Details of my setting below, followed by the standard questionnaire. Just a brief intro first.
After more than 2 years, suddenly I cannot certbot renew my home nextcloud server. Last successful renew in June. Port 80 is open (tested) and any access gets rewritten into https. I do not understand enough what I am doing to solve the problem by myself. Whatever I do, I cannot prevent the rewriting of the request into https. You can find Apache setting below, followed by the answers to the standard questionnaire.
apachectl -t -D DUMP_VHOSTS
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 nextcloud.panaccio.family (/etc/apache2/sites-enabled/default-ssl.conf:2)
*:80 nextcloud.panaccio.family (/etc/apache2/sites-enabled/nextcloud.conf:1)
cat /etc/apache2/sites-enabled/default-ssl.conf
<VirtualHost _default_:443>
ServerAdmin admin@panaccio.family
DocumentRoot /var/www/nextcloud
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
ServerName nextcloud.panaccio.family
Header always set Strict-Transport-Security "max-age=31536000"
SSLCertificateFile /etc/letsencrypt/live/nextcloud.panaccio.family/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.panaccio.family/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteEngine On
RewriteRule ^/sites/(.*)$ https://nextcloud.panaccio.family/index.php/apps/cms_pico/pico/$1 [QSA,L]
</VirtualHost>
</IfModule>
cat /etc/apache2/sites-enabled/nextcloud.conf
<VirtualHost *:80>
ServerAdmin admin@panaccio.family
DocumentRoot /var/www/nextcloud
ServerName nextcloud.panaccio.family
TransferLog /var/log/apache2/nextcloud_access.log
ErrorLog /var/log/apache2/nextcloud_error.log
RewriteEngine on
RewriteCond %{SERVER_NAME} =nextcloud.panaccio.family
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
I ran this command:
certbot -v renew --dry-run
It produced this output:
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Notifying user: Processing /etc/letsencrypt/renewal/nextcloud.panaccio.family.conf
Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x7ff9513e0190> and installer <certbot._internal.cli.cli_utils._Default object at 0x7ff9513e0190>
Var dry_run=True (set by user).
Var server={'dry_run', 'staging'} (set by user).
Var dry_run=True (set by user).
Var server={'dry_run', 'staging'} (set by user).
Var account={'server'} (set by user).
Starting new HTTP connection (1): r3.o.lencr.org:80
http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
OCSP response for certificate /etc/letsencrypt/archive/nextcloud.panaccio.family/cert19.pem is signed by the certificate's issuer.
OCSP certificate status for /etc/letsencrypt/archive/nextcloud.panaccio.family/cert19.pem is: OCSPCertStatus.GOOD
Should renew, less than 30 days before certificate expiry 2022-09-17 01:45:56 UTC.
Cert is due for renewal, auto-renewing...
Requested authenticator apache and installer apache
Apache version is 2.4.54
Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7ff951425790>
Prep: True
Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7ff951425790>
Prep: True
Selected authenticator <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7ff951425790> and installer <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7ff951425790>
Plugins selected: Authenticator apache, Installer apache
Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/67892723', new_authzr_uri=None, terms_of_service=None), 126fadcc1afe917454a39b7f70610731, Meta(creation_dt=datetime.datetime(2022, 9, 9, 9, 29, 44, tzinfo=<UTC>), creation_host='webserver', register_to_eff=None))>
Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 843
Received response:
HTTP 200
Server: nginx
Date: Fri, 09 Sep 2022 09:43:26 GMT
Content-Type: application/json
Content-Length: 843
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017-w-v1.3-notice.pdf",
"website": "https://letsencrypt.org/docs/staging-environment/"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"reVktW6Wv2A": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/get/draft-ietf-acme-ari-00/renewalInfo/",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
Notifying user: Simulating renewal of an existing certificate for nextcloud.panaccio.family
Requesting fresh nonce
Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Server: nginx
Date: Fri, 09 Sep 2022 09:43:27 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001pIvXJyzVdARjgybjnv84ptix5drg48_6TVhi-Etcrts
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Storing nonce: 0001pIvXJyzVdARjgybjnv84ptix5drg48_6TVhi-Etcrts
JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "nextcloud.panaccio.family"\n }\n ]\n}'
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Nzg5MjcyMyIsICJub25jZSI6ICIwMDAxcEl2WEp5elZkQVJqZ3liam52ODRwdGl4NWRyZzQ4XzZUVmhpLUV0Y3J0cyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "EXVyk5lpjBjAUTYCNkuYwAieF62_v2yeXTUu3Wa8cKmWiRMNRpBTkAPYQLAadqtdfjcEKAjTHVTeQtxfvpPwLWUB78O3GWdOz6GMzCzfTvGGqUfyl2LIa1Pi8ZjANzjQBYzlVOuM_jHhPpCupMU17D-fuaZs7NGx-yu1J6jWquG1kfKgTG-1q3uQ9RRoHGBj58NhCu98zBzCKu6BuOFoz-P6v79hqiAAciU8cdcz4GMHzKpjqqd-W0t0fKEw4Pjf9Pm7BT9poHZit-1pRkqeTcesN4i-sX8RlZpZ7RV9Ifj54DvyA0mCDVUjPxncYdS0Iv-27QXN55QPA6HfMs6Rdw",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm5leHRjbG91ZC5wYW5hY2Npby5mYW1pbHkiCiAgICB9CiAgXQp9"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 361
Received response:
HTTP 201
Server: nginx
Date: Fri, 09 Sep 2022 09:43:27 GMT
Content-Type: application/json
Content-Length: 361
Connection: keep-alive
Boulder-Requester: 67892723
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/67892723/3990418093
Replay-Nonce: 0002lSFuSkANHyhDYvgm1Ogfz7OS1MVsDDIigRI906Cctlo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2022-09-16T09:43:27Z",
"identifiers": [
{
"type": "dns",
"value": "nextcloud.panaccio.family"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3580687073"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/67892723/3990418093"
}
Storing nonce: 0002lSFuSkANHyhDYvgm1Ogfz7OS1MVsDDIigRI906Cctlo
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3580687073:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Nzg5MjcyMyIsICJub25jZSI6ICIwMDAybFNGdVNrQU5IeWhEWXZnbTFPZ2Z6N09TMU1Wc0RESWlnUkk5MDZDY3RsbyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zNTgwNjg3MDczIn0",
"signature": "sjZCjT9s2H1044jSACdpbkvfP0BIXqAyuoAiYTqtkQvHLv8DdItErd3bvY_zBzjqETfPmAbcwfi-___aDJvqqLlUlUXAt3GntKsZpxMdgs2S5leP9Z7_NCXYwXZoG0NpDsZFUJZeD8VafhLYJPhjdUkHFTkEPloTVs09IQ2G-Owm7rTa5aeW-K4QsJhXyiSzZmVgLd7BrnS5lBf1gdGquhd-4ocXcdfiDz_eMAGfigfXgsH_3BhmrEbhn2mwUifuibSmyypVyd3VXctsr7D4KG41c5JstBNKI_BxuPaVZvyqvDRvmRKti5dY0AzAPtKEq_bjesMtm4rQRlouQOAwtg",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/3580687073 HTTP/1.1" 200 827
Received response:
HTTP 200
Server: nginx
Date: Fri, 09 Sep 2022 09:43:27 GMT
Content-Type: application/json
Content-Length: 827
Connection: keep-alive
Boulder-Requester: 67892723
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00026xQ63rNZix7zVTNzWGQiLeGNLtOHeH1R_J6Y79DrF5Q
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "nextcloud.panaccio.family"
},
"status": "pending",
"expires": "2022-09-16T09:43:27Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3580687073/h4VMjw",
"token": "zJy_d4Ck_jT-5kRtc4-TVW6_EfmNcBlPBWAhZ7kC4Pk"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3580687073/srvmwA",
"token": "zJy_d4Ck_jT-5kRtc4-TVW6_EfmNcBlPBWAhZ7kC4Pk"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3580687073/Ek_9Ug",
"token": "zJy_d4Ck_jT-5kRtc4-TVW6_EfmNcBlPBWAhZ7kC4Pk"
}
]
}
Storing nonce: 00026xQ63rNZix7zVTNzWGQiLeGNLtOHeH1R_J6Y79DrF5Q
Performing the following challenges:
http-01 challenge for nextcloud.panaccio.family
Adding a temporary challenge validation Include for name: nextcloud.panaccio.family in: /etc/apache2/sites-enabled/default-ssl.conf
Adding a temporary challenge validation Include for name: nextcloud.panaccio.family in: /etc/apache2/sites-enabled/nextcloud.conf
writing a pre config file with text:
RewriteEngine on
RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
writing a post config file with text:
<Directory /var/lib/letsencrypt/http_challenges>
Require all granted
</Directory>
<Location /.well-known/acme-challenge>
Require all granted
</Location>
Creating backup of /etc/apache2/sites-enabled/default-ssl.conf
Creating backup of /etc/apache2/sites-enabled/nextcloud.conf
Waiting for verification...
JWS payload:
b'{}'
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3580687073/h4VMjw:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Nzg5MjcyMyIsICJub25jZSI6ICIwMDAyNnhRNjNyTlppeDd6VlROeldHUWlMZUdOTHRPSGVIMVJfSjZZNzlEckY1USIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8zNTgwNjg3MDczL2g0Vk1qdyJ9",
"signature": "0CIwuXQx7f75Ni6zgQ8oNfFJvvSJ61AnlY6xvJclGoiGzXMEDLVGyxQtqXUr4NqT86yR9Zf-kEtltLnsGHqKiK0qmgkCKPnb_pfLBsDI96Af01MRszk9y4N4ICFH8nTnDXvwHdTF1OQlQubTJ8Ascg2FRz63HkOr0doKQkl7JCRbrRlftMbXgPjIKVcWgtgxnNTw8yH9BA3cCRvJrlKK0jgIn4fSKwjKeqL4EOMqKB3tctdpQsc7c0JCnB-1wrosDrpSd5ZvdLf6blcekpX1mAhkq7QmvK_4ARfTeZwJiqORFeQs6AkjpfshxLYfAnDlet9Y76xbOmvu2uw8k9Hg2Q",
"payload": "e30"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/3580687073/h4VMjw HTTP/1.1" 200 193
Received response:
HTTP 200
Server: nginx
Date: Fri, 09 Sep 2022 09:43:31 GMT
Content-Type: application/json
Content-Length: 193
Connection: keep-alive
Boulder-Requester: 67892723
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3580687073>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3580687073/h4VMjw
Replay-Nonce: 00020GGpz65NlPbpS4QJSJ8NDjhMXdnmaoSL0MAZjFm-ODs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3580687073/h4VMjw",
"token": "zJy_d4Ck_jT-5kRtc4-TVW6_EfmNcBlPBWAhZ7kC4Pk"
}
Storing nonce: 00020GGpz65NlPbpS4QJSJ8NDjhMXdnmaoSL0MAZjFm-ODs
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3580687073:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Nzg5MjcyMyIsICJub25jZSI6ICIwMDAyMEdHcHo2NU5sUGJwUzRRSlNKOE5EamhNWGRubWFvU0wwTUFaakZtLU9EcyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zNTgwNjg3MDczIn0",
"signature": "eJ5ec5mTLtq_lDghaKLB0CDP_hw-CWj_E7s-VKRik08C7Nrl3dCfvt8MoM6m5Hfgq9oZl18lFQJUxIOxRIbbNOJpE9zDo5NU_xPp2ZttIc5BpInCofkZdFDCwyHeRkHIo24iMysuVGSKvS3o8ufXvdUPIlmmGf0ykb9vBXIuwGIfQ5xir5fMtiSccRHlorsP96KaWEkIvSQJrjtKHmcEUyk_FoAUeUQXcKGjvJTH2KnNynZQ5zGtrTawXlW9VOD05dGW-0NKRMlDgPDD8UeqD3cu56ezjOuSgfejPYIXhhqcPXAzxlpb7jjhttiBto7ULAwyoVzJxmFp3rHcPo-bXg",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/3580687073 HTTP/1.1" 200 827
Received response:
HTTP 200
Server: nginx
Date: Fri, 09 Sep 2022 09:43:33 GMT
Content-Type: application/json
Content-Length: 827
Connection: keep-alive
Boulder-Requester: 67892723
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00023GzfbfEOM81LiMxh1VRIRHh__rr0pFIZxQfK49icqU4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "nextcloud.panaccio.family"
},
"status": "pending",
"expires": "2022-09-16T09:43:27Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3580687073/h4VMjw",
"token": "zJy_d4Ck_jT-5kRtc4-TVW6_EfmNcBlPBWAhZ7kC4Pk"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3580687073/srvmwA",
"token": "zJy_d4Ck_jT-5kRtc4-TVW6_EfmNcBlPBWAhZ7kC4Pk"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3580687073/Ek_9Ug",
"token": "zJy_d4Ck_jT-5kRtc4-TVW6_EfmNcBlPBWAhZ7kC4Pk"
}
]
}
Storing nonce: 00023GzfbfEOM81LiMxh1VRIRHh__rr0pFIZxQfK49icqU4
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3580687073:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Nzg5MjcyMyIsICJub25jZSI6ICIwMDAyM0d6ZmJmRU9NODFMaU14aDFWUklSSGhfX3JyMHBGSVp4UWZLNDlpY3FVNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zNTgwNjg3MDczIn0",
"signature": "HQ06xHcDuPSCpd8wJR8sxGElWdtwJAo2mKwKM_OmwmfY5F2QbaL_GpWI6kcafQvvhV2AaOC3wRAsGv4MEn45OGCNcmdleTvaTSsIywp7s1xxpNSv3Apo9p_Zj7oS5zv9c3pg_CqVRyelwbGS-FQ6EWDvMmDht_aEJi3dcXd8xsyMIHpAeW4Ir5vLNt6Qx0GQKiuKsseiZ9gs7oixa2ZJ98GYfK08FRstxQxO7E-D2TiJRGycKSgkEUAv0T7DDPN3NFgvIsOGxCWw2fmeDOUARWy_YqRQj7aLbtsazFiLhQtbEhhylsAKtHkFwmRFTANGf_7ZuTh2sNGSeZS57oqurQ",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/3580687073 HTTP/1.1" 200 827
Received response:
HTTP 200
Server: nginx
Date: Fri, 09 Sep 2022 09:43:36 GMT
Content-Type: application/json
Content-Length: 827
Connection: keep-alive
Boulder-Requester: 67892723
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002bzsic3oGPzS8vk7Fa8ucFz_ACVtkmI3XMaqzeZ72Kzk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "nextcloud.panaccio.family"
},
"status": "pending",
"expires": "2022-09-16T09:43:27Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3580687073/h4VMjw",
"token": "zJy_d4Ck_jT-5kRtc4-TVW6_EfmNcBlPBWAhZ7kC4Pk"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3580687073/srvmwA",
"token": "zJy_d4Ck_jT-5kRtc4-TVW6_EfmNcBlPBWAhZ7kC4Pk"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3580687073/Ek_9Ug",
"token": "zJy_d4Ck_jT-5kRtc4-TVW6_EfmNcBlPBWAhZ7kC4Pk"
}
]
}
Storing nonce: 0002bzsic3oGPzS8vk7Fa8ucFz_ACVtkmI3XMaqzeZ72Kzk
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3580687073:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Nzg5MjcyMyIsICJub25jZSI6ICIwMDAyYnpzaWMzb0dQelM4dms3RmE4dWNGel9BQ1Z0a21JM1hNYXF6ZVo3Mkt6ayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zNTgwNjg3MDczIn0",
"signature": "X5aCX9u5e1GmpncYT-3uOu_xeekEc1IoPDeVuJR3S65EJYXTdGzW-nqFKdHWqzcuJNagrBzP1zGVg40H790CW--6hgGYXTdxFcRd2S3Rjr587iEKX1TKF8VOQHS8N42ioiL7pEKnoAte-Wg8tXcF21nON56CKAg3Z0fg-VaxbaQFPkvWMMdmOVHtWG06PYs50x-StZa6R1w6jsiDn3ZbVzyHghPKib8XyqwNson_VTNr_ZyH8H_41UGuy7ANFywSKADQOCX3z3w4D_xlvIokQUFz94nlHeCyhhG9oHNrsqVcJelq5St8TRAgz6rETnanMcPjC5Wx9AEjQHhkTVqbhg",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/3580687073 HTTP/1.1" 200 827
Received response:
HTTP 200
Server: nginx
Date: Fri, 09 Sep 2022 09:43:39 GMT
Content-Type: application/json
Content-Length: 827
Connection: keep-alive
Boulder-Requester: 67892723
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002tlC_lb_yp7cDOwFzz9aTy4i4aj2KeRjJu7T9xaeJXdc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "nextcloud.panaccio.family"
},
"status": "pending",
"expires": "2022-09-16T09:43:27Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3580687073/h4VMjw",
"token": "zJy_d4Ck_jT-5kRtc4-TVW6_EfmNcBlPBWAhZ7kC4Pk"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3580687073/srvmwA",
"token": "zJy_d4Ck_jT-5kRtc4-TVW6_EfmNcBlPBWAhZ7kC4Pk"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3580687073/Ek_9Ug",
"token": "zJy_d4Ck_jT-5kRtc4-TVW6_EfmNcBlPBWAhZ7kC4Pk"
}
]
}
Storing nonce: 0002tlC_lb_yp7cDOwFzz9aTy4i4aj2KeRjJu7T9xaeJXdc
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3580687073:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82Nzg5MjcyMyIsICJub25jZSI6ICIwMDAydGxDX2xiX3lwN2NET3dGeno5YVR5NGk0YWoyS2VSakp1N1Q5eGFlSlhkYyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zNTgwNjg3MDczIn0",
"signature": "GNB2Nif_zx2mqcJJBWklAnZEcEGokXSYg-hRy93sy-QWgWktxUz2Fas02XhNXaCyGhhv8e1FkDN2KGDXpE9CuT5a1S-ndY5BQcCzzYTTJ9D5ZW6JFPEES9oBnWHsa3EPy5YXayY52bakLCR4pNwytf8rrVLy2rQTLLvx9tw5ZhACBkb2z5cg-jsIvTa5S8F2JpmftPxpLBBVv8lT7rEP711PFRTRnP_-10YNX4IkfJ0TZ2DxFhS5SDel0DttzYvS2kn3Ftxd9pVz1K0gEzOPUS7Zk_efXgA8kpx6p7Zzx6CwTd_czAAPoookRocOs120Ixcn9Btl5QFliMe0wcTiNQ",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/3580687073 HTTP/1.1" 200 1104
Received response:
HTTP 200
Server: nginx
Date: Fri, 09 Sep 2022 09:43:42 GMT
Content-Type: application/json
Content-Length: 1104
Connection: keep-alive
Boulder-Requester: 67892723
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002WWp_XB_eNxjx5kE7CLq1k5zdWWcChYxKuevYx9UuDP4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "nextcloud.panaccio.family"
},
"status": "invalid",
"expires": "2022-09-16T09:43:27Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "80.253.88.254: Fetching http://nextcloud.panaccio.family/.well-known/acme-challenge/zJy_d4Ck_jT-5kRtc4-TVW6_EfmNcBlPBWAhZ7kC4Pk: Timeout during connect (likely firewall problem)",
"status": 400
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3580687073/h4VMjw",
"token": "zJy_d4Ck_jT-5kRtc4-TVW6_EfmNcBlPBWAhZ7kC4Pk",
"validationRecord": [
{
"url": "http://nextcloud.panaccio.family/.well-known/acme-challenge/zJy_d4Ck_jT-5kRtc4-TVW6_EfmNcBlPBWAhZ7kC4Pk",
"hostname": "nextcloud.panaccio.family",
"port": "80",
"addressesResolved": [
"80.253.88.254"
],
"addressUsed": "80.253.88.254"
}
],
"validated": "2022-09-09T09:43:31Z"
}
]
}
Storing nonce: 0002WWp_XB_eNxjx5kE7CLq1k5zdWWcChYxKuevYx9UuDP4
Challenge failed for domain nextcloud.panaccio.family
http-01 challenge for nextcloud.panaccio.family
Domain: nextcloud.panaccio.family
My web server is (include version):
Server version: Apache/2.4.54 (Debian)
Server built: 2022-06-09T04:26:43
The operating system my web server runs on is (include version):
Debian GNU/Linux 11 (bullseye) KVM guest, on a Debian GNU/Linux 11 (bullseye) host machine
My hosting provider, if applicable, is:
Home server
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
certbot 1.12.0