I tried to run certbot manually.
root@d72bbbaa6641:/var/log/letsencrypt# certbot certonly --webroot-path /usr/share/nginx/html
Saving debug log to /var/log/letsencrypt/letsencrypt.logHow would you like to authenticate with the ACME CA?
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): range.nac-issa.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for range.nac-issa.org
Using the webroot path /usr/share/nginx/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. range.nac-issa.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://range.nac-issa.org/.well-known/acme-challenge/4AeauX1uIg5GxULR53trzTcrmGuLpQcV7ZVMlzsdvek [216.186.173.226]: "\r\n400 The plain HTTP request was sent to HTTPS port\r\n\r\n400 Bad Request
<"IMPORTANT NOTES:
The following errors were reported by the server:
Domain: range.nac-issa.org
Type: unauthorized
Detail: Invalid response from
http://range.nac-issa.org/.well-known/acme-challenge/4AeauX1uIg5GxULR53trzTcrmGuLpQcV7ZVMlzsdvek
[216.186.173.226]: "\r\n400 The plain HTTP
request was sent to HTTPS
port\r\n\r\n400 Bad Request
<"To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Here is what I am getting for output.(My debug log)
2021-05-19 18:15:47,234:DEBUG:certbot.main:certbot version: 0.31.0
2021-05-19 18:15:47,234:DEBUG:certbot.main:Arguments: ['--webroot-path', '/usr/share/nginx/html']
2021-05-19 18:15:47,235:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-05-19 18:15:47,243:DEBUG:certbot.log:Root logging level set at 20
2021-05-19 18:15:47,243:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-05-19 18:15:47,244:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2021-05-19 18:15:47,308:DEBUG:certbot.plugins.selection:Multiple candidate plugins: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0x7fa39d96eb00>
Prep: True
- webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7fa39d96eba8>
Prep: True
2021-05-19 18:15:51,931:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7fa39d96eba8> and installer None
2021-05-19 18:15:51,931:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-05-19 18:15:51,935:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_re
turn_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/124156296', new_authzr_uri=None, terms_of_service=None), 5b80d8be3072f5c39e087f42130355e7,
Meta(creation_dt=datetime.datetime(2021, 5, 19, 14, 28, 10, tzinfo=), creation_host='d72bbbaa6641'))>
2021-05-19 18:15:51,936:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-05-19 18:15:51,938:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-05-19 18:15:52,368:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-05-19 18:15:52,369:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 19 May 2021 18:15:52 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800{
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"qFiz6jDGPig": "Adding random entries to the directory",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-05-19 18:15:52,369:DEBUG:certbot.display.ops:No installer, picking names manually
2021-05-19 18:15:57,244:INFO:certbot.main:Obtaining a new certificate
2021-05-19 18:15:57,438:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0006_key-certbot.pem
2021-05-19 18:15:57,440:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0006_csr-certbot.pem
2021-05-19 18:15:57,441:DEBUG:acme.client:Requesting fresh nonce
2021-05-19 18:15:57,441:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-05-19 18:15:57,511:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-05-19 18:15:57,512:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 19 May 2021 18:15:57 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0003VoSDow44tTDTHJ4JA_KoNVjQF93q1xIQmUcJbuzmwbQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=6048002021-05-19 18:15:57,512:DEBUG:acme.client:Storing nonce: 0003VoSDow44tTDTHJ4JA_KoNVjQF93q1xIQmUcJbuzmwbQ
2021-05-19 18:15:57,512:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "range.nac-issa.org"\n }\n ]\n}'
2021-05-19 18:15:57,514:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MTU2Mjk2IiwgIm5vbmNlIjogIjAwMDNWb1NEb3c0NHRURFRISjRKQV9Lb05WalFGOTNxMXhJUW1VY0p
idXptd2JRIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "cdnoQD5JQmEgBkRcj1QMuFZt6659iep2mW8m-fXK-E8U8IJbmkaoq3OQfQ-VEm_q_oNVnjmmN--3b3EvAwL3q7K8xTNG3I_VhCCUfKAsbzJGyMFrA3O2UB32_ksi7e6bcrETck7LfMDYe8jXVEcPOIbZjFBGhxLrvl1-bah0nMAmWBH5a-r
Y2bC_v84Ie8_eTqq9kNQfTloJKk-u-GS7t637fX7IUwu9KHaR9dEYoB8Mc4qvoOfaYofHMWYI4Qfu2YasgiXFMoxrztCvx0w08ETqgtE_qYDjYj4HgnxYr1q_s-CvmQZuQDbNF6p7O2WGFHBmj8fHq1hCXCpDlM-VLQ",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInJhbmdlLm5hYy1pc3NhLm9yZyIKICAgIH0KICBdCn0"
}
2021-05-19 18:15:57,737:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 340
2021-05-19 18:15:57,737:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 19 May 2021 18:15:57 GMT
Content-Type: application/json
Content-Length: 340
Connection: keep-alive
Boulder-Requester: 124156296
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/124156296/9812142478
Replay-Nonce: 0003NQR0IHQzR_MRTPME43JtsVPrYrS655j6LNBgQzVbN-s
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800{
"status": "pending",
"expires": "2021-05-26T18:15:57Z",
"identifiers": [
{
"type": "dns",
"value": "range.nac-issa.org"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/13264198418"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/124156296/9812142478"
}
2021-05-19 18:15:57,737:DEBUG:acme.client:Storing nonce: 0003NQR0IHQzR_MRTPME43JtsVPrYrS655j6LNBgQzVbN-s
2021-05-19 18:15:57,738:DEBUG:acme.client:JWS payload:
b''
2021-05-19 18:15:57,739:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/13264198418:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MTU2Mjk2IiwgIm5vbmNlIjogIjAwMDNOUVIwSUhRelJfTVJUUE1FNDNKdHNWUHJZclM2NTVqNkxOQmd
RelZiTi1zIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzI2NDE5ODQxOCJ9",
"signature": "gYZIdHQ8Ph-Y7k81LdPoFWfzxW-yIp6Pol6z4eLx4NvkPxW5SJqi85Y34RhovxV2pi5yqdk0RROP4V9T-turApQ_LX8Al8R60IV_waIbJHpz3jHGLKq3n1musUFhvlAPm9bmp1GSPUvKDeCkAXA8EEIBwYka2SdgE9zY0EsBkjFLu1TO-u1
lrgK_kn-EEo8WSWTa7uJKYa4T5cfi_S7ts62KFBx7VHXa99nMZjEBpyaAsxt1p6kMXXLin2DLUwpinSXfRsEsF_y737m6mGQ-95IHJMGpJNwd3gahN1wsMItjRRFtzHL_y4eUXi6UOHb5lVFrif_owY1rIwchmqAsmQ",
"payload": ""
}
2021-05-19 18:15:57,839:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13264198418 HTTP/1.1" 200 799
2021-05-19 18:15:57,839:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 19 May 2021 18:15:57 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 124156296
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0004oLRWjLHMFgO8W82uLMwZC88tn4kwzB8wYlIBu1rRS18
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800{
"identifier": {
"type": "dns",
"value": "range.nac-issa.org"
},
"status": "pending",
"expires": "2021-05-26T18:15:57Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13264198418/8sTeHg",
"token": "wqh7JaLPOWrk7AFU6PN1CoGA_Hmekek-JyeEOs0bqNM"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13264198418/jwjBvg",
"token": "wqh7JaLPOWrk7AFU6PN1CoGA_Hmekek-JyeEOs0bqNM"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13264198418/_9zKkw",
"token": "wqh7JaLPOWrk7AFU6PN1CoGA_Hmekek-JyeEOs0bqNM"
}
]
}
2021-05-19 18:15:57,840:DEBUG:acme.client:Storing nonce: 0004oLRWjLHMFgO8W82uLMwZC88tn4kwzB8wYlIBu1rRS18
2021-05-19 18:15:57,840:INFO:certbot.auth_handler:Performing the following challenges:
2021-05-19 18:15:57,840:INFO:certbot.auth_handler:http-01 challenge for range.nac-issa.org
2021-05-19 18:15:57,840:INFO:certbot.plugins.webroot:Using the webroot path /usr/share/nginx/html for all unmatched domains.
2021-05-19 18:15:57,841:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /usr/share/nginx/html/.well-known/acme-challenge
2021-05-19 18:15:57,843:DEBUG:certbot.plugins.webroot:Attempting to save validation to /usr/share/nginx/html/.well-known/acme-challenge/wqh7JaLPOWrk7AFU6PN1CoGA_Hmekek-JyeEOs0bqNM
2021-05-19 18:15:57,843:INFO:certbot.auth_handler:Waiting for verification...
2021-05-19 18:15:57,844:DEBUG:acme.client:JWS payload:
b'{\n "resource": "challenge",\n "type": "http-01"\n}'
2021-05-19 18:15:57,845:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/13264198418/8sTeHg:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MTU2Mjk2IiwgIm5vbmNlIjogIjAwMDRvTFJXakxITUZnTzhXODJ1TE13WkM4OHRuNGt3ekI4d1lsSUJ
1MXJSUzE4IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xMzI2NDE5ODQxOC84c1RlSGcifQ",
"signature": "PFJP0HCkdQHre0t3E_ZRY_OpVRSQP--IZHFDDBIobIfxXpoyr002IdUa3ekVT2zPsN1zxvSyxHgLUVFz2_sfysKHR4Rb7LoZ-mOYKiH_gdrjBjPLomziausUwvIQwG9LZHfbZFx_RJonbgZ1-c4F9oNeEHMbDujTZzFThzpkNb4yRpueo4b
wuFyrQbXDiHyQUz2xtUzK4R0vdXoNqFrs_FTG0PBBmlrct5wSqiY5iKcEP_OpujO6BBY08xPxEJdlLUvYi08IdecdrHNHNYv-VoV6UYnZygsePx3UH4UUmWIkqXQ5pQ-knzdU3ahYXp3DhuCgyu_BrQRdkO-aPsMTTg",
"payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
2021-05-19 18:15:57,969:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/13264198418/8sTeHg HTTP/1.1" 200 186
2021-05-19 18:15:57,970:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 19 May 2021 18:15:57 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 124156296
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz-v3/13264198418;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/13264198418/8sTeHg
Replay-Nonce: 0003Bsy-XTR6RQ0izkZyVhhZwNd8E2b4QSc2b-Sfa2S7nX0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13264198418/8sTeHg",
"token": "wqh7JaLPOWrk7AFU6PN1CoGA_Hmekek-JyeEOs0bqNM"
}
2021-05-19 18:15:57,970:DEBUG:acme.client:Storing nonce: 0003Bsy-XTR6RQ0izkZyVhhZwNd8E2b4QSc2b-Sfa2S7nX0
2021-05-19 18:16:00,971:DEBUG:acme.client:JWS payload:
b''
2021-05-19 18:16:00,972:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/13264198418:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MTU2Mjk2IiwgIm5vbmNlIjogIjAwMDNCc3ktWFRSNlJRMGl6a1p5VmhoWndOZDhFMmI0UVNjMmItU2Z
hMlM3blgwIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzI2NDE5ODQxOCJ9",
"signature": "ODd-QWbKp87E5fQdVW40usktL6ZDkop0ozgu56hQy5dwzNpTx4RNKuIoPtTU-vGn6uwLqGmRcv_Z17ffuEcqBXhVgH9lEfzN6kKjxMAVaLKPbpqlLP3r-2z1iJx2QLWBt7ptarOdLv7imPXFVB4Z875JdqX9I3Hvin2TO6Y3tv2-cnIiRZV
yYAmwVDDb1a16ArVxXmA5TJzKmnFCBTKWQN9MTEiPITn5exJs4L4MGzxPweZ_AZAmAIcUiFXbhW0H2He0K6Ec0o3Yk9msMQQJGuKm9FduB1qtJ1R9bSR_7o5_2zzqt35pP3uBhCR1hRckq9LzBBWwzSzLzyY250QtHQ",
"payload": ""
}
2021-05-19 18:16:01,071:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13264198418 HTTP/1.1" 200 1282
2021-05-19 18:16:01,071:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 19 May 2021 18:16:01 GMT
Content-Type: application/json
Content-Length: 1282
Connection: keep-alive
Boulder-Requester: 124156296
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0004pGwsrt6fEKdZSFDPX3-HndQGtk701u4j2s2fRbirgfE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800{
"identifier": {
"type": "dns",
"value": "range.nac-issa.org"
},
"status": "invalid",
"expires": "2021-05-26T18:15:57Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://range.nac-issa.org/.well-known/acme-challenge/wqh7JaLPOWrk7AFU6PN1CoGA_Hmekek-JyeEOs0bqNM [216.186.173.226]: "\u003chtml\u003e\r\n\u003chead\u00
3e\u003ctitle\u003e400 The plain HTTP request was sent to HTTPS port\u003c/title\u003e\u003c/head\u003e\r\n\u003cbody\u003e\r\n\u003ccenter\u003e\u003ch1\u003e400 Bad Request\u003c/h1\u003e\u
003c"",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13264198418/8sTeHg",
"token": "wqh7JaLPOWrk7AFU6PN1CoGA_Hmekek-JyeEOs0bqNM",
"validationRecord": [
{
"url": "http://range.nac-issa.org/.well-known/acme-challenge/wqh7JaLPOWrk7AFU6PN1CoGA_Hmekek-JyeEOs0bqNM",
"hostname": "range.nac-issa.org",
"port": "80",
"addressesResolved": [
"216.186.173.226"
],
"addressUsed": "216.186.173.226"
}
],
"validated": "2021-05-19T18:15:57Z"
}
]
}
2021-05-19 18:16:01,072:DEBUG:acme.client:Storing nonce: 0004pGwsrt6fEKdZSFDPX3-HndQGtk701u4j2s2fRbirgfE
2021-05-19 18:16:01,072:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:Domain: range.nac-issa.org
Type: unauthorized
Detail: Invalid response from http://range.nac-issa.org/.well-known/acme-challenge/wqh7JaLPOWrk7AFU6PN1CoGA_Hmekek-JyeEOs0bqNM [216.186.173.226]: "\r\n400 The plain HTTP reques
t was sent to HTTPS port\r\n\r\n400 Bad Request
<"To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2021-05-19 18:16:01,073:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. range.nac-issa.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid resp
onse from http://range.nac-issa.org/.well-known/acme-challenge/wqh7JaLPOWrk7AFU6PN1CoGA_Hmekek-JyeEOs0bqNM [216.186.173.226]: "\r\n400 The plain HTTP request was sent to HTTPS
port\r\n\r\n400 Bad Request
<"2021-05-19 18:16:01,073:DEBUG:certbot.error_handler:Calling registered functions
2021-05-19 18:16:01,073:INFO:certbot.auth_handler:Cleaning up challenges
2021-05-19 18:16:01,073:DEBUG:certbot.plugins.webroot:Removing /usr/share/nginx/html/.well-known/acme-challenge/wqh7JaLPOWrk7AFU6PN1CoGA_Hmekek-JyeEOs0bqNM
2021-05-19 18:16:01,074:DEBUG:certbot.plugins.webroot:All challenges cleaned up
2021-05-19 18:16:01,074:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1250, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 410, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. range.nac-issa.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid resp
onse from http://range.nac-issa.org/.well-known/acme-challenge/wqh7JaLPOWrk7AFU6PN1CoGA_Hmekek-JyeEOs0bqNM [216.186.173.226]: "\r\n400 The plain HTTP request was sent to HTTPS
port\r\n\r\n400 Bad Request
<"