7KfzHBL_s74x76lp9e8k_r4U5f7A”, “hostname”: “maharishi-ajurveda.com”, “port”: “80”, “addressesResolved”: [ “193.91.67.242”, “2a00:c760:83:def:aced:fff0:0:7cd” ],
“addressUsed”: “2a00:c760:83:def:aced:fff0:0:7cd”
},
{
“url”: “http://maharishiajurveda.com/”,
“hostname”: “maharishiajurveda.com”,
“port”: “80”,
“addressesResolved”: [
“52.209.3.224”
],
“addressUsed”: “52.209.3.224”
},
{
“url”: “https://maharishiajurveda.com/”,
“hostname”: “maharishiajurveda.com”,
“port”: “443”,
“addressesResolved”: [
“52.209.3.224”
],
“addressUsed”: “52.209.3.224”
}
]
}
]
}
Storing nonce: 0002ueSziJsOCbomEWkFpUb98POEEUG8fhgii18X_ap6nnw
Challenge failed for domain maharishi-ajurveda.com
http-01 challenge for maharishi-ajurveda.com
Reporting to user: The following errors were reported by the server:

Domain: maharishi-ajurveda.com
Type: unauthorized
Detail: Invalid response from https://maharishiajurveda.com/ [52.209.3.224]: “\n\n<!–[i”

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
Encountered exception:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.

Calling registered functions
Cleaning up challenges
Stopping server at :::80…
Exiting abnormally:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py”, line 15, in main
return internal_main.main(cli_args)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1353, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1237, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/client.py”, line 418, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/client.py”, line 351, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/client.py”, line 398, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: maharishi-ajurveda.com
    Type: unauthorized
    Detail: Invalid response from https://maharishiajurveda.com/
    [52.209.3.224]: “\n\n<!–[i”

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.