certbot renew
has been running incredibly slow for me, and I suspect it has something to do with parsing large Apache configs, similar to an issue I encountered when issuing the certificates in the first place.
My certs are issued by http challenges, which work wonderfully, thanks to --webroot
:
certbot --webroot --webroot-path /var/www/vhosts/domain.com/html certonly -d domain.com -d www.domain.com
But, when renewing with certbot renew
via a cron job, it seems like I run into a similar issue that’s making it impossible to renew.
Can anyone tell what the problem might be? I looked for options for the renew
command, but didn’t see any. It seems as though I need something similar to --webroot
for renew
in order to automate renewals.
Config:
- Certbot 0.31.0
- CentOS 7
- Apache 2.4.6
Log:
2019-06-03 00:04:11,395:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2019-06-30 19:13:42 UTC.
2019-06-03 00:04:11,396:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2019-06-03 00:04:11,396:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2019-06-03 00:04:12,890:DEBUG:certbot_apache.configurator:Apache version is 2.4.6
2019-06-03 00:19:26,448:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_centos.CentOSConfigurator object at 0x7f111c8ee990>
Prep: True
2019-06-03 00:19:26,449:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_centos.CentOSConfigurator object at 0x7f111c8ee990>
Prep: True
2019-06-03 00:19:26,450:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_centos.CentOSConfigurator object at 0x7f111c8ee990> and installer <certbot_apache.override_centos.CentOSConfigurator object at 0x7f111c8ee990>
2019-06-03 00:19:26,450:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2019-06-03 00:19:26,455:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None, external_account_binding=None), uri=u'https://acme-v02.api.letsencrypt.org/acme/acct/51249897', new_authzr_uri=None, terms_of_service=None), STRING, Meta(creation_host=u'localhost.localdomain', creation_dt=datetime.datetime(2019, 2, 10, 22, 39, 49, tzinfo=<UTC>)))>
2019-06-03 00:19:26,456:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2019-06-03 00:19:26,457:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2019-06-03 00:19:26,543:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 658
2019-06-03 00:19:26,544:DEBUG:acme.client:Received response:
HTTP 200
content-length: 658
expires: Mon, 03 Jun 2019 05:19:26 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Mon, 03 Jun 2019 05:19:26 GMT
x-frame-options: DENY
content-type: application/json
{
"BJ4sO-wNVq0": "https://community.letsencrypt.org/t/STRING/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2019-06-03 00:19:26,545:INFO:certbot.main:Renewing an existing certificate
2019-06-03 00:19:26,769:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/4225_key-certbot.pem
2019-06-03 00:19:26,895:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/4225_csr-certbot.pem
2019-06-03 00:19:26,896:DEBUG:acme.client:Requesting fresh nonce
2019-06-03 00:19:26,896:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2019-06-03 00:19:26,956:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-nonce HTTP/1.1" 200 0
2019-06-03 00:19:26,957:DEBUG:acme.client:Received response:
HTTP 200
content-length: 0
expires: Mon, 03 Jun 2019 05:19:26 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Mon, 03 Jun 2019 05:19:26 GMT
x-frame-options: DENY
replay-nonce: STRING
2019-06-03 00:19:26,957:DEBUG:acme.client:Storing nonce: STRING
2019-06-03 00:19:26,958:DEBUG:acme.client:JWS payload:
{
"identifiers": [
{
"type": "dns",
"value": "domain.com"
},
{
"type": "dns",
"value": "www.domain.com"
}
]
}
2019-06-03 00:19:26,960:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "[STRING]",
"payload": "[STRING]",
"signature": "[STRING]"
}
2019-06-03 00:19:27,058:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-order HTTP/1.1" 201 540
2019-06-03 00:19:27,059:DEBUG:acme.client:Received response:
HTTP 201
content-length: 540
expires: Mon, 03 Jun 2019 05:19:27 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/51249897/501550674
pragma: no-cache
boulder-requester: 51249897
date: Mon, 03 Jun 2019 05:19:27 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [STRING]
{
"status": "pending",
"expires": "2019-06-10T05:19:26.999941028Z",
"identifiers": [
{
"type": "dns",
"value": "domain.com"
},
{
"type": "dns",
"value": "www.domain.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/[STRING]",
"https://acme-v02.api.letsencrypt.org/acme/authz/[STRING]"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/51249897/501550674"
}
2019-06-03 00:19:27,059:DEBUG:acme.client:Storing nonce: [STRING]
2019-06-03 00:19:27,060:DEBUG:acme.client:JWS payload:
2019-06-03 00:19:27,064:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/[STRING]:
{
"protected": "[STRING]",
"payload": "",
"signature": "[STRING]"
}
2019-06-03 00:19:27,144:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/authz/[STRING] HTTP/1.1" 200 908
2019-06-03 00:19:27,146:DEBUG:acme.client:Received response:
HTTP 200
content-length: 908
expires: Mon, 03 Jun 2019 05:19:27 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
pragma: no-cache
boulder-requester: 51249897
date: Mon, 03 Jun 2019 05:19:27 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [STRING]
{
"identifier": {
"type": "dns",
"value": "domain.com"
},
"status": "pending",
"expires": "2019-06-10T05:19:26Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/[STRING]",
"token": "[STRING]"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/[STRING]",
"token": "[STRING]"
},
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/[STRING]",
"token": "[STRING]"
}
]
}
2019-06-03 00:19:27,146:DEBUG:acme.client:Storing nonce: [STRING]
2019-06-03 00:19:27,147:DEBUG:acme.client:JWS payload:
2019-06-03 00:19:27,150:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/[STRING]:
{
"protected": "[STRING]",
"payload": "",
"signature": "[STRING]"
}
2019-06-03 00:19:27,216:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/authz/[STRING] HTTP/1.1" 200 912
2019-06-03 00:19:27,217:DEBUG:acme.client:Received response:
HTTP 200
content-length: 912
expires: Mon, 03 Jun 2019 05:19:27 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
pragma: no-cache
boulder-requester: 51249897
date: Mon, 03 Jun 2019 05:19:27 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [STRING]
{
"identifier": {
"type": "dns",
"value": "www.domain.com"
},
"status": "pending",
"expires": "2019-06-10T05:19:26Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/[STRING]",
"token": "[STRING]"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/[STRING]",
"token": "[STRING]"
},
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/[STRING]/[STRING]",
"token": "[STRING]"
}
]
}
2019-06-03 00:19:27,218:DEBUG:acme.client:Storing nonce: [STRING]
2019-06-03 00:19:27,219:INFO:certbot.auth_handler:Performing the following challenges:
2019-06-03 00:19:27,219:INFO:certbot.auth_handler:http-01 challenge for domain.com
2019-06-03 00:19:27,219:INFO:certbot.auth_handler:http-01 challenge for www.domain.com
2019-06-03 00:23:14,275:DEBUG:certbot_apache.http_01:Adding a temporary challenge validation Include for name: domain.com in: /etc/httpd/vhosts.d/domain.com-ssl.conf
2019-06-03 00:23:14,277:DEBUG:certbot_apache.http_01:Adding a temporary challenge validation Include for name: domain.com in: /etc/httpd/vhosts.d/domain.com.conf
2019-06-03 00:23:14,279:DEBUG:certbot_apache.http_01:writing a pre config file with text:
RewriteEngine on
RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
2019-06-03 00:23:14,280:DEBUG:certbot_apache.http_01:writing a post config file with text:
<Directory /var/lib/letsencrypt/http_challenges>
Require all granted
</Directory>
<Location /.well-known/acme-challenge>
Require all granted
</Location>
2019-06-03 00:23:14,662:DEBUG:certbot.reverter:Creating backup of /etc/httpd/vhosts.d/domain.com.conf
2019-06-03 00:23:14,665:DEBUG:certbot.reverter:Creating backup of /etc/httpd/vhosts.d/domain.com-ssl.conf
2019-06-03 00:23:38,999:INFO:certbot.auth_handler:Waiting for verification...
2019-06-03 00:23:39,001:DEBUG:acme.client:JWS payload:
{
"keyAuthorization": "[STRING]",
"type": "http-01",
"resource": "challenge"
}
2019-06-03 00:23:39,006:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/challenge/[STRING]:
{
"protected": "[STRING]",
"payload": "[STRING]",
"signature": "[STRING]"
}
2019-06-03 00:23:39,082:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/STRING/16615105476 HTTP/1.1" 200 224
2019-06-03 00:23:39,083:DEBUG:acme.client:Received response:
HTTP 200
content-length: 224
expires: Mon, 03 Jun 2019 05:23:39 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz/STRING>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/challenge/STRING/16615105476
pragma: no-cache
boulder-requester: 51249897
date: Mon, 03 Jun 2019 05:23:39 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: STRING
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/STRING/16615105476",
"token": "STRING"
}
2019-06-03 00:23:39,084:DEBUG:acme.client:Storing nonce: STRING
2019-06-03 00:23:39,085:DEBUG:acme.client:JWS payload:
{
"keyAuthorization": "STRING.STRING",
"type": "http-01",
"resource": "challenge"
}
2019-06-03 00:23:39,088:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/challenge/STRING/16615105482:
{
"protected": "STRING",
"payload": "STRING",
"signature": "STRING"
}
2019-06-03 00:23:39,264:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/STRING/16615105482 HTTP/1.1" 200 224
2019-06-03 00:23:39,265:DEBUG:acme.client:Received response:
HTTP 200
content-length: 224
expires: Mon, 03 Jun 2019 05:23:39 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz/STRING>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/challenge/STRING/16615105482
pragma: no-cache
boulder-requester: 51249897
date: Mon, 03 Jun 2019 05:23:39 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: STRING
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/STRING/16615105482",
"token": "STRING"
}
2019-06-03 00:23:39,265:DEBUG:acme.client:Storing nonce: STRING
2019-06-03 00:23:42,269:DEBUG:acme.client:JWS payload:
2019-06-03 00:23:42,272:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/STRING:
{
"protected": "STRING",
"payload": "",
"signature": "STRING"
}
2019-06-03 00:23:42,347:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/authz/STRING HTTP/1.1" 200 1574
2019-06-03 00:23:42,348:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1574
expires: Mon, 03 Jun 2019 05:23:42 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
pragma: no-cache
boulder-requester: 51249897
date: Mon, 03 Jun 2019 05:23:42 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: STRING
{
"identifier": {
"type": "dns",
"value": "domain.com"
},
"status": "valid",
"expires": "2019-07-03T05:23:41Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/STRING/16615105474",
"token": "STRING"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/STRING/16615105475",
"token": "STRING"
},
{
"type": "http-01",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/STRING/16615105476",
"token": "STRING",
"validationRecord": [
{
"url": "http://domain.com/.well-known/acme-challenge/STRING",
"hostname": "domain.com",
"port": "80",
"addressesResolved": [
"000.00.000.00"
],
"addressUsed": "000.00.000.00"
},
{
"url": "http://www.domain.com/.well-known/acme-challenge/STRING",
"hostname": "www.domain.com",
"port": "80",
"addressesResolved": [
"111.11.111.11"
],
"addressUsed": "111.11.111.11"
}
]
}
]
}
2019-06-03 00:23:42,349:DEBUG:acme.client:Storing nonce: STRING
2019-06-03 00:23:42,352:DEBUG:acme.client:JWS payload:
2019-06-03 00:23:42,354:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/STRING:
{
"protected": "STRING",
"payload": "",
"signature": "STRING"
}
2019-06-03 00:23:42,426:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/authz/STRING HTTP/1.1" 200 1267
2019-06-03 00:23:42,427:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1267
expires: Mon, 03 Jun 2019 05:23:42 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
pragma: no-cache
boulder-requester: 51249897
date: Mon, 03 Jun 2019 05:23:42 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: STRING
{
"identifier": {
"type": "dns",
"value": "www.domain.com"
},
"status": "valid",
"expires": "2019-07-03T05:23:39Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/STRING/16615105478",
"token": "STRING"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/STRING/16615105480",
"token": "STRING"
},
{
"type": "http-01",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/STRING/16615105482",
"token": "STRING",
"validationRecord": [
{
"url": "http://www.domain.com/.well-known/acme-challenge/STRING",
"hostname": "www.domain.com",
"port": "80",
"addressesResolved": [
"111.11.111.11"
],
"addressUsed": "111.11.111.11"
}
]
}
]
}
2019-06-03 00:23:42,427:DEBUG:acme.client:Storing nonce: STRING
2019-06-03 00:23:42,428:DEBUG:certbot.error_handler:Calling registered functions
2019-06-03 00:23:42,429:INFO:certbot.auth_handler:Cleaning up challenges
2019-06-03 00:27:35,084:DEBUG:certbot.client:CSR: CSR(file='/etc/letsencrypt/csr/4225_csr-certbot.pem', data='-----BEGIN CERTIFICATE REQUEST-----\STRING\STRING+G+LzA9Kxs5zSHqFVh\STRING/zplcaZmxEMx03XD67Oruq+NwSmtDl\nWwlN9hyNc+STRING/QpNQjfEloVO3Reb17K\nvK+/STRING/9DojXHziK7GZ64gKk0FIqQk3hQml1\nTATcq+STRING/UVfsWGI3l6hhM0iO8mKqOSl\nv8DkLYftUprvwzOpyykCAwEAAaA+STRING\STRING\nBQADggEBACx0SLekKaNgofUKK2fI/STRING\nLPUi5lRPubg+9pT0EYEzX8tHYwMD2VnUos/AOFsMmsbKUWJi/PaO3lBhs2lPKfYf\STRING\STRING//FjubvHB\nqcBRfp/STRING\nJ0q7KgTUVl1fEWyr+yN2o+XAu6f7B4g=\n-----END CERTIFICATE REQUEST-----\n', form='pem')
2019-06-03 00:27:35,086:DEBUG:acme.client:JWS payload:
{
"resource": "new-cert",
"csr": "STRING"
}
2019-06-03 00:27:35,089:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/finalize/51249897/501550674:
{
"protected": "STRING",
"payload": "STRING",
"signature": "STRING"
}
2019-06-03 00:27:35,900:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/finalize/51249897/501550674 HTTP/1.1" 200 632
2019-06-03 00:27:35,902:DEBUG:acme.client:Received response:
HTTP 200
content-length: 632
expires: Mon, 03 Jun 2019 05:27:35 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/51249897/501550674
pragma: no-cache
boulder-requester: 51249897
date: Mon, 03 Jun 2019 05:27:35 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: STRING
{
"status": "valid",
"expires": "2019-06-10T05:19:26Z",
"identifiers": [
{
"type": "dns",
"value": "domain.com"
},
{
"type": "dns",
"value": "www.domain.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/STRING",
"https://acme-v02.api.letsencrypt.org/acme/authz/STRING"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/51249897/501550674",
"certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/STRING"
}
2019-06-03 00:27:35,902:DEBUG:acme.client:Storing nonce: STRING
2019-06-03 00:27:36,903:DEBUG:acme.client:JWS payload:
2019-06-03 00:27:36,907:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/order/51249897/501550674:
{
"protected": "STRING",
"payload": "",
"signature": "STRING"
}
2019-06-03 00:27:36,974:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/order/51249897/501550674 HTTP/1.1" 200 632
2019-06-03 00:27:36,975:DEBUG:acme.client:Received response:
HTTP 200
content-length: 632
expires: Mon, 03 Jun 2019 05:27:36 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Mon, 03 Jun 2019 05:27:36 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: STRING
{
"status": "valid",
"expires": "2019-06-10T05:19:26Z",
"identifiers": [
{
"type": "dns",
"value": "domain.com"
},
{
"type": "dns",
"value": "www.domain.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/STRING",
"https://acme-v02.api.letsencrypt.org/acme/authz/STRING"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/51249897/501550674",
"certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/STRING"
}
2019-06-03 00:27:36,975:DEBUG:acme.client:Storing nonce: STRING
2019-06-03 00:27:36,976:DEBUG:acme.client:JWS payload:
2019-06-03 00:27:36,979:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/cert/STRING:
{
"protected": "STRING",
"payload": "",
"signature": "STRING"
}
2019-06-03 00:27:37,040:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/cert/STRING HTTP/1.1" 415 168
2019-06-03 00:27:37,045:DEBUG:acme.client:Received response:
HTTP 415
content-length: 168
expires: Mon, 03 Jun 2019 05:27:37 GMT
server: nginx
connection: close
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Mon, 03 Jun 2019 05:27:37 GMT
content-type: application/problem+json
replay-nonce: STRING
{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Invalid Content-Type header on POST. Content-Type must be \"application/jose+json\"",
"status": 415
}
2019-06-03 00:27:37,047:DEBUG:acme.client:Error during a POST-as-GET request, your ACME CA may not support it:
urn:ietf:params:acme:error:malformed :: The request message was malformed :: Invalid Content-Type header on POST. Content-Type must be "application/jose+json"
2019-06-03 00:27:37,047:DEBUG:acme.client:Retrying request with GET.
2019-06-03 00:27:37,047:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/cert/STRING.
2019-06-03 00:27:37,048:INFO:requests.packages.urllib3.connectionpool:Resetting dropped connection: acme-v02.api.letsencrypt.org
2019-06-03 00:27:37,147:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/cert/STRING HTTP/1.1" 200 3579
2019-06-03 00:27:37,148:DEBUG:acme.client:Received response:
HTTP 200
content-length: 3579
expires: Mon, 03 Jun 2019 05:27:37 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Mon, 03 Jun 2019 05:27:37 GMT
x-frame-options: DENY
content-type: application/pem-certificate-chain
-----BEGIN CERTIFICATE-----
STRING
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
STRING
-----END CERTIFICATE-----
2019-06-03 00:27:37,154:DEBUG:certbot.storage:Writing new private key to /etc/letsencrypt/archive/domain.com/privkey2.pem.
2019-06-03 00:27:37,154:DEBUG:certbot.storage:Writing certificate to /etc/letsencrypt/archive/domain.com/cert2.pem.
2019-06-03 00:27:37,155:DEBUG:certbot.storage:Writing chain to /etc/letsencrypt/archive/domain.com/chain2.pem.
2019-06-03 00:27:37,155:DEBUG:certbot.storage:Writing full chain to /etc/letsencrypt/archive/domain.com/fullchain2.pem.
2019-06-03 00:27:37,645:DEBUG:certbot.storage:Writing new config /etc/letsencrypt/renewal/domain.com.conf.new.
2019-06-03 00:27:37,650:DEBUG:certbot.plugins.storage:Plugin storage file /etc/letsencrypt/.pluginstorage.json was empty, no values loaded
2019-06-03 00:27:40,387:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2019-06-03 00:27:40,391:DEBUG:certbot.plugins.selection:Selecting plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_centos.CentOSConfigurator object at 0x7f111c8ee990>
Prep: True