Nginx issue with Ubuntu Jitsi chat server

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cv-meet.kozow.com

I ran this command: installed certbot = success

It produced this output: failed to restart nginx - something about duplicate entries found and buffer sizes.

My web server is (include version): Ubuntu Desktop 20.04.3 LTS

The operating system my web server runs on is (include version): Ubuntu

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Current version.

*Note: I'm not well versed in linux. I wanted to setup my own Jitsi server inhouse and everything went well. I used however multiple cookbooks. The issue arose when I wasn't sure if my Let's Encrypt request was successful. I didn't have certbot installed on the first command line request. So I installed certbot (for some reason my box said cerbot was installed - baffled). So I uninstalled it and reinstalled it via the cerbot website. It tried to restart nginx producing an error that it could not start and it found duplicates along with buffer information. I rebooted the box (virtual) and nginx status said running. I cannot access my site via https.

I'm not sure what I'm missing or what needs to be resolved if anything. I would appreciate any help. Thanks

2

Welcome @stansfieldr6

Let's start with these. Can you show the results of these commands?

nginx -t
certbot --version
certbot certificates

use sudo in front of commands if necessary

If you could put three backticks before and after the command output that would format better. Like this:

```
output
```

3 Likes
3

Jitsi is not a simple application. How did you install it? Did you read their documentation on using Let's Encrypt?

2 Likes
4

Hello MikeMcQ. Thank you for your interest in response to my trouble. Below is the information you have requested.

 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

certbot --version
certbot 1.23.0

certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No certificates found.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -```
5

Yes, I read Jitsi's documentation and also a pretty well written tutorial. It seemed pretty straight forward. I like to keep my data and services in-house for my small business. This strictly a virtual machine to host Jitsi. There is a good bit of info on administrating it. The purpose of this Jitsi server is to host my own video conferencing when need be.

It is indeed working, however without https.

6

No, even HTTP is not working. It may be working on your local network but it is not working from the public internet. See this test site:

I do not know jitsi at all and others have said it can be very difficult. So I could not help with that but so far it seems you are missing very basic parts.

2 Likes
8

Looks like we are on much different time zones. I see your site just fine and your http even redirects to https which is good. The problem is your server is sending out a self-signed certificate. These will be shown as not safe by browsers as you have learned.

Can you show the result of this command

sudo certbot certonly --webroot -w XXX -d cv-meet.kozow.com --dry-run

Replace XXX with the folder from the root value for the nginx server block for port 443 for this domain name.

2 Likes
9

Thanks Mike,

I'm trying to understand this last part: " Replace XXX with the folder from the root value for the nginx server block for port 443 for this domain name." I'm looking through my nginx directory. Would this be in my /nginx/sites-enabled dir?

1 Like
10

Probably but there are many ways to setup nginx. If you can't find it run this command and post results here. It will be long so please put 3 backticks before and after the output

nginx -T

(upper case T)

Paste with this before and after
```
paste output
```

2 Likes
11 
sudo nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
# 
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

# configuration file /etc/nginx/modules-enabled/50-mod-http-auth-pam.conf:
load_module modules/ngx_http_auth_pam_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-dav-ext.conf:
load_module modules/ngx_http_dav_ext_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-echo.conf:
load_module modules/ngx_http_echo_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-geoip.conf:
load_module modules/ngx_http_geoip_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-geoip2.conf:
load_module modules/ngx_http_geoip2_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
load_module modules/ngx_http_image_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-subs-filter.conf:
load_module modules/ngx_http_subs_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-upstream-fair.conf:
load_module modules/ngx_http_upstream_fair_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
load_module modules/ngx_http_xslt_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
load_module modules/ngx_mail_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
load_module modules/ngx_stream_module.so;

# configuration file /etc/nginx/mime.types:

types {
    text/html                             html htm shtml;
    text/css                              css;
    text/xml                              xml;
    image/gif                             gif;
    image/jpeg                            jpeg jpg;
    application/javascript                js;
    application/atom+xml                  atom;
    application/rss+xml                   rss;

    text/mathml                           mml;
    text/plain                            txt;
    text/vnd.sun.j2me.app-descriptor      jad;
    text/vnd.wap.wml                      wml;
    text/x-component                      htc;

    image/png                             png;
    image/tiff                            tif tiff;
    image/vnd.wap.wbmp                    wbmp;
    image/x-icon                          ico;
    image/x-jng                           jng;
    image/x-ms-bmp                        bmp;
    image/svg+xml                         svg svgz;
    image/webp                            webp;

    application/font-woff                 woff;
    application/java-archive              jar war ear;
    application/json                      json;
    application/mac-binhex40              hqx;
    application/msword                    doc;
    application/pdf                       pdf;
    application/postscript                ps eps ai;
    application/rtf                       rtf;
    application/vnd.apple.mpegurl         m3u8;
    application/vnd.ms-excel              xls;
    application/vnd.ms-fontobject         eot;
    application/vnd.ms-powerpoint         ppt;
    application/vnd.wap.wmlc              wmlc;
    application/vnd.google-earth.kml+xml  kml;
    application/vnd.google-earth.kmz      kmz;
    application/x-7z-compressed           7z;
    application/x-cocoa                   cco;
    application/x-java-archive-diff       jardiff;
    application/x-java-jnlp-file          jnlp;
    application/x-makeself                run;
    application/x-perl                    pl pm;
    application/x-pilot                   prc pdb;
    application/x-rar-compressed          rar;
    application/x-redhat-package-manager  rpm;
    application/x-sea                     sea;
    application/x-shockwave-flash         swf;
    application/x-stuffit                 sit;
    application/x-tcl                     tcl tk;
    application/x-x509-ca-cert            der pem crt;
    application/x-xpinstall               xpi;
    application/xhtml+xml                 xhtml;
    application/xspf+xml                  xspf;
    application/zip                       zip;

    application/octet-stream              bin exe dll;
    application/octet-stream              deb;
    application/octet-stream              dmg;
    application/octet-stream              iso img;
    application/octet-stream              msi msp msm;

    application/vnd.openxmlformats-officedocument.wordprocessingml.document    docx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet          xlsx;
    application/vnd.openxmlformats-officedocument.presentationml.presentation  pptx;

    audio/midi                            mid midi kar;
    audio/mpeg                            mp3;
    audio/ogg                             ogg;
    audio/x-m4a                           m4a;
    audio/x-realaudio                     ra;

    video/3gpp                            3gpp 3gp;
    video/mp2t                            ts;
    video/mp4                             mp4;
    video/mpeg                            mpeg mpg;
    video/quicktime                       mov;
    video/webm                            webm;
    video/x-flv                           flv;
    video/x-m4v                           m4v;
    video/x-mng                           mng;
    video/x-ms-asf                        asx asf;
    video/x-ms-wmv                        wmv;
    video/x-msvideo                       avi;
}

# configuration file /etc/nginx/sites-enabled/cv-meet.kozow.com.conf:
server_names_hash_bucket_size 64;

types {
# nginx's default mime.types doesn't include a mapping for wasm
    application/wasm     wasm;
}
server {
    listen 80;
    listen [::]:80;
    server_name cv-meet.kozow.com;

    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root         /usr/share/jitsi-meet;
    }
    location = /.well-known/acme-challenge/ {
        return 404;
    }
    location / {
        return 301 https://$host$request_uri;
    }
}
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name cv-meet.kozow.com;

    # Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m;  # about 40000 sessions
    ssl_session_tickets off;

    add_header Strict-Transport-Security "max-age=63072000" always;
    set $prefix "";

    ssl_certificate /etc/jitsi/meet/cv-meet.kozow.com.crt;
    ssl_certificate_key /etc/jitsi/meet/cv-meet.kozow.com.key;

    root /usr/share/jitsi-meet;

    # ssi on with javascript for multidomain variables in config.js
    ssi on;
    ssi_types application/x-javascript application/javascript;

    index index.html index.htm;
    error_page 404 /static/404.html;

    gzip on;
    gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
    gzip_vary on;
    gzip_proxied no-cache no-store private expired auth;
    gzip_min_length 512;

    location = /config.js {
        alias /etc/jitsi/meet/cv-meet.kozow.com-config.js;
    }

    location = /external_api.js {
        alias /usr/share/jitsi-meet/libs/external_api.min.js;
    }

    # ensure all static content can always be found first
    location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
    {
        add_header 'Access-Control-Allow-Origin' '*';
        alias /usr/share/jitsi-meet/$1/$2;

        # cache all versioned files
        if ($arg_v) {
            expires 1y;
        }
    }

    # BOSH
    location = /http-bind {
        proxy_pass http://127.0.0.1:5280/http-bind?prefix=$prefix&$args;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
    }

    # xmpp websockets
    location = /xmpp-websocket {
        proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        tcp_nodelay on;
    }

    # colibri (JVB) websockets for jvb1
    location ~ ^/colibri-ws/default-id/(.*) {
        proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        tcp_nodelay on;
    }

    # load test minimal client, uncomment when used
    #location ~ ^/_load-test/([^/?&:'"]+)$ {
    #    rewrite ^/_load-test/(.*)$ /load-test/index.html break;
    #}
    #location ~ ^/_load-test/libs/(.*)$ {
    #    add_header 'Access-Control-Allow-Origin' '*';
    #    alias /usr/share/jitsi-meet/load-test/libs/$1;
    #}

    location ~ ^/([^/?&:'"]+)$ {
        try_files $uri @root_path;
    }

    location @root_path {
        rewrite ^/(.*)$ / break;
    }

    location ~ ^/([^/?&:'"]+)/config.js$
    {
        set $subdomain "$1.";
        set $subdir "$1/";

        alias /etc/jitsi/meet/cv-meet.kozow.com-config.js;
    }

    # BOSH for subdomains
    location ~ ^/([^/?&:'"]+)/http-bind {
        set $subdomain "$1.";
        set $subdir "$1/";
        set $prefix "$1";

        rewrite ^/(.*)$ /http-bind;
    }

    # websockets for subdomains
    location ~ ^/([^/?&:'"]+)/xmpp-websocket {
        set $subdomain "$1.";
        set $subdir "$1/";
        set $prefix "$1";

        rewrite ^/(.*)$ /xmpp-websocket;
    }

    # Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
    location ~ ^/([^/?&:'"]+)/(.*)$ {
        set $subdomain "$1.";
        set $subdir "$1/";
        rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
    }
}

# configuration file /etc/nginx/sites-enabled/default:
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
	listen 80 default_server;
	listen [::]:80 default_server;

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;

	server_name _;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
	}

	# pass PHP scripts to FastCGI server
	#
	#location ~ \.php$ {
	#	include snippets/fastcgi-php.conf;
	#
	#	# With php-fpm (or other unix sockets):
	#	fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
	#	# With php-cgi (or other tcp sockets):
	#	fastcgi_pass 127.0.0.1:9000;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#	listen 80;
#	listen [::]:80;
#
#	server_name example.com;
#
#	root /var/www/example.com;
#	index index.html;
#
#	location / {
#		try_files $uri $uri/ =404;
#	}
#}
12

I tried this command...

@cv-meet:~$ sudo certbot certonly --webroot -w /etc/nginx/sites-enabled -d cv-meet.kozow.com --dry-run

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Account registered.
Simulating a certificate request for cv-meet.kozow.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: cv-meet.kozow.com
  Type:   unauthorized
  Detail: Invalid response from http://cv-meet.kozow.com/.well-known/acme-challenge/gLiUyNYzULikn0RybG1Y50bK7yxgKg8-Z6x7LTJG6Tw [24.144.23.95]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ub"

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
13

The -w value should be the folder in the root statement above. That was in your server config block.

2 Likes
14

Information from debug log, letsencrypt.log (if needed)

2022-02-09 08:28:08,495:DEBUG:certbot.main:certbot version: 0.40.0
2022-02-09 08:28:08,495:DEBUG:certbot.main:Arguments: ['--noninteractive', '--webroot', '--webroot-path', '/usr/share/jitsi-meet', '-d', 'cv-meet.kozow.com', '--agree-tos', '--email', '\rnathancookstudios@gmail.com', '--deploy-hook', '/etc/letsencrypt/renewal-hooks/deploy/0000-coturn-certbot-deploy.sh']
2022-02-09 08:28:08,495:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-02-09 08:28:08,503:DEBUG:certbot.log:Root logging level set at 20
2022-02-09 08:28:08,504:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2022-02-09 08:28:08,504:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2022-02-09 08:28:08,504:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f0cef7c8f10>
Prep: True
2022-02-09 08:28:08,505:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f0cef7c8f10> and installer None
2022-02-09 08:28:08,505:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2022-02-09 08:28:08,547:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-02-09 08:28:08,548:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-02-09 08:28:08,729:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2022-02-09 08:28:08,730:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 09 Feb 2022 16:28:08 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
  "wv-xk9kmsVI": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
2022-02-09 08:28:08,730:DEBUG:acme.client:Requesting fresh nonce
2022-02-09 08:28:08,730:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2022-02-09 08:28:08,788:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-02-09 08:28:08,788:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 09 Feb 2022 16:28:08 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102O6qoOOy6rjLQeqI6RKd-EjeXPTEKkvmyFnvIGugzlkY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2022-02-09 08:28:08,788:DEBUG:acme.client:Storing nonce: 0102O6qoOOy6rjLQeqI6RKd-EjeXPTEKkvmyFnvIGugzlkY
2022-02-09 08:28:08,788:DEBUG:acme.client:JWS payload:
b'{\n  "contact": [\n    "mailto:\\rnathancookstudios@gmail.com"\n  ],\n  "termsOfServiceAgreed": true,\n  "resource": "new-reg"\n}'
2022-02-09 08:28:08,791:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-acct:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogInZ6UXdRdEsyZENyNVFteTctRnpGS3AxcDR1RmIxb1dNODNZZWUwTjdzRTRfVHM1Nkh1ZWpCbVFOM2g4U1pmWDVuZUJDdjJuelJQNHFWQ3hfWWEtdTMyUzhfM1JCNHhoSUpacnFudk5HYXhBTktNT1k2dU5RdGZwdTJuV0ZhRXY2dzZ2U1dpQ2ItVWhNTkNRb0FrQkEwSXFRbFZOcUVkaS1xX1Z6QjlScE1mWVpsSkRUMjlFZlNqV2llNmlOMWVrRU5NQVZuWThTRjQ1NFRMaXlHNUpSNnNnZF9OVVczcm5Sblc5aU9GR0VYaldmXzhQd2J5MkVwZlVia1dwZ3ZlcDFZQWlCOXhjQUY4UmtmbFFKU0hkM2Voek1zbVQzOXA0c1h4Z0JuWWI4WmtCYTFHbXdVdW5PWTdnQmU1alo0WnlMVHVyX2M3cXZ0aWZzdU5WTEtFZWVTdyIsICJlIjogIkFRQUIiLCAia3R5IjogIlJTQSJ9LCAibm9uY2UiOiAiMDEwMk82cW9PT3k2cmpMUWVxSTZSS2QtRWplWFBURUtrdm15Rm52SUd1Z3psa1kiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1hY2N0In0",
  "signature": "PRsDBt3F4wnQgmxvVMLO3nrSY6cuRP5FforMj2AbefmV1_ykMx8AnOlSriwVIHcFqn5Ao_i4P-oc5umnT1AjOydK77aI6yXrebAOFO3u_GPI5wOsBhuN4gyoviVObjlcSvn1OpJBGqDokj_Hd_yttIwmq5U9dxNSO_sZrCi46DZOqhojOhByAeEcqLOZ-Qs_TwDBLTWKqpVoYBGUotOVE3puZ-MyiCGnh7sV-eKBFkqyOeZasOuTV8L8HxrX1fsEHyZwaDvQqjfx53EkUinFwCaNYIfvqQ8HHqvwbXz9YQiy3oLlGbdzXTT01OrY_wZABSflVveIH-pyyA4qvu3fAw",
  "payload": "ewogICJjb250YWN0IjogWwogICAgIm1haWx0bzpccm5hdGhhbmNvb2tzdHVkaW9zQGdtYWlsLmNvbSIKICBdLAogICJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWUsCiAgInJlc291cmNlIjogIm5ldy1yZWciCn0"
}
2022-02-09 08:28:08,903:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-acct HTTP/1.1" 400 133
2022-02-09 08:28:08,904:DEBUG:acme.client:Received response:
HTTP 400
Server: nginx
Date: Wed, 09 Feb 2022 16:28:08 GMT
Content-Type: application/problem+json
Content-Length: 133
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 01013ouCM1GNyYkEYehfH4ROv1SgPKtGqYQppFCLg0PQW-4

{
  "type": "urn:ietf:params:acme:error:invalidEmail",
  "detail": "Error creating new account :: invalid contact",
  "status": 400
}
2022-02-09 08:28:08,904:DEBUG:certbot.main:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 221, in perform_registration
    return acme.new_account_and_tos(newreg, tos_cb)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 838, in new_account_and_tos
    return self.client.new_account(regr)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 601, in new_account
    response = self._post(self.directory['newAccount'], new_account)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 95, in _post
    return self.net.post(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1171, in post
    return self._post_once(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1184, in _post_once
    response = self._check_response(response, content_type=content_type)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1042, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:invalidEmail :: The provided email for a registration was invalid :: Error creating new account :: invalid contact

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 522, in _determine_account
    acc, acme = client.register(
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 178, in register
    regr = perform_registration(acme, config, tos_cb)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 228, in perform_registration
    raise errors.Error(msg)
certbot.errors.Error: The ACME server believes 
nathancookstudios@gmail.com is an invalid email address. Please ensure it is a valid email and attempt registration again.
2022-02-09 08:28:08,905:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 221, in perform_registration
    return acme.new_account_and_tos(newreg, tos_cb)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 838, in new_account_and_tos
    return self.client.new_account(regr)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 601, in new_account
    response = self._post(self.directory['newAccount'], new_account)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 95, in _post
    return self.net.post(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1171, in post
    return self._post_once(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1184, in _post_once
    response = self._check_response(response, content_type=content_type)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1042, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:invalidEmail :: The provided email for a registration was invalid :: Error creating new account :: invalid contact

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 522, in _determine_account
    acc, acme = client.register(
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 178, in register
    regr = perform_registration(acme, config, tos_cb)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 228, in perform_registration
    raise errors.Error(msg)
certbot.errors.Error: The ACME server believes 
nathancookstudios@gmail.com is an invalid email address. Please ensure it is a valid email and attempt registration again.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1382, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1249, in certonly
    le_client = _init_le_client(config, auth, installer)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 607, in _init_le_client
    acc, acme = _determine_account(config)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 528, in _determine_account
    raise errors.Error(
certbot.errors.Error: Unable to register an account with ACME server
2022-02-09 11:24:25,035:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2022-02-09 11:24:25,560:DEBUG:certbot._internal.main:certbot version: 1.23.0
2022-02-09 11:24:25,560:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1788/bin/certbot
2022-02-09 11:24:25,560:DEBUG:certbot._internal.main:Arguments: ['--nginx', '--preconfigured-renewal']
2022-02-09 11:24:25,560:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-02-09 11:24:25,573:DEBUG:certbot._internal.log:Root logging level set at 30
2022-02-09 11:24:25,575:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2022-02-09 11:24:25,779:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f1858e138b0>
Prep: True
2022-02-09 11:24:25,780:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f1858e138b0> and installer <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f1858e138b0>
2022-02-09 11:24:25,780:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2022-02-09 11:24:40,467:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-02-09 11:24:40,469:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-02-09 11:24:40,738:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2022-02-09 11:24:40,738:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 09 Feb 2022 19:24:40 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
  "z6AvW14lOqk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
2022-02-09 11:24:49,092:DEBUG:acme.client:Requesting fresh nonce
2022-02-09 11:24:49,092:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2022-02-09 11:24:49,170:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-02-09 11:24:49,170:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 09 Feb 2022 19:24:49 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002QrrLjboWo3SPx7OAVTgYA2J3-3MHC77Q-PiSf8EXtHA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2022-02-09 11:24:49,170:DEBUG:acme.client:Storing nonce: 0002QrrLjboWo3SPx7OAVTgYA2J3-3MHC77Q-PiSf8EXtHA
2022-02-09 11:24:49,171:DEBUG:acme.client:JWS payload:
b'{\n  "contact": [\n    "mailto:nathancookstudios@gmail.com"\n  ],\n  "termsOfServiceAgreed": true\n}'
2022-02-09 11:24:49,173:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-acct:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogInpQanBQckMzeUJTVzJOMUIxYlVKYWcybGFMcmtEblpQdGxfdFQ4d2RzaUxUbnFmSU5DR2hVSnZUT3ptX0tTTEx3QlhrazF2Z0E3aG5ETXhKRkZJcDhFR2w0UHdZandEYlZuaTd4UW92ZUZUODdYcmhpN1Vuc2h2ckhPWFBETDllaEVpR0J6NW1QWXg4anBybkF1S3hEMDY0MU9jemsyS1ZZS1gtekZyVVBZYXd1LVdMdS1fV08zS0Vrc3lRNjdSQVgtbFNsNHBEQlNxbnYtTWFJdzlXdGhKUlVaMkI5N1lPODBxNlZBc2Q1anNlMUFhMkN4MV93cXJKZWV0X1JCZVVkVklUWWdzajdCZGpuVnhlZjQyRVUyT0pQdGFsZWVrQ0V5ZFZtb3NXVElvSy13eVRZMllCWWh2ZURoSXdOSnZZcV9zM1R2b0t1UXJFOEdETWFNYnVQUSIsICJlIjogIkFRQUIiLCAia3R5IjogIlJTQSJ9LCAibm9uY2UiOiAiMDAwMlFyckxqYm9XbzNTUHg3T0FWVGdZQTJKMy0zTUhDNzdRLVBpU2Y4RVh0SEEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1hY2N0In0",
  "signature": "Ft7DdiX58oU4vmcNdEko2_c1E_8kgjeTjdSJMP1_12wleq9CuBn6v9-OdHBEHoKhwAXD6swuAKvopbYt7H0EKe2oW1-ey_4rX_Q_3ifQT3j2WoX0R3Jj97KvP4JfhGkaiTYNk7FGxW5m9cp9xTJeCtUz_RLNYWydf1xUeEkOnqMVxi4pez54KBvuXpbVCwHC17RrDodWBkKVLwcu1iJAxg5i29UqGWfgWyAkHKIiwjJtjJ91jMLLh13YlyGsY1jg6KXEFrSOKAORLlfAfXBtXghpRyljTGBVjYvSihSvnaHPNBtBDQGUDsIOCIJuYD9FatLynH9VGZfwSba024pgwA",
  "payload": "ewogICJjb250YWN0IjogWwogICAgIm1haWx0bzpuYXRoYW5jb29rc3R1ZGlvc0BnbWFpbC5jb20iCiAgXSwKICAidGVybXNPZlNlcnZpY2VBZ3JlZWQiOiB0cnVlCn0"
}
2022-02-09 11:24:49,255:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-acct HTTP/1.1" 201 568
2022-02-09 11:24:49,256:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 09 Feb 2022 19:24:49 GMT
Content-Type: application/json
Content-Length: 568
Connection: keep-alive
Boulder-Requester: 401810280
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>;rel="terms-of-service"
Location: https://acme-v02.api.letsencrypt.org/acme/acct/401810280
Replay-Nonce: 0001FOEEKUh7EygA62tldzUyySRk3vyZhojmlM8g9fh6kUM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "key": {
    "kty": "RSA",
    "n": "zPjpPrC3yBSW2N1B1bUJag2laLrkDnZPtl_tT8wdsiLTnqfINCGhUJvTOzm_KSLLwBXkk1vgA7hnDMxJFFIp8EGl4PwYjwDbVni7xQoveFT87Xrhi7UnshvrHOXPDL9ehEiGBz5mPYx8jprnAuKxD0641Oczk2KVYKX-zFrUPYawu-WLu-_WO3KEksyQ67RAX-lSl4pDBSqnv-MaIw9WthJRUZ2B97YO80q6VAsd5jse1Aa2Cx1_wqrJeet_RBeUdVITYgsj7BdjnVxef42EU2OJPtaleekCEydVmosWTIoK-wyTY2YBYhveDhIwNJvYq_s3TvoKuQrE8GDMaMbuPQ",
    "e": "AQAB"
  },
  "contact": [
    "mailto:nathancookstudios@gmail.com"
  ],
  "initialIp": "24.144.23.95",
  "createdAt": "2022-02-09T19:24:49.21501796Z",
  "status": "valid"
}
2022-02-09 11:24:49,256:DEBUG:acme.client:Storing nonce: 0001FOEEKUh7EygA62tldzUyySRk3vyZhojmlM8g9fh6kUM
2022-02-09 11:25:07,468:DEBUG:certbot._internal.display.obj:Notifying user: Account registered.
2022-02-09 11:25:07,468:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f1858da2190>)>), contact=('mailto:nathancookstudios@gmail.com',), agreement=None, status='valid', terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/401810280', new_authzr_uri=None, terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'), 16b20ff6c8972e2476c3ee989a794f71, Meta(creation_dt=datetime.datetime(2022, 2, 9, 19, 24, 49, tzinfo=<UTC>), creation_host='cv-meet.kozow.com', register_to_eff=None))>
2022-02-09 11:25:07,489:DEBUG:certbot.util:Not suggesting name "_"
Traceback (most recent call last):
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/util.py", line 311, in get_filtered_names
    filtered_names.add(enforce_le_validity(name))
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/util.py", line 497, in enforce_le_validity
    raise errors.ConfigurationError(
certbot.errors.ConfigurationError: _ contains an invalid character. Valid characters are A-Z, a-z, 0-9, ., and -.
2022-02-09 11:25:32,725:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for cv-meet.kozow.com
2022-02-09 11:25:32,897:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
2022-02-09 11:25:32,900:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem
2022-02-09 11:25:32,901:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "cv-meet.kozow.com"\n    }\n  ]\n}'
2022-02-09 11:25:32,903:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDAxODEwMjgwIiwgIm5vbmNlIjogIjAwMDFGT0VFS1VoN0V5Z0E2MnRsZHpVeXlTUmszdnlaaG9qbWxNOGc5Zmg2a1VNIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "eUDCqzoyaebcdaM_q8Ue5T-F-RpUTOw4J5ybQWg-pG_vUgc-59IXc5M6ry-xFGJQDT3YhP1ZRzr08FthzblqmuvNEJGm7EZcukRWZnvK-V358NL8bqRxUDWxMzhACHEcXdCGLEDyh-FVTzcER_1dkO5S8nDnTUIId0QbUuCYlqjfR9Nq2qfzc01dSGU0syW6DrXh89alJjU5XLM8Xz3wIyb82fgkuBupehlqwOmObwNgrziAEKBU1vVCAz4C_Bbi8iqIaOGzLqSGxBUMNcV6gn0_x0PtLCay33pe2y342JFksCHUhQ-i2bNzzl5tmiSaSHYgkVOHKYqGjT9RhZd31w",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImN2LW1lZXQua296b3cuY29tIgogICAgfQogIF0KfQ"
}
2022-02-09 11:25:33,021:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 340
2022-02-09 11:25:33,022:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 09 Feb 2022 19:25:32 GMT
Content-Type: application/json
Content-Length: 340
Connection: keep-alive
Boulder-Requester: 401810280
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/401810280/62604595930
Replay-Nonce: 0001XGL9aAr0NWsklzgadw7Z9g_snVZPOIr28NFr9ycZUKA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2022-02-16T19:25:32Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "cv-meet.kozow.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/76891042190"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/401810280/62604595930"
}
2022-02-09 11:25:33,022:DEBUG:acme.client:Storing nonce: 0001XGL9aAr0NWsklzgadw7Z9g_snVZPOIr28NFr9ycZUKA
2022-02-09 11:25:33,023:DEBUG:acme.client:JWS payload:
b''
2022-02-09 11:25:33,025:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/76891042190:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDAxODEwMjgwIiwgIm5vbmNlIjogIjAwMDFYR0w5YUFyME5Xc2tsemdhZHc3WjlnX3NuVlpQT0lyMjhORnI5eWNaVUtBIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My83Njg5MTA0MjE5MCJ9",
  "signature": "lrsksOf5eVgX78naJZKGQFYfGk_aUrHoIAy_koWnNAD2moGRyqtYIHah8odX30cAd6cSONk8D2sXIQv1ha2Yuv2PUBMQBOdLyo-8N98ZH4kDp_xbHTgXEtvbUiDy8BfbQt5GNZr1_dmjGOLGrAOZj2A2MOCyFSPIAUj1uD38Gr311YUJVnPPO1FEdcBgz6Pb5p1HKSPTtiiKPU1w3xR9Bs7c3wdePwnJ90mj6EL6f7X6v0OKwxjbPN4d_dV2M3NFyMGEfafsYk-CpGCd_GSNGh7XOVo_8r4WPu5BXHhf0V-gx9nF0jKvX8-tD8de2ecYLg1BthZBiP6m6E9Ke_uOYA",
  "payload": ""
}
2022-02-09 11:25:33,099:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/76891042190 HTTP/1.1" 200 798
2022-02-09 11:25:33,100:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 09 Feb 2022 19:25:33 GMT
Content-Type: application/json
Content-Length: 798
Connection: keep-alive
Boulder-Requester: 401810280
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002pWpQGD18crAC55NjqPHkciMmefVBkFROTJF9i2Hbaxw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "cv-meet.kozow.com"
  },
  "status": "pending",
  "expires": "2022-02-16T19:25:32Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/76891042190/V2R6LQ",
      "token": "DOR1SpjRXi-1y7cKs1ysTZFp-18Sw1b1qmqU0Q02Yt0"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/76891042190/qID7Yg",
      "token": "DOR1SpjRXi-1y7cKs1ysTZFp-18Sw1b1qmqU0Q02Yt0"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/76891042190/oOfrBw",
      "token": "DOR1SpjRXi-1y7cKs1ysTZFp-18Sw1b1qmqU0Q02Yt0"
    }
  ]
}
2022-02-09 11:25:33,100:DEBUG:acme.client:Storing nonce: 0002pWpQGD18crAC55NjqPHkciMmefVBkFROTJF9i2Hbaxw
2022-02-09 11:25:33,101:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-02-09 11:25:33,101:INFO:certbot._internal.auth_handler:http-01 challenge for cv-meet.kozow.com
2022-02-09 11:25:33,147:DEBUG:certbot_nginx._internal.http_01:Generated server block:
[]
2022-02-09 11:25:33,148:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-mail.conf
2022-02-09 11:25:33,148:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
2022-02-09 11:25:33,149:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-image-filter.conf
2022-02-09 11:25:33,149:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-geoip.conf
2022-02-09 11:25:33,149:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-stream.conf
2022-02-09 11:25:33,149:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-upstream-fair.conf
2022-02-09 11:25:33,150:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
2022-02-09 11:25:33,150:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-echo.conf
2022-02-09 11:25:33,150:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-auth-pam.conf
2022-02-09 11:25:33,150:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf
2022-02-09 11:25:33,151:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-geoip2.conf
2022-02-09 11:25:33,151:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-subs-filter.conf
2022-02-09 11:25:33,151:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/default
2022-02-09 11:25:33,151:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/cv-meet.kozow.com.conf
2022-02-09 11:25:33,152:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-dav-ext.conf
2022-02-09 11:25:33,153:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {
include /etc/letsencrypt/le_http_01_cert_challenge.conf;
server_names_hash_bucket_size 128;

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
# 
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

2022-02-09 11:25:33,155:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/sites-enabled/cv-meet.kozow.com.conf:
server_names_hash_bucket_size 64;

types {
# nginx's default mime.types doesn't include a mapping for wasm
    application/wasm     wasm;
}
server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot


    listen 80;
    listen [::]:80;
    server_name cv-meet.kozow.com;

    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root         /usr/share/jitsi-meet;
    }
    location = /.well-known/acme-challenge/ {
        return 404;
    }
    location / {
        return 301 https://$host$request_uri;
    }
location = /.well-known/acme-challenge/DOR1SpjRXi-1y7cKs1ysTZFp-18Sw1b1qmqU0Q02Yt0{default_type text/plain;return 200 DOR1SpjRXi-1y7cKs1ysTZFp-18Sw1b1qmqU0Q02Yt0.TE92VNN76_k8y9lmCvvSQ3FyTPTzWyY7PJe6mC9556E;} # managed by Certbot

}
server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot


    listen 443 ssl;
    listen [::]:443 ssl;
    server_name cv-meet.kozow.com;

    # Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m;  # about 40000 sessions
    ssl_session_tickets off;

    add_header Strict-Transport-Security "max-age=63072000" always;
    set $prefix "";

    ssl_certificate /etc/jitsi/meet/cv-meet.kozow.com.crt;
    ssl_certificate_key /etc/jitsi/meet/cv-meet.kozow.com.key;

    root /usr/share/jitsi-meet;

    # ssi on with javascript for multidomain variables in config.js
    ssi on;
    ssi_types application/x-javascript application/javascript;

    index index.html index.htm;
    error_page 404 /static/404.html;

    gzip on;
    gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
    gzip_vary on;
    gzip_proxied no-cache no-store private expired auth;
    gzip_min_length 512;

    location = /config.js {
        alias /etc/jitsi/meet/cv-meet.kozow.com-config.js;
    }

    location = /external_api.js {
        alias /usr/share/jitsi-meet/libs/external_api.min.js;
    }

    # ensure all static content can always be found first
    location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
    {
        add_header 'Access-Control-Allow-Origin' '*';
        alias /usr/share/jitsi-meet/$1/$2;

        # cache all versioned files
        if ($arg_v) {
            expires 1y;
        }
    }

    # BOSH
    location = /http-bind {
        proxy_pass http://127.0.0.1:5280/http-bind?prefix=$prefix&$args;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
    }

    # xmpp websockets
    location = /xmpp-websocket {
        proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        tcp_nodelay on;
    }

    # colibri (JVB) websockets for jvb1
    location ~ ^/colibri-ws/default-id/(.*) {
        proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        tcp_nodelay on;
    }

    # load test minimal client, uncomment when used
    #location ~ ^/_load-test/([^/?&:'"]+)$ {
    #    rewrite ^/_load-test/(.*)$ /load-test/index.html break;
    #}
    #location ~ ^/_load-test/libs/(.*)$ {
    #    add_header 'Access-Control-Allow-Origin' '*';
    #    alias /usr/share/jitsi-meet/load-test/libs/$1;
    #}

    location ~ ^/([^/?&:'"]+)$ {
        try_files $uri @root_path;
    }

    location @root_path {
        rewrite ^/(.*)$ / break;
    }

    location ~ ^/([^/?&:'"]+)/config.js$
    {
        set $subdomain "$1.";
        set $subdir "$1/";

        alias /etc/jitsi/meet/cv-meet.kozow.com-config.js;
    }

    # BOSH for subdomains
    location ~ ^/([^/?&:'"]+)/http-bind {
        set $subdomain "$1.";
        set $subdir "$1/";
        set $prefix "$1";

        rewrite ^/(.*)$ /http-bind;
    }

    # websockets for subdomains
    location ~ ^/([^/?&:'"]+)/xmpp-websocket {
        set $subdomain "$1.";
        set $subdir "$1/";
        set $prefix "$1";

        rewrite ^/(.*)$ /xmpp-websocket;
    }

    # Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
    location ~ ^/([^/?&:'"]+)/(.*)$ {
        set $subdomain "$1.";
        set $subdir "$1/";
        rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
    }
location = /.well-known/acme-challenge/DOR1SpjRXi-1y7cKs1ysTZFp-18Sw1b1qmqU0Q02Yt0{default_type text/plain;return 200 DOR1SpjRXi-1y7cKs1ysTZFp-18Sw1b1qmqU0Q02Yt0.TE92VNN76_k8y9lmCvvSQ3FyTPTzWyY7PJe6mC9556E;} # managed by Certbot

}

2022-02-09 11:25:33,169:DEBUG:certbot_nginx._internal.configurator:nginx reload failed:
nginx: [emerg] "server_names_hash_bucket_size" directive is duplicate in /etc/nginx/sites-enabled/cv-meet.kozow.com.conf:1

2022-02-09 11:25:33,183:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 86, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot_nginx/_internal/configurator.py", line 1207, in perform
    self.restart()
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot_nginx/_internal/configurator.py", line 990, in restart
    nginx_restart(self.conf('ctl'), self.nginx_conf, self.conf('sleep-seconds'))
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot_nginx/_internal/configurator.py", line 1282, in nginx_restart
    raise errors.MisconfigurationError(
certbot.errors.MisconfigurationError: nginx restart failed:
nginx: [emerg] "server_names_hash_bucket_size" directive is duplicate in /etc/nginx/sites-enabled/cv-meet.kozow.com.conf:1


2022-02-09 11:25:33,183:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-02-09 11:25:33,184:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-02-09 11:25:34,359:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/1788/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/main.py", line 1683, in main
    return config.func(config, plugins)
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/main.py", line 1388, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/main.py", line 139, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/client.py", line 513, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/client.py", line 441, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/client.py", line 493, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 86, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot_nginx/_internal/configurator.py", line 1207, in perform
    self.restart()
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot_nginx/_internal/configurator.py", line 990, in restart
    nginx_restart(self.conf('ctl'), self.nginx_conf, self.conf('sleep-seconds'))
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot_nginx/_internal/configurator.py", line 1282, in nginx_restart
    raise errors.MisconfigurationError(
certbot.errors.MisconfigurationError: nginx restart failed:
nginx: [emerg] "server_names_hash_bucket_size" directive is duplicate in /etc/nginx/sites-enabled/cv-meet.kozow.com.conf:1

2022-02-09 11:25:34,367:ERROR:certbot._internal.log:nginx restart failed:
nginx: [emerg] "server_names_hash_bucket_size" directive is duplicate in /etc/nginx/sites-enabled/cv-meet.kozow.com.conf:1

2022-02-09 23:07:23,221:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2022-02-09 23:07:23,776:DEBUG:certbot._internal.main:certbot version: 1.23.0
2022-02-09 23:07:23,776:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1788/bin/certbot
2022-02-09 23:07:23,776:DEBUG:certbot._internal.main:Arguments: ['-q', '--preconfigured-renewal']
2022-02-09 23:07:23,776:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-02-09 23:07:23,790:DEBUG:certbot._internal.log:Root logging level set at 40
2022-02-09 23:07:23,792:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-02-09 23:07:23,792:DEBUG:certbot._internal.display.obj:Notifying user: No renewals were attempted.
2022-02-09 23:07:23,793:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-02-09 23:07:23,793:DEBUG:certbot._internal.renewal:no renewal failures
2022-02-10 04:10:22,002:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2022-02-10 04:10:22,429:DEBUG:certbot._internal.main:certbot version: 1.23.0
2022-02-10 04:10:22,429:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1788/bin/certbot
2022-02-10 04:10:22,429:DEBUG:certbot._internal.main:Arguments: ['-q', '--preconfigured-renewal']
2022-02-10 04:10:22,429:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-02-10 04:10:22,440:DEBUG:certbot._internal.log:Root logging level set at 40
2022-02-10 04:10:22,441:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-02-10 04:10:22,441:DEBUG:certbot._internal.display.obj:Notifying user: No renewals were attempted.
2022-02-10 04:10:22,441:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-02-10 04:10:22,441:DEBUG:certbot._internal.renewal:no renewal failures
2022-02-10 11:46:52,297:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2022-02-10 11:46:52,704:DEBUG:certbot._internal.main:certbot version: 1.23.0
2022-02-10 11:46:52,704:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1788/bin/certbot
2022-02-10 11:46:52,704:DEBUG:certbot._internal.main:Arguments: ['--preconfigured-renewal']
2022-02-10 11:46:52,704:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-02-10 11:46:52,714:DEBUG:certbot._internal.log:Root logging level set at 30
2022-02-10 11:46:52,715:DEBUG:certbot._internal.display.obj:Notifying user: No certificates found.
2022-02-10 23:07:22,276:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2022-02-10 23:07:22,694:DEBUG:certbot._internal.main:certbot version: 1.23.0
2022-02-10 23:07:22,695:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1788/bin/certbot
2022-02-10 23:07:22,695:DEBUG:certbot._internal.main:Arguments: ['-q', '--preconfigured-renewal']
2022-02-10 23:07:22,695:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-02-10 23:07:22,705:DEBUG:certbot._internal.log:Root logging level set at 40
2022-02-10 23:07:22,706:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-02-10 23:07:22,706:DEBUG:certbot._internal.display.obj:Notifying user: No renewals were attempted.
2022-02-10 23:07:22,706:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-02-10 23:07:22,706:DEBUG:certbot._internal.renewal:no renewal failures
2022-02-11 04:10:22,922:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2022-02-11 04:10:23,328:DEBUG:certbot._internal.main:certbot version: 1.23.0
2022-02-11 04:10:23,328:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1788/bin/certbot
2022-02-11 04:10:23,328:DEBUG:certbot._internal.main:Arguments: ['-q', '--preconfigured-renewal']
2022-02-11 04:10:23,328:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-02-11 04:10:23,339:DEBUG:certbot._internal.log:Root logging level set at 40
2022-02-11 04:10:23,340:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-02-11 04:10:23,340:DEBUG:certbot._internal.display.obj:Notifying user: No renewals were attempted.
2022-02-11 04:10:23,340:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-02-11 04:10:23,340:DEBUG:certbot._internal.renewal:no renewal failures
2022-02-11 10:56:24,455:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2022-02-11 10:56:24,878:DEBUG:certbot._internal.main:certbot version: 1.23.0
2022-02-11 10:56:24,878:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1788/bin/certbot
2022-02-11 10:56:24,878:DEBUG:certbot._internal.main:Arguments: ['--webroot', '-w', '/etc/nginx/sites-enabled', '-d', 'cv-meet.kozow.com', '--dry-run', '--preconfigured-renewal']
2022-02-11 10:56:24,878:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-02-11 10:56:24,889:DEBUG:certbot._internal.log:Root logging level set at 30
2022-02-11 10:56:24,890:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2022-02-11 10:56:24,893:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7fd607af4730>
Prep: True
2022-02-11 10:56:24,894:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7fd607af4730> and installer None
2022-02-11 10:56:24,894:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2022-02-11 10:56:24,962:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2022-02-11 10:56:24,964:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2022-02-11 10:56:25,163:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 822
2022-02-11 10:56:25,163:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 11 Feb 2022 18:56:25 GMT
Content-Type: application/json
Content-Length: 822
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "ivec_uCL_i8": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org/docs/staging-environment/"
  },
  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/get/draft-aaron-ari/renewalInfo/",
  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
2022-02-11 10:56:25,164:DEBUG:acme.client:Requesting fresh nonce
2022-02-11 10:56:25,164:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2022-02-11 10:56:25,219:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-02-11 10:56:25,219:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 11 Feb 2022 18:56:25 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001TXPpgNkU8sXTLWwXMsF112HtaF3MPLZdd3kYSMAIZtc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2022-02-11 10:56:25,219:DEBUG:acme.client:Storing nonce: 0001TXPpgNkU8sXTLWwXMsF112HtaF3MPLZdd3kYSMAIZtc
2022-02-11 10:56:25,220:DEBUG:acme.client:JWS payload:
b'{\n  "termsOfServiceAgreed": true,\n  "contact": []\n}'
2022-02-11 10:56:25,223:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-acct:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogInlTZUVjXzNCQmNTMlk4OVNlTmdkbExrY0cwd3dfWU04R1J3RzlkbjZrUnFwQ0Rld0JDQzFDN1dXejBhU3dxeGtKUERMNFRYUk1mMmlDRGRPYV9Od09mVVp0YVRudklhdHlSNExqUVYwUjBkMzZsNy1qZXlsV21ncWNDSzlWdG96eUxjZkJvNTdMQzZjdXJ2Tk1aZFdoYllCMnNrVGVnc0NYbkFwbGNRNnNOb0Y1Sl8zUlJjT2ZpQUJMODRZb3VFU2N1cHpRZF9CZm9SMkdZcmZ1dTR0eXk2dVU4TGlqOTI4N3l2Y2FES3Vqa3pPVUhwX21Qc1FtaEhhdmhwdjJISHA2YTB5SmkxU24ybHA4My1vRVZhNlRxamxxTGIxVEthSlFHaDhUakMtdzh2Y0E1ZzcwZFdjTjg5VGg4U1l3YjZFQThWMEhrWS00Q2dvWm83ajhJX1hwUSIsICJlIjogIkFRQUIiLCAia3R5IjogIlJTQSJ9LCAibm9uY2UiOiAiMDAwMVRYUHBnTmtVOHNYVExXd1hNc0YxMTJIdGFGM01QTFpkZDNrWVNNQUladGMiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LWFjY3QifQ",
  "signature": "i9nNHtvio6I0bdM83Fh-21vddeWCVvsOuF2LZ9KFAyhU6S7rl6c_j1zbP2frfsMiUdRqF1WU7P6UwnqKATssYHX1atWmlnDgVOQsGp-1h7g7ZiS4I9w0l-lYizL8Q_VHWEqXWhNEkap_K7moQ1LItGf-l-yBX6t0JWXLcUiEu7niZCTEF_jJzjKWk0fhLY2dhkvijp_hnhlsYCudaHBFr6qL2akdHuCRruI5MA5xvGXuHCOhsNbQ-WJDnpG9tLtslkWFdNMuGsvAFohLT2_y2k8Y4Sg8ckN1m3KdHdG91T37IqPoSVg72gkgX7hgvxVGKvdsRd4KLuTfQ5JWUp7vJA",
  "payload": "ewogICJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWUsCiAgImNvbnRhY3QiOiBbXQp9"
}
2022-02-11 10:56:25,292:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-acct HTTP/1.1" 201 508
2022-02-11 10:56:25,292:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 11 Feb 2022 18:56:25 GMT
Content-Type: application/json
Content-Length: 508
Connection: keep-alive
Boulder-Requester: 43808698
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>;rel="terms-of-service"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/acct/43808698
Replay-Nonce: 0001qdcOh-AGr6zesIKUlmmb5EXMgHl6Lr390DbVJ8lIhnc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "key": {
    "kty": "RSA",
    "n": "ySeEc_3BBcS2Y89SeNgdlLkcG0ww_YM8GRwG9dn6kRqpCDewBCC1C7WWz0aSwqxkJPDL4TXRMf2iCDdOa_NwOfUZtaTnvIatyR4LjQV0R0d36l7-jeylWmgqcCK9VtozyLcfBo57LC6curvNMZdWhbYB2skTegsCXnAplcQ6sNoF5J_3RRcOfiABL84YouEScupzQd_BfoR2GYrfuu4tyy6uU8Lij9287yvcaDKujkzOUHp_mPsQmhHavhpv2HHp6a0yJi1Sn2lp83-oEVa6TqjlqLb1TKaJQGh8TjC-w8vcA5g70dWcN89Th8SYwb6EA8V0HkY-4CgoZo7j8I_XpQ",
    "e": "AQAB"
  },
  "initialIp": "24.144.23.95",
  "createdAt": "2022-02-11T18:56:25.265128453Z",
  "status": "valid"
}
2022-02-11 10:56:25,292:DEBUG:acme.client:Storing nonce: 0001qdcOh-AGr6zesIKUlmmb5EXMgHl6Lr390DbVJ8lIhnc
2022-02-11 10:56:25,294:DEBUG:certbot._internal.display.obj:Notifying user: Account registered.
2022-02-11 10:56:25,294:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7fd6079d6d30>)>), contact=(), agreement=None, status='valid', terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/43808698', new_authzr_uri=None, terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'), 1a794f6bc3483d27f17e8e806940de38, Meta(creation_dt=datetime.datetime(2022, 2, 11, 18, 56, 25, tzinfo=<UTC>), creation_host='cv-meet.kozow.com', register_to_eff=None))>
2022-02-11 10:56:25,295:DEBUG:certbot._internal.display.obj:Notifying user: Simulating a certificate request for cv-meet.kozow.com
2022-02-11 10:56:25,372:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "cv-meet.kozow.com"\n    }\n  ]\n}'
2022-02-11 10:56:25,374:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80MzgwODY5OCIsICJub25jZSI6ICIwMDAxcWRjT2gtQUdyNnplc0lLVWxtbWI1RVhNZ0hsNkxyMzkwRGJWSjhsSWhuYyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "CWU1c-9mjQGFpeBhObNrdjCmf95kwdn54tkVfXSua5blMsuWfnAtI0dR1qm-DGs1y9Atjz06Ytfa264G08ifRBIsABSaAX5qQUl2bJjZu8NMkvCpFQmvsWoOzvFOs1OSsHqiuXLW07Sr45p8fNX5GpPYvPO9rvv37pD4By4lcyGXHCTa5BNjlbhTurg7DuasHCtovatXGFRewmzSwyqb-xyrnrPqDIh6vVjWIPpsfu6dS4hXu0EIpceisW2s17VYjjHE8AlJWADfZGkNNijpQBTfTd4BAnvnF6SQefNUDaf0jl479x6MJ_06eBMmi_4lAXW69Pvj5W0oIjzKWsDlKg",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImN2LW1lZXQua296b3cuY29tIgogICAgfQogIF0KfQ"
}
2022-02-11 10:56:25,457:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 353
2022-02-11 10:56:25,457:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 11 Feb 2022 18:56:25 GMT
Content-Type: application/json
Content-Length: 353
Connection: keep-alive
Boulder-Requester: 43808698
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/43808698/1765162528
Replay-Nonce: 0002U4bFBsGNpI5_ngXC1NVyfcLEqmv6mGuFnDP-85eCvbA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2022-02-18T18:56:25Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "cv-meet.kozow.com"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1657180678"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/43808698/1765162528"
}
2022-02-11 10:56:25,458:DEBUG:acme.client:Storing nonce: 0002U4bFBsGNpI5_ngXC1NVyfcLEqmv6mGuFnDP-85eCvbA
2022-02-11 10:56:25,458:DEBUG:acme.client:JWS payload:
b''
2022-02-11 10:56:25,460:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1657180678:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80MzgwODY5OCIsICJub25jZSI6ICIwMDAyVTRiRkJzR05wSTVfbmdYQzFOVnlmY0xFcW12Nm1HdUZuRFAtODVlQ3ZiQSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNjU3MTgwNjc4In0",
  "signature": "P6RBhC4WSFrprEQ8pu01GcuvK3184-_hcGVoZVYAhaFqwdsyuo59g6u4DUHvXapVW0LFHxejYGysd2ZGcxVM8996qSM_fKY0Q8eSM9ToDaGQlx5GGs-FUX-W0G-DRv0QjZR9wuXcN9FmoCFAw9Ek7HcGZudnWhoHLoOo127B9yCuVRQQF9pLbfYnSEjX9l0XXgmZp1d-Wml1bTGQmbAPF6pftdqMAYUrXnBzuLamyF8B-rt-hBsomEKsNvAAaIT_zlLkFokaiKpEpdAxsfXqD7-isXgDIZtLOLhjvT17iJeW5vwaYfqJ8otbO8nRm6WHfPzlfQhF8ifaovMM-v84UQ",
  "payload": ""
}
2022-02-11 10:56:25,518:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/1657180678 HTTP/1.1" 200 819
2022-02-11 10:56:25,519:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 11 Feb 2022 18:56:25 GMT
Content-Type: application/json
Content-Length: 819
Connection: keep-alive
Boulder-Requester: 43808698
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002ScBPFVcoPKCZ2aPQX0lbAKFGyWILmfxtYFohcApCcbk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "cv-meet.kozow.com"
  },
  "status": "pending",
  "expires": "2022-02-18T18:56:25Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1657180678/nriFkw",
      "token": "gLiUyNYzULikn0RybG1Y50bK7yxgKg8-Z6x7LTJG6Tw"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1657180678/Bnb4Xw",
      "token": "gLiUyNYzULikn0RybG1Y50bK7yxgKg8-Z6x7LTJG6Tw"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1657180678/-U2NCw",
      "token": "gLiUyNYzULikn0RybG1Y50bK7yxgKg8-Z6x7LTJG6Tw"
    }
  ]
}
2022-02-11 10:56:25,519:DEBUG:acme.client:Storing nonce: 0002ScBPFVcoPKCZ2aPQX0lbAKFGyWILmfxtYFohcApCcbk
2022-02-11 10:56:25,520:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-02-11 10:56:25,520:INFO:certbot._internal.auth_handler:http-01 challenge for cv-meet.kozow.com
2022-02-11 10:56:25,520:INFO:certbot._internal.plugins.webroot:Using the webroot path /etc/nginx/sites-enabled for all unmatched domains.
2022-02-11 10:56:25,521:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /etc/nginx/sites-enabled/.well-known/acme-challenge
2022-02-11 10:56:25,524:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /etc/nginx/sites-enabled/.well-known/acme-challenge/gLiUyNYzULikn0RybG1Y50bK7yxgKg8-Z6x7LTJG6Tw
2022-02-11 10:56:25,525:DEBUG:acme.client:JWS payload:
b'{}'
2022-02-11 10:56:25,528:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1657180678/nriFkw:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80MzgwODY5OCIsICJub25jZSI6ICIwMDAyU2NCUEZWY29QS0NaMmFQUVgwbGJBS0ZHeVdJTG1meHRZRm9oY0FwQ2NiayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xNjU3MTgwNjc4L25yaUZrdyJ9",
  "signature": "quBNMOwTD8EZiQoNsZLD3K14WBhiN8be1zf2N2-Pxc7fL6DC0BiNvtLGSYTWDoWhxmMtGfStOxbk_u96VGnHah8oLFv9cRQLp-BRZ13VZjSSQgzgl0FMGkLvsJ3Wfvnc5_wF87fmHE6O2PHilJxTfLIxSx7TjpHwnBTJUYgahLD_CguKeCxmjbI1RqzjkWdzgea8ShCZQs4BvGgayzP52T9HpUW9SKmLJ8VTyEh0qk9iU517jZGMgnSwdOkdhx3gPWu4w1ARNVoktiRieqp_ThD29-k7ylDiFKaP_fiFW10681ltleZFwp-wjjBnN8wfXDmjG8r7wP57zgLW4ocjDQ",
  "payload": "e30"
}
2022-02-11 10:56:25,591:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/1657180678/nriFkw HTTP/1.1" 200 193
2022-02-11 10:56:25,592:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 11 Feb 2022 18:56:25 GMT
Content-Type: application/json
Content-Length: 193
Connection: keep-alive
Boulder-Requester: 43808698
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1657180678>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1657180678/nriFkw
Replay-Nonce: 0001wfH1ZFSeJtCjXOEpIjHtYk7IT4h_bMD_Z3TQMCUPvQw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1657180678/nriFkw",
  "token": "gLiUyNYzULikn0RybG1Y50bK7yxgKg8-Z6x7LTJG6Tw"
}
2022-02-11 10:56:25,592:DEBUG:acme.client:Storing nonce: 0001wfH1ZFSeJtCjXOEpIjHtYk7IT4h_bMD_Z3TQMCUPvQw
2022-02-11 10:56:25,593:INFO:certbot._internal.auth_handler:Waiting for verification...
2022-02-11 10:56:26,594:DEBUG:acme.client:JWS payload:
b''
2022-02-11 10:56:26,598:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1657180678:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80MzgwODY5OCIsICJub25jZSI6ICIwMDAxd2ZIMVpGU2VKdENqWE9FcElqSHRZazdJVDRoX2JNRF9aM1RRTUNVUHZRdyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNjU3MTgwNjc4In0",
  "signature": "NWnBZhbQw0VJxH1dKwC63C_1Ih-89Qjvj4zHtnBsWRCFYlknALA6TOItjoOcpLIy3fcCLn_jRanuA95ekQYRchj_9CcMRnKb12Xvn70QbBRGE7qzukF4JMgvuj1CwRZROOmi2A7ZxNFlNGbOyNCvKVsYVwT0aN9842V6Sx7SokuWjX5VIbForf5Q5hMurxGx-Hy2k8sY20Qs3g4XW9Bm8yH6IJENd1qR8irUEhZEckthPqQfR3gse8OXeMZm-zns4xwic5NmdqlqUje2BOOwLp95jc8MhqpSz4pG55ZSkXtidbRULgzr1Wfdp62wVH5DHexZGwcdL5-phGha_xqcHQ",
  "payload": ""
}
2022-02-11 10:56:26,656:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/1657180678 HTTP/1.1" 200 1305
2022-02-11 10:56:26,657:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 11 Feb 2022 18:56:26 GMT
Content-Type: application/json
Content-Length: 1305
Connection: keep-alive
Boulder-Requester: 43808698
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001bSqp05GySNhP5Hf918WD62cXLUOYiVHh2GxPS0tZeZ4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "cv-meet.kozow.com"
  },
  "status": "invalid",
  "expires": "2022-02-18T18:56:25Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "Invalid response from http://cv-meet.kozow.com/.well-known/acme-challenge/gLiUyNYzULikn0RybG1Y50bK7yxgKg8-Z6x7LTJG6Tw [24.144.23.95]: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003enginx/1.18.0 (Ub\"",
        "status": 403
      },
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1657180678/nriFkw",
      "token": "gLiUyNYzULikn0RybG1Y50bK7yxgKg8-Z6x7LTJG6Tw",
      "validationRecord": [
        {
          "url": "http://cv-meet.kozow.com/.well-known/acme-challenge/gLiUyNYzULikn0RybG1Y50bK7yxgKg8-Z6x7LTJG6Tw",
          "hostname": "cv-meet.kozow.com",
          "port": "80",
          "addressesResolved": [
            "24.144.23.95"
          ],
          "addressUsed": "24.144.23.95"
        }
      ],
      "validated": "2022-02-11T18:56:25Z"
    }
  ]
}
2022-02-11 10:56:26,657:DEBUG:acme.client:Storing nonce: 0001bSqp05GySNhP5Hf918WD62cXLUOYiVHh2GxPS0tZeZ4
2022-02-11 10:56:26,657:INFO:certbot._internal.auth_handler:Challenge failed for domain cv-meet.kozow.com
2022-02-11 10:56:26,657:INFO:certbot._internal.auth_handler:http-01 challenge for cv-meet.kozow.com
2022-02-11 10:56:26,657:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: cv-meet.kozow.com
  Type:   unauthorized
  Detail: Invalid response from http://cv-meet.kozow.com/.well-known/acme-challenge/gLiUyNYzULikn0RybG1Y50bK7yxgKg8-Z6x7LTJG6Tw [24.144.23.95]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ub"

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2022-02-11 10:56:26,659:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2022-02-11 10:56:26,659:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-02-11 10:56:26,659:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-02-11 10:56:26,659:DEBUG:certbot._internal.plugins.webroot:Removing /etc/nginx/sites-enabled/.well-known/acme-challenge/gLiUyNYzULikn0RybG1Y50bK7yxgKg8-Z6x7LTJG6Tw
2022-02-11 10:56:26,659:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2022-02-11 10:56:26,659:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/1788/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/main.py", line 1683, in main
    return config.func(config, plugins)
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/main.py", line 1538, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/main.py", line 139, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/client.py", line 513, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/client.py", line 441, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/client.py", line 493, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/snap/certbot/1788/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-02-11 10:56:26,661:ERROR:certbot._internal.log:Some challenges have failed.
15

Like this? Please excuse my ignorance, I appreciate all your help and I hope I'm not frustrating you with my lack of knowledge.

@cv-meet:~$ sudo certbot certonly --webroot -w /usr/share/jitsi-meet; -d cv-meet.kozow.com --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): cv-meet.kozow.com
Requesting a certificate for cv-meet.kozow.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/cv-meet.kozow.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/cv-meet.kozow.com/privkey.pem
This certificate expires on 2022-05-12.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
16

The folder name with -w should not have had the semi-colon at the end. That caused the values on that command after the semi to be ignored. But, it worked out good enough.

Now, there are two steps left to go (maybe more):

In this file

/etc/nginx/sites-enabled/cv-meet.kozow.com.conf

You have two lines like this:

ssl_certificate     /etc/jitsi/meet/cv-meet.kozow.com.crt;
ssl_certificate_key /etc/jitsi/meet/cv-meet.kozow.com.key;

Change those to use the new cert files you just created:

ssl_certificate     /etc/letsencrypt/live/cv-meet.kozow.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cv-meet.kozow.com/privkey.pem;

Then restart nginx and we will try the connection again.

2 Likes
17

Ok! Done!

It looks like we are getting somewhere! Https is working! Is there anything else? Chrome says not secure. Again, I'm not L33t for understanding website stuff. :joy:

jitsi.PNG
jitsi.PNG1920×1050 70.7 KB

1 Like
18

Yes, we need to re-do the certbot certonly command with different values so that cert renewals work.

And, did you restart Chrome? The certs look good to me and this website Sometimes browsers cache old results.

Do you want to register an email with your cert? I saw in the log you tried that once. It will let you get warning emails if your certs don't renew properly

2 Likes
19

Awesome! ok what is the new cerbot renewal command? I don't want to fudge this up this go around.

And yes, I restarted chrome. and yes I would like to register an email. Thank you so much for this.

2 Likes
20

If it is still failing click on the 'not secure' red triangle area and say what detailed message is.

2 Likes
21

In the log you posted earlier, you showed a deploy hook with this name:

/etc/letsencrypt/renewal-hooks/deploy/0000-coturn-certbot-deploy.sh

Does that reload nginx (or restart it)?

I am asking before describing the best certbot certonly command to setup renew

2 Likes