Hello dear friends.
First of all, respect for your work.
But actually I have a problem renewing my certificate and can’t find the bug.
Referenced Host/Domain: home.rhein-main-festival.org (CNAME to fritz-box)
System: OSX (name -a shows: Darwin home.rhein-main-festival.org 16.6.0 Darwin Kernel Version 16.6.0: Fri Apr 14 16:21:16 PDT 2017; root:xnu-3789.60.24~6/RELEASE_X86_64 x86_64) running Apache/2.4.23 (Unix) LibreSSL/2.2.7 mod_wsgi/3.4 Python/2.7.10 PHP/5.6.27 configured
–
Log-File:
Cleaning up challenges
Unable to clean up challenge directory /Library/Server/Web/Data/Sites/Default/.well-known/acme-challenge
Attempting to renew cert from /etc/letsencrypt/renewal/home.rhein-main-festival.org.conf produced an unexpected error: Failed authorization procedure. home.rhein-main-festival.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://home.rhein-main-festival.org/.well-known/acme-challenge/JLQmyJqDW4oeIl4vnuzqz_H8_sasK-KQVKkw-Dr5RMU: Timeout. Skipping.
Processing /etc/letsencrypt/renewal/home.rhein-main-festival.org.conf
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/home.rhein-main-festival.org/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: home.rhein-main-festival.org
Type: connection
Detail: Fetching
http://home.rhein-main-festival.org/.well-known/acme-challenge/JLQmyJqDW4oeIl4vnuzqz_H8_sasK-KQVKkw-Dr5RMU:
TimeoutTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Dry-run, same result, gives me the following debug.log:
2017-06-18 17:08:11,175:DEBUG:certbot.main:certbot version: 0.15.0
2017-06-18 17:08:11,175:DEBUG:certbot.main:Arguments: [’–manual-public-ip-logging-ok’, ‘–agree-tos’, ‘–dry-run’]
2017-06-18 17:08:11,175:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2017-06-18 17:08:11,331:DEBUG:certbot.log:Root logging level set at 20
2017-06-18 17:08:11,332:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-06-18 17:08:11,558:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x1081a43d0> and installer <certbot.cli._Default object at 0x1081a43d0>
2017-06-18 17:08:11,558:DEBUG:certbot.cli:Default Detector is Namespace(account=<certbot.cli._Default object at 0x10819f2d0>, agree_dev_preview=None, allow_subset_of_names=<certbot.cli._Default object at 0x10819f090>, apache=<certbot.cli._Default object at 0x1081a46d0>, apache_challenge_location=<certbot.cli._Default object at 0x1081a9a10>, apache_ctl=<certbot.cli._Default object at 0x1081a9e10>, apache_dismod=<certbot.cli._Default object at 0x1081a9450>, apache_enmod=<certbot.cli._Default object at 0x1081a9350>, apache_handle_modules=<certbot.cli._Default object at 0x1081a9b90>, apache_handle_sites=<certbot.cli._Default object at 0x1081a9d10>, apache_init_script=<certbot.cli._Default object at 0x1081a9f50>, apache_le_vhost_ext=<certbot.cli._Default object at 0x1081a9590>, apache_logs_root=<certbot.cli._Default object at 0x1081a98d0>, apache_server_root=<certbot.cli._Default object at 0x1081a96d0>, apache_vhost_root=<certbot.cli._Default object at 0x1081a97d0>, authenticator=<certbot.cli._Default object at 0x1081a43d0>, break_my_certs=<certbot.cli._Default object at 0x10819fe90>, cert_path=<certbot.cli._Default object at 0x1081a1b90>, certname=<certbot.cli._Default object at 0x10804c550>, chain_path=<certbot.cli._Default object at 0x1081a1e90>, checkpoints=<certbot.cli._Default object at 0x1081a1690>, config_dir=<certbot.cli._Default object at 0x1081a1f90>, config_file=None, configurator=<certbot.cli._Default object at 0x1081a43d0>, csr=<certbot.cli._Default object at 0x1081a1490>, debug=<certbot.cli._Default object at 0x10819f9d0>, debug_challenges=<certbot.cli._Default object at 0x10819fad0>, dialog=None, dns_cloudflare=<certbot.cli._Default object at 0x1081a4bd0>, dns_cloudxns=<certbot.cli._Default object at 0x1081a4cd0>, dns_digitalocean=<certbot.cli._Default object at 0x1081a4dd0>, dns_dnsimple=<certbot.cli._Default object at 0x1081a4ed0>, dns_google=<certbot.cli._Default object at 0x1081a4fd0>, dns_nsone=<certbot.cli._Default object at 0x1081a9110>, dns_route53=<certbot.cli._Default object at 0x1081a9210>, domains=<certbot.cli._Default object at 0x10804cb10>, dry_run=True, duplicate=<certbot.cli._Default object at 0x10819f3d0>, eff_email=<certbot.cli._Default object at 0x108169b50>, email=<certbot.cli._Default object at 0x108169d50>, expand=<certbot.cli._Default object at 0x108169550>, force_interactive=<certbot.cli._Default object at 0x10804cc90>, fullchain_path=<certbot.cli._Default object at 0x1081a1d90>, func=<function renew at 0x107de77d0>, hsts=<certbot.cli._Default object at 0x10819f490>, http01_address=<certbot.cli._Default object at 0x10819ffd0>, http01_port=<certbot.cli._Default object at 0x10819fed0>, ifaces=<certbot.cli._Default object at 0x1081a1990>, init=<certbot.cli._Default object at 0x1081a1790>, installer=<certbot.cli._Default object at 0x1081a43d0>, key_path=<certbot.cli._Default object at 0x1081a1c90>, logs_dir=<certbot.cli._Default object at 0x1081a41d0>, manual=<certbot.cli._Default object at 0x1081a49d0>, manual_auth_hook=<certbot.cli._Default object at 0x1081a9310>, manual_cleanup_hook=<certbot.cli._Default object at 0x1081ae1d0>, manual_public_ip_logging_ok=True, must_staple=<certbot.cli._Default object at 0x10819fa90>, nginx=<certbot.cli._Default object at 0x1081a47d0>, nginx_ctl=<certbot.cli._Default object at 0x1081ae510>, nginx_server_root=<certbot.cli._Default object at 0x1081ae090>, no_bootstrap=<certbot.cli._Default object at 0x10819f6d0>, no_self_upgrade=<certbot.cli._Default object at 0x10819f5d0>, no_verify_ssl=<certbot.cli._Default object at 0x10819fbd0>, noninteractive_mode=<certbot.cli._Default object at 0x10804ce50>, num=<certbot.cli._Default object at 0x1081a1290>, os_packages_only=<certbot.cli._Default object at 0x10819f4d0>, post_hook=<certbot.cli._Default object at 0x10804cdd0>, pre_hook=<certbot.cli._Default object at 0x10804c290>, pref_challs=<certbot.cli._Default object at 0x10804c850>, prepare=<certbot.cli._Default object at 0x1081a1890>, quiet=<certbot.cli._Default object at 0x10819f7d0>, reason=<certbot.cli._Default object at 0x1081a1590>, redirect=<certbot.cli._Default object at 0x10819f890>, register_unsafely_without_email=<certbot.cli._Default object at 0x10804c9d0>, reinstall=<certbot.cli._Default object at 0x1081697d0>, renew_by_default=<certbot.cli._Default object at 0x108169310>, renew_hook=<certbot.cli._Default object at 0x108054050>, renew_with_new_domains=<certbot.cli._Default object at 0x108169150>, rsa_key_size=<certbot.cli._Default object at 0x10819fc90>, server=<certbot.cli._Default object at 0x1081a42d0>, staging=<certbot.cli._Default object at 0x10819f8d0>, standalone=<certbot.cli._Default object at 0x1081a48d0>, standalone_supported_challenges=<certbot.cli._Default object at 0x1081ae610>, staple=<certbot.cli._Default object at 0x1081696d0>, strict_permissions=<certbot.cli._Default object at 0x108169e50>, text_mode=<certbot.cli._Default object at 0x10804c450>, tls_sni_01_address=<certbot.cli._Default object at 0x10819fdd0>, tls_sni_01_port=<certbot.cli._Default object at 0x10819fcd0>, tos=True, uir=<certbot.cli._Default object at 0x108169dd0>, update_registration=<certbot.cli._Default object at 0x108169ed0>, user_agent=<certbot.cli._Default object at 0x1081a1390>, validate_hooks=<certbot.cli._Default object at 0x108054310>, verb=‘renew’, verbose_count=<certbot.cli._Default object at 0x1080541d0>, webroot=<certbot.cli._Default object at 0x1081a4ad0>, webroot_map=<certbot.cli._Default object at 0x1081ae810>, webroot_path=<certbot.cli._Default object at 0x1081ae410>, work_dir=<certbot.cli._Default object at 0x1081a40d0>)
2017-06-18 17:08:11,567:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2017-06-15 07:38:00 UTC.
2017-06-18 17:08:11,567:INFO:certbot.renewal:Cert is due for renewal, auto-renewing…
2017-06-18 17:08:11,585:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2017-06-18 17:08:11,588:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x1081a9fd0>
Prep: True
2017-06-18 17:08:11,589:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x1081a9fd0> and installer None
2017-06-18 17:08:11,653:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, contact=(u’mailto:joerg@rhein-main-festival.org’,), agreement=u’https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf’, key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x106f061d0>)>)), uri=u’https://acme-staging.api.letsencrypt.org/acme/reg/437790’, new_authzr_uri=u’https://acme-staging.api.letsencrypt.org/acme/new-authz’, terms_of_service=u’https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf’), dba833902103cafa148fc7be087be705, Meta(creation_host=u’p57b2405f.dip0.t-ipconnect.de’, creation_dt=datetime.datetime(2016, 10, 21, 8, 15, 36, tzinfo=)))>
2017-06-18 17:08:11,668:DEBUG:acme.client:Sending GET request to https://acme-staging.api.letsencrypt.org/directory.
2017-06-18 17:08:11,729:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2017-06-18 17:08:12,042:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 473
2017-06-18 17:08:12,042:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 473
Boulder-Request-Id: gHD9IQ2EZf4_96u3UdJCvuAMoz6LbKBqm3BFXPCf3aY
Replay-Nonce: XQwwLnzs05nLYJaYDfPpWtz9076CwZJRGx_fAdyD99Q
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 18 Jun 2017 17:08:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 18 Jun 2017 17:08:12 GMT
Connection: keep-alive
{
“MSxKcdmpptk”: “Adding random entries to the directory”,
“key-change”: “https://acme-staging.api.letsencrypt.org/acme/key-change”,
“new-authz”: “https://acme-staging.api.letsencrypt.org/acme/new-authz”,
“new-cert”: “https://acme-staging.api.letsencrypt.org/acme/new-cert”,
“new-reg”: “https://acme-staging.api.letsencrypt.org/acme/new-reg”,
“revoke-cert”: “https://acme-staging.api.letsencrypt.org/acme/revoke-cert”
}
2017-06-18 17:08:12,043:INFO:certbot.main:Renewing an existing certificate
2017-06-18 17:08:12,044:DEBUG:acme.client:Requesting fresh nonce
2017-06-18 17:08:12,044:DEBUG:acme.client:Sending HEAD request to https://acme-staging.api.letsencrypt.org/acme/new-authz.
2017-06-18 17:08:12,252:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging.api.letsencrypt.org:443 “HEAD /acme/new-authz HTTP/1.1” 405 0
2017-06-18 17:08:12,252:DEBUG:acme.client:Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Boulder-Request-Id: onJI-oQuQQv73O1nr3yCgCWqN4Lt9oD6jYfejXzlfsk
Replay-Nonce: FZo0qTe4gHGSxgHctHhd9KiZVqIpnyowFnbO0OtlM1g
Expires: Sun, 18 Jun 2017 17:08:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 18 Jun 2017 17:08:12 GMT
Connection: keep-alive
2017-06-18 17:08:12,252:DEBUG:acme.client:Storing nonce: FZo0qTe4gHGSxgHctHhd9KiZVqIpnyowFnbO0OtlM1g
2017-06-18 17:08:12,253:DEBUG:acme.client:JWS payload:
{
“identifier”: {
“type”: “dns”,
“value”: “home.rhein-main-festival.org”
},
“resource”: “new-authz”
}
2017-06-18 17:08:12,263:DEBUG:acme.client:Sending POST request to https://acme-staging.api.letsencrypt.org/acme/new-authz:
{
“protected”: “eyJub25jZSI6ICJGWm8wcVRlNGdIR1N4Z0hjdEhoZDlLaVpWcUlwbnlvd0ZuYk8wT3RsTTFnIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiMWhUUDVEVzFqejc3YkNPNDhnY0hkcFNwNE5qRlNteU1zaG5qOFVpNHhHRUJEdXp2TGNxZ2FRYjVSRjBxNzFIdTQwcVplTWpWQ2t3QUk3MkFiZlN1Y0xOSzVldlZ3UnN2MDhIU3ZQVnN5dEtMLUZqQmhHOWRBLTdSSGY2Z3VkdWV4SlZ1Z2pjTklObkl4RGZSaHFsNkNwWUVfVEhnVFV3aUF3RWNwRU5mZkpQWUt1OWtsSUIzZlRORFctaW1yUkFmY1lLRWRfUFBkYVloUEZtT0c2SmR5dGJBR2hTLTFmSEcwU0RKOFBvLUZNSkNuc3VtdVFyUl9mLVJRODdzLWNwbUdtTjJFendqc2R5bzhiNWU0eGd4QktUWFA3WFpvdjZPNFhMR2ZQSHdORkpBSHRFV0loaVdxbFFWY1JybUhsTldyaGJWeUNBUDhMUDdqcEpHajBXOFk2ZGtvSFFwWGFpem4yTlRKWEd5STF1Qm9lcGhPVURrUHd3bHpINnhTWG9tdGpKeVhmZkRzLWI0QWtxTUUyeS1sZlZNaU56U3RuZGs4c2w2b3RrNjA5azF0RHVDak5tWlRYSUJjN1ZjTDIxUEMxOENadmEyZ3ZPaTFoSW5wQWRPS3pQd0JPSmpjRjZxT1RocWdiNU1DVDFacDc1R3FfYU1lcmZsRjdsWldWTktNZ21DWXpfd1ZxYjlCZ0IweVBDX21EdGRGcHdTSm1xb1MtaVI3QUsxYWcxLUwwd2Mzdk10VG1TSDYzRnRuS1lwUTZSeU5oWnhiNjdELTg3YkFRbDYxZzJVNTVJS28yZS1ReFB2SFc5NXRYenVyVGkxMEFlUkJ0MUJCczdHUGc4V0hqeUIwMV9oVXRacmFHcTRWZDRVVVhqSFo2UXJXOFBLaW5kcHY0WkJiT00ifX0”,
“payload”: “ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAiaG9tZS5yaGVpbi1tYWluLWZlc3RpdmFsLm9yZyIKICB9LCAKICAicmVzb3VyY2UiOiAibmV3LWF1dGh6Igp9”,
“signature”: “QCnnwyOLRpFjouSwgh7DyaQq7ZU5uJRyqQsU34hmSHonbSaPv6QG_nhkSliMtDNNEHgd3_AWghHpbVgpfdi-rX2QS8x9D6VYBD-SkbCB1i0b6otRhxnnckVxJQUyKHsxVmmeeRN8GTEOTg8tgM5_Elw_1tj2brm8558KbUdZs-jcwJhuQ4jXv0ZE1DFNo43evDG9A6JVCBiXOF6-N51yoWxES-d7dd0m8CXVaD_1ij39-2xroArFVfEEcFQwJ9k-rkVB2SwghV5Sktm_q09BewCfTZA2-KtyVHNfDLYD3A22N-vXuu8xg9SWfvkluP-LAQRzgs4gV_wpd3LUfr6bMZ0dEFxWcD5sZjDyXEzw8Aacee9YjAgyD0JNOKxfFqiEam6nRzhUpr7Kp6zP0ZMXcW41aTx5yZ0tPEg-uOyMcPgM840aKJx9mqqKgdPxXRpDaB587GBmwItEO3jvbmPLpX9svgRgVWEQSHrTroNT7j7yNdtrfqFMICmY7Uz9Mk-9vQa3aeCE8gAqtDh_YOpdFvg8uhi6nmDI71_kNxpk5F0QYLjxH3-UDfE1x037NMpy3gLenJuU8GOSzKD0xBUTXlFocZgDjYvPn_zaWofgSnRHip748J1Y0wJ8CDQF01nuu2mY_tDNp4MmcfDgstSDcUpI3IiZjCJeDZA8b6Unfnw”
}
2017-06-18 17:08:12,482:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging.api.letsencrypt.org:443 “POST /acme/new-authz HTTP/1.1” 201 1022
2017-06-18 17:08:12,483:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 1022
Boulder-Request-Id: GaBgX-m4jnVx3D5i9zGs6ZmGXylCA1NSzykftEoVoC8
Boulder-Requester: 437790
Link: https://acme-staging.api.letsencrypt.org/acme/new-cert;rel="next"
Location: https://acme-staging.api.letsencrypt.org/acme/authz/Tzs4GkJia_xAV7necPxUG3LBihm_YXm5_VshInxnjmE
Replay-Nonce: w0lu7zl-SFGj2brXK9UkeFKrCm2GZ3l0k4-wKzcjxm0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 18 Jun 2017 17:08:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 18 Jun 2017 17:08:12 GMT
Connection: keep-alive
{
“identifier”: {
“type”: “dns”,
“value”: “home.rhein-main-festival.org”
},
“status”: “pending”,
“expires”: “2017-06-25T17:08:12.398426746Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/Tzs4GkJia_xAV7necPxUG3LBihm_YXm5_VshInxnjmE/44460329”,
“token”: “F0tXGU17_kNoiJM5RnnGo9A-zGYjtwTmjhtkycM-Gkk”
},
{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/Tzs4GkJia_xAV7necPxUG3LBihm_YXm5_VshInxnjmE/44460330”,
“token”: “j3so_ROZtTjz8ksqsijsVecUM9QKF1_H9Ov2hn1noIw”
},
{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/Tzs4GkJia_xAV7necPxUG3LBihm_YXm5_VshInxnjmE/44460331”,
“token”: “Hx2dQTfF0dbSIXt5jxgYcIgpiWCuUTM0MnCwGnQc3eE”
}
],
“combinations”: [
[
1
],
[
0
],
[
2
]
]
}
2017-06-18 17:08:12,483:DEBUG:acme.client:Storing nonce: w0lu7zl-SFGj2brXK9UkeFKrCm2GZ3l0k4-wKzcjxm0
2017-06-18 17:08:12,484:INFO:certbot.auth_handler:Performing the following challenges:
2017-06-18 17:08:12,484:INFO:certbot.auth_handler:http-01 challenge for home.rhein-main-festival.org
2017-06-18 17:08:12,485:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /Library/Server/Web/Data/Sites/Default/.well-known/acme-challenge
2017-06-18 17:08:12,517:DEBUG:certbot.plugins.webroot:Attempting to save validation to /Library/Server/Web/Data/Sites/Default/.well-known/acme-challenge/Hx2dQTfF0dbSIXt5jxgYcIgpiWCuUTM0MnCwGnQc3eE
2017-06-18 17:08:12,519:INFO:certbot.auth_handler:Waiting for verification…
2017-06-18 17:08:12,520:DEBUG:acme.client:JWS payload:
{
“keyAuthorization”: “Hx2dQTfF0dbSIXt5jxgYcIgpiWCuUTM0MnCwGnQc3eE.VWtbXKmGVJkjAFMIMQJ-KnC8ZpRGWCFEwmqtm79uDJI”,
“type”: “http-01”,
“resource”: “challenge”
}
2017-06-18 17:08:12,531:DEBUG:acme.client:Sending POST request to https://acme-staging.api.letsencrypt.org/acme/challenge/Tzs4GkJia_xAV7necPxUG3LBihm_YXm5_VshInxnjmE/44460331:
{
“protected”: “eyJub25jZSI6ICJ3MGx1N3psLVNGR2oyYnJYSzlVa2VGS3JDbTJHWjNsMGs0LXdLemNqeG0wIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiMWhUUDVEVzFqejc3YkNPNDhnY0hkcFNwNE5qRlNteU1zaG5qOFVpNHhHRUJEdXp2TGNxZ2FRYjVSRjBxNzFIdTQwcVplTWpWQ2t3QUk3MkFiZlN1Y0xOSzVldlZ3UnN2MDhIU3ZQVnN5dEtMLUZqQmhHOWRBLTdSSGY2Z3VkdWV4SlZ1Z2pjTklObkl4RGZSaHFsNkNwWUVfVEhnVFV3aUF3RWNwRU5mZkpQWUt1OWtsSUIzZlRORFctaW1yUkFmY1lLRWRfUFBkYVloUEZtT0c2SmR5dGJBR2hTLTFmSEcwU0RKOFBvLUZNSkNuc3VtdVFyUl9mLVJRODdzLWNwbUdtTjJFendqc2R5bzhiNWU0eGd4QktUWFA3WFpvdjZPNFhMR2ZQSHdORkpBSHRFV0loaVdxbFFWY1JybUhsTldyaGJWeUNBUDhMUDdqcEpHajBXOFk2ZGtvSFFwWGFpem4yTlRKWEd5STF1Qm9lcGhPVURrUHd3bHpINnhTWG9tdGpKeVhmZkRzLWI0QWtxTUUyeS1sZlZNaU56U3RuZGs4c2w2b3RrNjA5azF0RHVDak5tWlRYSUJjN1ZjTDIxUEMxOENadmEyZ3ZPaTFoSW5wQWRPS3pQd0JPSmpjRjZxT1RocWdiNU1DVDFacDc1R3FfYU1lcmZsRjdsWldWTktNZ21DWXpfd1ZxYjlCZ0IweVBDX21EdGRGcHdTSm1xb1MtaVI3QUsxYWcxLUwwd2Mzdk10VG1TSDYzRnRuS1lwUTZSeU5oWnhiNjdELTg3YkFRbDYxZzJVNTVJS28yZS1ReFB2SFc5NXRYenVyVGkxMEFlUkJ0MUJCczdHUGc4V0hqeUIwMV9oVXRacmFHcTRWZDRVVVhqSFo2UXJXOFBLaW5kcHY0WkJiT00ifX0”,
“payload”: “ewogICJrZXlBdXRob3JpemF0aW9uIjogIkh4MmRRVGZGMGRiU0lYdDVqeGdZY0lncGlXQ3VVVE0wTW5Dd0duUWMzZUUuVld0YlhLbUdWSmtqQUZNSU1RSi1LbkM4WnBSR1dDRkV3bXF0bTc5dURKSSIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9”,
“signature”: “QDuqtK51MreQL3uZHH73i1y6IdDe-SBlbMrua5h1OdjTNyrCsJC-tHGas7eXrgecp3fukGn7Zfn_AIMekRqiOoslvbOnpMGx_LN_x5rasP4CUqY7UI0kknMY-oFNjIYfIoB2Vn7y4wU4_SqBxbQ8IUZNlydIaVfc4mvdE_Ay2A7hWnmt7UoFs2niHIbi_kPlFHaq0VE463Bh8Hmdlf5_JRrGZB0h7UjqbpUnF6R5ApfRhnXKj7Wq1XF4iaZGHwVX_3Y3hu_A4Ck5aojCrydH9G8iSa2lZYEsa0jg4BQ-OFUloJMIg4kmrQUL7wzx-aarU08tVXnhzvgdpkOVQNno5uELP7OPlZ9iCKS9iDerPOjk-kYBMqLQHcz8g46O7w86khCpjhTq_3014R56LR25DWfsd3dlNcSIIHodUqmbQWd-2Um_0xtkaezfafzGZ0PLHh9D99CG_w8fKo9XTysr-MaE5N1LZGE30qJgaHfmbGT0d4TguFvckcbuL905Dika_AfKaFxA_aE-JCwT8PSUZXQNSBr_2zMQlMx9hzP9PC4suPEs-DBa0eCmYxjCfswAwTLaetEmozILBb3bL-CLDPZ3nulUjlRNiN3uMXT2kINR872bb42aDMFvSE4JOnGoXs1lnkw9GA-bLpKXq_Z7nvAXKBOX6LufKbfq_rhRwGw”
}
2017-06-18 17:08:12,781:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging.api.letsencrypt.org:443 “POST /acme/challenge/Tzs4GkJia_xAV7necPxUG3LBihm_YXm5_VshInxnjmE/44460331 HTTP/1.1” 202 338
2017-06-18 17:08:12,782:DEBUG:acme.client:Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 338
Boulder-Request-Id: fg1a7tZ-rxXTFO-5JooxEiVcAPlHYjFBSyZp68sxIMM
Boulder-Requester: 437790
Link: https://acme-staging.api.letsencrypt.org/acme/authz/Tzs4GkJia_xAV7necPxUG3LBihm_YXm5_VshInxnjmE;rel="up"
Location: https://acme-staging.api.letsencrypt.org/acme/challenge/Tzs4GkJia_xAV7necPxUG3LBihm_YXm5_VshInxnjmE/44460331
Replay-Nonce: G5I7NeoZ9OIO8kb0-N_BdbsO5vYFVJQDEUFZUdJgEZk
Expires: Sun, 18 Jun 2017 17:08:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 18 Jun 2017 17:08:12 GMT
Connection: keep-alive
{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/Tzs4GkJia_xAV7necPxUG3LBihm_YXm5_VshInxnjmE/44460331”,
“token”: “Hx2dQTfF0dbSIXt5jxgYcIgpiWCuUTM0MnCwGnQc3eE”,
“keyAuthorization”: “Hx2dQTfF0dbSIXt5jxgYcIgpiWCuUTM0MnCwGnQc3eE.VWtbXKmGVJkjAFMIMQJ-KnC8ZpRGWCFEwmqtm79uDJI”
}
2017-06-18 17:08:12,782:DEBUG:acme.client:Storing nonce: G5I7NeoZ9OIO8kb0-N_BdbsO5vYFVJQDEUFZUdJgEZk
2017-06-18 17:08:15,787:DEBUG:acme.client:Sending GET request to https://acme-staging.api.letsencrypt.org/acme/authz/Tzs4GkJia_xAV7necPxUG3LBihm_YXm5_VshInxnjmE.
2017-06-18 17:08:15,993:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging.api.letsencrypt.org:443 “GET /acme/authz/Tzs4GkJia_xAV7necPxUG3LBihm_YXm5_VshInxnjmE HTTP/1.1” 200 1129
2017-06-18 17:08:15,994:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1129
Boulder-Request-Id: syL1P8RLcdm0WhV505ja8UNJZctIH3r0F8H_Sv16368
Link: https://acme-staging.api.letsencrypt.org/acme/new-cert;rel="next"
Replay-Nonce: 0XFXeTd9jJ8i3t7sw1MOAmyxMEIJt-s8pifVsoyjQ3s
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 18 Jun 2017 17:08:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 18 Jun 2017 17:08:16 GMT
Connection: keep-alive
{
“identifier”: {
“type”: “dns”,
“value”: “home.rhein-main-festival.org”
},
“status”: “pending”,
“expires”: “2017-06-25T17:08:12Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/Tzs4GkJia_xAV7necPxUG3LBihm_YXm5_VshInxnjmE/44460329”,
“token”: “F0tXGU17_kNoiJM5RnnGo9A-zGYjtwTmjhtkycM-Gkk”
},
{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/Tzs4GkJia_xAV7necPxUG3LBihm_YXm5_VshInxnjmE/44460330”,
“token”: “j3so_ROZtTjz8ksqsijsVecUM9QKF1_H9Ov2hn1noIw”
},
{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/Tzs4GkJia_xAV7necPxUG3LBihm_YXm5_VshInxnjmE/44460331”,
“token”: “Hx2dQTfF0dbSIXt5jxgYcIgpiWCuUTM0MnCwGnQc3eE”,
“keyAuthorization”: “Hx2dQTfF0dbSIXt5jxgYcIgpiWCuUTM0MnCwGnQc3eE.VWtbXKmGVJkjAFMIMQJ-KnC8ZpRGWCFEwmqtm79uDJI”
}
],
“combinations”: [
[
1
],
[
0
],
[
2
]
]
}
2017-06-18 17:08:19,000:DEBUG:acme.client:Sending GET request to https://acme-staging.api.letsencrypt.org/acme/authz/Tzs4GkJia_xAV7necPxUG3LBihm_YXm5_VshInxnjmE.
2017-06-18 17:08:19,214:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging.api.letsencrypt.org:443 “GET /acme/authz/Tzs4GkJia_xAV7necPxUG3LBihm_YXm5_VshInxnjmE HTTP/1.1” 200 1855
2017-06-18 17:08:19,215:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1855
Boulder-Request-Id: V_8IvEas1hMyq0JoW7YstGYNOZ9876gaZtovmYDwm98
Link: https://acme-staging.api.letsencrypt.org/acme/new-cert;rel="next"
Replay-Nonce: kVpcvldTbgpb3r1ZtKiUp3L7vgM5VjVh-gaxjSWaSSs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 18 Jun 2017 17:08:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 18 Jun 2017 17:08:19 GMT
Connection: keep-alive
{
“identifier”: {
“type”: “dns”,
“value”: “home.rhein-main-festival.org”
},
“status”: “invalid”,
“expires”: “2017-06-25T17:08:12Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/Tzs4GkJia_xAV7necPxUG3LBihm_YXm5_VshInxnjmE/44460329”,
“token”: “F0tXGU17_kNoiJM5RnnGo9A-zGYjtwTmjhtkycM-Gkk”
},
{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/Tzs4GkJia_xAV7necPxUG3LBihm_YXm5_VshInxnjmE/44460330”,
“token”: “j3so_ROZtTjz8ksqsijsVecUM9QKF1_H9Ov2hn1noIw”
},
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:connection”,
“detail”: “Fetching http://home.rhein-main-festival.org/.well-known/acme-challenge/Hx2dQTfF0dbSIXt5jxgYcIgpiWCuUTM0MnCwGnQc3eE: Timeout”,
“status”: 400
},
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/Tzs4GkJia_xAV7necPxUG3LBihm_YXm5_VshInxnjmE/44460331”,
“token”: “Hx2dQTfF0dbSIXt5jxgYcIgpiWCuUTM0MnCwGnQc3eE”,
“keyAuthorization”: “Hx2dQTfF0dbSIXt5jxgYcIgpiWCuUTM0MnCwGnQc3eE.VWtbXKmGVJkjAFMIMQJ-KnC8ZpRGWCFEwmqtm79uDJI”,
“validationRecord”: [
{
“url”: “http://home.rhein-main-festival.org/.well-known/acme-challenge/Hx2dQTfF0dbSIXt5jxgYcIgpiWCuUTM0MnCwGnQc3eE”,
“hostname”: “home.rhein-main-festival.org”,
“port”: “80”,
“addressesResolved”: [
“93.238.244.130”,
“2003:e0:33bf:3c91:3a10:d5ff:fede:efe8”
],
“addressUsed”: “2003:e0:33bf:3c91:3a10:d5ff:fede:efe8”,
“addressesTried”: []
}
]
}
],
“combinations”: [
[
1
],
[
0
],
[
2
]
]
}
2017-06-18 17:08:19,216:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: home.rhein-main-festival.org
Type: connection
Detail: Fetching http://home.rhein-main-festival.org/.well-known/acme-challenge/Hx2dQTfF0dbSIXt5jxgYcIgpiWCuUTM0MnCwGnQc3eE: Timeout
To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you’re using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2017-06-18 17:08:19,216:INFO:certbot.auth_handler:Cleaning up challenges
2017-06-18 17:08:19,216:DEBUG:certbot.plugins.webroot:Removing /Library/Server/Web/Data/Sites/Default/.well-known/acme-challenge/Hx2dQTfF0dbSIXt5jxgYcIgpiWCuUTM0MnCwGnQc3eE
2017-06-18 17:08:19,217:INFO:certbot.plugins.webroot:Unable to clean up challenge directory /Library/Server/Web/Data/Sites/Default/.well-known/acme-challenge
2017-06-18 17:08:19,217:DEBUG:certbot.plugins.webroot:Error was: [Errno 66] Directory not empty: '/Library/Server/Web/Data/Sites/Default/.well-known/acme-challenge’
2017-06-18 17:08:19,217:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/home.rhein-main-festival.org.conf produced an unexpected error: Failed authorization procedure. home.rhein-main-festival.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://home.rhein-main-festival.org/.well-known/acme-challenge/Hx2dQTfF0dbSIXt5jxgYcIgpiWCuUTM0MnCwGnQc3eE: Timeout. Skipping.
2017-06-18 17:08:19,270:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File “/Users/jobi71/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/renewal.py”, line 419, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File “/Users/jobi71/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py”, line 641, in renew_cert
_get_and_save_cert(le_client, config, lineage=lineage)
File “/Users/jobi71/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py”, line 77, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File “/Users/jobi71/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/renewal.py”, line 297, in renew_cert
new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File “/Users/jobi71/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/client.py”, line 313, in obtain_certificate
self.config.allow_subset_of_names)
File “/Users/jobi71/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/auth_handler.py”, line 81, in get_authorizations
self._respond(resp, best_effort)
File “/Users/jobi71/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/auth_handler.py”, line 138, in _respond
self._poll_challenges(chall_update, best_effort)
File “/Users/jobi71/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/auth_handler.py”, line 202, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. home.rhein-main-festival.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://home.rhein-main-festival.org/.well-known/acme-challenge/Hx2dQTfF0dbSIXt5jxgYcIgpiWCuUTM0MnCwGnQc3eE: Timeout
2017-06-18 17:08:19,270:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/Users/jobi71/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/Users/jobi71/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py”, line 743, in main
return config.func(config, plugins)
File “/Users/jobi71/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py”, line 693, in renew
renewal.handle_renewal_request(config)
File “/Users/jobi71/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/renewal.py”, line 436, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)
May you please help me, finding the bug?
Regards,
Jörg