Okay it won’t let me upload files, so here’s the log of the failing renewal:
2018-10-04 12:24:55,218:INFO:certbot.auth_handler:tls-sni-01 challenge for sys0000.dev.ergo.liferunoffinsuranceplatform.com
2018-10-04 12:24:55,218:DEBUG:acme.standalone:Successfully bound to :8888 using IPv6
2018-10-04 12:24:55,218:DEBUG:acme.standalone:Certbot wasn’t able to bind to :8888 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
2018-10-04 12:24:55,226:INFO:certbot.auth_handler:Waiting for verification…
2018-10-04 12:24:55,226:DEBUG:acme.client:JWS payload:
{
“keyAuthorization”: “”,
“type”: “tls-sni-01”,
“resource”: “challenge”
}
2018-10-04 12:24:55,229:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/:
{
“protected”: “”,
“payload”: “”,
“signature”: “”
}
2018-10-04 12:24:55,454:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/challenge/ HTTP/1.1” 202 339
2018-10-04 12:24:55,454:DEBUG:acme.client:Received response:
HTTP 202
content-length: 339
cache-control: max-age=0, no-cache, no-store
expires: Thu, 04 Oct 2018 10:24:30 GMT
server: nginx
connection: keep-alive
link: <https://acme-v01.api.letsencrypt.org/acme/authz/;rel=“up”
location: https://acme-v01.api.letsencrypt.org/acme/challenge/
pragma: no-cache
boulder-requester: 37693435
date: Thu, 04 Oct 2018 10:24:30 GMT
content-type: application/json
replay-nonce:
{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/”,
“token”: “”,
“keyAuthorization”: “”
}
2018-10-04 12:24:55,454:DEBUG:acme.client:Storing nonce:
2018-10-04 12:24:58,455:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/.
2018-10-04 12:24:58,622:DEBUG:requests.packages.urllib3.connectionpool:“GET /acme/authz/ HTTP/1.1” 200 1973
2018-10-04 12:24:58,622:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1973
expires: Thu, 04 Oct 2018 10:24:33 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Thu, 04 Oct 2018 10:24:33 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce:
{
“identifier”: {
“type”: “dns”,
“value”: “sys0000.dev.ergo.liferunoffinsuranceplatform.com”
},
“status”: “invalid”,
“expires”: “2018-10-11T10:24:30Z”,
“challenges”: [
{
“type”: “tls-alpn-01”,
“status”: “invalid”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge//7937432653”,
“token”: “”
},
{
“type”: “dns-01”,
“status”: “invalid”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge//7937432654”,
“token”: “”
},
{
“type”: “http-01”,
“status”: “invalid”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge//7937432655”,
“token”: “DZd5-laUB4qbXqG-”
},
{
“type”: “tls-sni-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:unauthorized”,
“detail”: “Incorrect validation certificate for tls-sni-01 challenge. Requested .acme.invalid from 158.177.138.117:443. Received 2 certificate(s), first certificate had names “sys0000.dev.ergo.liferunoffinsuranceplatform.com””,
“status”: 403
},
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/”,
“token”: “”,
“validationRecord”: [
{
“hostname”: “sys0000.dev.ergo.liferunoffinsuranceplatform.com”,
“port”: “443”,
“addressesResolved”: [
“158.177.138.117”
],
“addressUsed”: “158.177.138.117”
}
]
}
],
“combinations”: [
[
0
],
[
1
],
[
3
],
[
2
]
]
}
2018-10-04 12:24:58,623:DEBUG:acme.challenges:tls-alpn-01 was not recognized, full message: {u’status’: u’invalid’, u’token’: u’’, u’type’: u’tls-alpn-01’, u’uri’: u’https://acme-v01.api.letsencrypt.org/acme/challenge//7937432653’}
2018-10-04 12:24:58,624:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: sys0000.dev.ergo.liferunoffinsuranceplatform.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested .acme.invalid from 158.177.138.117:443. Received 2 certificate(s), first certificate had names “sys0000.dev.ergo.liferunoffinsuranceplatform.com”
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2018-10-04 12:24:58,624:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 155, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 226, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. sys0000.dev.ergo.liferunoffinsuranceplatform.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested .acme.invalid from 158.177.138.117:443. Received 2 certificate(s), first certificate had names “sys0000.dev.ergo.liferunoffinsuranceplatform.com”
2018-10-04 12:24:58,624:DEBUG:certbot.error_handler:Calling registered functions
2018-10-04 12:24:58,625:INFO:certbot.auth_handler:Cleaning up challenges
2018-10-04 12:24:58,625:DEBUG:certbot.plugins.standalone:Stopping server at :::8888…