Not working anymore certbot at my raspberry pi web server

Help
1

Dear comunity,
I am a bit stuck, all was working fine till a few weeks. Debuging the problem with automatic domain name certificate revewal gets me confused as it should work according to this...

My web server is: nginx

My domain is: boreas.mywire.org

I stopped nginx server and ran this command:
certbot certonly --standalone --dry-run --debug-challenges -v -d boreas.mywire.org --http-01-port 80

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Certificate is due for renewal, auto-renewing...
Simulating renewal of an existing certificate for boreas.mywire.org
Performing the following challenges:
http-01 challenge for boreas.mywire.org

Challenges loaded. Press continue to submit to CA.

The following URLs should be accessible from the internet and return the value
mentioned:

URL:
http://boreas.mywire.org/.well-known/acme-challenge/O89ZKWTvfcE0ttBFl6SelG6q8DPH_VMMIEx3c8mfmLs
Expected value:
O89ZKWTvfcE0ttBFl6SelG6q8DPH_VMMIEx3c8mfmLs.9lbZM7ZE_rnEgtyZoZW5E5rNv9uuPiewreXUxbKw6g4

Then I ssh into remote system, outside my network, and did:
wget http://boreas.mywire.org/.well-known/acme-challenge/O89ZKWTvfcE0ttBFl6SelG6q8DPH_VMMIEx3c8mfmLs

which downloaded file and the content was exactly what is should:
cat O89ZKWTvfcE0ttBFl6SelG6q8DPH_VMMIEx3c8mfmLs
O89ZKWTvfcE0ttBFl6SelG6q8DPH_VMMIEx3c8mfmLs.9lbZM7ZE_rnEgtyZoZW5E5rNv9uuPiewreXUxbKw6g4

So this is confirming it is visible from the outside.
Then I pressed ENTER and waited 5s verification from certbot which ended with the timeout error?!

Press Enter to Continue
Waiting for verification...
Challenge failed for domain boreas.mywire.org
http-01 challenge for boreas.mywire.org

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: boreas.mywire.org
Type: connection
Detail: During secondary validation: 49.194.167.107: Fetching http://boreas.mywire.org/.well-known/acme-challenge/O89ZKWTvfcE0ttBFl6SelG6q8DPH_VMMIEx3c8mfmLs: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

This is the exactly the same error if I try renew using:
certbot certonly --nginx

Thanks in advance,
Ivica

2

The "secondary" from the error message means the primary validation location in the US succeeded, but one or more of the secondary did not. These secondary locations are also situated outside of the US on other continents (think Europe/Asia), so this usually means there is some geo-blocking going on, especially as the error message is a timeout.

1 Like
3

Thanks on swift reply.

What would you suggest to fix the error of getting renewed certificate?

i.e.
certbot certonly --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.

1: boreas.mywire.org

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Renewing an existing certificate for boreas.mywire.org

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: boreas.mywire.org
Type: connection
Detail: During secondary validation: 49.194.167.107: Fetching http://boreas.mywire.org/.well-known/acme-challenge/Dgt9kW3DhD8mo07wGHcH1gE7iICe515m7efRipuxx0U: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

And this is the log:

... snip last part...
Server: nginx
Date: Fri, 20 Dec 2024 08:55:56 GMT
Content-Type: application/json
Content-Length: 194
Connection: keep-alive
Boulder-Requester: 693611057
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz/693611057/447691542995;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/693611057/447691542995/Zwa46g
Replay-Nonce: LPSR-4-ss_CuKFoxWf9u_tZlCw4bkX83LyFQRlPsRw5lQoHbzxk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/693611057/447691542995/Zwa46g",
"status": "pending",
"token": "DIEDTfPk-Amov2gd6aavmvxK2IWHz8vhZQtzDH6hIRA"
}
2024-12-20 16:55:56,904:DEBUG:acme.client:Storing nonce: LPSR-4-ss_CuKFoxWf9u_tZlCw4bkX83LyFQRlPsRw5lQoHbzxk
2024-12-20 16:55:56,906:INFO:certbot._internal.auth_handler:Waiting for verification...
2024-12-20 16:55:57,907:DEBUG:acme.client:JWS payload:
b''
2024-12-20 16:55:57,926:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/693611057/447691542995:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjkzNjExMDU3IiwgIm5vbmNlIjogIkxQU1ItNC1zc19Dd
UtGb3hXZjl1X3RabEN3NGJrWDgzTHlGUVJsUHNSdzVsUW9IYnp4ayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovNjkzNjExMDU3LzQ0NzY5MTU0Mj
k5NSJ9",
"signature": "onQSzCQtFkqRQX48_1tcTVuNzWJ-iz3yV-fq3MrVL0XWW8VD4RHserj7kmSq5QnYOTmDI8uXm4imQqRTHYQGevvHz6hUoKIm2usdfbsWcS7drcaZN58pj4kVKuvvr7sTcmgF-6cKjMuEC
BxQn6iYdYoLOI2RD866KkI60Ft1a9aaF9K6eSup-DIzr1OTrQG9RmJX5Jws_g6ILl9OCDwIAVJFB0sI3npoTUsIiu_zZ9WtsuEp1Cw-yQRwGM7YCDKn7mOKjJPr7CtnVUYfzn-Xi9KmCMOx5YAEE3D-oW06CC
Lru-ZZIQNIGu0YPoZjT2a_XnJBqMqYJkTM8LEw3VKIUw",
"payload": ""
}
2024-12-20 16:55:58,342:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/693611057/447691542995 HTTP/1.1" 200 822
2024-12-20 16:55:58,344:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 20 Dec 2024 08:55:58 GMT
Content-Type: application/json
Content-Length: 822
Connection: keep-alive
Boulder-Requester: 693611057
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: LPSR-4-s8WWp1pscEqXJgwks3bxfVKuttCyvopmIUZ7hL-Q5p88
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "boreas.mywire.org"
},
"status": "pending",
"expires": "2024-12-27T08:55:54Z",
"challenges": [
{
"type": "tls-alpn-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/693611057/447691542995/6YpXgQ",
"status": "pending",
"token": "DIEDTfPk-Amov2gd6aavmvxK2IWHz8vhZQtzDH6hIRA"
},
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/693611057/447691542995/kKoeUA",
"status": "pending",
"token": "DIEDTfPk-Amov2gd6aavmvxK2IWHz8vhZQtzDH6hIRA"
},
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/693611057/447691542995/Zwa46g",
"status": "pending",
"token": "DIEDTfPk-Amov2gd6aavmvxK2IWHz8vhZQtzDH6hIRA"
}
]
}
2024-12-20 16:55:58,345:DEBUG:acme.client:Storing nonce: LPSR-4-s8WWp1pscEqXJgwks3bxfVKuttCyvopmIUZ7hL-Q5p88
2024-12-20 16:56:01,347:DEBUG:acme.client:JWS payload:
b''
2024-12-20 16:56:01,367:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/693611057/447691542995:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjkzNjExMDU3IiwgIm5vbmNlIjogIkxQU1ItNC1zOFdXc
DFwc2NFcVhKZ3drczNieGZWS3V0dEN5dm9wbUlVWjdoTC1RNXA4OCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovNjkzNjExMDU3LzQ0NzY5MTU0Mj
k5NSJ9",
"signature": "FhIEKjF2gstB7OMlHYtE9-_xe8PFnarEmBxfd5vkU_Z3bTWN0ANJN9DkLcGE7-TC1QoLbdO5q7OESpXCcoeXhmt9R8j0QWUcPSWPoIK-_bBMS3BvaN3mg5Lr3WYeMDDdoJ6Rf4Kuu4bxM
3BvL7pwQSmiuH3rEXXi5KgYLiWv8mTFa3n6FEbGCemGSrusejE71rU_oOtT4BdQDP5xhoh0AQIs98cP1XBrI-d4kwQ9pXpUvZwNaPGlJv8ykPyu8-ShylC7brBNUEJv-k70oZgH5ALkZ5jevHQ2C4gqC35wVi
GHIGY3kGzYrdoZSKOrqQ9jXvW3t2XJla8VcNQjstGKGw",
"payload": ""
}
2024-12-20 16:56:01,784:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/693611057/447691542995 HTTP/1.1" 200 822
2024-12-20 16:56:01,785:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 20 Dec 2024 08:56:01 GMT
Content-Type: application/json
Content-Length: 822
Connection: keep-alive
Boulder-Requester: 693611057
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: LPSR-4-sxjxfRu1o-j9wMUg-RbtDrB0EPIwcAt_Et750zWTuiF0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "boreas.mywire.org"
},
"status": "pending",
"expires": "2024-12-27T08:55:54Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/693611057/447691542995/Zwa46g",
"status": "pending",
"token": "DIEDTfPk-Amov2gd6aavmvxK2IWHz8vhZQtzDH6hIRA"
},
{
"type": "tls-alpn-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/693611057/447691542995/6YpXgQ",
"status": "pending",
"token": "DIEDTfPk-Amov2gd6aavmvxK2IWHz8vhZQtzDH6hIRA"
},
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/693611057/447691542995/kKoeUA",
"status": "pending",
"token": "DIEDTfPk-Amov2gd6aavmvxK2IWHz8vhZQtzDH6hIRA"
}
]
}
2024-12-20 16:56:01,786:DEBUG:acme.client:Storing nonce: LPSR-4-sxjxfRu1o-j9wMUg-RbtDrB0EPIwcAt_Et750zWTuiF0
2024-12-20 16:56:04,788:DEBUG:acme.client:JWS payload:
b''
2024-12-20 16:56:04,808:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/693611057/447691542995:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjkzNjExMDU3IiwgIm5vbmNlIjogIkxQU1ItNC1zeGp4Z
lJ1MW8tajl3TVVnLVJidERyQjBFUEl3Y0F0X0V0NzUweldUdWlGMCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovNjkzNjExMDU3LzQ0NzY5MTU0Mj
k5NSJ9",
"signature": "UeoQtLhQpd3bjU73czqIryc4LmmNFG_9Wq6sGVIQHGlBCADplCafdJvtOvQDAc6sdvWKa95OPGB5WWZoYrVCqFXX9GQh8KUcxs5OynyGdnRZC7Xfxp8iKwQBEZsVuPHKmsxN3qQTIEUwR
undl2zeOAjY_65O4SIQIp9s72ILtTwg4H5-dVJcxSMachsIAk9n9T8DNTewAoPr2kPu7Ju4Y8k5R0qM9Hh7HtZXIYpe8ufXV4qWvBSigpn2Nyv-boV2uExZO7mJXb_-c3W2CpL677OZ2-JeXKCiYJ1-teYpd9
m9aIntPhZlzVHQk0dOscfijCPXvNDy_hfo50KRRgnT1A",
"payload": ""
}
2024-12-20 16:56:05,224:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/693611057/447691542995 HTTP/1.1" 200 822
2024-12-20 16:56:05,226:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 20 Dec 2024 08:56:05 GMT
Content-Type: application/json
Content-Length: 822
Connection: keep-alive
Boulder-Requester: 693611057
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: LPSR-4-slQhKJdc8z-NOqQuc35IGJX1UMhwG4AE64XWaL6FsmnQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "boreas.mywire.org"
},
"status": "pending",
"expires": "2024-12-27T08:55:54Z",
"challenges": [
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/693611057/447691542995/kKoeUA",
"status": "pending",
"token": "DIEDTfPk-Amov2gd6aavmvxK2IWHz8vhZQtzDH6hIRA"
},
{
"type": "tls-alpn-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/693611057/447691542995/6YpXgQ",
"status": "pending",
"token": "DIEDTfPk-Amov2gd6aavmvxK2IWHz8vhZQtzDH6hIRA"
},
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/693611057/447691542995/Zwa46g",
"status": "pending",
"token": "DIEDTfPk-Amov2gd6aavmvxK2IWHz8vhZQtzDH6hIRA"
}
]
}
2024-12-20 16:56:05,227:DEBUG:acme.client:Storing nonce: LPSR-4-slQhKJdc8z-NOqQuc35IGJX1UMhwG4AE64XWaL6FsmnQ
2024-12-20 16:56:08,229:DEBUG:acme.client:JWS payload:
b''
2024-12-20 16:56:08,249:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/693611057/447691542995:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjkzNjExMDU3IiwgIm5vbmNlIjogIkxQU1ItNC1zbFFoS
0pkYzh6LU5PcVF1YzM1SUdKWDFVTWh3RzRBRTY0WFdhTDZGc21uUSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovNjkzNjExMDU3LzQ0NzY5MTU0Mj
k5NSJ9",
"signature": "sqomUIz0x2KkHA4g8899qUr5o3BrUplhR80nqVcOT_Q7a7FI6ROKdsMklppuUZVGwvJDthOXT78zoLhFafYkb8sEA-eQIvSSTP0WejSGZYH_fRE9wypvjHANAS6kUrWPtm3juN3TpXRwK
laXuh-ir7IaVUAuzpb8TRGh2DoQTDlH1XEBP2tbbzqy5WJA65oIVO1vXPBJGfVHduYxA2cjIB6BAgLNQ_L6MBtQ7LyX3lggzF9SjyqDebBl3rxSXpwpzJapQDcecZKwFAHOEPJd3kUA-kxkAXDy0OVD4cSewh
GfAmjRJlvCsR5V-iY80CLLOFOPwH5_EPzgGvCWy-8sRw",
"payload": ""
}
2024-12-20 16:56:08,664:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/693611057/447691542995 HTTP/1.1" 200 1105
2024-12-20 16:56:08,666:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 20 Dec 2024 08:56:08 GMT
Content-Type: application/json
Content-Length: 1105
Connection: keep-alive
Boulder-Requester: 693611057
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 1QDIi77btUk2XKJi5fx-Et0l8TEyOnccrwYsa3QR5YwyUywctJk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "boreas.mywire.org"
},
"status": "invalid",
"expires": "2024-12-27T08:55:54Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/693611057/447691542995/Zwa46g",
"status": "invalid",
"validated": "2024-12-20T08:55:56Z",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "During secondary validation: 49.194.167.107: Fetching http://boreas.mywire.org/.well-known/acme-challenge/DIEDTfPk-Amov2gd6aavmvxK2IWHz8vh
ZQtzDH6hIRA: Timeout during connect (likely firewall problem)",
"status": 400
},
"token": "DIEDTfPk-Amov2gd6aavmvxK2IWHz8vhZQtzDH6hIRA",
"validationRecord": [
{
"url": "http://boreas.mywire.org/.well-known/acme-challenge/DIEDTfPk-Amov2gd6aavmvxK2IWHz8vhZQtzDH6hIRA",
"hostname": "boreas.mywire.org",
"port": "80",
"addressesResolved": [
"49.194.167.107"
],
"addressUsed": "49.194.167.107"
}
]
}
]
}
2024-12-20 16:56:08,667:DEBUG:acme.client:Storing nonce: 1QDIi77btUk2XKJi5fx-Et0l8TEyOnccrwYsa3QR5YwyUywctJk
2024-12-20 16:56:08,669:INFO:certbot._internal.auth_handler:Challenge failed for domain boreas.mywire.org
2024-12-20 16:56:08,669:INFO:certbot._internal.auth_handler:http-01 challenge for boreas.mywire.org
2024-12-20 16:56:08,670:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: boreas.mywire.org
Type: connection
Detail: During secondary validation: 49.194.167.107: Fetching http://boreas.mywire.org/.well-known/acme-challenge/DIEDTfPk-Amov2gd6aavmvxK2IWHz8vhZQtzDH6hI
RA: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx ser
ver and that it is accessible from the internet.

2024-12-20 16:56:08,674:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/snap/certbot/4194/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/snap/certbot/4194/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2024-12-20 16:56:08,674:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-12-20 16:56:08,675:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-12-20 16:56:10,053:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/4194/bin/certbot", line 8, in
sys.exit(main())
^^^^^^
File "/snap/certbot/4194/lib/python3.12/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4194/lib/python3.12/site-packages/certbot/_internal/main.py", line 1876, in main
return config.func(config, plugins)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4194/lib/python3.12/site-packages/certbot/_internal/main.py", line 1578, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4194/lib/python3.12/site-packages/certbot/_internal/main.py", line 130, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/snap/certbot/4194/lib/python3.12/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4194/lib/python3.12/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4194/lib/python3.12/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/4194/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/snap/certbot/4194/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2024-12-20 16:56:10,073:ERROR:certbot._internal.log:Some challenges have failed.

4

Figure out why your website is reachable from some, but not all locations world wide. See e.g. Website Availability Test - Check Website Uptime | Uptimia just 12 out of 49 locations can reach your website.

Most likely a firewall or something like that. Figuring out what exactly is out of the scope of this Community though.

3 Likes
5

Thanks!
I'll try manual mode and then transfere needed files.

Cheers,
Ivica

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.