Mi website is un accesible after update of ssl certificates

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: doujinblog.org

I ran this command: Update from webmin

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Requesting a certificate for doujinblog.org and www.doujinblog.org
Performing the following challenges:
http-01 challenge for doujinblog.org
http-01 challenge for www.doujinblog.org
Using the webroot path /home/doujinblog/public_html for all unmatched domains.
Waiting for verification...
Challenge failed for domain doujinblog.org
Challenge failed for domain www.doujinblog.org
http-01 challenge for doujinblog.org
http-01 challenge for www.doujinblog.org
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: doujinblog.org
    Type: tls
    Detail: 2606:4700:3036::6815:5f4: Fetching https://doujinblog.org/:
    remote error: tls: handshake failure

    Domain: www.doujinblog.org
    Type: tls
    Detail: 2606:4700:3037::ac43:860c: Fetching
    https://doujinblog.org/: remote error: tls: handshake failure

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    you have an up-to-date TLS configuration that allows the server to
    communicate with the Certbot client.

My web server is (include version): CentOS Linux release 7.9.2009 (Core)

The operating system my web server runs on is (include version): CentOS Linux release 7.9.2009 (Core)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Virtualmin

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0

Doujinblog is a adult site whit hentai, sorry

Hi @useradminweb, and welcome to the LE community forum :slight_smile:

Your system sits behind CloudFlare CDN.
Both IPv6 and IPv4 are having the same problem:

curl -Ii6 https://doujinblog.org/
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

curl -Ii4 https://doujinblog.org/
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

curl -Ii6 http://doujinblog.org:443/
HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Tue, 20 Dec 2022 05:27:16 GMT
Content-Type: text/html
Content-Length: 253
Connection: close
CF-RAY: -

curl -Ii4 http://doujinblog.org:443/
HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Tue, 20 Dec 2022 05:27:08 GMT
Content-Type: text/html
Content-Length: 253
Connection: close
CF-RAY: -
4 Likes

if i'm using cloudflare , i forgot to mention it

It looks that way to me:

Name:      doujinblog.org
Addresses: 2606:4700:3036::6815:5f4
           2606:4700:3037::ac43:860c
           104.21.5.244
           172.67.134.12

Start fixing this at CF.

4 Likes

Excuse me Rudy, what exactly should I correct in the DNS configuration? :grinning:

There is nothing to fix in DNS [if you are OK with using CF].
The "fix" is within their CDN configuration [which is serving HTTP content on port 443].

4 Likes

There may also be some other issues with your site:
image
[per VirusTotal]

4 Likes

I'm going to check total virus wait for me

You should fix the problem and then recheck VirusTotal.
Part of a complaint was "too many redirections" - which can be corrected by fixing the problem.

4 Likes

I don't know how to solve this problem, my knowledge is not that vast, what can I try or where should I check?

Well, I'm not a CF expert [this isn't a CF support channel].
This is a free support channel for Let's Encrypt related issues.
I would start there, with them (CF).
The configuration must be "set properly".
[that may mean different things to different people]

I would also check the backend server [your server] directly for HTTP and HTTPS service.
That can be done from within that same system OR within that same network OR (depending on the firewall rules) from the Internet [while overriding the DNS resolution].

4 Likes

I think I have advanced changing this option in cloudflare, The SSL/TLS encryption mode is Complete (strict)

Requesting a certificate for doujinblog.org, www.doujinblog.org from Let's Encrypt ..
.. request failed : Web-based validation failed :

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Requesting a certificate for doujinblog.org and www.doujinblog.org
Performing the following challenges:
http-01 challenge for doujinblog.org
http-01 challenge for www.doujinblog.org
Using the webroot path /home/doujinblog/public_html for all unmatched domains.
Waiting for verification...
Challenge failed for domain doujinblog.org
Challenge failed for domain www.doujinblog.org
http-01 challenge for doujinblog.org
http-01 challenge for www.doujinblog.org
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: doujinblog.org
   Type:   unauthorized
   Detail: 2606:4700:3037::ac43:860c: Invalid response from
   https://doujinblog.org/: 526

   Domain: www.doujinblog.org
   Type:   unauthorized
   Detail: 2606:4700:3036::6815:5f4: Invalid response from
   https://doujinblog.org/: 526

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

   DNS-based validation failed :

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Requesting a certificate for doujinblog.org and www.doujinblog.org
Performing the following challenges:
dns-01 challenge for doujinblog.org
dns-01 challenge for www.doujinblog.org
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Waiting for verification...
Challenge failed for domain doujinblog.org
Challenge failed for domain www.doujinblog.org
dns-01 challenge for doujinblog.org
dns-01 challenge for www.doujinblog.org
Cleaning up challenges
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: doujinblog.org
   Type:   unauthorized
   Detail: No TXT record found at _acme-challenge.doujinblog.org

   Domain: www.doujinblog.org
   Type:   unauthorized
   Detail: No TXT record found at _acme-challenge.www.doujinblog.org

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
Type:   unauthorized
Detail: No TXT record found at _acme-challenge.doujinblog.org

Domain: www.doujinblog.org
Type:   unauthorized
Detail: No TXT record found at _acme-challenge.www.doujinblog.org

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2022-12-20 08:04:40,606:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
AuthorizationError: Some challenges have failed.

2022-12-20 08:04:40,606:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-12-20 08:04:40,606:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-12-20 08:04:40,606:INFO:certbot.compat.misc:Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
2022-12-20 08:04:42,320:INFO:certbot.compat.misc:Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
2022-12-20 08:04:43,977:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/letsencrypt", line 9, in <module>
    load_entry_point('certbot==1.11.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1421, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1294, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 135, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 441, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 421, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
AuthorizationError: Some challenges have failed.
2022-12-20 08:04:43,979:ERROR:certbot._internal.log:Some challenges have failed.
[root@vmi629311 letsencrypt]# clear
[root@vmi629311 letsencrypt]# cat letsencrypt.log
2022-12-20 08:04:15,201:DEBUG:certbot._internal.main:certbot version: 1.11.0
2022-12-20 08:04:15,201:DEBUG:certbot._internal.main:Location of certbot entry point: /bin/letsencrypt
2022-12-20 08:04:15,201:DEBUG:certbot._internal.main:Arguments: ['--manual', '-d', 'doujinblog.org', '-d', 'www.doujinblog.org', '--preferred-challenges=dns', '--manual-auth-hook', '/etc/webmin/webmin/letsencrypt-dns.pl', '--manual-cleanup-hook', '/etc/webmin/webmin/letsencrypt-cleanup.pl', '--duplicate', '--force-renewal', '--non-interactive', '--agree-tos', '--config', '/tmp/.webmin/570649_29468_3_letsencrypt.cgi', '--rsa-key-size', '2048', '--cert-name', 'doujinblog.org']
2022-12-20 08:04:15,201:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-12-20 08:04:15,237:DEBUG:certbot._internal.log:Root logging level set at 20
2022-12-20 08:04:15,237:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2022-12-20 08:04:15,238:DEBUG:certbot._internal.plugins.selection:Requested authenticator manual and installer None
2022-12-20 08:04:15,240:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: IAuthenticator, IPlugin
Entry point: manual = certbot._internal.plugins.manual:Authenticator
Initialized: <certbot._internal.plugins.manual.Authenticator object at 0x7f24cb358a10>
Prep: True
2022-12-20 08:04:15,240:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.manual.Authenticator object at 0x7f24cb358a10> and installer None
2022-12-20 08:04:15,240:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator manual, Installer None
2022-12-20 08:04:15,263:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None, external_account_binding=None), uri=u'https://acme-v02.api.letsencrypt.org/acme/acct/878812887', new_authzr_uri=None, terms_of_service=None), 182b4b500c630f7df19c3ffcf0f4b9e2, Meta(creation_host=u'vmi629311.contaboserver.net', register_to_eff=None, creation_dt=datetime.datetime(2022, 12, 19, 20, 19, 10, tzinfo=<UTC>)))>
2022-12-20 08:04:15,265:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-12-20 08:04:15,274:INFO:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2022-12-20 08:04:15,446:DEBUG:urllib3.connectionpool:"GET /directory HTTP/1.1" 200 659
2022-12-20 08:04:15,452:DEBUG:acme.client:Received response:
HTTP 200
content-length: 659
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
cache-control: public, max-age=0, no-cache
date: Tue, 20 Dec 2022 07:04:15 GMT
x-frame-options: DENY
content-type: application/json

{
  "22ULzXc6BDQ": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2022-12-20 08:04:15,453:DEBUG:certbot.display.util:Notifying user: Requesting a certificate for doujinblog.org and www.doujinblog.org
2022-12-20 08:04:15,504:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0006_key-certbot.pem
2022-12-20 08:04:15,506:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0006_csr-certbot.pem
2022-12-20 08:04:15,507:DEBUG:acme.client:Requesting fresh nonce
2022-12-20 08:04:15,507:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2022-12-20 08:04:15,554:DEBUG:urllib3.connectionpool:"HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-12-20 08:04:15,561:DEBUG:acme.client:Received response:
HTTP 200
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
cache-control: public, max-age=0, no-cache
date: Tue, 20 Dec 2022 07:04:15 GMT
x-frame-options: DENY
replay-nonce: A5FEZdqJ-uYfybYxQLqH5JLO2KMrlmfp1saZGfrR90w55Ls


2022-12-20 08:04:15,562:DEBUG:acme.client:Storing nonce: A5FEZdqJ-uYfybYxQLqH5JLO2KMrlmfp1saZGfrR90w55Ls
2022-12-20 08:04:15,562:DEBUG:acme.client:JWS payload:
{
  "identifiers": [
    {
      "type": "dns",
      "value": "doujinblog.org"
    },
    {
      "type": "dns",
      "value": "www.doujinblog.org"
    }
  ]
}
2022-12-20 08:04:15,564:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJub25jZSI6ICJBNUZFWmRxSi11WWZ5Yll4UUxxSDVKTE8yS01ybG1mcDFzYVpHZnJSOTB3NTVMcyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzg3ODgxMjg4NyIsICJhbGciOiAiUlMyNTYifQ",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICJkb3VqaW5ibG9nLm9yZyIKICAgIH0sIAogICAgewogICAgICAidHlwZSI6ICJkbnMiLCAKICAgICAgInZhbHVlIjogInd3dy5kb3VqaW5ibG9nLm9yZyIKICAgIH0KICBdCn0",
  "signature": "UbNfUUKGNGcNX0FOqwsjKMxusCvpoPfk9mql9b4je482sh8FJir8oBQeaVQWprTzQDIvp4jRNn3XimSYC4UQ2JPzFgWaUwb69K1V2WSi7IkWKriZ4pL2u3hAtoxCAa0QhE6tI9J3JeWv_7nFRAJhuFr3fCEvGZWwdU2V5AIpwPUwhIbnS9CCDgKZBWzVTPXxvrcMEFKLJJxTyyJCnjB6018k8Vfu_CeOVr7Snx0i5VBClKhIrCD6HW0jqEKgi64wpBhz7UB5QM_7Nyj5JQJC2vmyPBud94ecmCS6OWWTORM4oAOrO_nN6Ut-RyBQzZZ2YncK8N23lue5cEA61X8sSQ"
}
2022-12-20 08:04:15,656:DEBUG:urllib3.connectionpool:"POST /acme/new-order HTTP/1.1" 201 480
2022-12-20 08:04:15,656:DEBUG:acme.client:Received response:
HTTP 201
content-length: 480
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/878812887/153815650647
boulder-requester: 878812887
date: Tue, 20 Dec 2022 07:04:15 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 20F6sbp8GI_0WtxL56UDzQAltm2dxkuZKs58G4JW5i51qJ0

{
  "status": "pending",
  "expires": "2022-12-27T07:04:15Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "doujinblog.org"
    },
    {
      "type": "dns",
      "value": "www.doujinblog.org"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/188465301617",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/188465301627"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/878812887/153815650647"
}
2022-12-20 08:04:15,657:DEBUG:acme.client:Storing nonce: 20F6sbp8GI_0WtxL56UDzQAltm2dxkuZKs58G4JW5i51qJ0
2022-12-20 08:04:15,657:DEBUG:acme.client:JWS payload:

2022-12-20 08:04:15,662:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/188465301617:
{
  "protected": "eyJub25jZSI6ICIyMEY2c2JwOEdJXzBXdHhMNTZVRHpRQWx0bTJkeGt1WktzNThHNEpXNWk1MXFKMCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTg4NDY1MzAxNjE3IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzg3ODgxMjg4NyIsICJhbGciOiAiUlMyNTYifQ",
  "payload": "",
  "signature": "ohA-soeab-PmKhGDDM-g8_edQcJ4UxcQ3U0QpLc5hpnoIDq003xiSesHgfrp_UvVyUMnej9rOJJ4j1mLWyFZx0Da2XTR0x4P2LUFbVfRcjO1touIqKzZd2uTWv_2meMFcgVWEEzUC1r3sWDOf6Y8h-m3R5_7_L55yOeQ-o4_OgdE1aDvR0eTAYIMcuqJZ6rVTNBCjSJJ_iMK1OJAL3CVL3DyOi7v34XOLnn_ET4VEs8zxqPT6AqZJrixE78oLYkOdIT9Ek3VNQ5jlajTlztC9BXe81T2Obua86bgNVpe2fd4fux_HWt1rUYCMgtJxFO1V4sWtj0DCuEjR6Q5LMGYAg"
}
2022-12-20 08:04:15,708:DEBUG:urllib3.connectionpool:"POST /acme/authz-v3/188465301617 HTTP/1.1" 200 798
2022-12-20 08:04:15,709:DEBUG:acme.client:Received response:
HTTP 200
content-length: 798
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
boulder-requester: 878812887
date: Tue, 20 Dec 2022 07:04:15 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 20F6_4eGrnL_cfs2YcA1DQk5SEmZQCBrWdX__nvEZ2DzFE8

{
  "identifier": {
    "type": "dns",
    "value": "doujinblog.org"
  },
  "status": "pending",
  "expires": "2022-12-27T07:04:15Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/188465301617/W9zXXg",
      "token": "oW1ahqfEUS1vegjmGKOjqTEnG89MCMxLZJiaUGjrC_k"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/188465301617/jxGPYg",
      "token": "oW1ahqfEUS1vegjmGKOjqTEnG89MCMxLZJiaUGjrC_k"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/188465301617/EI2STg",
      "token": "oW1ahqfEUS1vegjmGKOjqTEnG89MCMxLZJiaUGjrC_k"
    }
  ]
}
2022-12-20 08:04:15,710:DEBUG:acme.client:Storing nonce: 20F6_4eGrnL_cfs2YcA1DQk5SEmZQCBrWdX__nvEZ2DzFE8
2022-12-20 08:04:15,711:DEBUG:acme.client:JWS payload:

2022-12-20 08:04:15,712:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/188465301627:
{
  "protected": "eyJub25jZSI6ICIyMEY2XzRlR3JuTF9jZnMyWWNBMURRazVTRW1aUUNCcldkWF9fbnZFWjJEekZFOCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTg4NDY1MzAxNjI3IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzg3ODgxMjg4NyIsICJhbGciOiAiUlMyNTYifQ",
  "payload": "",
  "signature": "tFB4j7V10aAVpXipkih2R1fn2WxWEJXvoC2Ng8Cp6U36WYeX7VYfkglpY19nrJNpGz2CrtXEqKwRO9v2OSnWa2rPqnPpw8riQV9YdTlShV0tRcrWPDPQIZTM4BPHXYN898rR4Cb0vb2xDz5cpmZrnqlULnEtHusy1pIH1AagML5g9Qqgm_yy7cjTz0Rx8dyenESToV8tsWHUWaD71RtiVDYWmDwLhR8Y3py_A4D3bffMR3hrvFxPIRxa03TRA0nhd868B8OsFQUnLMdbj9WLWOjWv3Zi9bmH-9tqgf34vJ1NUsPhMXhwnjgXFfNAfipikcpSaxLatVFgqcY-BKamxg"
}
2022-12-20 08:04:15,760:DEBUG:urllib3.connectionpool:"POST /acme/authz-v3/188465301627 HTTP/1.1" 200 802
2022-12-20 08:04:15,761:DEBUG:acme.client:Received response:
HTTP 200
content-length: 802
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
boulder-requester: 878812887
date: Tue, 20 Dec 2022 07:04:15 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 20F604OatjNZuIvWAWzF9kPmtivZBJHl67BYQmjT64K2rno

{
  "identifier": {
    "type": "dns",
    "value": "www.doujinblog.org"
  },
  "status": "pending",
  "expires": "2022-12-27T07:04:15Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/188465301627/pAt-3g",
      "token": "zsLZJ1gVYR8fDyA7W-5WSGkET7ZZrSR85dIPtO0HU8Q"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/188465301627/zXes1Q",
      "token": "zsLZJ1gVYR8fDyA7W-5WSGkET7ZZrSR85dIPtO0HU8Q"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/188465301627/GRMsaQ",
      "token": "zsLZJ1gVYR8fDyA7W-5WSGkET7ZZrSR85dIPtO0HU8Q"
    }
  ]
}
2022-12-20 08:04:15,761:DEBUG:acme.client:Storing nonce: 20F604OatjNZuIvWAWzF9kPmtivZBJHl67BYQmjT64K2rno
2022-12-20 08:04:15,762:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-12-20 08:04:15,763:INFO:certbot._internal.auth_handler:dns-01 challenge for doujinblog.org
2022-12-20 08:04:15,764:INFO:certbot._internal.auth_handler:dns-01 challenge for www.doujinblog.org
2022-12-20 08:04:15,768:INFO:certbot.compat.misc:Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
2022-12-20 08:04:27,499:INFO:certbot.compat.misc:Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
2022-12-20 08:04:39,177:INFO:certbot._internal.auth_handler:Waiting for verification...
2022-12-20 08:04:39,178:DEBUG:acme.client:JWS payload:
{}
2022-12-20 08:04:39,180:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/188465301617/jxGPYg:
{
  "protected": "eyJub25jZSI6ICIyMEY2MDRPYXRqTlp1SXZXQVd6RjlrUG10aXZaQkpIbDY3QllRbWpUNjRLMnJubyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTg4NDY1MzAxNjE3L2p4R1BZZyIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC84Nzg4MTI4ODciLCAiYWxnIjogIlJTMjU2In0",
  "payload": "e30",
  "signature": "mVq1yYlOJR9hxkG5vwe1yx0nccLNR_-qfwWBJWxHroBwe7ECYM4j1mzmZQTrd4WXFBzkF91Uum2D10pse0G7PMPLAyqMeUcccYXCcNsOWKuKJ1iNzvBUUt2_zVepWPOQWtS2Tv7xARkO-ofufqlLG1PVOdp1yElDXMnX91pN0Ri3IuxcMLS0OjgTtTTQiS8eKK_B-1gJzAlSyRSf2g1vpqDiajWaLqhnm9XoF7EOQlvDgZ9Y1o2_Xyxdhty9wTY-Bzv1ameY7_RkX3qVEc6BBHrsuWiWmQDRrSSXFyqf4ahURQECnRvJmSZfILypAfCHwG4eKNFU3-RxRCRDX4wWwg"
}
2022-12-20 08:04:39,245:DEBUG:urllib3.connectionpool:"POST /acme/chall-v3/188465301617/jxGPYg HTTP/1.1" 200 186
2022-12-20 08:04:39,246:DEBUG:acme.client:Received response:
HTTP 200
content-length: 186
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/188465301617>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/188465301617/jxGPYg
boulder-requester: 878812887
date: Tue, 20 Dec 2022 07:04:39 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 20F6sQxzz8IzdnLAAoIA4c_1nz-GRJekglVk_gQEX_9nxPw

{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/188465301617/jxGPYg",
  "token": "oW1ahqfEUS1vegjmGKOjqTEnG89MCMxLZJiaUGjrC_k"
}
2022-12-20 08:04:39,246:DEBUG:acme.client:Storing nonce: 20F6sQxzz8IzdnLAAoIA4c_1nz-GRJekglVk_gQEX_9nxPw
2022-12-20 08:04:39,247:DEBUG:acme.client:JWS payload:
{}
2022-12-20 08:04:39,249:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/188465301627/zXes1Q:
{
  "protected": "eyJub25jZSI6ICIyMEY2c1F4eno4SXpkbkxBQW9JQTRjXzFuei1HUkpla2dsVmtfZ1FFWF85bnhQdyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTg4NDY1MzAxNjI3L3pYZXMxUSIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC84Nzg4MTI4ODciLCAiYWxnIjogIlJTMjU2In0",
  "payload": "e30",
  "signature": "qVYZO2v6mgcqeqVbwNStnQX1L4cQ9Tb8UrXTJJO8LX4fUwM-CsnwZhF8SH9vVAfu-UCcP5obFQT_u2kOZsWR7HYhDsNESBWtZmHS3qBFobDjOb34CSN1Int639XQAHU8S9Jl0cVdx9OtK77fnWc_Z-s-mb3uGMBQYdH7U4L47SC9Bff6S8B4-sgu_Yp1ShlF_gp7sGmA6utpZxA2VZbIDVu5FFq-6iif3D2L3tsEfLcKeTZ5Sr62BOim11ny-ugcbODl_S1fIdC3IwtHb2txsY3IlYzYyHqoqYAi45RDef3jOAOljaMtYFPiNsB_rTCAFHdK1W-WwOOsv_ClSlfnwg"
}
2022-12-20 08:04:39,310:DEBUG:urllib3.connectionpool:"POST /acme/chall-v3/188465301627/zXes1Q HTTP/1.1" 200 186
2022-12-20 08:04:39,311:DEBUG:acme.client:Received response:
HTTP 200
content-length: 186
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/188465301627>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/188465301627/zXes1Q
boulder-requester: 878812887
date: Tue, 20 Dec 2022 07:04:39 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: F977O87UY6eIqbgcLQZo_of85TUJIgjxefglyF0o0OeKySk

{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/188465301627/zXes1Q",
  "token": "zsLZJ1gVYR8fDyA7W-5WSGkET7ZZrSR85dIPtO0HU8Q"
}
2022-12-20 08:04:39,311:DEBUG:acme.client:Storing nonce: F977O87UY6eIqbgcLQZo_of85TUJIgjxefglyF0o0OeKySk
2022-12-20 08:04:40,313:DEBUG:acme.client:JWS payload:

2022-12-20 08:04:40,315:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/188465301617:
{
  "protected": "eyJub25jZSI6ICJGOTc3Tzg3VVk2ZUlxYmdjTFFab19vZjg1VFVKSWdqeGVmZ2x5RjBvME9lS3lTayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTg4NDY1MzAxNjE3IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzg3ODgxMjg4NyIsICJhbGciOiAiUlMyNTYifQ",
  "payload": "",
  "signature": "kb-Nts6GCdOdvkAEUb-2RW2FgSxGuMB4wQ7jkEU9uosSxDSnMSBrwHM8jaRpj3qeF3CrIqZiOgl0RrGATWlb13Yl3hrnQG_HJvMfU4di6gDPQKedJcba06khYb4OtHVZtCCsKf9v9r_rulyLt56dmF-uAQMEGVA3dZjttQwQo7rtoeYOioCt_C0TWT24KNfLeMW9W1wAk3b729kWbFFP0jYOGV5T9KRr6CB7JCwCFNwYB2N41SQXnjma9NGSifMvkrESuV26G0sarHgreqXsP22jP7q6bplqkp_tHsKGVeOWYm023or8GiCVQm1BBIjX0F2lJyZ_MT77G7oQdJjC5A"
}
2022-12-20 08:04:40,545:DEBUG:urllib3.connectionpool:"POST /acme/authz-v3/188465301617 HTTP/1.1" 200 593
2022-12-20 08:04:40,549:DEBUG:acme.client:Received response:
HTTP 200
content-length: 593
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
boulder-requester: 878812887
date: Tue, 20 Dec 2022 07:04:40 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: A5FEQvBiMdW6wvTJYGmXW7GSx2ksx_v5bMMZtGXY8-HlsW0

{
  "identifier": {
    "type": "dns",
    "value": "doujinblog.org"
  },
  "status": "invalid",
  "expires": "2022-12-27T07:04:15Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "No TXT record found at _acme-challenge.doujinblog.org",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/188465301617/jxGPYg",
      "token": "oW1ahqfEUS1vegjmGKOjqTEnG89MCMxLZJiaUGjrC_k",
      "validated": "2022-12-20T07:04:39Z"
    }
  ]
}
2022-12-20 08:04:40,550:DEBUG:acme.client:Storing nonce: A5FEQvBiMdW6wvTJYGmXW7GSx2ksx_v5bMMZtGXY8-HlsW0
2022-12-20 08:04:40,554:DEBUG:acme.client:JWS payload:

2022-12-20 08:04:40,556:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/188465301627:
{
  "protected": "eyJub25jZSI6ICJBNUZFUXZCaU1kVzZ3dlRKWUdtWFc3R1N4MmtzeF92NWJNTVp0R1hZOC1IbHNXMCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTg4NDY1MzAxNjI3IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzg3ODgxMjg4NyIsICJhbGciOiAiUlMyNTYifQ",
  "payload": "",
  "signature": "CNdZVdT-dxz-bGnTIg0SxcGllg3TOvIiXPaxJqw8rDZwyu8d8DPJOaeJZiO9Z5ttfSaequBz-uVFF0QL3GmCtRsbZDK0TciX8QJv8COZVPJHH2orq4Q1iFx9Th4n9RzbxagRh2DRN0tGp_1FrSAjeVYffj_MWXgJUw2TfyEnRd8dU5bM26IU0sELDKx-Zc5zj9TjsiG2e3UGZOYcH4KRn8kmgM-pq6ChTva9DbDaXFp9rOutHdrUJXa7Bv-EktF8GZWC52RxLOHC-BDvq4omg2CAwrBllxemakql7pWa0lCJkxoZQeYVTZQKol4EcBbSGzsx1-Q50nSVKH_UBbeATA"
}
2022-12-20 08:04:40,601:DEBUG:urllib3.connectionpool:"POST /acme/authz-v3/188465301627 HTTP/1.1" 200 601
2022-12-20 08:04:40,602:DEBUG:acme.client:Received response:
HTTP 200
content-length: 601
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
boulder-requester: 878812887
date: Tue, 20 Dec 2022 07:04:40 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: F977KC9eapBQ86ARRD4mSvyEWhaQjjnp4L4gqoG2MU9LRg8

{
  "identifier": {
    "type": "dns",
    "value": "www.doujinblog.org"
  },
  "status": "invalid",
  "expires": "2022-12-27T07:04:15Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "No TXT record found at _acme-challenge.www.doujinblog.org",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/188465301627/zXes1Q",
      "token": "zsLZJ1gVYR8fDyA7W-5WSGkET7ZZrSR85dIPtO0HU8Q",
      "validated": "2022-12-20T07:04:39Z"
    }
  ]
}
2022-12-20 08:04:40,602:DEBUG:acme.client:Storing nonce: F977KC9eapBQ86ARRD4mSvyEWhaQjjnp4L4gqoG2MU9LRg8
2022-12-20 08:04:40,603:WARNING:certbot._internal.auth_handler:Challenge failed for domain doujinblog.org
2022-12-20 08:04:40,605:WARNING:certbot._internal.auth_handler:Challenge failed for domain www.doujinblog.org
2022-12-20 08:04:40,605:INFO:certbot._internal.auth_handler:dns-01 challenge for doujinblog.org
2022-12-20 08:04:40,605:INFO:certbot._internal.auth_handler:dns-01 challenge for www.doujinblog.org
2022-12-20 08:04:40,605:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:

Domain: doujinblog.org
Type:   unauthorized
Detail: No TXT record found at _acme-challenge.doujinblog.org

Domain: www.doujinblog.org
Type:   unauthorized
Detail: No TXT record found at _acme-challenge.www.doujinblog.org

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2022-12-20 08:04:40,606:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
AuthorizationError: Some challenges have failed.

2022-12-20 08:04:40,606:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-12-20 08:04:40,606:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-12-20 08:04:40,606:INFO:certbot.compat.misc:Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
2022-12-20 08:04:42,320:INFO:certbot.compat.misc:Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
2022-12-20 08:04:43,977:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/letsencrypt", line 9, in <module>
    load_entry_point('certbot==1.11.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1421, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1294, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 135, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 441, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 421, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
AuthorizationError: Some challenges have failed.
2022-12-20 08:04:43,979:ERROR:certbot._internal.log:Some challenges have failed.

The CF portion seems to be a lot better now.
But this is NOT good:

curl -Ii6 http://doujinblog.org/.well-known/acme-challenge/Test_File-1234
HTTP/1.1 302 Found
Date: Tue, 20 Dec 2022 07:23:08 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Location: https://doujinblog.org/

curl -Ii4 http://doujinblog.org/.well-known/acme-challenge/Test_File-1234
HTTP/1.1 302 Found
Date: Tue, 20 Dec 2022 07:24:31 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Location: https://doujinblog.org/

The redirection is stripping out the file and path.

4 Likes

que redireccion no hay ninguna redireccion ?
mi ingles es malisimo habla castellano ?

What redirection is there no redirection ?

302 is a redirection.
Location shows where to redirect to.

I showed you the redirection and you say there is none?

4 Likes

You can use online translators like:
Google Translate

4 Likes

If I offended you for something, I'm sorry. I already told you I'm not an expert I come to get ideas to solve my problem.

I'm checking my server and cloudflare configuration and I don't see any redirection, any ideas?

You did not offend me.
You contradicted a statement - which showed proof.

I already told you this is not the place to fix CF problems.
Once you have those fixed, we can help you.
I'm not sure if are the CF problems are fixed, but if you want to continue testing, you should use the LE staging environment [not production].

If so, what is the certbot command that you ran?

CentOS is not a web server.
What is the web server?

4 Likes