====
My certificates are not being renewed.
The access log, given below, shows 2 succesful 200 responses.
If i access the server from other parts of the web, for example my desktop, i get a 404 ( the acme-challenge directory is empty).
I have seen responses that suggest that the failures may because it takes 3 responses to get the cert validated.
Thanks
Joe
My domain is:
payzrent.com, www.payzrent.com
I ran this command:
certbot -v renew --nginx --dry-run 2> /tmp/x1
It produced this output:
debug log below
My web server is (include version):
nginx
The operating system my web server runs on is (include version):
ubuntu 16.04
My hosting provider, if applicable, is:
AWS
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0
=====================================================
Other:
nginx access log:
172.30.3.216 - - [09/Apr/2020:19:03:35 +0000] “GET /.well-known/acme-challenge/iRgRFYVmLQMMnwF5fhJdxCN-nh8SaerP-G5pKrgS5xw HTTP/1.1” 200 87 “-” “Mozilla/5.0 (compatible; Let’s Encrypt validation server; +https://www.letsencrypt.org)”
172.30.3.216 - - [09/Apr/2020:19:03:35 +0000] “GET /.well-known/acme-challenge/iRgRFYVmLQMMnwF5fhJdxCN-nh8SaerP-G5pKrgS5xw HTTP/1.1” 200 87 “-” “Mozilla/5.0 (compatible; Let’s Encrypt validation server; +https://www.letsencrypt.org)”
172.30.0.194 - - [09/Apr/2020:19:03:55 +0000] “GET / HTTP/1.1” 200 396 “-” “ELB-HealthChecker/2.0”
172.30.3.216 - - [09/Apr/2020:19:03:56 +0000] “GET / HTTP/1.1” 200 396 “-” “ELB-HealthChecker/2.0”
172.30.0.194 - - [09/Apr/2020:19:04:25 +0000] “GET / HTTP/1.1” 200 396 “-” “ELB-HealthChecker/2.0”
172.30.3.216 - - [09/Apr/2020:19:04:26 +0000] “GET / HTTP/1.1” 200 396 “-” “ELB-HealthChecker/2.0”
debug output:
cat /tmp/x1
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator nginx and installer nginx
Var dry_run=True (set by user).
Var server={‘dry_run’, ‘staging’} (set by user).
Var dry_run=True (set by user).
Var server={‘dry_run’, ‘staging’} (set by user).
Var account={‘server’} (set by user).
Var authenticator=nginx (set by user).
Var installer=nginx (set by user).
Should renew, less than 30 days before certificate expiry 2018-04-28 16:56:00 UTC.
Cert is due for renewal, auto-renewing…
Requested authenticator nginx and installer nginx
Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f195e09ac18>
Prep: True
Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f195e09ac18>
Prep: True
Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7f195e09ac18> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7f195e09ac18>
Plugins selected: Authenticator nginx, Installer nginx
Picked account: <Account(RegistrationResource(new_authzr_uri=‘https://acme-staging.api.letsencrypt.org/acme/new-authz’, uri=‘https://acme-staging.api.letsencrypt.org/acme/reg/5478772’, body=Registration(terms_of_service_agreed=None, agreement=‘https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf’, status=‘valid’, key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f19586a6f60>)>), only_return_existing=None, contact=(), external_account_binding=None), terms_of_service=‘https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf’), ccdb159973e0442b7c815ad972eac3b3, Meta(creation_host=‘ip-172-30-3-245.ec2.internal’, creation_dt=datetime.datetime(2018, 2, 1, 13, 53, 48, tzinfo=)))>
Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
“GET /directory HTTP/1.1” 200 724
Received response:
HTTP 200
Content-Length: 724
Connection: keep-alive
Date: Thu, 09 Apr 2020 19:06:03 GMT
Content-Type: application/json
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Server: nginx
Cache-Control: public, max-age=0, no-cache
{
“_F-0Xj4kztA”: “Adding random entries to the directory”,
“keyChange”: “https://acme-staging-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
“letsencrypt.org”
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org/docs/staging-environment/”
},
“newAccount”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert”
}
Renewing an existing certificate
Requesting fresh nonce
Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
“HEAD /acme/new-nonce HTTP/1.1” 200 0
Received response:
HTTP 200
Replay-Nonce: 0001zIAtb493NChqWjYX3qjckGjGFwRCapifLmVDBVUl_Eo
Connection: keep-alive
Date: Thu, 09 Apr 2020 19:06:03 GMT
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Server: nginx
Cache-Control: public, max-age=0, no-cache
Storing nonce: 0001zIAtb493NChqWjYX3qjckGjGFwRCapifLmVDBVUl_Eo
JWS payload:
b’{\n “identifiers”: [\n {\n “value”: “payzrent.com”,\n “type”: “dns”\n },\n {\n “value”: “www.payzrent.com”,\n “type”: “dns”\n }\n ]\n}’
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmcuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81NDc4NzcyIiwgIm5vbmNlIjogIjAwMDF6SUF0YjQ5M05DaHFXallYM3FqY2tHakdGd1JDYXBpZkxtVkRCVlVsX0VvIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJhbGciOiAiUlMyNTYifQ”,
“signature”: “Q4uNOY68Gzv1-pnb5-Ewjkk_aXnJOSyfRAmtLqlq43HdIFVjTK2D7XPNiBKDBrbJr0HsH-k2AgXDGI09JooZCzs1bECQQB6s8BCWm4Uo1_uGZTBzRht9jOM0jhTrtdSG4a1Hb4n3FC1-riU3MXIudx-D2bmQ-SFa4YWsfO_jraTlpc1ztUZWIofzgOYOTXZs5Ztkyf_hHO3ZWTWqXhsMovaZRF_n45LawGWj3aZmmroKTAIoiZjkSv0fYNUmGYppqZ8gBT5kWRetLrwwomwE65KtCo8zGVjaikJZjwkl-nd1n8JmnyFYmQro_m5HWZ2w-zjB2ohfAOAyhaEkjYnZpA”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInZhbHVlIjogInBheXpyZW50LmNvbSIsCiAgICAgICJ0eXBlIjogImRucyIKICAgIH0sCiAgICB7CiAgICAgICJ2YWx1ZSI6ICJ3d3cucGF5enJlbnQuY29tIiwKICAgICAgInR5cGUiOiAiZG5zIgogICAgfQogIF0KfQ”
}
“POST /acme/new-order HTTP/1.1” 201 496
Received response:
HTTP 201
Boulder-Requester: 5478772
Connection: keep-alive
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/5478772/84122175
Date: Thu, 09 Apr 2020 19:06:03 GMT
Replay-Nonce: 0002AZ7p1GbLqfRnXdLplIwDDcrRL1v5dsI8-HaG28TpPT4
Content-Length: 496
Cache-Control: public, max-age=0, no-cache
Content-Type: application/json
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Server: nginx
{
“status”: “pending”,
“expires”: “2020-04-16T19:06:03.427095487Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “payzrent.com”
},
{
“type”: “dns”,
“value”: “www.payzrent.com”
}
],
“authorizations”: [
“https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48361097”,
“https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48371173”
],
“finalize”: “https://acme-staging-v02.api.letsencrypt.org/acme/finalize/5478772/84122175”
}
Storing nonce: 0002AZ7p1GbLqfRnXdLplIwDDcrRL1v5dsI8-HaG28TpPT4
JWS payload:
b’’
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48361097:
{
“protected”: “eyJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmcuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81NDc4NzcyIiwgIm5vbmNlIjogIjAwMDJBWjdwMUdiTHFmUm5YZExwbEl3RERjclJMMXY1ZHNJOC1IYUcyOFRwUFQ0IiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzQ4MzYxMDk3IiwgImFsZyI6ICJSUzI1NiJ9”,
“signature”: “FSDoq0Le0Os9j3UudJDClVUm8TXNitfi5f3-GNgVfkWFGAYfwoj4SIbSgBMMHWHMLVAaiKbbqqgJbl3bfrc4zUGx0j-kWIfLwhK-TLYE7Q-6H6FnI5ZT-Y4LDR3O2QQ6jNCban8bNzhI5SuNwr0ECU_CScWEBw9P3YoXM4MK_Lnauv27OeeMuTLFFJtbcgFfKEesaWFCNVHcFd2DoYR25mP2N75sGgUKcCTKEkaJPllIDmwRIaaCs-4cd0qBBhkKlen1wEZHgik_fA4RB-k1rBnMmEGBdyMnh8dmmd3meTCL426l80UylVHi97QpjtLg-t5uTt2zueFamAsByb0lDg”,
“payload”: “”
}
“POST /acme/authz-v3/48361097 HTTP/1.1” 200 741
Received response:
HTTP 200
Replay-Nonce: 0001YdfkUfnWrmC7WocKOa_gBZXWqVDxC_EYV1XNFgDEVMc
Content-Length: 741
Connection: keep-alive
Date: Thu, 09 Apr 2020 19:06:03 GMT
Content-Type: application/json
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Boulder-Requester: 5478772
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Server: nginx
Cache-Control: public, max-age=0, no-cache
{
“identifier”: {
“type”: “dns”,
“value”: “payzrent.com”
},
“status”: “valid”,
“expires”: “2020-05-09T17:58:18Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “valid”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48361097/j9M_gA”,
“token”: “T1tm9REN8dPPLvYkuV05vQHA-Mp4ZkdbGTpWsXi3k68”,
“validationRecord”: [
{
“url”: “http://payzrent.com/.well-known/acme-challenge/T1tm9REN8dPPLvYkuV05vQHA-Mp4ZkdbGTpWsXi3k68”,
“hostname”: “payzrent.com”,
“port”: “80”,
“addressesResolved”: [
“54.236.130.38”,
“54.88.245.141”
],
“addressUsed”: “54.236.130.38”
}
]
}
]
}
Storing nonce: 0001YdfkUfnWrmC7WocKOa_gBZXWqVDxC_EYV1XNFgDEVMc
JWS payload:
b’’
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48371173:
{
“protected”: “eyJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmcuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81NDc4NzcyIiwgIm5vbmNlIjogIjAwMDFZZGZrVWZuV3JtQzdXb2NLT2FfZ0JaWFdxVkR4Q19FWVYxWE5GZ0RFVk1jIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzQ4MzcxMTczIiwgImFsZyI6ICJSUzI1NiJ9”,
“signature”: “hpFBehufef5wiOaQVwDVuV2ACVhQHSFGzL0ql-dkIQGhuTD7M-5Dd-VvxPDA-urrhtsJrQX_v0cOoYHOhRu2B7SN0r3qP80CyALgyhluHpHSUNeiZxTvkw4FFw2plnV1RxYz5R63T1Of3G1LpX8I-HY4x0C5eSxf3yhPEnrzcna3DlSCMvuDOfQtkzMbGLAgLt0t1H-JwSoPWoxrX9AviaHWT9gGzytzhUrhiGwMnT05RN8bq2Wb_kU95VdwYbkQwDeYfVl1ObA3-HK0BPqwAPsSAk-Zc6GIwVUnxaEy5IcrWVckFbSFm0zcrTikxgVWhTrySMqWwPoZNE8p7xL3mQ”,
“payload”: “”
}
“POST /acme/authz-v3/48371173 HTTP/1.1” 200 812
Received response:
HTTP 200
Replay-Nonce: 0001yOZU5IiREKXqyqchl9_4l0N7QKlMtfnRunUGsuhhltc
Content-Length: 812
Connection: keep-alive
Date: Thu, 09 Apr 2020 19:06:03 GMT
Content-Type: application/json
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Boulder-Requester: 5478772
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Server: nginx
Cache-Control: public, max-age=0, no-cache
{
“identifier”: {
“type”: “dns”,
“value”: “www.payzrent.com”
},
“status”: “pending”,
“expires”: “2020-04-16T19:06:03Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48371173/kAIZcA”,
“token”: “KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48371173/IYYegw”,
“token”: “KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48371173/lQJAGQ”,
“token”: “KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ”
}
]
}
Storing nonce: 0001yOZU5IiREKXqyqchl9_4l0N7QKlMtfnRunUGsuhhltc
Performing the following challenges:
http-01 challenge for www.payzrent.com
Generated server block:
Creating backup of /etc/nginx/nginx.conf
Creating backup of /etc/nginx/sites-enabled/default
Creating backup of /etc/nginx/mime.types
Writing nginx conf tree to /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
include /etc/letsencrypt/le_http_01_cert_challenge.conf;
server_names_hash_bucket_size 128;
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
listen 80;
server_name www.payzrent.com payzrent.com;
location /.well-known/acme-challenge {
default_type “text/plain”;
root /var/www/html/;
autoindex on;
}
location / {
return 301 https://payzrent.com$request_uri;
}
location = /.well-known/acme-challenge/KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ{default_type text/plain;return 200 KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ.ZbHowEroY2PztEKmcDnxC53XmJzwAareMRiwYf6BaFA;} # managed by Certbot
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/payzrent.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/payzrent.com/privkey.pem;
server_name www.payzrent.com;
return 301 https://payzrent.com$request_uri;
}
server {
listen 443 ssl;
# # http://www.selfsignedcertificate.com/ is useful for development testing
ssl_certificate /etc/letsencrypt/live/payzrent.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/payzrent.com/privkey.pem;
# # From https://bettercrypto.org/static/applied-crypto-hardening.pdf
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
add_header Strict-Transport-Security max-age=15768000; # six months
# use this only if all subdomains support HTTPS!
##add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"
keepalive_timeout 70;
server_name payzrent.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
location / {
proxy_pass http://127.0.0.1:9000;
}
}
}
#mail {
# See sample authentication script at:
# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# auth_http localhost/auth.php;
# pop3_capabilities “TOP” “USER”;
# imap_capabilities “IMAP4rev1” “UIDPLUS”;
server {
listen localhost:110;
protocol pop3;
proxy on;
}
server {
listen localhost:143;
protocol imap;
proxy on;
}
#}
Waiting for verification…
JWS payload:
b’{\n “type”: “http-01”,\n “resource”: “challenge”\n}’
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48371173/kAIZcA:
{
“protected”: “eyJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmcuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81NDc4NzcyIiwgIm5vbmNlIjogIjAwMDF5T1pVNUlpUkVLWHF5cWNobDlfNGwwTjdRS2xNdGZuUnVuVUdzdWhobHRjIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzQ4MzcxMTczL2tBSVpjQSIsICJhbGciOiAiUlMyNTYifQ”,
“signature”: “I4WFWZ4WVVUECYCDXD04BFgfIbgnR7o-epa279S50FgJup5a3G5qCnEnezQ1QJZDq8HhpaBv-u6jJ5CCANIKgxYN460Gxz5x8jLcClv-vgddfKhTtCgwnGPcBs2s1MAHhAbCow1yha9Av0_p3bVzF0jaUBBo8Rj5RStfGvTkvSfqMecVylvQPKALSSr1E6-Zn-cgEVB-iP27apxbKXoTHJhToYeZKF-sgMsh-7g_jMwalgPUTeTe46s2JAD47CWA_KeuiMZpG6Iy90QgEjeHnvp-I3qalfa2Zz5JA81-4KmFmqDEuO4DMyxPsqQ8EoiyzmJWDtFZoJCFngeqaxtXqw”,
“payload”: “ewogICJ0eXBlIjogImh0dHAtMDEiLAogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiCn0”
}
“POST /acme/chall-v3/48371173/kAIZcA HTTP/1.1” 200 191
Received response:
HTTP 200
Boulder-Requester: 5478772
Connection: keep-alive
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48371173/kAIZcA
Date: Thu, 09 Apr 2020 19:06:04 GMT
Replay-Nonce: 0001ySlHHfT97mlmb7bILzHhqkeEMeav335k_uW1aaVusH4
Content-Length: 191
Cache-Control: public, max-age=0, no-cache
Content-Type: application/json
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”, https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48371173;rel=“up”
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Server: nginx
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48371173/kAIZcA”,
“token”: “KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ”
}
Storing nonce: 0001ySlHHfT97mlmb7bILzHhqkeEMeav335k_uW1aaVusH4
JWS payload:
b’’
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48371173:
{
“protected”: “eyJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmcuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81NDc4NzcyIiwgIm5vbmNlIjogIjAwMDF5U2xISGZUOTdtbG1iN2JJTHpIaHFrZUVNZWF2MzM1a191VzFhYVZ1c0g0IiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzQ4MzcxMTczIiwgImFsZyI6ICJSUzI1NiJ9”,
“signature”: “pcNCWkd7ELS9_npXi0ETtpgZmibp-ZZmtmyHxU208wh8QAKOV_FaBIKQTF3vu7a8w-onAiGmnp7XJ2y2_wFSS1q93HQZUntJdsPCokaGCdN3P4Rj5gsRYEQA91rcrwGVl7dmO_u1ASdJ14vvo6zK0qvGonLcmrXTHVWLvVdqZIAExhIJmhS2_DDwyNAt9ttW6aiVNQ45Hw8GyAd_YRLurFYrSB5w-e4sf_EGpgnwQSNbd2rnX_NqzFswMLYAs3nk-L8l2_rAMar_5Hag4B5j3xd2FS5Jg1zEof2ODt8G3C095woq3kskt5DJ3o8Mdwam6Ew7X6OH4AtlMjpcEvHvRw”,
“payload”: “”
}
“POST /acme/authz-v3/48371173 HTTP/1.1” 200 812
Received response:
HTTP 200
Replay-Nonce: 0002ho9WkaGIIV-TH7lh4plFA5FSxGV26gLoKxgow5PP3Ok
Content-Length: 812
Connection: keep-alive
Date: Thu, 09 Apr 2020 19:06:07 GMT
Content-Type: application/json
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Boulder-Requester: 5478772
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Server: nginx
Cache-Control: public, max-age=0, no-cache
{
“identifier”: {
“type”: “dns”,
“value”: “www.payzrent.com”
},
“status”: “pending”,
“expires”: “2020-04-16T19:06:03Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48371173/kAIZcA”,
“token”: “KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48371173/IYYegw”,
“token”: “KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48371173/lQJAGQ”,
“token”: “KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ”
}
]
}
Storing nonce: 0002ho9WkaGIIV-TH7lh4plFA5FSxGV26gLoKxgow5PP3Ok
JWS payload:
b’’
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48371173:
{
“protected”: “eyJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmcuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81NDc4NzcyIiwgIm5vbmNlIjogIjAwMDJobzlXa2FHSUlWLVRIN2xoNHBsRkE1RlN4R1YyNmdMb0t4Z293NVBQM09rIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzQ4MzcxMTczIiwgImFsZyI6ICJSUzI1NiJ9”,
“signature”: “M-dDikZw945fpz9_JOakcKbORgnJxzlxSQofBKCNEvrT4QSh1dCVtyzSemrK9e4e1l3ntmYyqIAwMw8DkV3B1Ou3a23xuwq3H9WtIVrxslyO5Q5JZXCp-j05IsOakBK2s4w8uaRYaSrlb1nzSBhBplKTtUeCV3icnfjEr1sltV0hPSGNplYTmTdezBvJNCogKhebGSASVeIp4RttBLuJwtyZL4hRbHB1YHtLJouBGkyO49yXFap1BJJ7_hx-itizNWTTxQma4-HMfYOjWvMnZ1fIRTmmrYtJjDHXBAwTa7vLlra-fp-kF7X9Usz4puYp_FCMg8JOSjtVAAX8q7j-nQ”,
“payload”: “”
}
“POST /acme/authz-v3/48371173 HTTP/1.1” 200 812
Received response:
HTTP 200
Replay-Nonce: 0002RHGzOTno9pdGy7saprpUF9NDyFuy-uuK_FXcMvBHztw
Content-Length: 812
Connection: keep-alive
Date: Thu, 09 Apr 2020 19:06:10 GMT
Content-Type: application/json
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Boulder-Requester: 5478772
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Server: nginx
Cache-Control: public, max-age=0, no-cache
{
“identifier”: {
“type”: “dns”,
“value”: “www.payzrent.com”
},
“status”: “pending”,
“expires”: “2020-04-16T19:06:03Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48371173/kAIZcA”,
“token”: “KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48371173/IYYegw”,
“token”: “KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48371173/lQJAGQ”,
“token”: “KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ”
}
]
}
Storing nonce: 0002RHGzOTno9pdGy7saprpUF9NDyFuy-uuK_FXcMvBHztw
JWS payload:
b’’
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48371173:
{
“protected”: “eyJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmcuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81NDc4NzcyIiwgIm5vbmNlIjogIjAwMDJSSEd6T1RubzlwZEd5N3NhcHJwVUY5TkR5RnV5LXV1S19GWGNNdkJIenR3IiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzQ4MzcxMTczIiwgImFsZyI6ICJSUzI1NiJ9”,
“signature”: “h0yi0NVxsu8kBvpF4rPKqFKe7xzv8d_r8yIghw3IqKqq56y5ZPFqtne5Mi87eEr8rnBKdelGbZXV5KNMjb8F0kHYSbPgo97MRKONMOWEdFzBI4ZnrNs5DbsFqz2p9XBhVpy1Y55CnFz8UCbmifNaHdSD93KWqZKfFx-cDkp9B8fqPpS-4FeYggc4OvIz0WR11CgdnYlFyXtBLoOsfCwwtc5cOl_S6oJYnkshd-bPVeur5UC4ZXgskQe9GqxSwPu9X9i7CAkVg4uraFIqGVUTF2QKlK1OU-CtlLTP67X6pxDdyhhKecHjSuG1qlOVm2izpN3wqWyJSH0yEtblMIABJg”,
“payload”: “”
}
“POST /acme/authz-v3/48371173 HTTP/1.1” 200 812
Received response:
HTTP 200
Replay-Nonce: 0001qiW4PYVCtJPaRjKbgWenkD8r6xcRA2Cl3CVat6IZwx0
Content-Length: 812
Connection: keep-alive
Date: Thu, 09 Apr 2020 19:06:13 GMT
Content-Type: application/json
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Boulder-Requester: 5478772
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Server: nginx
Cache-Control: public, max-age=0, no-cache
{
“identifier”: {
“type”: “dns”,
“value”: “www.payzrent.com”
},
“status”: “pending”,
“expires”: “2020-04-16T19:06:03Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48371173/kAIZcA”,
“token”: “KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48371173/IYYegw”,
“token”: “KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48371173/lQJAGQ”,
“token”: “KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ”
}
]
}
Storing nonce: 0001qiW4PYVCtJPaRjKbgWenkD8r6xcRA2Cl3CVat6IZwx0
JWS payload:
b’’
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48371173:
{
“protected”: “eyJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmcuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81NDc4NzcyIiwgIm5vbmNlIjogIjAwMDFxaVc0UFlWQ3RKUGFSaktiZ1dlbmtEOHI2eGNSQTJDbDNDVmF0Nklad3gwIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzQ4MzcxMTczIiwgImFsZyI6ICJSUzI1NiJ9”,
“signature”: “Wdup_xj5TqJsclMBmdzEHmzCZyVt6XW7mdV0iyHQCoiuagGPzp-gAZugeOe8ozMuXq71kG2Q1wwf7LCGK4bacCaU1e1jof0HwyuIWfE2OCIv0hW8icTtNBWRFnyYtirSqdfwVjn4uKr8ohzJV7J_10S5NkFrDmJbXRHAgBo5O-hjRNkdt5O4Tr6m_pVAYLB2X8baQWUASmwkx4ZLcyutU_Rwl374acs9zAcX2bJQ6WQI9_FfV6WRJ5UmNoN4tv2FyOkLcO2y419DUUJnb9QJRi8XZo7Wkn54F4Yks0XYq8Oqe9mL8yZtMO2IRli2CTgC9s9949cWMlDli9JbI4aBtA”,
“payload”: “”
}
“POST /acme/authz-v3/48371173 HTTP/1.1” 200 1037
Received response:
HTTP 200
Replay-Nonce: 0001xjjzpCoe5cesC1-9rLHHuvyd3NbTI3LM6WfB-7djYQY
Content-Length: 1037
Connection: keep-alive
Date: Thu, 09 Apr 2020 19:06:16 GMT
Content-Type: application/json
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Boulder-Requester: 5478772
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Server: nginx
Cache-Control: public, max-age=0, no-cache
{
“identifier”: {
“type”: “dns”,
“value”: “www.payzrent.com”
},
“status”: “invalid”,
“expires”: “2020-04-16T19:06:03Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:connection”,
“detail”: “Fetching http://www.payzrent.com/.well-known/acme-challenge/KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ: Timeout during connect (likely firewall problem)”,
“status”: 400
},
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48371173/kAIZcA”,
“token”: “KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ”,
“validationRecord”: [
{
“url”: “http://www.payzrent.com/.well-known/acme-challenge/KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ”,
“hostname”: “www.payzrent.com”,
“port”: “80”,
“addressesResolved”: [
“54.88.245.141”,
“54.236.130.38”
],
“addressUsed”: “54.88.245.141”
}
]
}
]
}
Storing nonce: 0001xjjzpCoe5cesC1-9rLHHuvyd3NbTI3LM6WfB-7djYQY
Reporting to user: The following errors were reported by the server:
Domain: www.payzrent.com
Type: connection
Detail: Fetching http://www.payzrent.com/.well-known/acme-challenge/KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ: Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you’re using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.payzrent.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.payzrent.com/.well-known/acme-challenge/KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ: Timeout during connect (likely firewall problem)
Calling registered functions
Cleaning up challenges
Attempting to renew cert (payzrent.com) from /etc/letsencrypt/renewal/payzrent.com.conf produced an unexpected error: Failed authorization procedure. www.payzrent.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.payzrent.com/.well-known/acme-challenge/KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ: Timeout during connect (likely firewall problem). Skipping.
Traceback was:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/renewal.py”, line 452, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1193, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File “/usr/lib/python3/dist-packages/certbot/renewal.py”, line 310, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.payzrent.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.payzrent.com/.well-known/acme-challenge/KyjLR6Srn2qfVjfetKzm4qLY9I3Q7dmucpXlBMJTUkQ: Timeout during connect (likely firewall problem)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/payzrent.com/fullchain.pem (failure)
Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.31.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1365, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1272, in renew
renewal.handle_renewal_request(config)
File “/usr/lib/python3/dist-packages/certbot/renewal.py”, line 477, in handle_renewal_request
len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
1 renew failure(s), 0 parse failure(s)