OSError: [Errno 61] No data available - Cant add SSL to NGINX ? permission issue no cert.pm

MCMXD · July 24, 2025, 10:12am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
Using NGINX add SSL with CloudFlare token via DNS challenge

It produced this output:

Internal Error
CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
An unexpected error occurred:
OSError: [Errno 61] No data available: '../../archive/npm-11/cert1.pem' -> '/etc/letsencrypt/live/npm-11/cert.pem'
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.
at /app/lib/utils.js:16:13
at ChildProcess.exithandler (node:child_process:430:5)
at ChildProcess.emit (node:events:524:28)
at maybeClose (node:internal/child_process:1104:16)
at ChildProcess._handle.onexit (node:internal/child_process:304:5)

Lets Encrypt Log

To my mind this is the money

2025-07-24 09:55:10,579:DEBUG:acme.client:Storing nonce: NvG2uVFoW3qU2C_N2w2upZvJfbKCRYKRS6h1wrIlj1tH-Gn2rvM
2025-07-24 09:55:10,581:INFO:certbot._internal.client:Non-standard path(s), might not work with crontab installed by your operating system package manager
2025-07-24 09:55:10,588:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/archive.
2025-07-24 09:55:10,593:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/live.
2025-07-24 09:55:10,602:DEBUG:certbot._internal.storage:Writing README to /etc/letsencrypt/live/README.
2025-07-24 09:55:10,620:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/archive/npm-12.
2025-07-24 09:55:10,623:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/live/npm-12.
2025-07-24 09:55:10,633:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/opt/certbot/bin/certbot", line 8, in
sys.exit(main())
^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1879, in main
return config.func(config, plugins)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1585, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 535, in obtain_and_enroll_certificate
return storage.RenewableCert.new_lineage(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/storage.py", line 1029, in new_lineage
os.symlink(_relpath_from_file(archive_target[kind], target[kind]), target[kind])
OSError: [Errno 61] No data available: '../../archive/npm-12/cert1.pem' -> '/etc/letsencrypt/live/npm-12/cert.pem'
2025-07-24 09:55:10,638:ERROR:certbot._internal.log:An unexpected error occurred:
2025-07-24 09:55:10,640:ERROR:certbot._internal.log:OSError: [Errno 61] No data available: '../../archive/npm-12/cert1.pem' -> '/etc/letsencrypt/live/npm-12/cert.pem'

there is nothing in this folder NPM-12 certainly no cert.pem
It looks like a permission issue but ngnix and lets encrypt have written many files to the other folders

The certs are here in the logs can I write the file in myself??

IN FULL

2025-07-24 09:54:51,968:DEBUG:certbot._internal.main:certbot version: 4.1.1
2025-07-24 09:54:51,968:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2025-07-24 09:54:51,968:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-12', '--agree-tos', '--email', '@***', '--domains', '*.harrylemass.com', '--authenticator', 'dns-cloudflare', '--dns-cloudflare-credentials', '/etc/letsencrypt/credentials/credentials-12']
2025-07-24 09:54:51,968:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-cloudflare,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-07-24 09:54:52,642:DEBUG:certbot._internal.log:Root logging level set at 30
2025-07-24 09:54:52,654:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-cloudflare and installer None
2025-07-24 09:54:52,655:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * dns-cloudflare
Description: Obtain certificates using a DNS TXT record (if you are using Cloudflare for DNS).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='dns-cloudflare', value='certbot_dns_cloudflare._internal.dns_cloudflare:Authenticator', group='certbot.plugins')
Initialized: <certbot_dns_cloudflare._internal.dns_cloudflare.Authenticator object at 0x72ac56c34390>
Prep: True
2025-07-24 09:54:52,657:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_cloudflare._internal.dns_cloudflare.Authenticator object at 0x72ac56c34390> and installer None
2025-07-24 09:54:52,658:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator dns-cloudflare, Installer None
2025-07-24 09:54:52,730:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-07-24 09:54:52,737:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-07-24 09:54:53,361:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 995
2025-07-24 09:54:53,363:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 24 Jul 2025 09:54:53 GMT
Content-Type: application/json
Content-Length: 995
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"5_pVXL7pH_k": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"profiles": {
"classic": "Profiles - Let's Encrypt",
"shortlived": "Profiles - Let's Encrypt (not yet generally available)",
"tlsserver": "Profiles - Let's Encrypt"
},
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-07-24 09:54:53,364:DEBUG:acme.client:Requesting fresh nonce
2025-07-24 09:54:53,365:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2025-07-24 09:54:53,572:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-07-24 09:54:53,574:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 24 Jul 2025 09:54:53 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: NvG2uVFo7f-H98jEyAle14XPQxjDbYZVEp72K5BF2t-l0warbUo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2025-07-24 09:54:53,575:DEBUG:acme.client:Storing nonce: NvG2uVFo7f-H98jEyAle14XPQxjDbYZVEp72K5BF2t-l0warbUo
2025-07-24 09:54:53,577:DEBUG:acme.client:JWS payload:
b'{\n "contact": [\n "mailto:@***"\n ],\n "termsOfServiceAgreed": true\n}'
2025-07-24 09:54:53,583:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-acct:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogInU5Nmg4bC1NSVpJRXJhT0ZEMkFQZUI2Nmc0UzZlNDctOGZRbnFOYk1qbkZEUXV3OG1uNkswWmR5ZVFYTmZmNUxPLWdXUmp2R2VKUkhiZG9QbWpSM016b19Nc09YVU9NMEx6djR2RmFCVlhWWTg3QzItdWlZZ3EzV3NET2d6NXNRdlRQR1JubXNtOHYycE9jZWVvbjhmOGItRzRSekFMYmptdHlBM0hJU1NkeDlMckl3UWVtckdzcHlhY1c1Y2FUb2FsZTNOVW5XdUpneW9sOFAyVUg3TDZNS2t1WUxHUF9sYUFQOVpWMlhmeE9YOVliM0tMczZpM0tHSkNBWnRiZ3VnNkJVSHZPdzdTOHVGV190dXpiUjFhYnBwSktLRFFsR0FES3hRLUtzVnVrY1RkZ0V1YmpVaDJXaGNOM2FDemc5THZDT1hGYWVkYW5oRVFZTDdENzhTdyIsICJlIjogIkFRQUIiLCAia3R5IjogIlJTQSJ9LCAibm9uY2UiOiAiTnZHMnVWRm83Zi1IOThqRXlBbGUxNFhQUXhqRGJZWlZFcDcySzVCRjJ0LWwwd2FyYlVvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCJ9",
"signature": "hb-hx5W3FhN1-9-4g9dB9_EYvAURaT0IP4DOg-xALisNeuWhBl6xzEqfAqwbRVIghbSvQFcMTniZDuJCWvx964ZjkaoBKAyqJfCTFiCHOuhouF_uAxmUMASkIwI-3BNPejGq0EKWOY9kTuLf_U7YOfQwJSCDJBiX-GTVw3l-JX-JMMO7rO8ZumAMb4IqARkbxAMZt8v18Grs-xlDK63BhTK8vUp_vpzo8Wxdbx-Bt-PlaZYFaYlVkpkQ9iCYHTwAhYO6_DM4dO7iRZ13mwJCUem-hSeJO6uJSsvNcz3pnt5qOdAmNRant1ccUp6SeLUGnv_LqRasxIR4nj4rnx7Bug",
"payload": "ewogICJjb250YWN0IjogWwogICAgIm1haWx0bzpoYXJyeWxlbWFzc0BnbWFpbC5jb20iCiAgXSwKICAidGVybXNPZlNlcnZpY2VBZ3JlZWQiOiB0cnVlCn0"
}
2025-07-24 09:54:53,799:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-acct HTTP/1.1" 201 477
2025-07-24 09:54:53,809:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 24 Jul 2025 09:54:53 GMT
Content-Type: application/json
Content-Length: 477
Connection: keep-alive
Boulder-Requester: 2549918701
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf;rel="terms-of-service"
Location: https://acme-v02.api.letsencrypt.org/acme/acct/2549918701
Replay-Nonce: NvG2uVFor7JuAyKpIhPkMQjSn_Y--RuvcPdaZdpiwZpdGjXmY50
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"key": {
"kty": "RSA",
"n": "u96h8l-MIZIEraOFD2APeB66g4S6e47-8fQnqNbMjnFDQuw8mn6K0ZdyeQXNff5LO-gWRjvGeJRHbdoPmjR3Mzo_MsOXUOM0Lzv4vFaBVXVY87C2-uiYgq3WsDOgz5sQvTPGRnmsm8v2pOceeon8f8b-G4RzALbjmtyA3HISSdx9LrIwQemrGspyacW5caToale3NUnWuJgyol8P2UH7L6MKkuYLGP_laAP9ZV2XfxOX9Yb3KLs6i3KGJCAZtbgug6BUHvOw7S8uFW_tuzbR1abppJKKDQlGADKxQ-KsVukcTdgEubjUh2WhcN3aCzg9LvCOXFaedanhEQYL7D78Sw",
"e": "AQAB"
},
"createdAt": "2025-07-24T09:54:53.677909151Z",
"status": "valid"
}
2025-07-24 09:54:53,811:DEBUG:acme.client:Storing nonce: NvG2uVFor7JuAyKpIhPkMQjSn_Y--RuvcPdaZdpiwZpdGjXmY50
2025-07-24 09:54:53,862:DEBUG:certbot._internal.display.obj:Notifying user: Account registered.
2025-07-24 09:54:53,864:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.bindings._rust.openssl.rsa.RSAPublicKey object at 0x72ac5509a250>)>), contact=(), agreement=None, status='valid', terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/2549918701', new_authzr_uri=None, terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf'), 9518739d374650085355cc8d235f37c1, Meta(creation_dt=datetime.datetime(2025, 7, 24, 9, 54, 53, tzinfo=), creation_host='43fac3b03f16', register_to_eff=None))>
2025-07-24 09:54:53,873:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for .harrylemass.com
2025-07-24 09:54:53,924:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": ".harrylemass.com"\n }\n ]\n}'
2025-07-24 09:54:53,940:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjU0OTkxODcwMSIsICJub25jZSI6ICJOdkcydVZGb3I3SnVBeUtwSWhQa01RalNuX1ktLVJ1dmNQZGFaZHBpd1pwZEdqWG1ZNTAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "QqsjzfSKtkpSwMh1eXX7B7Ynqf4wCeI9pA0sqP6BnkY3wCliAoVmRQqrW5UzzDyri3cHyUxvcQ_rff9dv7DOhok_48X2HhSFZIoLlPPbwAZjuIIPj-md0dFH19L8vVh39t3zONQKDD1P-ZgDpfW7YWFMiYUKOLjezF4_KWtERA2oHmol6W_3WHeA6XeuT3Y2RzFSyhRRNiupXVWVwJNAxLw1uUzT69F7P_NWdH2gt65QuKLCar_eQ7YyLFhwvC1_qLoUelnouw6h-rNx9rB8TsXXFr4HrMeaofaT9gycbSbTUa1hci5cvoz0P-XplgsphXvqzxQf9EMxc_Ww6sAGqA",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIioubGVtYXNzLmNvbS5hdSIKICAgIH0KICBdCn0"
}
2025-07-24 09:54:54,180:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 349
2025-07-24 09:54:54,184:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 24 Jul 2025 09:54:54 GMT
Content-Type: application/json
Content-Length: 349
Connection: keep-alive
Boulder-Requester: 2549918701
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/2549918701/410338141971
Replay-Nonce: NvG2uVFomExbkUnKHTvz8U6fM-TEHYe0HIUR3bleAlKs_lIElKI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2025-07-31T09:54:54Z",
"identifiers": [
{
"type": "dns",
"value": "*.harrylemass.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/2549918701/558110454061"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/2549918701/410338141971"
}
2025-07-24 09:54:54,185:DEBUG:acme.client:Storing nonce: NvG2uVFomExbkUnKHTvz8U6fM-TEHYe0HIUR3bleAlKs_lIElKI
2025-07-24 09:54:54,187:DEBUG:acme.client:JWS payload:
b''
2025-07-24 09:54:54,189:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2549918701/558110454061:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjU0OTkxODcwMSIsICJub25jZSI6ICJOdkcydVZGb21FeGJrVW5LSFR2ejhVNmZNLVRFSFllMEhJVVIzYmxlQWxLc19sSUVsS0kiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzI1NDk5MTg3MDEvNTU4MTEwNDU0MDYxIn0",
"signature": "XmQ81eWHSaCbXcLYfIY4UHbiMgH37rQaNwPhbFoUu7FK-9tjEdjYc2tKtmjoCUzSGeE3d2PBrbZweyylKMRqmYXiLoTRFykXjTsS3_4ggU6J_IhTANxkHjTjhPKLddGGHNG-0m0AqdeyxLc0KPlOkVpgeiFEGEXmK5sPbeDuhVC-M6K3HenZWDshgWtDQDPG2kwxtgX4D6jJWAeWfE1Iz-4dATV1e_dxxIbquiRzU1n_bEM29Z_6BO4TGQig8KakoGMQG8dOQV38l0Vp9FBlrfSSmOP7xX7tGHvU6MS2ev1IMbZxLqCzq2m0p8hpgk0NYP5HFia4Xe6B1EK9JLzLwQ",
"payload": ""
}
2025-07-24 09:54:54,398:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2549918701/558110454061 HTTP/1.1" 200 395
2025-07-24 09:54:54,400:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 24 Jul 2025 09:54:54 GMT
Content-Type: application/json
Content-Length: 395
Connection: keep-alive
Boulder-Requester: 2549918701
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: NvG2uVFo-LV6uK4RBlHONJeojWqLceP-3DKYUSP_ad8SPCveGqs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "harrylemass.com"
},
"status": "pending",
"expires": "2025-07-31T09:54:54Z",
"challenges": [
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2549918701/558110454061/mIahOw",
"status": "pending",
"token": "hHRC8EXPFha-DBhO-3zPfWkj4DgjzvkkaOgv8zSJRVQ"
}
],
"wildcard": true
}
2025-07-24 09:54:54,401:DEBUG:acme.client:Storing nonce: NvG2uVFo-LV6uK4RBlHONJeojWqLceP-3DKYUSP_ad8SPCveGqs
2025-07-24 09:54:54,403:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-07-24 09:54:54,404:INFO:certbot._internal.auth_handler:dns-01 challenge for harrylemass.com
2025-07-24 09:54:54,406:WARNING:certbot.plugins.dns_common:Unsafe permissions on credentials configuration file: /etc/letsencrypt/credentials/credentials-12
2025-07-24 09:54:54,425:DEBUG:urllib3.util.retry:Converted retries value: 5 -> Retry(total=5, connect=None, read=None, redirect=None, status=None)
2025-07-24 09:54:54,428:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.cloudflare.com:443
2025-07-24 09:54:54,934:DEBUG:urllib3.connectionpool:https://api.cloudflare.com:443 "GET /client/v4/zones?name=harrylemass.com&per_page=1 HTTP/1.1" 200 None
2025-07-24 09:54:54,937:DEBUG:certbot_dns_cloudflare._internal.dns_cloudflare:Found zone_id of 952b3d2e2ff163a94dbeffa6f72a5145 for harrylemass.com using name harrylemass.com
2025-07-24 09:54:54,939:DEBUG:certbot_dns_cloudflare._internal.dns_cloudflare:Attempting to add record to zone 952b3d2e2ff163a94dbeffa6f72a5145: {'type': 'TXT', 'name': '_acme-challenge.harrylemass.com', 'content': 'VxJl8JtCAbmTSvcKDywYy-MyJKHlCeZFjpaX8CORJqc', 'ttl': 120}
2025-07-24 09:54:55,222:DEBUG:urllib3.connectionpool:https://api.cloudflare.com:443 "POST /client/v4/zones/952b3d2e2ff163a94dbeffa6f72a5145/dns_records HTTP/1.1" 200 None
2025-07-24 09:54:55,642:DEBUG:urllib3.connectionpool:https://api.cloudflare.com:443 "GET /client/v4/zones/952b3d2e2ff163a94dbeffa6f72a5145/dns_records?type=TXT&name=_acme-challenge.harrylemass.com&content=VxJl8JtCAbmTSvcKDywYy-MyJKHlCeZFjpaX8CORJqc&per_page=1 HTTP/1.1" 200 None
2025-07-24 09:54:55,645:DEBUG:certbot_dns_cloudflare._internal.dns_cloudflare:Successfully added TXT record with record_id: 60400f52d12cdab3e114d407e8e7bf9e
2025-07-24 09:54:55,649:DEBUG:certbot._internal.display.obj:Notifying user: Waiting 10 seconds for DNS changes to propagate
2025-07-24 09:55:05,651:DEBUG:acme.client:JWS payload:
b'{}'
2025-07-24 09:55:05,654:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/2549918701/558110454061/mIahOw:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjU0OTkxODcwMSIsICJub25jZSI6ICJOdkcydVZGby1MVjZ1SzRSQmxIT05KZW9qV3FMY2VQLTNES1lVU1BfYWQ4U1BDdmVHcXMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzI1NDk5MTg3MDEvNTU4MTEwNDU0MDYxL21JYWhPdyJ9",
"signature": "WzLSq04mW_QnuAjxczbh-TxAeSKAMSLGLeEZIilPITQgmphvjolGIXCPjLggA6rNXIRTyZjwu9Ci2DVSoIWfT_ewzA126exqc8fqWqdXzyV9wzXR2BHQxazNuIwuY9NxFj4auWHRWx3DMe_rjR4kKjoxXpPb-MulHgpQGxSmdJo60F_zIWUqXycdVC53mSJJV_KBCIPW8eKJlgEPtY2P6VTBGCWXevPoThhgPiPgZuhRnrja58BZkIBQZlstfMnsritPcgUgjyeYNZrf5JvUIaoVDRPxl8DEm7WrsZL0RiSeCAbk4KdDfEnNc7IR__7OcOh-k9lW41bzFi2BgGnelw",
"payload": "e30"
}
2025-07-24 09:55:05,876:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/2549918701/558110454061/mIahOw HTTP/1.1" 200 194
2025-07-24 09:55:05,878:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 24 Jul 2025 09:55:05 GMT
Content-Type: application/json
Content-Length: 194
Connection: keep-alive
Boulder-Requester: 2549918701
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz/2549918701/558110454061;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/2549918701/558110454061/mIahOw
Replay-Nonce: NvG2uVFoKixVfXy0memEmohuk_69UfGMf4ncNEhzev47Vxdvedc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2549918701/558110454061/mIahOw",
"status": "pending",
"token": "hHRC8EXPFha-DBhO-3zPfWkj4DgjzvkkaOgv8zSJRVQ"
}
2025-07-24 09:55:05,879:DEBUG:acme.client:Storing nonce: NvG2uVFoKixVfXy0memEmohuk_69UfGMf4ncNEhzev47Vxdvedc
2025-07-24 09:55:05,880:INFO:certbot._internal.auth_handler:Waiting for verification...
2025-07-24 09:55:06,882:DEBUG:acme.client:JWS payload:
b''
2025-07-24 09:55:06,886:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2549918701/558110454061:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjU0OTkxODcwMSIsICJub25jZSI6ICJOdkcydVZGb0tpeFZmWHkwbWVtRW1vaHVrXzY5VWZHTWY0bmNORWh6ZXY0N1Z4ZHZlZGMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzI1NDk5MTg3MDEvNTU4MTEwNDU0MDYxIn0",
"signature": "t91F8Q-lBcnjDw-YkIfl26PDEu3JTPDbcuPMjFrQhysEqe2QTAcQtrDh4qnjMRpcDGJinLxVg-1sqsSUHTb8tI9UuYqkEfdYrqOjpGM6Ti2kQ4930tVN7xdRzsLKoqhG55tOu8hCYjuv7BGVg0X6M8r2JfaekFuiRHEfpUX6qnCOO_nHlj6N6RIJ56xqUDLLAzBZWyfb68-m-VvfIN0VQk8h902lv5VTS2fNlek7wAVKSLseTjWKGmwVXpfDKb91BCfSJ0HWcklF54Yy0RPuchaYW3H1oemwoNcVYRCCF_toqrsb8db_MEl9BFmJQqySVnWfXHh3B5kVtRcjycFswg",
"payload": ""
}
2025-07-24 09:55:07,095:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2549918701/558110454061 HTTP/1.1" 200 558
2025-07-24 09:55:07,098:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 24 Jul 2025 09:55:06 GMT
Content-Type: application/json
Content-Length: 558
Connection: keep-alive
Boulder-Requester: 2549918701
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: ru1tQmT3QtQj2vL0arQSxb2Crm7AHsq1kIkImpcKy2mhAXTTJJc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "harrylemass.com"
},
"status": "valid",
"expires": "2025-08-23T09:55:06Z",
"challenges": [
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2549918701/558110454061/mIahOw",
"status": "valid",
"validated": "2025-07-24T09:55:05Z",
"token": "hHRC8EXPFha-DBhO-3zPfWkj4DgjzvkkaOgv8zSJRVQ",
"validationRecord": [
{
"hostname": "harrylemass.com",
"addressUsed": ""
}
]
}
],
"wildcard": true
}
2025-07-24 09:55:07,099:DEBUG:acme.client:Storing nonce: ru1tQmT3QtQj2vL0arQSxb2Crm7AHsq1kIkImpcKy2mhAXTTJJc
2025-07-24 09:55:07,100:DEBUG:certbot._internal.error_handler:Calling registered functions
2025-07-24 09:55:07,102:INFO:certbot._internal.auth_handler:Cleaning up challenges
2025-07-24 09:55:07,113:DEBUG:urllib3.util.retry:Converted retries value: 5 -> Retry(total=5, connect=None, read=None, redirect=None, status=None)
2025-07-24 09:55:07,115:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.cloudflare.com:443
2025-07-24 09:55:07,566:DEBUG:urllib3.connectionpool:https://api.cloudflare.com:443 "GET /client/v4/zones?name=harrylemass.com&per_page=1 HTTP/1.1" 200 None
2025-07-24 09:55:07,569:DEBUG:certbot_dns_cloudflare._internal.dns_cloudflare:Found zone_id of 952b3d2e2ff163a94dbeffa6f72a5145 for harrylemass.com using name harrylemass.com
2025-07-24 09:55:07,974:DEBUG:urllib3.connectionpool:https://api.cloudflare.com:443 "GET /client/v4/zones/952b3d2e2ff163a94dbeffa6f72a5145/dns_records?type=TXT&name=_acme-challenge.harrylemass.com&content=VxJl8JtCAbmTSvcKDywYy-MyJKHlCeZFjpaX8CORJqc&per_page=1 HTTP/1.1" 200 None
2025-07-24 09:55:08,306:DEBUG:urllib3.connectionpool:https://api.cloudflare.com:443 "DELETE /client/v4/zones/952b3d2e2ff163a94dbeffa6f72a5145/dns_records/60400f52d12cdab3e114d407e8e7bf9e HTTP/1.1" 200 None
2025-07-24 09:55:08,387:DEBUG:certbot_dns_cloudflare._internal.dns_cloudflare:Successfully deleted TXT record.
2025-07-24 09:55:08,390:DEBUG:certbot._internal.client:CSR: CSR(file=None, data=b'-----BEGIN CERTIFICATE REQUEST-----\nMIIBJTCBrAIBADAAMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAES91+7uvcNeRN2Fs3\na6gKHL4/aHpprjK5wjSAJdhJkN2T1DG5IGK0hwk+oMDqIr1+7BTnwUbTQCmTFcb+\nmB01cPEkxlast1juPqBOzxAs+Yo79wZOrFZKh9dVujd+xl3ioC0wKwYJKoZIhvcN\nAQkOMR4wHDAaBgNVHREEEzARgg8qLmxlbWFzcy5jb20uYXUwCgYIKoZIzj0EAwID\naAAwZQIwLd/sjN+VJCcjwuzKuj3/8kIF0d5URft8Dkr0Kc8NXx9zYpM2BoImMI4H\nqyDoo5GYAjEAvwkVqMjdFVevnsqAM+QtvDWIh/alJOwuowo/nRGGszxTIU6/twk3\nEWn3P9eEOzqZ\n-----END CERTIFICATE REQUEST-----\n', form='pem')
2025-07-24 09:55:08,393:DEBUG:certbot._internal.client:Will poll for certificate issuance until 2025-07-24 09:56:38.392993
2025-07-24 09:55:08,394:DEBUG:acme.client:JWS payload:
b'{\n "csr": "MIIBJTCBrAIBADAAMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAES91-7uvcNeRN2Fs3a6gKHL4_aHpprjK5wjSAJdhJkN2T1DG5IGK0hwk-oMDqIr1-7BTnwUbTQCmTFcb-mB01cPEkxlast1juPqBOzxAs-Yo79wZOrFZKh9dVujd-xl3ioC0wKwYJKoZIhvcNAQkOMR4wHDAaBgNVHREEEzARgg8qLmxlbWFzcy5jb20uYXUwCgYIKoZIzj0EAwIDaAAwZQIwLd_sjN-VJCcjwuzKuj3_8kIF0d5URft8Dkr0Kc8NXx9zYpM2BoImMI4HqyDoo5GYAjEAvwkVqMjdFVevnsqAM-QtvDWIh_alJOwuowo_nRGGszxTIU6_twk3EWn3P9eEOzqZ"\n}'
2025-07-24 09:55:08,398:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/finalize/2549918701/410338141971:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjU0OTkxODcwMSIsICJub25jZSI6ICJydTF0UW1UM1F0UWoydkwwYXJRU3hiMkNybTdBSHNxMWtJa0ltcGNLeTJtaEFYVFRKSmMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2ZpbmFsaXplLzI1NDk5MTg3MDEvNDEwMzM4MTQxOTcxIn0",
"signature": "U5_yRkzgzrL0flqhpxyz5VHEsVyH-ADc82DPbOJmcrz4EM4sX3su-m6UG_3Z3sYZ9GvPyGFSULz2WOsFKpa5FKRKJXzHQOqJJKHghPZvOqX6pBNsj4seHofe1JF5RDkKkKsU2250th84dVDBliMS2_lR7VfVpyRlqs9-6EaoDNDMH5L58fkD2dkHSqWtZl2CPnr3NtWpgWyOE9wX9m87StcY8UmM6Hwq6a3nakkKPHuAyrV1BNbx0vO57RchqebxkbYsUtwcnyRY3FnHk5m1sMJayvShnVRl1nLDyjxzwBmcp8Qt5QaW33JJLjBhi_vzozJfQ9gAeBgoEAew_B-ivg",
"payload": "ewogICJjc3IiOiAiTUlJQkpUQ0JyQUlCQURBQU1IWXdFQVlIS29aSXpqMENBUVlGSzRFRUFDSURZZ0FFUzkxLTd1dmNOZVJOMkZzM2E2Z0tITDRfYUhwcHJqSzV3alNBSmRoSmtOMlQxREc1SUdLMGh3ay1vTURxSXIxLTdCVG53VWJUUUNtVEZjYi1tQjAxY1BFa3hsYXN0MWp1UHFCT3p4QXMtWW83OXdaT3JGWktoOWRWdWpkLXhsM2lvQzB3S3dZSktvWklodmNOQVFrT01SNHdIREFhQmdOVkhSRUVFekFSZ2c4cUxteGxiV0Z6Y3k1amIyMHVZWFV3Q2dZSUtvWkl6ajBFQXdJRGFBQXdaUUl3TGRfc2pOLVZKQ2Nqd3V6S3VqM184a0lGMGQ1VVJmdDhEa3IwS2M4Tlh4OXpZcE0yQm9JbU1JNEhxeURvbzVHWUFqRUF2d2tWcU1qZEZWZXZuc3FBTS1RdHZEV0loX2FsSk93dW93b19uUkdHc3p4VElVNl90d2szRVduM1A5ZUVPenFaIgp9"
}
2025-07-24 09:55:08,877:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/finalize/2549918701/410338141971 HTTP/1.1" 200 451
2025-07-24 09:55:08,879:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 24 Jul 2025 09:55:08 GMT
Content-Type: application/json
Content-Length: 451
Connection: keep-alive
Boulder-Requester: 2549918701
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/2549918701/410338141971
Replay-Nonce: ru1tQmT3K0jlB8yHdb2hLPjDZsoxNY0rW2KP-CJ1bDQvV2854S8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "valid",
"expires": "2025-07-31T09:54:54Z",
"identifiers": [
{
"type": "dns",
"value": "*.harrylemass.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/2549918701/558110454061"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/2549918701/410338141971",
"certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/06e18a99c7aea82f5625f9ecf93f3e1d2250"
}
2025-07-24 09:55:08,880:DEBUG:acme.client:Storing nonce: ru1tQmT3K0jlB8yHdb2hLPjDZsoxNY0rW2KP-CJ1bDQvV2854S8
2025-07-24 09:55:09,882:DEBUG:acme.client:JWS payload:
b''
2025-07-24 09:55:09,886:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/order/2549918701/410338141971:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjU0OTkxODcwMSIsICJub25jZSI6ICJydTF0UW1UM0swamxCOHlIZGIyaExQakRac294TlkwclcyS1AtQ0oxYkRRdlYyODU0UzgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL29yZGVyLzI1NDk5MTg3MDEvNDEwMzM4MTQxOTcxIn0",
"signature": "bccUULI0q3m_6QkxYh6rSeXXISFyW6_abqilEcaQd-jW5wjmqQG2Ccl0Gz2pEEGlU2mY0W8I73UqLEejN1zg9HeVE8BMvzV1NgMYYsp7KKC2cbevDIOYUIsjeqBuSZNyaVK4csCcqq_abOETbsI--G_wzrvyhaF8x-j-gl0Qls-LR-QSfS2p3MSS7-Lgc2tt0WQdkfkehI5IdQTce4sSgpP5sK64n2iZ9H-jajcq3KToa51sAzdHL6v-5c2q69YBXfOf-NQk8RPN0CEjtIHt40GwZ7J2kKresJ0AZmQJWiLVoK1tNg08P_Sln3QALXXByvXnraUz6JPrHpuZGUYbSg",
"payload": ""
}
2025-07-24 09:55:10,097:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/order/2549918701/410338141971 HTTP/1.1" 200 451
2025-07-24 09:55:10,099:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 24 Jul 2025 09:55:09 GMT
Content-Type: application/json
Content-Length: 451
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/2549918701/410338141971
Replay-Nonce: ru1tQmT3ct7I6cno1i1_8oEpBVvTs4zFMYyw1S-PBC5o437nEew
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "valid",
"expires": "2025-07-31T09:54:54Z",
"identifiers": [
{
"type": "dns",
"value": "*.harrylemass.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/2549918701/558110454061"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/2549918701/410338141971",
"certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/06e18a99c7aea82f5625f9ecf93f3e1d2250"
}
2025-07-24 09:55:10,101:DEBUG:acme.client:Storing nonce: ru1tQmT3ct7I6cno1i1_8oEpBVvTs4zFMYyw1S-PBC5o437nEew
2025-07-24 09:55:10,103:DEBUG:acme.client:JWS payload:
b''
2025-07-24 09:55:10,105:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/cert/06e18a99c7aea82f5625f9ecf93f3e1d2250:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjU0OTkxODcwMSIsICJub25jZSI6ICJydTF0UW1UM2N0N0k2Y25vMWkxXzhvRXBCVnZUczR6Rk1ZeXcxUy1QQkM1bzQzN25FZXciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NlcnQvMDZlMThhOTljN2FlYTgyZjU2MjVmOWVjZjkzZjNlMWQyMjUwIn0",
"signature": "JZIlcbQn5CUAT4iz-F3ixBftpYHjdjYHOUr6U4D__MiASMpzD5QDrTtcHl6ocrqfysgTp4Cu8phQxHqJfGNHMQAvSFAr_WPVyfLrkmquvbxGogLYry3XOFyaZ7H4W5EJcDzsXRIqUO3Xvn6v7MYLGNXY5oTYFpJqt955DtVvbFDoEmTnenOny6nY2BmbTQ5Ngeyb7M_3rBuZp0kh2R9JnSuBHYVz7vryp9zHvJNeykoy8wZPya-1sYkAUDi-vEkATGRT8XK1-k6BWhSDqdKZ8ZwWz6HYp3lBtSgmYxSu559vNiqVWhLJT97Mpt8N9K-OH3UTjZrZUytpyivaRbJQ",
"payload": ""
}
2025-07-24 09:55:10,316:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/cert/06e18a99c7aea82f5625f9ecf93f3e1d2250 HTTP/1.1" 200 2897
2025-07-24 09:55:10,318:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 24 Jul 2025 09:55:10 GMT
Content-Type: application/pem-certificate-chain
Content-Length: 2897
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/cert/06e18a99c7aea82f5625f9ecf93f3e1d2250/1;rel="alternate"
Replay-Nonce: NvG2uVFoWZv-hfHPS5Hs7bR7SwlyBYMlhmriHi8vIRCwB1wasts
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

-----BEGIN CERTIFICATE-----
DELETED
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
DELETED
-----END CERTIFICATE-----

2025-07-24 09:55:10,320:DEBUG:acme.client:Storing nonce: NvG2uVFoWZv-hfHPS5Hs7bR7SwlyBYMlhmriHi8vIRCwB1wasts
2025-07-24 09:55:10,321:DEBUG:acme.client:JWS payload:
b''
2025-07-24 09:55:10,324:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/cert/06e18a99c7aea82f5625f9ecf93f3e1d2250/1:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjU0OTkxODcwMSIsICJub25jZSI6ICJOdkcydVZGb1dadi1oZkhQUzVIczdiUjdTd2x5QllNbGhtcmlIaTh2SVJDd0Ixd2FzdHMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NlcnQvMDZlMThhOTljN2FlYTgyZjU2MjVmOWVjZjkzZjNlMWQyMjUwLzEifQ",
"signature": "MLdiHT61BDpMnN9HEnoRI_eHnBYvwS-jo2rfZVw2-qTo2jfFJrQ9x3DQVdy3yzLAPy03RBSiVr5Bt9agCz2ZV2wlIo44PokRuriVfPYDSy6-MueRKTtCsd5yWy8Vw0uGqy9OGasvusaHSrOUWSOdW2LzPVJWzi1nC9kpwat-XXFv2l6JbZzrOOA6nq28_09XOwofbI8WfdIJn2vhWSElwyeTfsfde2Npb3gMbF3HnsHdGSzPKvPG7ZsACH90bMeTACIm0LHoPGEGm8KRGkUsi-3tIguoivuiX9HxDqqKL8TGFY0UW02gW4EFOtBhusUBYHCRizk2pBB2VSJKgJ9p3w",
"payload": ""
}
2025-07-24 09:55:10,537:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/cert/06e18a99c7aea82f5625f9ecf93f3e1d2250/1 HTTP/1.1" 200 2332
2025-07-24 09:55:10,578:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 24 Jul 2025 09:55:10 GMT
Content-Type: application/pem-certificate-chain
Content-Length: 2332
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/cert/06e18a99c7aea82f5625f9ecf93f3e1d2250/0;rel="alternate"
Replay-Nonce: NvG2uVFoW3qU2C_N2w2upZvJfbKCRYKRS6h1wrIlj1tH-Gn2rvM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

-----BEGIN CERTIFICATE-----
DELETED
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
DELETED
-----END CERTIFICATE-----

2025-07-24 09:55:10,579:DEBUG:acme.client:Storing nonce: NvG2uVFoW3qU2C_N2w2upZvJfbKCRYKRS6h1wrIlj1tH-Gn2rvM
2025-07-24 09:55:10,581:INFO:certbot._internal.client:Non-standard path(s), might not work with crontab installed by your operating system package manager
2025-07-24 09:55:10,588:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/archive.
2025-07-24 09:55:10,593:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/live.
2025-07-24 09:55:10,602:DEBUG:certbot._internal.storage:Writing README to /etc/letsencrypt/live/README.
2025-07-24 09:55:10,620:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/archive/npm-12.
2025-07-24 09:55:10,623:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/live/npm-12.
2025-07-24 09:55:10,633:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/opt/certbot/bin/certbot", line 8, in
sys.exit(main())
^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1879, in main
return config.func(config, plugins)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1585, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 535, in obtain_and_enroll_certificate
return storage.RenewableCert.new_lineage(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/storage.py", line 1029, in new_lineage
os.symlink(_relpath_from_file(archive_target[kind], target[kind]), target[kind])
OSError: [Errno 61] No data available: '../../archive/npm-12/cert1.pem' -> '/etc/letsencrypt/live/npm-12/cert.pem'
2025-07-24 09:55:10,638:ERROR:certbot._internal.log:An unexpected error occurred:
2025-07-24 09:55:10,640:ERROR:certbot._internal.log:OSError: [Errno 61] No data available: '../../archive/npm-12/cert1.pem' -> '/etc/letsencrypt/live/npm-12/cert.pem'

My web server is (include version):

NGNIX latest (as of today)

The operating system my web server runs on is (include version):

Docker on ubuntu via docker compose

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot version: 4.1.1

Bruce5051 · July 24, 2025, 8:13pm

Hello @MCMXD, welcome!

You have recently been issued several certificates for *.harrylemass.com from Let's Encrypt,
see https://crt.sh/?q=harrylemass.com

Testing and debugging are best done using the Staging Environment as the Rate Limits are much higher.

Please show the output of each of the following commands

sudo certbot certificates
sudo nginx -T that is a capital T

MikeMcQ · July 24, 2025, 9:48pm

You are better off asking about this on the NPM support channels or forum.

NPM runs Certbot with many options specific to the related configuration it creates. It will take an NPM expert to know exactly what has gone wrong here.

Just for clarity, neither nginx or "lets encrypt" writes files to your system. The Certbot ACME Client will do that and only as specifically directed to by NPM.

MCMXD · July 25, 2025, 6:18am

Thank you for your reply!

Ha wish I knew that, I was locked out very quickly. I will use from now on.

CertBot shows

Renewal configuration file /etc/letsencrypt/renewal/npm-14.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following renewal configurations were invalid:
  /etc/letsencrypt/renewal/npm-14.conf

Note the number no longer line up as I tried many times, including with fresh installs.

nginx -T shows

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
# run nginx in foreground
daemon off;
pid /run/nginx/nginx.pid;
user npm;

# Set number of worker processes automatically based on number of CPU cores.
worker_processes auto;

# Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on;

error_log /data/logs/fallback_error.log warn;

# Includes files with directives to load dynamic modules.
include /etc/nginx/modules/*.conf;

# Custom
include /data/nginx/custom/root_top[.]conf;

events {
        include /data/nginx/custom/events[.]conf;
}

http {
        include                       /etc/nginx/mime.types;
        default_type                  application/octet-stream;
        sendfile                      on;
        server_tokens                 off;
        tcp_nopush                    on;
        tcp_nodelay                   on;
        client_body_temp_path         /tmp/nginx/body 1 2;
        keepalive_timeout             90s;
        proxy_connect_timeout         90s;
        proxy_send_timeout            90s;
        proxy_read_timeout            90s;
        ssl_prefer_server_ciphers     on;
        gzip                          on;
        proxy_ignore_client_abort     off;
        client_max_body_size          2000m;
        server_names_hash_bucket_size 1024;
        proxy_http_version            1.1;
        proxy_set_header              X-Forwarded-Scheme $scheme;
        proxy_set_header              X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header              Accept-Encoding "";
        proxy_cache                   off;
        proxy_cache_path              /var/lib/nginx/cache/public  levels=1:2 keys_zone=public-cache:30m max_size=192m;
        proxy_cache_path              /var/lib/nginx/cache/private levels=1:2 keys_zone=private-cache:5m max_size=1024m;

        # Log format and fallback log file
        include /etc/nginx/conf.d/include/log.conf;

        # Dynamically generated resolvers file
        include /etc/nginx/conf.d/include/resolvers.conf;

        # Default upstream scheme
        map $host $forward_scheme {
                default http;
        }

        # Real IP Determination

        # Local subnets:
        set_real_ip_from 10.0.0.0/8;
        set_real_ip_from 172.16.0.0/12; # Includes Docker subnet
        set_real_ip_from 192.168.0.0/16;
        # NPM generated CDN ip ranges:
        include conf.d/include/ip_ranges.conf;
        # always put the following 2 lines after ip subnets:
        real_ip_header X-Real-IP;
        real_ip_recursive on;

        # Custom
        include /data/nginx/custom/http_top[.]conf;

        # Files generated by NPM
        include /etc/nginx/conf.d/*.conf;
        include /data/nginx/default_host/*.conf;
        include /data/nginx/proxy_host/*.conf;
        include /data/nginx/redirection_host/*.conf;
        include /data/nginx/dead_host/*.conf;
        include /data/nginx/temp/*.conf;

        # Custom
        include /data/nginx/custom/http[.]conf;
}

stream {
        # Files generated by NPM
        include /data/nginx/stream/*.conf;

        # Custom
        include /data/nginx/custom/stream[.]conf;
}

# Custom
include /data/nginx/custom/root[.]conf;

# configuration file /etc/nginx/mime.types:
types {
    text/html                                        html htm shtml;
    text/css                                         css;
    text/xml                                         xml;
    image/gif                                        gif;
    image/jpeg                                       jpeg jpg;
    application/javascript                           js;
    application/atom+xml                             atom;
    application/rss+xml                              rss;

    text/mathml                                      mml;
    text/plain                                       txt;
    text/vnd.sun.j2me.app-descriptor                 jad;
    text/vnd.wap.wml                                 wml;
    text/x-component                                 htc;

    image/png                                        png;
    image/svg+xml                                    svg svgz;
    image/tiff                                       tif tiff;
    image/vnd.wap.wbmp                               wbmp;
    image/webp                                       webp;
    image/x-icon                                     ico;
    image/x-jng                                      jng;
    image/x-ms-bmp                                   bmp;

    font/woff                                        woff;
    font/woff2                                       woff2;

    application/java-archive                         jar war ear;
    application/json                                 json;
    application/mac-binhex40                         hqx;
    application/msword                               doc;
    application/pdf                                  pdf;
    application/postscript                           ps eps ai;
    application/rtf                                  rtf;
    application/vnd.apple.mpegurl                    m3u8;
    application/vnd.google-earth.kml+xml             kml;
    application/vnd.google-earth.kmz                 kmz;
    application/vnd.ms-excel                         xls;
    application/vnd.ms-fontobject                    eot;
    application/vnd.ms-powerpoint                    ppt;
    application/vnd.oasis.opendocument.graphics      odg;
    application/vnd.oasis.opendocument.presentation  odp;
    application/vnd.oasis.opendocument.spreadsheet   ods;
    application/vnd.oasis.opendocument.text          odt;
    application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                     pptx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                     xlsx;
    application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                     docx;
    application/vnd.wap.wmlc                         wmlc;
    application/x-7z-compressed                      7z;
    application/x-cocoa                              cco;
    application/x-java-archive-diff                  jardiff;
    application/x-java-jnlp-file                     jnlp;
    application/x-makeself                           run;
    application/x-perl                               pl pm;
    application/x-pilot                              prc pdb;
    application/x-rar-compressed                     rar;
    application/x-redhat-package-manager             rpm;
    application/x-sea                                sea;
    application/x-shockwave-flash                    swf;
    application/x-stuffit                            sit;
    application/x-tcl                                tcl tk;
    application/x-x509-ca-cert                       der pem crt;
    application/x-xpinstall                          xpi;
    application/xhtml+xml                            xhtml;
    application/xspf+xml                             xspf;
    application/zip                                  zip;

    application/octet-stream                         bin exe dll;
    application/octet-stream                         deb;
    application/octet-stream                         dmg;
    application/octet-stream                         iso img;
    application/octet-stream                         msi msp msm;

    audio/midi                                       mid midi kar;
    audio/mpeg                                       mp3;
    audio/ogg                                        ogg;
    audio/x-m4a                                      m4a;
    audio/x-realaudio                                ra;

    video/3gpp                                       3gpp 3gp;
    video/mp2t                                       ts;
    video/mp4                                        mp4;
    video/mpeg                                       mpeg mpg;
    video/quicktime                                  mov;
    video/webm                                       webm;
    video/x-flv                                      flv;
    video/x-m4v                                      m4v;
    video/x-mng                                      mng;
    video/x-ms-asf                                   asx asf;
    video/x-ms-wmv                                   wmv;
    video/x-msvideo                                  avi;
}

# configuration file /etc/nginx/conf.d/include/log.conf:
log_format proxy '[$time_local] $upstream_cache_status $upstream_status $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] [Sent-to $server] "$http_user_agent" "$http_referer"';
log_format standard '[$time_local] $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] "$http_user_agent" "$http_referer"';

access_log /data/logs/fallback_access.log proxy;

# configuration file /etc/nginx/conf.d/include/resolvers.conf:
resolver 127.0.0.11  valid=10s;

# configuration file /etc/nginx/conf.d/include/ip_ranges.conf:

set_real_ip_from 120.52.22.96/27;

set_real_ip_from 205.251.249.0/24;

set_real_ip_from 180.163.57.128/26;

set_real_ip_from 204.246.168.0/22;

set_real_ip_from 111.13.171.128/26;

set_real_ip_from 18.160.0.0/15;

set_real_ip_from 205.251.252.0/23;

set_real_ip_from 54.192.0.0/16;

set_real_ip_from 204.246.173.0/24;

set_real_ip_from 54.230.200.0/21;

set_real_ip_from 120.253.240.192/26;

set_real_ip_from 116.129.226.128/26;

set_real_ip_from 130.176.0.0/17;

set_real_ip_from 3.173.192.0/18;

set_real_ip_from 108.156.0.0/14;

set_real_ip_from 99.86.0.0/16;

set_real_ip_from 13.32.0.0/15;

set_real_ip_from 120.253.245.128/26;

set_real_ip_from 13.224.0.0/14;

set_real_ip_from 70.132.0.0/18;

set_real_ip_from 15.158.0.0/16;

set_real_ip_from 111.13.171.192/26;

set_real_ip_from 13.249.0.0/16;

set_real_ip_from 18.238.0.0/15;

set_real_ip_from 18.244.0.0/15;

set_real_ip_from 205.251.208.0/20;

set_real_ip_from 3.165.0.0/16;

set_real_ip_from 3.168.0.0/14;

set_real_ip_from 65.9.128.0/18;

set_real_ip_from 130.176.128.0/18;

set_real_ip_from 58.254.138.0/25;

set_real_ip_from 205.251.206.0/23;

set_real_ip_from 54.230.208.0/20;

set_real_ip_from 3.160.0.0/14;

set_real_ip_from 116.129.226.0/25;

set_real_ip_from 23.91.0.0/19;

set_real_ip_from 52.222.128.0/17;

set_real_ip_from 18.164.0.0/15;

set_real_ip_from 111.13.185.32/27;

set_real_ip_from 64.252.128.0/18;

set_real_ip_from 205.251.254.0/24;

set_real_ip_from 3.166.0.0/15;

set_real_ip_from 54.230.224.0/19;

set_real_ip_from 71.152.0.0/17;

set_real_ip_from 216.137.32.0/19;

set_real_ip_from 204.246.172.0/24;

set_real_ip_from 205.251.202.0/23;

set_real_ip_from 18.172.0.0/15;

set_real_ip_from 120.52.39.128/27;

set_real_ip_from 118.193.97.64/26;

set_real_ip_from 3.164.64.0/18;

set_real_ip_from 18.154.0.0/15;

set_real_ip_from 3.173.0.0/17;

set_real_ip_from 54.240.128.0/18;

set_real_ip_from 205.251.250.0/23;

set_real_ip_from 180.163.57.0/25;

set_real_ip_from 52.46.0.0/18;

set_real_ip_from 3.174.0.0/15;

set_real_ip_from 52.82.128.0/19;

set_real_ip_from 54.230.0.0/17;

set_real_ip_from 54.230.128.0/18;

set_real_ip_from 54.239.128.0/18;

set_real_ip_from 130.176.224.0/20;

set_real_ip_from 36.103.232.128/26;

set_real_ip_from 52.84.0.0/15;

set_real_ip_from 143.204.0.0/16;

set_real_ip_from 144.220.0.0/16;

set_real_ip_from 120.52.153.192/26;

set_real_ip_from 119.147.182.0/25;

set_real_ip_from 120.232.236.0/25;

set_real_ip_from 111.13.185.64/27;

set_real_ip_from 3.164.0.0/18;

set_real_ip_from 3.172.64.0/18;

set_real_ip_from 54.182.0.0/16;

set_real_ip_from 58.254.138.128/26;

set_real_ip_from 120.253.245.192/27;

set_real_ip_from 54.239.192.0/19;

set_real_ip_from 18.68.0.0/16;

set_real_ip_from 18.64.0.0/14;

set_real_ip_from 120.52.12.64/26;

set_real_ip_from 99.84.0.0/16;

set_real_ip_from 205.251.204.0/23;

set_real_ip_from 130.176.192.0/19;

set_real_ip_from 52.124.128.0/17;

set_real_ip_from 204.246.164.0/22;

set_real_ip_from 13.35.0.0/16;

set_real_ip_from 204.246.174.0/23;

set_real_ip_from 3.164.128.0/17;

set_real_ip_from 3.172.0.0/18;

set_real_ip_from 36.103.232.0/25;

set_real_ip_from 119.147.182.128/26;

set_real_ip_from 118.193.97.128/25;

set_real_ip_from 120.232.236.128/26;

set_real_ip_from 204.246.176.0/20;

set_real_ip_from 65.8.0.0/16;

set_real_ip_from 65.9.0.0/17;

set_real_ip_from 108.138.0.0/15;

set_real_ip_from 120.253.241.160/27;

set_real_ip_from 3.173.128.0/18;

set_real_ip_from 64.252.64.0/18;

set_real_ip_from 13.113.196.64/26;

set_real_ip_from 13.113.203.0/24;

set_real_ip_from 52.199.127.192/26;

set_real_ip_from 57.182.253.0/24;

set_real_ip_from 57.183.42.0/25;

set_real_ip_from 13.124.199.0/24;

set_real_ip_from 3.35.130.128/25;

set_real_ip_from 52.78.247.128/26;

set_real_ip_from 13.203.133.0/26;

set_real_ip_from 13.233.177.192/26;

set_real_ip_from 15.207.13.128/25;

set_real_ip_from 15.207.213.128/25;

set_real_ip_from 52.66.194.128/26;

set_real_ip_from 13.228.69.0/24;

set_real_ip_from 47.129.82.0/24;

set_real_ip_from 47.129.83.0/24;

set_real_ip_from 47.129.84.0/24;

set_real_ip_from 52.220.191.0/26;

set_real_ip_from 13.210.67.128/26;

set_real_ip_from 13.54.63.128/26;

set_real_ip_from 3.107.43.128/25;

set_real_ip_from 3.107.44.0/25;

set_real_ip_from 3.107.44.128/25;

set_real_ip_from 43.218.56.128/26;

set_real_ip_from 43.218.56.192/26;

set_real_ip_from 43.218.56.64/26;

set_real_ip_from 43.218.71.0/26;

set_real_ip_from 99.79.169.0/24;

set_real_ip_from 18.192.142.0/23;

set_real_ip_from 18.199.68.0/22;

set_real_ip_from 18.199.72.0/22;

set_real_ip_from 18.199.76.0/22;

set_real_ip_from 35.158.136.0/24;

set_real_ip_from 52.57.254.0/24;

set_real_ip_from 18.200.212.0/23;

set_real_ip_from 52.212.248.0/26;

set_real_ip_from 13.134.24.0/23;

set_real_ip_from 13.134.94.0/23;

set_real_ip_from 18.175.65.0/24;

set_real_ip_from 18.175.66.0/24;

set_real_ip_from 18.175.67.0/24;

set_real_ip_from 3.10.17.128/25;

set_real_ip_from 3.11.53.0/24;

set_real_ip_from 52.56.127.0/25;

set_real_ip_from 15.188.184.0/24;

set_real_ip_from 51.44.234.0/23;

set_real_ip_from 51.44.236.0/23;

set_real_ip_from 51.44.238.0/23;

set_real_ip_from 52.47.139.0/24;

set_real_ip_from 3.29.40.128/26;

set_real_ip_from 3.29.40.192/26;

set_real_ip_from 3.29.40.64/26;

set_real_ip_from 3.29.57.0/26;

set_real_ip_from 18.229.220.192/26;

set_real_ip_from 18.230.229.0/24;

set_real_ip_from 18.230.230.0/25;

set_real_ip_from 54.233.255.128/26;

set_real_ip_from 56.125.46.0/24;

set_real_ip_from 56.125.47.0/32;

set_real_ip_from 56.125.48.0/24;

set_real_ip_from 3.231.2.0/25;

set_real_ip_from 3.234.232.224/27;

set_real_ip_from 3.236.169.192/26;

set_real_ip_from 3.236.48.0/23;

set_real_ip_from 34.195.252.0/24;

set_real_ip_from 34.226.14.0/24;

set_real_ip_from 44.220.194.0/23;

set_real_ip_from 44.220.196.0/23;

set_real_ip_from 44.220.198.0/23;

set_real_ip_from 44.220.200.0/23;

set_real_ip_from 44.220.202.0/23;

set_real_ip_from 44.222.66.0/24;

set_real_ip_from 13.59.250.0/26;

set_real_ip_from 18.216.170.128/25;

set_real_ip_from 3.128.93.0/24;

set_real_ip_from 3.134.215.0/24;

set_real_ip_from 3.146.232.0/22;

set_real_ip_from 3.147.164.0/22;

set_real_ip_from 3.147.244.0/22;

set_real_ip_from 52.15.127.128/26;

set_real_ip_from 3.101.158.0/23;

set_real_ip_from 52.52.191.128/26;

set_real_ip_from 34.216.51.0/25;

set_real_ip_from 34.223.12.224/27;

set_real_ip_from 34.223.80.192/26;

set_real_ip_from 35.162.63.192/26;

set_real_ip_from 35.167.191.128/26;

set_real_ip_from 35.93.168.0/23;

set_real_ip_from 35.93.170.0/23;

set_real_ip_from 35.93.172.0/23;

set_real_ip_from 44.227.178.0/24;

set_real_ip_from 44.234.108.128/25;

set_real_ip_from 44.234.90.252/30;

set_real_ip_from 2600:9000:3000::/36;

set_real_ip_from 2600:9000:f600::/39;

set_real_ip_from 2600:9000:f540::/42;

set_real_ip_from 2409:8c00:2421:300::/56;

set_real_ip_from 2600:9000:f000::/38;

set_real_ip_from 2600:9000:f500::/43;

set_real_ip_from 2600:9000:ddd::/48;

set_real_ip_from 2600:9000:f800::/37;

set_real_ip_from 2600:9000:f400::/40;

set_real_ip_from 2600:9000:f538::/45;

set_real_ip_from 2600:9000:5380::/41;

set_real_ip_from 2600:9000:1000::/36;

set_real_ip_from 2600:9000:2000::/36;

set_real_ip_from 2400:7fc0:500::/40;

set_real_ip_from 2600:9000:4000::/36;

set_real_ip_from 2600:9000:fff::/48;

set_real_ip_from 2409:8c00:2421:400::/56;

set_real_ip_from 2404:c2c0:500::/40;

set_real_ip_from 2600:9000:5308::/45;

set_real_ip_from 2600:9000:f534::/46;

set_real_ip_from 2600:9000:f520::/44;

set_real_ip_from 2600:9000:5320::/43;

set_real_ip_from 2600:9000:5310::/44;

set_real_ip_from 2600:9000:f580::/41;

set_real_ip_from 2600:9000:5340::/42;

set_real_ip_from 2600:9000:eee::/48;

set_real_ip_from 2600:9000:5200::/40;

set_real_ip_from 173.245.48.0/20;

set_real_ip_from 103.21.244.0/22;

set_real_ip_from 103.22.200.0/22;

set_real_ip_from 103.31.4.0/22;

set_real_ip_from 141.101.64.0/18;

set_real_ip_from 108.162.192.0/18;

set_real_ip_from 190.93.240.0/20;

set_real_ip_from 188.114.96.0/20;

set_real_ip_from 197.234.240.0/22;

set_real_ip_from 198.41.128.0/17;

set_real_ip_from 162.158.0.0/15;

set_real_ip_from 104.16.0.0/13;

set_real_ip_from 104.24.0.0/14;

set_real_ip_from 172.64.0.0/13;

set_real_ip_from 131.0.72.0/22;

set_real_ip_from 2400:cb00::/32;

set_real_ip_from 2606:4700::/32;

set_real_ip_from 2803:f800::/32;

set_real_ip_from 2405:b500::/32;

set_real_ip_from 2405:8100::/32;

set_real_ip_from 2a06:98c0::/29;

set_real_ip_from 2c0f:f248::/32;

# configuration file /etc/nginx/conf.d/default.conf:
# "You are not configured" page, which is the default if another default doesn't exist
server {
        listen 80;
        listen [::]:80;

        set $forward_scheme "http";
        set $server "127.0.0.1";
        set $port "80";

        server_name localhost-nginx-proxy-manager;
        access_log /data/logs/fallback_access.log standard;
        error_log /data/logs/fallback_error.log warn;
        include conf.d/include/assets.conf;
        include conf.d/include/block-exploits.conf;
        include conf.d/include/letsencrypt-acme-challenge.conf;

        location / {
                index index.html;
                root /var/www/html;
        }
}

# First 443 Host, which is the default if another default doesn't exist
server {
        listen 443 ssl;
        listen [::]:443 ssl;

        set $forward_scheme "https";
        set $server "127.0.0.1";
        set $port "443";

        server_name localhost;
        access_log /data/logs/fallback_access.log standard;
        error_log /dev/null crit;
        include conf.d/include/ssl-ciphers.conf;
        ssl_reject_handshake on;

        return 444;
}

# configuration file /etc/nginx/conf.d/include/assets.conf:
location ~* ^.*\.(css|js|jpe?g|gif|png|webp|woff|woff2|eot|ttf|svg|ico|css\.map|js\.map)$ {
        if_modified_since off;

        # use the public cache
        proxy_cache public-cache;
        proxy_cache_key $host$request_uri;

        # ignore these headers for media
        proxy_ignore_headers Set-Cookie Cache-Control Expires X-Accel-Expires;

        # cache 200s and also 404s (not ideal but there are a few 404 images for some reason)
        proxy_cache_valid any 30m;
        proxy_cache_valid 404 1m;

        # strip this header to avoid If-Modified-Since requests
        proxy_hide_header Last-Modified;
        proxy_hide_header Cache-Control;
        proxy_hide_header Vary;

        proxy_cache_bypass 0;
        proxy_no_cache 0;

        proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_404;
        proxy_connect_timeout 5s;
        proxy_read_timeout 45s;

        expires @30m;
        access_log  off;

        include conf.d/include/proxy.conf;
}

# configuration file /etc/nginx/conf.d/include/proxy.conf:
add_header       X-Served-By $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto  $scheme;
proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP          $remote_addr;
proxy_pass       $forward_scheme://$server:$port$request_uri;

# configuration file /etc/nginx/conf.d/include/block-exploits.conf:
## Block SQL injections
set $block_sql_injections 0;

if ($query_string ~ "union.*select.*\(") {
        set $block_sql_injections 1;
}

if ($query_string ~ "union.*all.*select.*") {
        set $block_sql_injections 1;
}

if ($query_string ~ "concat.*\(") {
        set $block_sql_injections 1;
}

if ($block_sql_injections = 1) {
        return 403;
}

## Block file injections
set $block_file_injections 0;

if ($query_string ~ "[a-zA-Z0-9_]=http://") {
        set $block_file_injections 1;
}

if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {
        set $block_file_injections 1;
}

if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") {
        set $block_file_injections 1;
}

if ($block_file_injections = 1) {
        return 403;
}

## Block common exploits
set $block_common_exploits 0;

if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
        set $block_common_exploits 1;
}

if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
        set $block_common_exploits 1;
}

if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
        set $block_common_exploits 1;
}

if ($query_string ~ "proc/self/environ") {
        set $block_common_exploits 1;
}

if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
        set $block_common_exploits 1;
}

if ($query_string ~ "base64_(en|de)code\(.*\)") {
        set $block_common_exploits 1;
}

if ($block_common_exploits = 1) {
        return 403;
}

## Block spam
set $block_spam 0;

if ($query_string ~ "\b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)\b") {
        set $block_spam 1;
}

if ($query_string ~ "\b(erections|hoodia|huronriveracres|impotence|levitra|libido)\b") {
        set $block_spam 1;
}

if ($query_string ~ "\b(ambien|blue\spill|cialis|cocaine|ejaculation|erectile)\b") {
        set $block_spam 1;
}

if ($query_string ~ "\b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)\b") {
        set $block_spam 1;
}

if ($block_spam = 1) {
        return 403;
}

## Block user agents
set $block_user_agents 0;

# Disable Akeeba Remote Control 2.5 and earlier
if ($http_user_agent ~ "Indy Library") {
        set $block_user_agents 1;
}

# Common bandwidth hoggers and hacking tools.
if ($http_user_agent ~ "libwww-perl") {
        set $block_user_agents 1;
}

if ($http_user_agent ~ "GetRight") {
        set $block_user_agents 1;
}

if ($http_user_agent ~ "GetWeb!") {
        set $block_user_agents 1;
}

if ($http_user_agent ~ "Go!Zilla") {
        set $block_user_agents 1;
}

if ($http_user_agent ~ "Download Demon") {
        set $block_user_agents 1;
}

if ($http_user_agent ~ "Go-Ahead-Got-It") {
        set $block_user_agents 1;
}

if ($http_user_agent ~ "TurnitinBot") {
        set $block_user_agents 1;
}

if ($http_user_agent ~ "GrabNet") {
        set $block_user_agents 1;
}

if ($block_user_agents = 1) {
        return 403;
}

# configuration file /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf:
# Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx)
# We use ^~ here, so that we don't check other regexes (for speed-up). We actually MUST cancel
# other regex checks, because in our other config files have regex rule that denies access to files with dotted names.
location ^~ /.well-known/acme-challenge/ {
        # Since this is for letsencrypt authentication of a domain and they do not give IP ranges of their infrastructure
        # we need to open up access by turning off auth and IP ACL for this location.
        auth_basic off;
        auth_request off;
        allow all;

        # Set correct content type. According to this:
        # https://community.letsencrypt.org/t/using-the-webroot-domain-verification-method/1445/29
        # Current specification requires "text/plain" or no content header at all.
        # It seems that "text/plain" is a safe option.
        default_type "text/plain";

        # This directory must be the same as in /etc/letsencrypt/cli.ini
        # as "webroot-path" parameter. Also don't forget to set "authenticator" parameter
        # there to "webroot".
        # Do NOT use alias, use root! Target directory is located here:
        # /var/www/common/letsencrypt/.well-known/acme-challenge/
        root /data/letsencrypt-acme-challenge;
}

# Hide /acme-challenge subdirectory and return 404 on all requests.
# It is somewhat more secure than letting Nginx return 403.
# Ending slash is important!
location = /.well-known/acme-challenge/ {
        return 404;
}

# configuration file /etc/nginx/conf.d/include/ssl-ciphers.conf:
# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;

# configuration file /etc/nginx/conf.d/production.conf:
# Admin Interface
server {
        listen 81 default;
        listen [::]:81 default;

        server_name nginxproxymanager;
        root /app/frontend;
        access_log /dev/null;

        location /api {
                return 302 /api/;
        }

        location /api/ {
                add_header            X-Served-By $host;
                proxy_set_header Host $host;
                proxy_set_header      X-Forwarded-Scheme $scheme;
                proxy_set_header      X-Forwarded-Proto  $scheme;
                proxy_set_header      X-Forwarded-For    $remote_addr;
                proxy_pass            http://127.0.0.1:3000/;

                proxy_read_timeout 15m;
                proxy_send_timeout 15m;
        }

        location / {
                index index.html;
                if ($request_uri ~ ^/(.*)\.html$) {
                        return 302 /$1;
                }
                try_files $uri $uri.html $uri/ /index.html;
        }
}

MCMXD · July 25, 2025, 6:20am

Thank you very much. I have posted on the suggested forum.

I take your point. I only note that CertBox wrote the folder structure successfully so I feel permissions are not the issues.
Just curious the certs appear in the logs but no files for them made. Then the no data error when pointing to the files not made.

MCMXD · July 28, 2025, 3:28am

@MikeMcQ please help me decide where to go from here

Okay so I have installed the cloudflare dns plugin and run certbot in --certonly via the command line.
certbot certonly --dns-cloudflare --dns-cloudflare-credentials /tmp/certbot/harrylemass-token.ini --dns-cloudflare-propagation-seconds 60 -d *.harrylemass.com

Dry run successful. Live - same error!!
So we have a certbot isolated issue

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for *.harrylemass.com
An unexpected error occurred:
OSError: [Errno 61] No data available: '../../archive/harrylemass.com/cert1.pem' -> '/etc/letsencrypt/live/harrylemass.com/cert.pem'
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Logs

2025-07-28 03:19:46,729:DEBUG:certbot._internal.main:certbot version: 4.1.1
2025-07-28 03:19:46,730:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2025-07-28 03:19:46,730:DEBUG:certbot._internal.main:Arguments: ['--dns-cloudflare', '--dns-cloudflare-credentials', '/tmp/certbot/harrylemass-token.ini', '--dns-cloudflare-propagation-seconds', '60', '-d', '*.harrylemass.com']
2025-07-28 03:19:46,730:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-cloudflare,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-07-28 03:19:46,742:DEBUG:certbot._internal.log:Root logging level set at 30
2025-07-28 03:19:46,745:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-cloudflare and installer None
2025-07-28 03:19:46,746:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * dns-cloudflare
Description: Obtain certificates using a DNS TXT record (if you are using Cloudflare for DNS).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='dns-cloudflare', value='certbot_dns_cloudflare._internal.dns_cloudflare:Authenticator', group='certbot.plugins')
Initialized: <certbot_dns_cloudflare._internal.dns_cloudflare.Authenticator object at 0x7dba9beb1fd0>
Prep: True
2025-07-28 03:19:46,746:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_cloudflare._internal.dns_cloudflare.Authenticator object at 0x7dba9beb1fd0> and installer None
2025-07-28 03:19:46,746:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator dns-cloudflare, Installer None
2025-07-28 03:19:46,801:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/2549918701', new_authzr_uri=None, terms_of_service=None), 9518739d374650085355cc8d235f37c1, Meta(creation_dt=datetime.datetime(2025, 7, 24, 9, 54, 53, tzinfo=datetime.timezone.utc), creation_host='43fac3b03f16', register_to_eff=None))>
2025-07-28 03:19:46,802:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-07-28 03:19:46,804:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-07-28 03:19:47,426:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 995
2025-07-28 03:19:47,427:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 28 Jul 2025 03:19:47 GMT
Content-Type: application/json
Content-Length: 995
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "Jlr6zMB8Sww": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-07-28 03:19:47,430:DEBUG:certbot._internal.cert_manager:Renewal conf file /etc/letsencrypt/renewal/npm-14.conf is broken. Skipping.
2025-07-28 03:19:47,431:DEBUG:certbot._internal.cert_manager:Traceback was:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/cert_manager.py", line 421, in _search_lineages
    candidate_lineage = storage.RenewableCert(renewal_file, cli_config)
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/storage.py", line 472, in __init__
    raise errors.CertStorageError(
certbot.errors.CertStorageError: renewal config file {} is missing a required file reference

2025-07-28 03:19:47,431:DEBUG:certbot._internal.cert_manager:Renewal conf file /etc/letsencrypt/renewal/npm-16.conf is broken. Skipping.
2025-07-28 03:19:47,431:DEBUG:certbot._internal.cert_manager:Traceback was:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/cert_manager.py", line 421, in _search_lineages
    candidate_lineage = storage.RenewableCert(renewal_file, cli_config)
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/storage.py", line 472, in __init__
    raise errors.CertStorageError(
certbot.errors.CertStorageError: renewal config file {} is missing a required file reference

2025-07-28 03:19:47,432:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for *.harrylemass.com
2025-07-28 03:19:47,434:DEBUG:acme.client:Requesting fresh nonce
2025-07-28 03:19:47,434:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2025-07-28 03:19:47,641:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-07-28 03:19:47,642:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 28 Jul 2025 03:19:47 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 3UjM8xZ4_cilF5vXu7dV1Vk3fY7h14JlXEj5M_xjd9MtrXcjFmU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2025-07-28 03:19:47,642:DEBUG:acme.client:Storing nonce: 3UjM8xZ4_cilF5vXu7dV1Vk3fY7h14JlXEj5M_xjd9MtrXcjFmU
2025-07-28 03:19:47,642:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "*.harrylemass.com"\n    }\n  ]\n}'
2025-07-28 03:19:47,644:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjU0OTkxODcwMSIsICJub25jZSI6ICIzVWpNOHhaNF9jaWxGNXZYdTdkVjFWazNmWTdoMTRKbFhFajVNX3hqZDlNdHJYY2pGbVUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "DgVOXLTrCKd56h8RztsG0CV4uS_P33QvON_jzcMIklCbO6jWNabN01lUhLn_Tp0pG7uYsT43zWKczB5ixDPyV41J-OXGDfE1fmCS9vTEnxYQTuCU8VW-1kZWPzZkiBJA-ExoPGTAh86MZcptXubtgpKzcPQkNxwoK48KIhgqQqWywbnztlOGDXMIPK2yDW-Hhk5ptSsVWXh9xm-9-GBK77y1H2WLrvkKgjBI1zwZETtl_dAD8YwNRQ5Gtq2Wz4kREH19opAmRYi9x4Czw6qo7PWlLyhVsoIcKVIqZL6MS47Ik1Q9lPygxZYUE-k-e_unKDeBPaUo9sIqwQOIg_wxww",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIiouaGFycnlsZW1hc3MuY29tIgogICAgfQogIF0KfQ"
}
2025-07-28 03:19:47,861:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 349
2025-07-28 03:19:47,861:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Mon, 28 Jul 2025 03:19:47 GMT
Content-Type: application/json
Content-Length: 349
Connection: keep-alive
Boulder-Requester: 2549918701
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/2549918701/411664939421
Replay-Nonce: 3UjM8xZ4WlQbotkISihx4haaZRluXVOSL4RxgdnIOi54v_g2yA0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "ready",
  "expires": "2025-08-04T03:19:47Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.harrylemass.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/2549918701/560011035951"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/2549918701/411664939421"
}
2025-07-28 03:19:47,862:DEBUG:acme.client:Storing nonce: 3UjM8xZ4WlQbotkISihx4haaZRluXVOSL4RxgdnIOi54v_g2yA0
2025-07-28 03:19:47,862:DEBUG:acme.client:JWS payload:
b''
2025-07-28 03:19:47,863:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2549918701/560011035951:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjU0OTkxODcwMSIsICJub25jZSI6ICIzVWpNOHhaNFdsUWJvdGtJU2loeDRoYWFaUmx1WFZPU0w0UnhnZG5JT2k1NHZfZzJ5QTAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzI1NDk5MTg3MDEvNTYwMDExMDM1OTUxIn0",
  "signature": "VDzbKNSygy53TpyqzllpufctzfvFGG2InPtNdFcffNXCLwrzjH-ZhNRM8zb16H76EJNrLb2H0NxNmo4EHYa046M042mp7BfvXb84GryFZah0mEFBggG6oDJd86mY7ei1YjClPf03rvlCVRPEtwh8B_9PWbzDzMXYsYfC390e6xVCyqn9GA8M7lK_i1cZi5KVDNa5USbyU6iiTRIDwh0n_K2x1g570AwqR9CQxXmidfYTEsRau14LISVjMPzgsr-r51RqWMUtBxcV_05af39XJi1EILxhp3MdfoAvwudnIHCb-egUyRzRgVyuz-IYNO-jZ49k4hOKNiYCj91lzZkJOA",
  "payload": ""
}
2025-07-28 03:19:48,070:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2549918701/560011035951 HTTP/1.1" 200 562
2025-07-28 03:19:48,071:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 28 Jul 2025 03:19:47 GMT
Content-Type: application/json
Content-Length: 562
Connection: keep-alive
Boulder-Requester: 2549918701
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: KvFqvPaFBhNgNyKDVViYbIG_VJQA5Rmvz6CSpMZ3JvW6X-cQ3-4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "harrylemass.com"
  },
  "status": "valid",
  "expires": "2025-08-27T02:57:21Z",
  "challenges": [
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2549918701/560011035951/04YckQ",
      "status": "valid",
      "validated": "2025-07-28T02:57:21Z",
      "token": "upHebripD7DMg7vJQ4kajhIQXqiVz_zf1AwCkGk5KfI",
      "validationRecord": [
        {
          "hostname": "harrylemass.com",
          "addressUsed": ""
        }
      ]
    }
  ],
  "wildcard": true
}
2025-07-28 03:19:48,075:DEBUG:acme.client:Storing nonce: KvFqvPaFBhNgNyKDVViYbIG_VJQA5Rmvz6CSpMZ3JvW6X-cQ3-4
2025-07-28 03:19:48,075:DEBUG:certbot._internal.client:CSR: CSR(file=None, data=b'-----BEGIN CERTIFICATE REQUEST-----\nMIHpMIGRAgEAMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ5vlcR7S4GVntE\n8LvQWbdQU2HTLsW1kENBa+4L+hOFxhhQgTXvJHX9ITb6rPn5kyw22yStNBxYIBkn\n6UbHQnIFoC8wLQYJKoZIhvcNAQkOMSAwHjAcBgNVHREEFTATghEqLmhhcnJ5bGVt\nYXNzLmNvbTAKBggqhkjOPQQDAgNHADBEAiAOQtQrI1J8qX/Y8jlFcztiEKVsu0Qw\nSFpleRlii5w9EgIgWV11AX3K4tZOgsz/bwpH95wedDAgwhM6d6fMOfZGHR4=\n-----END CERTIFICATE REQUEST-----\n', form='pem')
2025-07-28 03:19:48,075:DEBUG:certbot._internal.client:Will poll for certificate issuance until 2025-07-28 03:21:18.075716
2025-07-28 03:19:48,076:DEBUG:acme.client:JWS payload:
b'{\n  "csr": "MIHpMIGRAgEAMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ5vlcR7S4GVntE8LvQWbdQU2HTLsW1kENBa-4L-hOFxhhQgTXvJHX9ITb6rPn5kyw22yStNBxYIBkn6UbHQnIFoC8wLQYJKoZIhvcNAQkOMSAwHjAcBgNVHREEFTATghEqLmhhcnJ5bGVtYXNzLmNvbTAKBggqhkjOPQQDAgNHADBEAiAOQtQrI1J8qX_Y8jlFcztiEKVsu0QwSFpleRlii5w9EgIgWV11AX3K4tZOgsz_bwpH95wedDAgwhM6d6fMOfZGHR4"\n}'
2025-07-28 03:19:48,077:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/finalize/2549918701/411664939421:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjU0OTkxODcwMSIsICJub25jZSI6ICJLdkZxdlBhRkJoTmdOeUtEVlZpWWJJR19WSlFBNVJtdno2Q1NwTVozSnZXNlgtY1EzLTQiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2ZpbmFsaXplLzI1NDk5MTg3MDEvNDExNjY0OTM5NDIxIn0",
  "signature": "Sz8kfhStWSkuFcx9g36fM0giIBnkX9ptDpJQbshDq4NtojmK3k0ccj1ibKKOdgyTAoT5BOeUtsxWJgBHCK9_TEX9JiBPQdAPq4258TxdkRg81JsTo1dUVUoKVQ8ASthsyfnLKfdD0QC9fCQj9aOLfXcpno4fMUv2rjVrqmPPAG1-oJ88e0Wtew-zbF3hU5gcvXLQM3xDbbBPjJcQ4Izmmvr8TbFyJaAkRgH3B6jHG6TKtiA23M25kqYw9ix4ob4Fhg8ONlF-fhvrfBcLbgS0hmmTrCq2jBh9J-ci4mPBdtsSMA0hK75VOQSUmCiKHxZhpk5iE_KFom68vzUgNQDRQQ",
  "payload": "ewogICJjc3IiOiAiTUlIcE1JR1JBZ0VBTUFBd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFRNXZsY1I3UzRHVm50RThMdlFXYmRRVTJIVExzVzFrRU5CYS00TC1oT0Z4aGhRZ1RYdkpIWDlJVGI2clBuNWt5dzIyeVN0TkJ4WUlCa242VWJIUW5JRm9DOHdMUVlKS29aSWh2Y05BUWtPTVNBd0hqQWNCZ05WSFJFRUZUQVRnaEVxTG1oaGNuSjViR1Z0WVhOekxtTnZiVEFLQmdncWhrak9QUVFEQWdOSEFEQkVBaUFPUXRRckkxSjhxWF9ZOGpsRmN6dGlFS1ZzdTBRd1NGcGxlUmxpaTV3OUVnSWdXVjExQVgzSzR0Wk9nc3pfYndwSDk1d2VkREFnd2hNNmQ2Zk1PZlpHSFI0Igp9"
}
2025-07-28 03:19:48,461:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/finalize/2549918701/411664939421 HTTP/1.1" 200 453
2025-07-28 03:19:48,461:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 28 Jul 2025 03:19:48 GMT
Content-Type: application/json
Content-Length: 453
Connection: keep-alive
Boulder-Requester: 2549918701
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/2549918701/411664939421
Replay-Nonce: KvFqvPaFf_dfVSpM4YOHSXU6fXXKdoE0LRDtBuk76WfgAddRJl4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "valid",
  "expires": "2025-08-04T03:19:47Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.harrylemass.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/2549918701/560011035951"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/2549918701/411664939421",
  "certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/068dfa0b811ece6e068b81d9791a38c479ea"
}
2025-07-28 03:19:48,462:DEBUG:acme.client:Storing nonce: KvFqvPaFf_dfVSpM4YOHSXU6fXXKdoE0LRDtBuk76WfgAddRJl4
2025-07-28 03:19:49,462:DEBUG:acme.client:JWS payload:
b''
2025-07-28 03:19:49,463:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/order/2549918701/411664939421:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjU0OTkxODcwMSIsICJub25jZSI6ICJLdkZxdlBhRmZfZGZWU3BNNFlPSFNYVTZmWFhLZG9FMExSRHRCdWs3NldmZ0FkZFJKbDQiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL29yZGVyLzI1NDk5MTg3MDEvNDExNjY0OTM5NDIxIn0",
  "signature": "thB9u1NBB1oM604w39Oxv4_R33SGbS5mCtajYFUP6eexopEVgMF6xsxeXbXm2DznshraN9-aiBdh6M9F5Y0Mz4Smm_0vig9hJSn203-3Fe98iF4u1EzvLrpenj0xG22U9IeSCrK6IeZ_xdF7f7MWNPLYFmCWgVYNxWOSTwGjntKZWedLDaGkZ01DyjYelOBrahOsnk8quiZb3RRB0VZpoNIwaPcxrpXSLnJfRDe5ORPRZCroDJC6nI7bk1dytF3VXWb0s2Si41XUaZR9qSQeqzjQqebf7LyHXfLsn-lEkIh06PS4VBmfvJHg-rMNaquaJYvCW7myXy3wv7WIXXpAAQ",
  "payload": ""
}
2025-07-28 03:19:49,672:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/order/2549918701/411664939421 HTTP/1.1" 200 453
2025-07-28 03:19:49,673:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 28 Jul 2025 03:19:49 GMT
Content-Type: application/json
Content-Length: 453
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/2549918701/411664939421
Replay-Nonce: KvFqvPaFPLoDHu7CwbM_ZgcoYClQ6ku65cplBnONz-wCaLFOYvY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "valid",
  "expires": "2025-08-04T03:19:47Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.harrylemass.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/2549918701/560011035951"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/2549918701/411664939421",
  "certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/068dfa0b811ece6e068b81d9791a38c479ea"
}
2025-07-28 03:19:49,673:DEBUG:acme.client:Storing nonce: KvFqvPaFPLoDHu7CwbM_ZgcoYClQ6ku65cplBnONz-wCaLFOYvY
2025-07-28 03:19:49,673:DEBUG:acme.client:JWS payload:
b''
2025-07-28 03:19:49,674:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/cert/068dfa0b811ece6e068b81d9791a38c479ea:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjU0OTkxODcwMSIsICJub25jZSI6ICJLdkZxdlBhRlBMb0RIdTdDd2JNX1pnY29ZQ2xRNmt1NjVjcGxCbk9Oei13Q2FMRk9ZdlkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NlcnQvMDY4ZGZhMGI4MTFlY2U2ZTA2OGI4MWQ5NzkxYTM4YzQ3OWVhIn0",
  "signature": "JMgwP8lL8TInx4ribqJUNERNmYfeo44Be6PakK2hBHiUOu1iz2-TwioGBK1Jy_8gL4X4QStYX094LzY6QMkYmu5BmCvke4F5k81KKIqvl712lHY-4NibtcOfJWhP4Truc1WWieiv2WFYpI2j-jdXqJltLLzx9CCS8jBuqN5Qv5RozG7mORqrpbB6mQyB0RFn88Kvz60LtCpT9T8GLZ8d1OsxIBpYgOP1fqPAprVBm09x5yAVraMy-FqE3xv8fxx-C1ot7MP067qqSt697EmUtu0Yc9bZVu-RWTjs04P0vM1fPUhyb9njjK0ROggTSqP0SPI3AZBJWoQZSp2KHVd6Ig",
  "payload": ""
}
2025-07-28 03:19:49,883:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/cert/068dfa0b811ece6e068b81d9791a38c479ea HTTP/1.1" 200 2865
2025-07-28 03:19:49,883:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 28 Jul 2025 03:19:49 GMT
Content-Type: application/pem-certificate-chain
Content-Length: 2865
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/cert/068dfa0b811ece6e068b81d9791a38c479ea/1>;rel="alternate"
Replay-Nonce: 3UjM8xZ4fyOvbHku2eKLk5DOyAWzq_yy7gIw1jGW8Sj2908_pnA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

-----BEGIN CERTIFICATE-----
MIIDkTCCAxegAwIBAgISBo36C4Eezm4Gi4HZeRo4xHnqMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NTAeFw0yNTA3MjgwMjIxMThaFw0yNTEwMjYwMjIxMTdaMBwxGjAYBgNVBAMMESou
aGFycnlsZW1hc3MuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOb5XEe0u
BlZ7RPC70Fm3UFNh0y7FtZBDQWvuC/oThcYYUIE17yR1/SE2+qz5+ZMsNtskrTQc
WCAZJ+lGx0JyBaOCAiEwggIdMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUFwKwF8eS
4mABqRBR6dhMmoJZa5AwHwYDVR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0w
MgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAChhZodHRwOi8vZTUuaS5sZW5jci5v
cmcvMBwGA1UdEQQVMBOCESouaGFycnlsZW1hc3MuY29tMBMGA1UdIAQMMAowCAYG
Z4EMAQIBMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly9lNS5jLmxlbmNyLm9yZy8x
MDcuY3JsMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcApELFBklgYVSPD9TqnPt6
LSZFTYepfy/fRVn2J086hFQAAAGYTwspGwAABAMASDBGAiEAv7ohe5y55P6EXJha
RWB3wVuTUayuw9fBSy4nWZCxAiACIQCsIZwt5vsDx4TUGvDAXSQHf3/D9e2UFB7C
f3j+NWm0agB2AA3h8jAr0w3BQGISCepVLvxHdHyx1+kw7w5CHrR+Tqo0AAABmE8L
KRsAAAQDAEcwRQIgXpzyw8wITTG6DgZ/rNaZxUx1LJRXkbk/MwCbs7k6hB0CIQCj
UyeXEqxizLGhO3Hp1YhudDL97FaHvoCr8pFZwzmPCDAKBggqhkjOPQQDAwNoADBl
AjEA2/Yn0Bo38n2wUhPdCT2H5vOT5pEQ8tv23REY3Sbu5qS1JJa7s0+rc4yvAh2e
J0feAjAdJ7V7v/OF/WATQLZGR2XlPXEG6aiimwOrYGY42VCMZlLBktpFJapOAiMJ
l9Z6JnQ=
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw
gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw
i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C
2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+
bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG
6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV
XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO
koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq
cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI
E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e
K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
VQD9F6Na/+zmXCc=
-----END CERTIFICATE-----

2025-07-28 03:19:49,883:DEBUG:acme.client:Storing nonce: 3UjM8xZ4fyOvbHku2eKLk5DOyAWzq_yy7gIw1jGW8Sj2908_pnA
2025-07-28 03:19:49,888:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/archive/harrylemass.com.
2025-07-28 03:19:49,889:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/live/harrylemass.com.
2025-07-28 03:19:49,893:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1879, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1585, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 535, in obtain_and_enroll_certificate
    return storage.RenewableCert.new_lineage(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/storage.py", line 1029, in new_lineage
    os.symlink(_relpath_from_file(archive_target[kind], target[kind]), target[kind])
OSError: [Errno 61] No data available: '../../archive/harrylemass.com/cert1.pem' -> '/etc/letsencrypt/live/harrylemass.com/cert.pem'
2025-07-28 03:19:49,895:ERROR:certbot._internal.log:An unexpected error occurred:
2025-07-28 03:19:49,895:ERROR:certbot._internal.log:OSError: [Errno 61] No data available: '../../archive/harrylemass.com/cert1.pem' -> '/etc/letsencrypt/live/harrylemass.com/cert.pem'

MikeMcQ · July 28, 2025, 3:40am

That still looks like a damaged Certbot system config to me. NPM is supposed to manage Certbot and integrate it with all the rest of the system config NPM manages.

I don't know that anything I suggest will continue to work with what NPM does. Did the NPM support group offer any suggestions?

Maybe this will give further insight. Show output of this

ls -lR /etc/letsencrypt/{live,archive,renewal}

Note I am signing off for day shortly

MCMXD · July 28, 2025, 3:41am

Thank you so much for your attention

No the NPM group referred me here. I can destroy the containers and reinstall nginx however many of the config remained last time

Output as follows

/etc/letsencrypt/archive:
total 0
drwxr-xr-x 2 1000 1000 0 Jul 28 03:19 harrylemass.com
drwxr-xr-x 2 1000 1000 0 Jul 24 09:55 npm-12
drwxr-xr-x 2 1000 1000 0 Jul 24 14:46 npm-14
drwxr-xr-x 2 1000 1000 0 Jul 28 02:57 npm-16

/etc/letsencrypt/archive/harrylemass.com:
total 0

/etc/letsencrypt/archive/npm-12:
total 0

/etc/letsencrypt/archive/npm-14:
total 0

/etc/letsencrypt/archive/npm-16:
total 0

/etc/letsencrypt/live:
total 5
-rwxr-xr-x 1 1000 1000 740 Jul 24 09:55 README
drwxr-xr-x 2 1000 1000   0 Jul 28 03:19 harrylemass.com
drwxr-xr-x 2 1000 1000   0 Jul 24 09:55 npm-12
drwxr-xr-x 2 1000 1000   0 Jul 24 14:46 npm-14
drwxr-xr-x 2 1000 1000   0 Jul 28 02:57 npm-16

/etc/letsencrypt/live/harrylemass.com:
total 0

/etc/letsencrypt/live/npm-12:
total 0

/etc/letsencrypt/live/npm-14:
total 0

/etc/letsencrypt/live/npm-16:
total 0

/etc/letsencrypt/renewal:
total 2
-rwxr-xr-x 1 1000 1000 0 Jul 28 03:19 harrylemass.com.conf
-rwxr-xr-x 1 1000 1000 0 Jul 24 14:46 npm-14.conf
-rwxr-xr-x 1 1000 1000 0 Jul 28 02:57 npm-16.conf

MikeMcQ · July 28, 2025, 2:38pm

You can see there are significant permissions or system issues.

Is that some kind of container? Is it normal to show 1000 as the owner/group? Usually not

And, even in the /etc/.../renewal/ folder each of the files shows a zero length. That's not right.

Something is preventing files from being written properly. Check your syslogs and whatnot. Whatever this problem is does not relate to your certificates or even trying to get them. It is a fundamental system problem.

Even try something like this and see if you can make a file

echo Test123 >/etc/letsencrypt/renewal/test.txt

See if it contains the string Test123. Try creating files in other directories.
Be sure to delete any file you manually create in the /etc/letsencrypt directories after a test

I do not plan to step you through debugging this. Just giving you ideas on how to begin that.

As for NPM, you can see it sets up its own cert names so you making your own cert won't properly integrate with NPM. Once you sort out the file system problem you will need to get NPM working or abandon it for some other solution.

system · August 27, 2025, 2:38pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Interner Error \| ssl certifcate Help	47	4002	June 5, 2023
Certbot not working (anymore) on centos7 with nginx Help	29	3989	September 26, 2017
certbot.errors.AuthorizationError: Some challenges have failed Help	11	15761	December 12, 2019
Failure with Let's Encrypt using NextCloud guide Server	22	10102	June 25, 2018
The Certificate Authority failed to download the temporary challenge files created by Certbot Help	5	566	October 29, 2023

OSError: [Errno 61] No data available - Cant add SSL to NGINX ? permission issue no cert.pm

Related topics