Renewal failure: The client lacks sufficient authorization :

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
alphatest.net

I ran this command:
certbot renew

It produced this output:

Processing /etc/letsencrypt/renewal/alphatest.net.conf

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for alphatest.net
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (alphatest.net) from /etc/letsencrypt/renewal/alphatest.net.conf produced an unexpected error: Failed authorization procedure. alphatest.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://alphatest.net/.well-known/acme-challenge/hI3EawBY2Yt8J6xkG5LFOCj4Zo7lYCAheUKp8esL88E [108.6.122.243]: "\n\n404 Not Found\n\n

Not Found

\n<p". Skipping.

My web server is (include version):
Server version: Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 18.04

My hosting provider, if applicable, is:
self-hosted

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.31.0

I've had this problem for a while. In the past I've just rebuilt everything from scratch. I host about ten domains on the server but this is only happening to the core domain (alphatest.net) which has a bunch of subdomains registered under it (hrl.alphatest.net, images.alphatest.net, etc.)

An add'l problem is that after X failed attempts to renew I get "Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt"

Here's the /var/log/letsencrypt log for the first request:

2021-05-02 04:08:07,149:DEBUG:certbot.main:certbot version: 0.31.0
2021-05-02 04:08:07,151:DEBUG:certbot.main:Arguments: ['-q']
2021-05-02 04:08:07,151:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntr
yPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-05-02 04:08:07,163:DEBUG:certbot.log:Root logging level set at 30
2021-05-02 04:08:07,164:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-05-02 04:08:07,174:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0
x7f3ff1d77a90> and installer <certbot.cli._Default object at 0x7f3ff1d77a90>
2021-05-02 04:08:07,186:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2021-05-2
2 16:36:04 UTC.
2021-05-02 04:08:07,186:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2021-05-02 04:08:07,186:INFO:certbot.renewal:Non-interactive renewal: random delay of 8 seconds
2021-05-02 04:08:15,195:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-05-02 04:08:15,329:DEBUG:certbot_apache.configurator:Apache version is 2.4.29
2021-05-02 04:08:18,484:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f3ff1d7dcf8>
Prep: True
2021-05-02 04:08:18,486:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f3ff1d7dcf8>
Prep: True
2021-05-02 04:08:18,487:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_debian.De
bianConfigurator object at 0x7f3ff1d7dcf8> and installer <certbot_apache.override_debian.DebianConfigurator objec
t at 0x7f3ff1d7dcf8>
2021-05-02 04:08:18,487:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2021-05-02 04:08:18,491:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=No
ne, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_ac
count_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/102771043', new_authzr_uri=None, terms_o
f_service=None), 890f08177972d62387271f5d111906ac, Meta(creation_dt=datetime.datetime(2020, 11, 19, 0, 19, 38, tz
info=<UTC>), creation_host='casey'))>
2021-05-02 04:08:18,493:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-05-02 04:08:18,496:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.
org
2021-05-02 04:08:18,718:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTT
P/1.1" 200 658
2021-05-02 04:08:18,719:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 02 May 2021 08:08:18 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
  "dVvlvGMUWzI": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-05-02 04:08:18,720:INFO:certbot.main:Renewing an existing certificate
2021-05-02 04:08:19,279:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0169_key-certbot.pem
2021-05-02 04:08:19,286:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0169_csr-certbot.pem
2021-05-02 04:08:19,286:DEBUG:acme.client:Requesting fresh nonce
2021-05-02 04:08:19,286:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-05-02 04:08:19,339:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-05-02 04:08:19,340:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 02 May 2021 08:08:19 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104tI-6RShJwrLo6XqkPfCMu7ITwxehjo_6CbXMOF4Y1Bk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-05-02 04:08:19,340:DEBUG:acme.client:Storing nonce: 0104tI-6RShJwrLo6XqkPfCMu7ITwxehjo_6CbXMOF4Y1Bk
2021-05-02 04:08:19,341:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "alphatest.net"\n    },\n    {\n      "type": "dns",\n      "value": "hrl.alphatest.net"\n    },\n    {\n      "type": "dns",\n      "value": "hrl2.alphatest.net"\n    },\n    {\n      "type": "dns",\n      "value": "hrl7.alphatest.net"\n    },\n    {\n      "type": "dns",\n      "value": "images.alphatest.net"\n    },\n    {\n      "type": "dns",\n      "value": "trms.alphatest.net"\n    },\n    {\n      "type": "dns",\n      "value": "www.alphatest.net"\n    }\n  ]\n}'
2021-05-02 04:08:19,348:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAyNzcxMDQzIiwgIm5vbmNlIjogIjAxMDR0SS02UlNoSndyTG82WHFrUGZDTXU3SVR3eGVoam9fNkNiWE1PRjRZMUJrIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "sVL6E4toLeD6QItbDtswdXZ2Nzg2ZJt0vprflpAPcKIPYq6e78ZA3lSASEEN54xIc-Mbks90wcnihTxcgQinqV8MNo9HL66LSmLS4itULZBSKuofDZ8wdWnMm4tVTWXgrm9GO8lo6vFvcnIbhxLOsuJHG9_p2Prt27fdFTyfdvtrtJSzCSO2Vr55lyHsP8NUHz3dKo8_0tMC5okbN0Zsix3gUiDpmjXM-tpFklR5z8F7AXFEr70n5e0F10u771zMCKMDwZnnl-6m87E7kaXt8qCN9c0lJ8dNrA8yH8v_tj8Jg6PaMG2ufuyiT1Z0SqPvll7fI_MMyepHpiD5WmGDNQ",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImFscGhhdGVzdC5uZXQiCiAgICB9LAogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAiaHJsLmFscGhhdGVzdC5uZXQiCiAgICB9LAogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAiaHJsMi5hbHBoYXRlc3QubmV0IgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImhybDcuYWxwaGF0ZXN0Lm5ldCIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJpbWFnZXMuYWxwaGF0ZXN0Lm5ldCIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJ0cm1zLmFscGhhdGVzdC5uZXQiCiAgICB9LAogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAid3d3LmFscGhhdGVzdC5uZXQiCiAgICB9CiAgXQp9"
}
2021-05-02 04:08:19,550:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 1175
2021-05-02 04:08:19,550:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sun, 02 May 2021 08:08:19 GMT
Content-Type: application/json
Content-Length: 1175
Connection: keep-alive
Boulder-Requester: 102771043
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/102771043/9430271158
Replay-Nonce: 0103xJlJwYY-3L6vdFVOHOJWcZl3u7p6PErUhT2tGobeb00
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-05-09T08:08:19Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "alphatest.net"
    },
    {
      "type": "dns",
      "value": "hrl.alphatest.net"
    },
    {
      "type": "dns",
      "value": "hrl2.alphatest.net"
    },
    {
      "type": "dns",
      "value": "hrl7.alphatest.net"
    },
    {
      "type": "dns",
      "value": "images.alphatest.net"
    },
    {
      "type": "dns",
      "value": "trms.alphatest.net"
    },
    {
      "type": "dns",
      "value": "www.alphatest.net"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/12544471397",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/12544471399",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/12544471400",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/12544471401",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/12544471402",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/12544471403",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/12787768209"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/102771043/9430271158"
}
2021-05-02 04:08:19,551:DEBUG:acme.client:Storing nonce: 0103xJlJwYY-3L6vdFVOHOJWcZl3u7p6PErUhT2tGobeb00
2021-05-02 04:08:19,551:DEBUG:acme.client:JWS payload:
b''
2021-05-02 04:08:19,556:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/12544471397:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAyNzcxMDQzIiwgIm5vbmNlIjogIjAxMDN4SmxKd1lZLTNMNnZkRlZPSE9KV2NabDN1N3A2UEVyVWhUMnRHb2JlYjAwIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMjU0NDQ3MTM5NyJ9",
  "signature": "HNGSUfa3FO7XEL8MB9t_ZFgCeMKVf3ytT49_-9wjuK_vMUTZDtsTN-WZ0LOq7Zrq41SozawTK40KRtcupeysj85iFQ7Dq0aldUqkYZ5LHmHmG48Cc4VMUeABjKF_UlSeB0_mDZpy03-s-dNbxCgffhQnX_YzlH-mgmXDDPxwXs8Wicsdty3j7ed7jXezl3nYqnFM3WHeePwy0gOa2aQgyWDbyjp58NOO2GCbPovHRe1YNDqPlnu1fSMvO28MGnyblRmj0Z2YMeXLyjC_dqpq8VqVsuaXo9n76BktTOmnjgmDy1YUkePGKM7z_qQMZqvBs0PY6VCzFBd_xoT-fs-ReA",
  "payload": ""
}
2021-05-02 04:08:19,636:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/12544471397 HTTP/1.1" 200 765
2021-05-02 04:08:19,637:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 02 May 2021 08:08:19 GMT
Content-Type: application/json
Content-Length: 765
Connection: keep-alive
Boulder-Requester: 102771043
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103f9Fnj-9cNrwVsBwvCg4Vqi-zKSU17bq8CN2ptXHnZEY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "hrl.alphatest.net"
  },
  "status": "valid",
  "expires": "2021-05-22T21:17:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "valid",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/12544471397/d7pwjg",
      "token": "kAO0pL34X5grJxRlVmOL-7deqoumYqEGExk9auJ44oM",
      "validationRecord": [
        {
          "url": "http://hrl.alphatest.net/.well-known/acme-challenge/kAO0pL34X5grJxRlVmOL-7deqoumYqEGExk9auJ44oM",
          "hostname": "hrl.alphatest.net",
          "port": "80",
          "addressesResolved": [
            "108.6.122.243"
          ],
          "addressUsed": "108.6.122.243"
        }
      ],
      "validated": "2021-04-22T21:17:12Z"
    }
  ]
}
2021-05-02 04:08:19,637:DEBUG:acme.client:Storing nonce: 0103f9Fnj-9cNrwVsBwvCg4Vqi-zKSU17bq8CN2ptXHnZEY
2021-05-02 04:08:19,638:DEBUG:acme.client:JWS payload:
b''
2021-05-02 04:08:19,642:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/12544471399:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAyNzcxMDQzIiwgIm5vbmNlIjogIjAxMDNmOUZuai05Y05yd1ZzQnd2Q2c0VnFpLXpLU1UxN2JxOENOMnB0WEhuWkVZIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMjU0NDQ3MTM5OSJ9",
  "signature": "p-FuJS3Obh-Ujy82HlWMOu3hEHwSs-OtkVp39cK83I4KFrWnL_EqjoSsO0Xn3hgL2A9Zv7EEuGcO4nOK2-FEax8N5A9yVJSAHEd423NMlAHKDe3VUoMvmNQ3PJg-BBisueVBGiG7y6C1AYaaubGGgnQ5_EJZ3ejdEDJylGBMo85fAH0IrEqAuRNSS6Me2Oa2VBtddI3XRTuxrm9PuqJnfg83TyjRoYKbEm5S-f72Ze593qQjbSaHXj80HO4ea7iqzfRGNbTuA0MNCBGunX00j1Wku9-PF7RS3GTvvEFFMntiIg8LcbPBNk-Xw1A98g1rcN0Jx2S180itT-wDES5g8Q",
  "payload": ""
}
2021-05-02 04:08:19,739:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/12544471399 HTTP/1.1" 200 768
2021-05-02 04:08:19,740:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 02 May 2021 08:08:19 GMT
Content-Type: application/json
Content-Length: 768
Connection: keep-alive
Boulder-Requester: 102771043
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104CatQ3nwy__0eK7K7nsC3bbmuFakMypG6HmucITaeqFg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "hrl2.alphatest.net"
  },
  "status": "valid",
  "expires": "2021-05-22T21:17:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "valid",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/12544471399/kpuXTQ",
      "token": "lBQPDnaaFw-AtSuQ73EHCwYk0os_bkwFAKbmMmU2QKg",
      "validationRecord": [
        {
          "url": "http://hrl2.alphatest.net/.well-known/acme-challenge/lBQPDnaaFw-AtSuQ73EHCwYk0os_bkwFAKbmMmU2QKg",
          "hostname": "hrl2.alphatest.net",
          "port": "80",
          "addressesResolved": [
            "108.6.122.243"
          ],
          "addressUsed": "108.6.122.243"
        }
      ],
      "validated": "2021-04-22T21:17:12Z"
    }
  ]
}
2021-05-02 04:08:19,740:DEBUG:acme.client:Storing nonce: 0104CatQ3nwy__0eK7K7nsC3bbmuFakMypG6HmucITaeqFg
2021-05-02 04:08:19,740:DEBUG:acme.client:JWS payload:
b''
2021-05-02 04:08:19,745:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/12544471400:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAyNzcxMDQzIiwgIm5vbmNlIjogIjAxMDRDYXRRM253eV9fMGVLN0s3bnNDM2JibXVGYWtNeXBHNkhtdWNJVGFlcUZnIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMjU0NDQ3MTQwMCJ9",
  "signature": "IHN_MIugZ-zW2-mJKloVUzRT2pkQNXMhS38wno6hpnPzUr_K9FE7vPkacOwfSK0gOiqXvQEdp7gfsiG3W-j9LAtX9carlWUmDY916Bl-M9l-U6o-ju0MMvuqZae1soWFZWSxIFNXjEhbKuxJN5FmOxbgnb_97rwqVU9B7LuTfRs-NPGnWXU9kHEkdfmiYfxWLs6jxgg_FRP6D3OWn0t3WgGDlmh5XSSsgcaiZ4IrifpCcrcbMbMX86Szut_HAGjE3ueIqIvoAXK-zHII6RsaPzVod0hn2UTnGMCUHGKLY6IMs_h49Iz9pXME6BcXEaSFNMOesXAVhEajBvXtrz7cEA",
  "payload": ""
}
2021-05-02 04:08:19,826:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/12544471400 HTTP/1.1" 200 768
2021-05-02 04:08:19,827:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 02 May 2021 08:08:19 GMT
Content-Type: application/json
Content-Length: 768
Connection: keep-alive
Boulder-Requester: 102771043
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104HzWI51qu2v3nDAmpkIDFg3CWGjv98I_GnSbLldCyFf8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "hrl7.alphatest.net"
  },
  "status": "valid",
  "expires": "2021-05-22T21:17:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "valid",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/12544471400/PIEAFg",
      "token": "LuzD4xKKHnjZ7Tx9F0KUIcxnPpFo_OIhjdQqSwmcQQc",
      "validationRecord": [
        {
          "url": "http://hrl7.alphatest.net/.well-known/acme-challenge/LuzD4xKKHnjZ7Tx9F0KUIcxnPpFo_OIhjdQqSwmcQQc",
          "hostname": "hrl7.alphatest.net",
          "port": "80",
          "addressesResolved": [
            "108.6.122.243"
          ],
          "addressUsed": "108.6.122.243"
        }
      ],
      "validated": "2021-04-22T21:17:13Z"
    }
  ]
}
2021-05-02 04:08:19,999:DEBUG:acme.client:Storing nonce: 0104ljgZQIp5KLITWI6plEHUATE2O8N7IbEExdU4DwGOeb0
2021-05-02 04:08:19,999:DEBUG:acme.client:JWS payload:
b''
2021-05-02 04:08:20,004:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/12544471403:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAyNzcxMDQzIiwgIm5vbmNlIjogIjAxMDRsamdaUUlwNUtMSVRXSTZwbEVIVUFURTJPOE43SWJFRXhkVTREd0dPZWIwIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMjU0NDQ3MTQwMyJ9",
  "signature": "KyTdnNKNThOB9XzdygBUOfDrjrPbOhpmFXvA0kH9cMeUhvtX2dv1-KinooggPBv3XAEDCdyiGSrp9ufoCRShAkksSvqDpsefYF_mZ_sAdck2xSr1JR9FZiqYIGXsSmPiiU44KRS7VVojQfz-xW_RB0KkLwaEcA_Ytus5-mb6OQQ2n5hOHHWbKAVz0HPcWWkWIyixJrHMHUFV3gD7S71aHWROIjkCq87x2xjoeB_qnGZQCIegWEey_bVx0baUqjvQcVKJKFfb1qYQhczzhpsSt8G40OFkkUjmUWwLH-EUPdZ49wumHvjOjfXEsvXnHIKPUfyVf2TLoJu3JvLpmBWuQQ",
  "payload": ""
}
2021-05-02 04:08:20,091:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/12544471403 HTTP/1.1" 200 765
2021-05-02 04:08:20,092:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 02 May 2021 08:08:20 GMT
Content-Type: application/json
Content-Length: 765
Connection: keep-alive
Boulder-Requester: 102771043
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103eSLvNKrl1CIYn0BNkwxvQIpnp2NjHmcpKq0744C2gPg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.alphatest.net"
  },
  "status": "valid",
  "expires": "2021-05-22T21:17:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "valid",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/12544471403/_P1wLg",
      "token": "wVdsEf179QR9Mv43SFVIAmbA_YUwONz5DC8FE8NBqC4",
      "validationRecord": [
        {
          "url": "http://www.alphatest.net/.well-known/acme-challenge/wVdsEf179QR9Mv43SFVIAmbA_YUwONz5DC8FE8NBqC4",
          "hostname": "www.alphatest.net",
          "port": "80",
          "addressesResolved": [
            "108.6.122.243"
          ],
          "addressUsed": "108.6.122.243"
        }
      ],
      "validated": "2021-04-22T21:17:13Z"
    }
  ]
}
2021-05-02 04:08:20,092:DEBUG:acme.client:Storing nonce: 0103eSLvNKrl1CIYn0BNkwxvQIpnp2NjHmcpKq0744C2gPg
2021-05-02 04:08:20,092:DEBUG:acme.client:JWS payload:
b''
2021-05-02 04:08:20,097:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/12787768209:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAyNzcxMDQzIiwgIm5vbmNlIjogIjAxMDNlU0x2TktybDFDSVluMEJOa3d4dlFJcG5wMk5qSG1jcEtxMDc0NEMyZ1BnIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMjc4Nzc2ODIwOSJ9",
  "signature": "Ef2sQILTgIKMm-BqDYpovxTPPFQ3VKpHa8lcektl4YyVzl0du4FQ2T1Unwj538VrJcHxOFPaswJGVDtiK-ku8CxoS4rsVpGOPHRZwA7BK8qyQ-DL2833dAQxbF0aeWDL37VzPx3Fcc_wSVe4K2sb8mghzSz6JZNESPRM7xdwyzRBAbYQwUGaYSdLr2UirtxKqC0XOKbZkxW5HyFaqeSs8cuPEzBXvoeU-zZzxajV8VWrJZddbjYRQycl9_RIx2ciGaUL3tdgdP5Xm2H_VSAj_sN4P1M_53PG8Jwk-JkX7DNnlpB4Ol7oaI9r8sPjThbSIj8phFRL8a0DyOiCZmuhjw",
  "payload": ""
}
2021-05-02 04:08:20,180:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/12787768209 HTTP/1.1" 200 794
2021-05-02 04:08:20,180:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 02 May 2021 08:08:20 GMT
Content-Type: application/json
Content-Length: 794
Connection: keep-alive
Boulder-Requester: 102771043
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103X8n6F3uqd8UszWgpSdBWlwE066qDqzNGJo9Z4HNs8I8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "alphatest.net"
  },
  "status": "pending",
  "expires": "2021-05-09T08:08:19Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/12787768209/W4aiJQ",
      "token": "PdEQrF4GrgAVrz4NnBV0t-ngZL0_uWlgevLeidYWaho"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/12787768209/WwXRSA",
      "token": "PdEQrF4GrgAVrz4NnBV0t-ngZL0_uWlgevLeidYWaho"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/12787768209/Xj1MKQ",
      "token": "PdEQrF4GrgAVrz4NnBV0t-ngZL0_uWlgevLeidYWaho"
    }
  ]
}
2021-05-02 04:08:20,181:DEBUG:acme.client:Storing nonce: 0103X8n6F3uqd8UszWgpSdBWlwE066qDqzNGJo9Z4HNs8I8
2021-05-02 04:08:20,183:INFO:certbot.auth_handler:Performing the following challenges:
2021-05-02 04:08:20,183:INFO:certbot.auth_handler:http-01 challenge for alphatest.net
2021-05-02 04:08:20,605:DEBUG:certbot_apache.http_01:Adding a temporary challenge validation Include for name: alphatest.net in: /etc/apache2/sites-enabled/alphatest.net-le-ssl.conf
2021-05-02 04:08:20,606:DEBUG:certbot_apache.http_01:Adding a temporary challenge validation Include for name: alphatest.net in: /etc/apache2/sites-enabled/alphatest.net.conf
2021-05-02 04:08:20,606:DEBUG:certbot_apache.http_01:writing a pre config file with text:
         RewriteEngine on
        RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
    
2021-05-02 04:08:20,607:DEBUG:certbot_apache.http_01:writing a post config file with text:
         <Directory /var/lib/letsencrypt/http_challenges>
            Require all granted
        </Directory>
        <Location /.well-known/acme-challenge>
            Require all granted
        </Location>
    
2021-05-02 04:08:20,638:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/alphatest.net.conf
2021-05-02 04:08:20,638:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/alphatest.net-le-ssl.conf
2021-05-02 04:08:23,917:INFO:certbot.auth_handler:Waiting for verification...
2021-05-02 04:08:23,918:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "challenge",\n  "type": "http-01"\n}'
2021-05-02 04:08:23,924:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/12787768209/W4aiJQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAyNzcxMDQzIiwgIm5vbmNlIjogIjAxMDNYOG42RjN1cWQ4VXN6V2dwU2RCV2x3RTA2NnFEcXpOR0pvOVo0SE5zOEk4IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xMjc4Nzc2ODIwOS9XNGFpSlEifQ",
  "signature": "gs5_p4hyzTwiVDEQ6ylajoIHvihTFI3IiEF-vvIh-Xatbf8SLHdX1SVtHDcZ8buBpbzbQtgiqA5Uij_ic3AfFVRva3t1fOiYv_2i23hujF_fbfYvhcuyWIqONiIbiYg9mmbwVt4EHtmQhnlfIkgC5z2qj_45WNgPtKLhV0G_r2Urui0eGk2ZzcuoPFnqdnuoM1GseTwEr7Sd-Bv5D3Clro2EGh2IFG2h1YS0ibLKQmend2AYbMiSn086oeMZisw2WyMkHj2BmsW7nnK2uPWxuOMAOYpDNyXXdm-yx7ZXU_1k5bSmZJFegR3ongCAIph0TMUKLx_LbsB0YSFUkSbg1Q",
  "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
2021-05-02 04:08:24,018:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/12787768209/W4aiJQ HTTP/1.1" 200 186
2021-05-02 04:08:24,020:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 02 May 2021 08:08:23 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 102771043
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/12787768209>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/12787768209/W4aiJQ
Replay-Nonce: 0103bd18eM4vU7QXnOpqYt6o7k-dDQlXAakGEv8y-EGt7MU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/12787768209/W4aiJQ",
  "token": "PdEQrF4GrgAVrz4NnBV0t-ngZL0_uWlgevLeidYWaho"
}
2021-05-02 04:08:24,020:DEBUG:acme.client:Storing nonce: 0103bd18eM4vU7QXnOpqYt6o7k-dDQlXAakGEv8y-EGt7MU
2021-05-02 04:08:27,024:DEBUG:acme.client:JWS payload:
b''
2021-05-02 04:08:27,029:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/12787768209:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAyNzcxMDQzIiwgIm5vbmNlIjogIjAxMDNiZDE4ZU00dlU3UVhuT3BxWXQ2bzdrLWREUWxYQWFrR0V2OHktRUd0N01VIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMjc4Nzc2ODIwOSJ9",
  "signature": "l4LRTPz5pAH6185mA6U-9hrBWm67s7tnKW4PkY_PsSLSq7SP4hZboo6E3MeFpdtdlrzbVsu2vuPg5XMkQp5kcKpq1OvO93XNlrOvrSO5IeVAUCX14cRBYgekkeLFp6vE3YXEFrURmK0QdQI6yo3GAII2gtI--ZkZD4IpmtuXtuHobTKpzAvUaTupjM1Roa3pPUDg1zKhiqcO0A_E94vvYGqzbf0f5jFjqkHGn5fxQyHdRJEhC-K9M0rDTE5zHdaa6xt71FkxdwrNMpfSeISUL4rzAFCqw8lFu69Zh9jtEHMd_jhQbINWwOhFva13sSPTjv6wkO7adl2JBYb9Gt3DCQ",
  "payload": ""
}
2021-05-02 04:08:27,112:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/12787768209 HTTP/1.1" 200 1260
2021-05-02 04:08:27,112:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 02 May 2021 08:08:27 GMT
Content-Type: application/json
Content-Length: 1260
Connection: keep-alive
Boulder-Requester: 102771043
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103ReqU4ew-iBQMiX5gos0b9mFXt3gUSRGpv5bsZDL1Cns
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "alphatest.net"
  },
  "status": "invalid",
  "expires": "2021-05-09T08:08:19Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "Invalid response from http://alphatest.net/.well-known/acme-challenge/PdEQrF4GrgAVrz4NnBV0t-ngZL0_uWlgevLeidYWaho [108.6.122.243]: \"\u003c!DOCTYPE HTML PUBLIC \\\"-//IETF//DTD HTML 2.0//EN\\\"\u003e\\n\u003chtml\u003e\u003chead\u003e\\n\u003ctitle\u003e404 Not Found\u003c/title\u003e\\n\u003c/head\u003e\u003cbody\u003e\\n\u003ch1\u003eNot Found\u003c/h1\u003e\\n\u003cp\"",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/12787768209/W4aiJQ",
      "token": "PdEQrF4GrgAVrz4NnBV0t-ngZL0_uWlgevLeidYWaho",
      "validationRecord": [
        {
          "url": "http://alphatest.net/.well-known/acme-challenge/PdEQrF4GrgAVrz4NnBV0t-ngZL0_uWlgevLeidYWaho",
          "hostname": "alphatest.net",
          "port": "80",
          "addressesResolved": [
            "108.6.122.243"
          ],
          "addressUsed": "108.6.122.243"
        }
      ],
      "validated": "2021-05-02T08:08:23Z"
    }
  ]
}
2021-05-02 04:08:27,113:DEBUG:acme.client:Storing nonce: 0103ReqU4ew-iBQMiX5gos0b9mFXt3gUSRGpv5bsZDL1Cns
2021-05-02 04:08:27,114:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: alphatest.net
Type:   unauthorized
Detail: Invalid response from http://alphatest.net/.well-known/acme-challenge/PdEQrF4GrgAVrz4NnBV0t-ngZL0_uWlgevLeidYWaho [108.6.122.243]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2021-05-02 04:08:27,115:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. alphatest.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://alphatest.net/.well-known/acme-challenge/PdEQrF4GrgAVrz4NnBV0t-ngZL0_uWlgevLeidYWaho [108.6.122.243]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

2021-05-02 04:08:27,115:DEBUG:certbot.error_handler:Calling registered functions
2021-05-02 04:08:27,116:INFO:certbot.auth_handler:Cleaning up challenges
2021-05-02 04:08:27,932:WARNING:certbot.renewal:Attempting to renew cert (alphatest.net) from /etc/letsencrypt/renewal/alphatest.net.conf produced an unexpected error: Failed authorization procedure. alphatest.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://alphatest.net/.well-known/acme-challenge/PdEQrF4GrgAVrz4NnBV0t-ngZL0_uWlgevLeidYWaho [108.6.122.243]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p". Skipping.
2021-05-02 04:08:27,934:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 465, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1193, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 323, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. alphatest.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://alphatest.net/.well-known/acme-challenge/PdEQrF4GrgAVrz4NnBV0t-ngZL0_uWlgevLeidYWaho [108.6.122.243]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

2021-05-02 04:08:27,942:INFO:certbot.renewal:Cert not yet due for renewal
2021-05-02 04:08:27,943:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-05-02 04:08:27,944:DEBUG:certbot.plugins.selection:Selecting plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f3ff1d67d30>
2021-05-02 04:08:27,944:DEBUG:certbot.plugins.storage:Plugin storage file /etc/letsencrypt/.pluginstorage.json was empty, no values loaded
2021-05-02 04:08:27,948:INFO:certbot.renewal:Cert not yet due for renewal
2021-05-02 04:08:27,949:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-05-02 04:08:27,949:DEBUG:certbot.plugins.selection:Selecting plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f3ff1d679b0>
2021-05-02 04:08:27,949:DEBUG:certbot.plugins.storage:Plugin storage file /etc/letsencrypt/.pluginstorage.json was empty, no values loaded
2021-05-02 04:08:27,953:INFO:certbot.renewal:Cert not yet due for renewal
2021-05-02 04:08:27,954:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-05-02 04:08:27,954:DEBUG:certbot.plugins.selection:Selecting plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f3ff1d861d0>
2021-05-02 04:08:27,955:DEBUG:certbot.plugins.storage:Plugin storage file /etc/letsencrypt/.pluginstorage.json was empty, no values loaded
2021-05-02 04:08:27,958:INFO:certbot.renewal:Cert not yet due for renewal
2021-05-02 04:08:27,959:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-05-02 04:08:27,959:DEBUG:certbot.plugins.selection:Selecting plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f3ff1ddcba8>
2021-05-02 04:08:27,960:DEBUG:certbot.plugins.storage:Plugin storage file /etc/letsencrypt/.pluginstorage.json was empty, no values loaded
2021-05-02 04:08:27,964:INFO:certbot.renewal:Cert not yet due for renewal
2021-05-02 04:08:27,964:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-05-02 04:08:27,965:DEBUG:certbot.plugins.selection:Selecting plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f3ff1d86588>
2021-05-02 04:08:27,965:DEBUG:certbot.plugins.storage:Plugin storage file /etc/letsencrypt/.pluginstorage.json was empty, no values loaded
2021-05-02 04:08:27,969:INFO:certbot.renewal:Cert not yet due for renewal
2021-05-02 04:08:27,969:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-05-02 04:08:27,970:DEBUG:certbot.plugins.selection:Selecting plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f3ff1d865f8>
2021-05-02 04:08:27,970:DEBUG:certbot.plugins.storage:Plugin storage file /etc/letsencrypt/.pluginstorage.json was empty, no values loaded
2021-05-02 04:08:27,974:INFO:certbot.renewal:Cert not yet due for renewal
2021-05-02 04:08:27,975:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-05-02 04:08:27,975:DEBUG:certbot.plugins.selection:Selecting plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f3ff1d672e8>
2021-05-02 04:08:27,975:DEBUG:certbot.plugins.storage:Plugin storage file /etc/letsencrypt/.pluginstorage.json was empty, no values loaded
2021-05-02 04:08:27,975:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2021-05-02 04:08:27,976:ERROR:certbot.renewal:  /etc/letsencrypt/live/alphatest.net/fullchain.pem (failure)
2021-05-02 04:08:27,976:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 490, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2

Hi @stevemanes

if you use the apache authenticator and if that doesn't work, Certbot doesn't understand your configuration.

What says

apachectl -S
3

ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www" id=80
Group: name="www" id=80

4

Is this really your output?

There is no vHost defined. So Certbot can't find a matching vHost.

Create one - port 80. Your system has a sample.

5

Actually I have 16 virtual hosts defined and working. I'm not sure where apachectl -S is pulling that "Main DocumentRoot". I don't have /var/www/html defined anywhere in my configs.

This is the header for alphatest.net:443:

<IfModule mod_ssl.c>
    <VirtualHost *:443>
      ServerName  alphatest.net
      ServerAlias www.alphatest.net
      DocumentRoot /web/htdocs
    ....

Here's http:

<VirtualHost *:80>
  ServerName  alphatest.net
  ServerAlias www.alphatest.net
  DocumentRoot /web/htdocs
  ...
6

Compare it with other results:

(1) I deleted my ssl cert and now certbot won't let me get another one - #5 by zeesteve1

(2) How to force Apache 2.4 (httpd) to read fullchain.pem? certbot seems to work but I have an https:// issue X86_64 GNU/Linux (Linux 2 AMI) - #61 by OnEarth

Defined vHosts are required. apachectl -S must show these.

If apachectl -S doesn't show these, they are not used. May be not enabled.

7

I assure you, these virtual host sites have been running fine for years. And when I can get certbot to update them, they work with https too.

Here's one: https://annabelgreen.com/

I see that DocumentRoot is just being pulled from apache2.conf.

Maybe it's not showing the vhosts because I keep my site configs in separate conf files, not in apache2.conf?

8

I fixed it. I was missing a 443 VHost in 000-default.conf.

9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.