Renewals failing due to 404

Help
1

My domain is: tirebiter.org

I ran this command: /snap/bin/certbot renew --apache --post-hook "service apache2 restart"

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/tirebiter.org-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for demo.tirebiter.org and 5 more domains

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: tirebiter.org
  Type:   unauthorized
  Detail: 76.79.152.134: Invalid response from http://tirebiter.org/.well-known/acme-challenge/87mMCL3CRilQKtySJBvDJt68hmRgAXarSZrwELTeRiw: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Failed to renew certificate tirebiter.org-0001 with error: Some challenges have failed.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/tirebiter.org-0001/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):

Server version: Apache/2.4.63 (Ubuntu)
Server built:   2025-07-14T15:12:31

The operating system my web server runs on is (include version): Ubuntu 25.04

Linux george 6.14.0-28-generic #28-Ubuntu SMP PREEMPT_DYNAMIC Wed Jul 23 12:05:14 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

My hosting provider, if applicable, is: n/a

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 4.2.0

I've been running certbot for several years and have not had a failure renewing certificate until just now. As you can see from the appended log file, all of the virtual hosts in my configuration happily respond to the Acme-Challenge except one, the default, unadorned 'http://tirebiter.org'.

They are all obviously running on the same machine and to the best of my recollection no configuration changes have been made since the last renewal.

Here's the log file in all its glory:

2025-08-25 08:42:16,827:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2025-08-25 08:42:16,920:DEBUG:certbot._internal.main:certbot version: 4.2.0
2025-08-25 08:42:16,920:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/4892/bin/certbot
2025-08-25 08:42:16,920:DEBUG:certbot._internal.main:Arguments: ['--apache', '--post-hook', 'service apache2 restart', '--preconfigured-renewal']
2025-08-25 08:42:16,920:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-08-25 08:42:16,926:DEBUG:certbot._internal.log:Root logging level set at 30
2025-08-25 08:42:16,926:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/tirebiter.org-0001.conf
2025-08-25 08:42:16,927:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2025-08-25 08:42:16,927:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2025-08-25 08:42:16,927:DEBUG:certbot.configuration:Var post_hook=service apache2 restart (set by user).
2025-08-25 08:42:16,931:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-08-25 08:42:16,932:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-08-25 08:42:17,069:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 995
2025-08-25 08:42:17,070:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 25 Aug 2025 15:42:17 GMT
Content-Type: application/json
Content-Length: 995
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "DvQeBEPClQA": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-08-25 08:42:17,070:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/renewal-info/xc9GpOr0w8B6bJXELbBeki8m47k.Bl4zV10huV_247Cz9xKd-yfW.
2025-08-25 08:42:17,105:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /acme/renewal-info/xc9GpOr0w8B6bJXELbBeki8m47k.Bl4zV10huV_247Cz9xKd-yfW HTTP/1.1" 200 101
2025-08-25 08:42:17,105:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 25 Aug 2025 15:42:17 GMT
Content-Type: application/json
Content-Length: 101
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Retry-After: 21600
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "suggestedWindow": {
    "start": "2025-08-17T09:48:02Z",
    "end": "2025-08-19T04:58:51Z"
  }
}
2025-08-25 08:42:17,107:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2025-08-25 08:42:17,108:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2025-08-25 08:42:17,162:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.63
2025-08-25 08:42:17,403:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='apache', value='certbot_apache._internal.entrypoint:ENTRYPOINT', group='certbot.plugins')
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7e00d50d6a20>
Prep: True
2025-08-25 08:42:17,403:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='apache', value='certbot_apache._internal.entrypoint:ENTRYPOINT', group='certbot.plugins')
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7e00d50d6a20>
Prep: True
2025-08-25 08:42:17,403:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7e00d50d6a20> and installer <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7e00d50d6a20>
2025-08-25 08:42:17,404:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2025-08-25 08:42:17,438:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/109943024', new_authzr_uri=None, terms_of_service=None), e0b1c578bd63eddd3607bd079cbc9a23, Meta(creation_dt=datetime.datetime(2021, 1, 18, 17, 3, 59, tzinfo=datetime.timezone.utc), creation_host='tirebiter.org', register_to_eff=None))>
2025-08-25 08:42:17,438:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-08-25 08:42:17,439:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-08-25 08:42:17,534:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 995
2025-08-25 08:42:17,534:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 25 Aug 2025 15:42:17 GMT
Content-Type: application/json
Content-Length: 995
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "hMhjuw278Ko": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-08-25 08:42:17,534:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for demo.tirebiter.org and 5 more domains
2025-08-25 08:42:17,584:DEBUG:acme.client:Requesting fresh nonce
2025-08-25 08:42:17,584:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2025-08-25 08:42:17,614:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-08-25 08:42:17,614:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 25 Aug 2025 15:42:17 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 50rCTjU6mUmXtoYerIbobdsB_p3qXek1YkQr-QltV4PhsyfZfqI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2025-08-25 08:42:17,614:DEBUG:acme.client:Storing nonce: 50rCTjU6mUmXtoYerIbobdsB_p3qXek1YkQr-QltV4PhsyfZfqI
2025-08-25 08:42:17,614:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "demo.tirebiter.org"\n    },\n    {\n      "type": "dns",\n      "value": "corpus-db.tirebiter.org"\n    },\n    {\n      "type": "dns",\n      "value": "george.tirebiter.org"\n    },\n    {\n      "type": "dns",\n      "value": "smtp.tirebiter.org"\n    },\n    {\n      "type": "dns",\n      "value": "suave2.tirebiter.org"\n    },\n    {\n      "type": "dns",\n      "value": "tirebiter.org"\n    }\n  ]\n}'
2025-08-25 08:42:17,616:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5OTQzMDI0IiwgIm5vbmNlIjogIjUwckNUalU2bVVtWHRvWWVySWJvYmRzQl9wM3FYZWsxWWtRci1RbHRWNFBoc3lmWmZxSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
  "signature": "ow-kLnOLuBOPt0HwKoDCwRp77hnbFYtPH0Q65QkcKYSVVRy7yuPvlqJv4cOoAbqZNdF3RmjVPNS0CeCom4IaakiD6ZoH119ST2DEbC0Az06bPa8VH77eGuiCql5hQgHgoIbrRSEBon7pxeM5RSpozftNjtaAmJAlbMSAmIAlGhDW1t02Iytmz_Op7MljJGZGHC8G08W-V_qlE3s2-HxjPdyMOxpdGN5TuoBKyZTzUgQ7desfFRETlx-de6pqSHRybfXL43y53g0McEEs8S9RN-dDLPZxPTJrB5HCcQz6V5QGYLebCwT7xR3hIUeEwfkAJwXr2yK--gBzR9hCkyGBbw",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImRlbW8udGlyZWJpdGVyLm9yZyIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJjb3JwdXMtZGIudGlyZWJpdGVyLm9yZyIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJnZW9yZ2UudGlyZWJpdGVyLm9yZyIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJzbXRwLnRpcmViaXRlci5vcmciCiAgICB9LAogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAic3VhdmUyLnRpcmViaXRlci5vcmciCiAgICB9LAogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAidGlyZWJpdGVyLm9yZyIKICAgIH0KICBdCn0"
}
2025-08-25 08:42:17,762:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 1094
2025-08-25 08:42:17,762:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Mon, 25 Aug 2025 15:42:17 GMT
Content-Type: application/json
Content-Length: 1094
Connection: keep-alive
Boulder-Requester: 109943024
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/109943024/421464056157
Replay-Nonce: p_cZL87hV3EoWDgcrvqBUqVCm4Gl1xkAGg0bMpq4eDUfQdeEPJ8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2025-09-01T15:42:17Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "corpus-db.tirebiter.org"
    },
    {
      "type": "dns",
      "value": "demo.tirebiter.org"
    },
    {
      "type": "dns",
      "value": "george.tirebiter.org"
    },
    {
      "type": "dns",
      "value": "smtp.tirebiter.org"
    },
    {
      "type": "dns",
      "value": "suave2.tirebiter.org"
    },
    {
      "type": "dns",
      "value": "tirebiter.org"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/109943024/570480535117",
    "https://acme-v02.api.letsencrypt.org/acme/authz/109943024/570480535137",
    "https://acme-v02.api.letsencrypt.org/acme/authz/109943024/570480535147",
    "https://acme-v02.api.letsencrypt.org/acme/authz/109943024/570480535157",
    "https://acme-v02.api.letsencrypt.org/acme/authz/109943024/570480535167",
    "https://acme-v02.api.letsencrypt.org/acme/authz/109943024/574091671407"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/109943024/421464056157"
}
2025-08-25 08:42:17,762:DEBUG:acme.client:Storing nonce: p_cZL87hV3EoWDgcrvqBUqVCm4Gl1xkAGg0bMpq4eDUfQdeEPJ8
2025-08-25 08:42:17,762:DEBUG:acme.client:JWS payload:
b''
2025-08-25 08:42:17,763:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/109943024/570480535117:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5OTQzMDI0IiwgIm5vbmNlIjogInBfY1pMODdoVjNFb1dEZ2NydnFCVXFWQ200R2wxeGtBR2cwYk1wcTRlRFVmUWRlRVBKOCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovMTA5OTQzMDI0LzU3MDQ4MDUzNTExNyJ9",
  "signature": "n3b518997k-aTYkZhKoPU9DycMHQoR4vH3SdtcEZW6-nCU4ESujDzxVLyvCMF1SWc92V_p7eMCgHPUovMJJYmSE-5OsoIkv2Ifoii4VfZcl4YFwOgVXWRA2SZsfBNbehN8QBJ7IDjMWdQ66NjTPV1w38mnloIYQbw2qfTK7C9vriqHBAj7RmSv4PSdtCmyJdTlx60_yXWZIKK12XwQZTylMyIRyGmAdDCZN3L-oJW1BOHnIMF8CeCPU4SEzFJNKXuJBbEpxP5xcpUe-aIK6z3DZ1xSqr2OatSOIEjzaJdASjMEfZL8X6w-d6q3s8SuF6Vi31plnkBf71RQhaLkTunQ",
  "payload": ""
}
2025-08-25 08:42:17,793:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/109943024/570480535117 HTTP/1.1" 200 791
2025-08-25 08:42:17,794:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 25 Aug 2025 15:42:17 GMT
Content-Type: application/json
Content-Length: 791
Connection: keep-alive
Boulder-Requester: 109943024
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: p_cZL87h1ABPp4uw9hTKndAJ19rN5Vfx-dHEjl98dIOo9a6dJDI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "corpus-db.tirebiter.org"
  },
  "status": "valid",
  "expires": "2025-09-17T00:39:45Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/109943024/570480535117/KXhn1w",
      "status": "valid",
      "validated": "2025-08-18T00:39:43Z",
      "token": "QglR4kYfoe1L6kC8oBq1sOzOTnqWGpE5I-Lumyabh9k",
      "validationRecord": [
        {
          "url": "http://corpus-db.tirebiter.org/.well-known/acme-challenge/QglR4kYfoe1L6kC8oBq1sOzOTnqWGpE5I-Lumyabh9k",
          "hostname": "corpus-db.tirebiter.org",
          "port": "80",
          "addressesResolved": [
            "76.79.152.134"
          ],
          "addressUsed": "76.79.152.134"
        }
      ]
    }
  ]
}
2025-08-25 08:42:17,794:DEBUG:acme.client:Storing nonce: p_cZL87h1ABPp4uw9hTKndAJ19rN5Vfx-dHEjl98dIOo9a6dJDI
2025-08-25 08:42:17,794:DEBUG:acme.client:JWS payload:
b''
2025-08-25 08:42:17,795:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/109943024/570480535137:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5OTQzMDI0IiwgIm5vbmNlIjogInBfY1pMODdoMUFCUHA0dXc5aFRLbmRBSjE5ck41VmZ4LWRIRWpsOThkSU9vOWE2ZEpESSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovMTA5OTQzMDI0LzU3MDQ4MDUzNTEzNyJ9",
  "signature": "mqrl53rIbVKteWGZppKaNrb_7XlmdSl8Rbc0R4mGQU2r4b5VcPgSuuCgd6t1IBFQGNL6RxBjmGAgvw95UZ2wyoc8USwpPdNviLPt_55tSsuQ1IssDk5yZW7LiX-K4uhmhKNz_loBIyYX_QaHm02Mrb-ha-r74F4INkgMCCknvPT3hsJ1NLmF74cwZyDEjQ3iicu58PhxLQea6yHa8Usu867UPGqbOtnbtatuoJqVzviOsp6HnpvBweWOMfqS6vZvcEwHhk2zauvuasOieFN9_VwjruAknztCRJ_75RdgbK1FEaRrUZ3_zxN2N3JRXMEZCMxFBGwD_XoKXTM8rG-Bhg",
  "payload": ""
}
2025-08-25 08:42:17,842:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/109943024/570480535137 HTTP/1.1" 200 776
2025-08-25 08:42:17,842:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 25 Aug 2025 15:42:17 GMT
Content-Type: application/json
Content-Length: 776
Connection: keep-alive
Boulder-Requester: 109943024
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 50rCTjU6cd1RFKQB-lXxVf3h3v1mPYPusWHShKzoU9fQQFG34Ow
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "demo.tirebiter.org"
  },
  "status": "valid",
  "expires": "2025-09-17T00:39:45Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/109943024/570480535137/GpZuPw",
      "status": "valid",
      "validated": "2025-08-18T00:39:43Z",
      "token": "1-OE25lbtEnCZ_nkXSzWH4dFUpAk4r3woAP1fOICn9Q",
      "validationRecord": [
        {
          "url": "http://demo.tirebiter.org/.well-known/acme-challenge/1-OE25lbtEnCZ_nkXSzWH4dFUpAk4r3woAP1fOICn9Q",
          "hostname": "demo.tirebiter.org",
          "port": "80",
          "addressesResolved": [
            "76.79.152.134"
          ],
          "addressUsed": "76.79.152.134"
        }
      ]
    }
  ]
}
2025-08-25 08:42:17,842:DEBUG:acme.client:Storing nonce: 50rCTjU6cd1RFKQB-lXxVf3h3v1mPYPusWHShKzoU9fQQFG34Ow
2025-08-25 08:42:17,842:DEBUG:acme.client:JWS payload:
b''
2025-08-25 08:42:17,844:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/109943024/570480535147:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5OTQzMDI0IiwgIm5vbmNlIjogIjUwckNUalU2Y2QxUkZLUUItbFh4VmYzaDN2MW1QWVB1c1dIU2hLem9VOWZRUUZHMzRPdyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovMTA5OTQzMDI0LzU3MDQ4MDUzNTE0NyJ9",
  "signature": "KOti15fj6_qS6FhBtgw-MSaGHNG7xhhvZ3ArPahIhIl1kakljeS7IElecP57e0SvVQhZqV3p4qfOliSUj52DSm7mX50Bm5pr9Flm3jdBKziff690t1aOpuhmCzkRGghBm2EoA8YA6hyZOv_MspsNOXRXbzcZCKqxwZf8t4gs36z6RoS0VW4mgf1n8t0EUBNKHKVqxChYXamM7pYsjcfNtw6D_ii3qzZ5MYj2-tuP5XY3jhuhzfLmzTalN0788bXZYxIqI8ha1LP1aq4xqT6d7MwT7gKxEfOBuNry8On1YA_7sQdrUm1QIQfGfnu9QCbScsYb8cL5zWATL2OTqWEgIQ",
  "payload": ""
}
2025-08-25 08:42:17,878:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/109943024/570480535147 HTTP/1.1" 200 782
2025-08-25 08:42:17,879:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 25 Aug 2025 15:42:17 GMT
Content-Type: application/json
Content-Length: 782
Connection: keep-alive
Boulder-Requester: 109943024
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 50rCTjU6amgrFCTI2eGh8dubmK_N2f0E5w-LxL-LA72_WC2-hA0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "george.tirebiter.org"
  },
  "status": "valid",
  "expires": "2025-09-17T00:39:45Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/109943024/570480535147/eHhDug",
      "status": "valid",
      "validated": "2025-08-18T00:39:43Z",
      "token": "UoxFXRzEaqDlhV__HU2m-YW2SFMGlUtDhlZHiwWOrcA",
      "validationRecord": [
        {
          "url": "http://george.tirebiter.org/.well-known/acme-challenge/UoxFXRzEaqDlhV__HU2m-YW2SFMGlUtDhlZHiwWOrcA",
          "hostname": "george.tirebiter.org",
          "port": "80",
          "addressesResolved": [
            "76.79.152.134"
          ],
          "addressUsed": "76.79.152.134"
        }
      ]
    }
  ]
}
2025-08-25 08:42:17,879:DEBUG:acme.client:Storing nonce: 50rCTjU6amgrFCTI2eGh8dubmK_N2f0E5w-LxL-LA72_WC2-hA0
2025-08-25 08:42:17,879:DEBUG:acme.client:JWS payload:
b''
2025-08-25 08:42:17,880:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/109943024/570480535157:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5OTQzMDI0IiwgIm5vbmNlIjogIjUwckNUalU2YW1nckZDVEkyZUdoOGR1Ym1LX04yZjBFNXctTHhMLUxBNzJfV0MyLWhBMCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovMTA5OTQzMDI0LzU3MDQ4MDUzNTE1NyJ9",
  "signature": "nNkIX8Kup-XW7Oo2d9bIWjZ9-NFiUKy1rzdPOGTAEtl7VodyC-eoVllSdocQKRy1RDJbCl4ktN33gTix2tDSe-yksn9hVdPtrF6JfkI-LahS8BNGsyH6fcYCqkgrUsIdLhSRveif9j3G53KUnzXoyscHcAcQIx9QFertzBGm6cfgjX5PA6EITpwf6HtURT1t4LkI6GPnwQY7GLeDRGbsLdVQurLezs2FPONZM5DT3SE3bMZ1cUL1zXB95okusaWy2NF7JFg9azRKNOwKtELKpa7ZxZZQnTcIxnCi_Us_QEdU-n-teFjAfpXcsbSMV6RB_HTBKYyDgTmYvqeXoFZgaQ",
  "payload": ""
}
2025-08-25 08:42:17,913:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/109943024/570480535157 HTTP/1.1" 200 776
2025-08-25 08:42:17,913:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 25 Aug 2025 15:42:17 GMT
Content-Type: application/json
Content-Length: 776
Connection: keep-alive
Boulder-Requester: 109943024
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 50rCTjU6uCC7t7zGlATrNi72my_mRgvZQoFNL3ohyH0BF1LbJew
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "smtp.tirebiter.org"
  },
  "status": "valid",
  "expires": "2025-09-17T00:39:45Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/109943024/570480535157/Zr-9cQ",
      "status": "valid",
      "validated": "2025-08-18T00:39:43Z",
      "token": "OT3azBjXRtmOjSdViMX7otO241cH-buz9t6kDqW3PmI",
      "validationRecord": [
        {
          "url": "http://smtp.tirebiter.org/.well-known/acme-challenge/OT3azBjXRtmOjSdViMX7otO241cH-buz9t6kDqW3PmI",
          "hostname": "smtp.tirebiter.org",
          "port": "80",
          "addressesResolved": [
            "76.79.152.134"
          ],
          "addressUsed": "76.79.152.134"
        }
      ]
    }
  ]
}
2025-08-25 08:42:17,913:DEBUG:acme.client:Storing nonce: 50rCTjU6uCC7t7zGlATrNi72my_mRgvZQoFNL3ohyH0BF1LbJew
2025-08-25 08:42:17,914:DEBUG:acme.client:JWS payload:
b''
2025-08-25 08:42:17,915:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/109943024/570480535167:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5OTQzMDI0IiwgIm5vbmNlIjogIjUwckNUalU2dUNDN3Q3ekdsQVRyTmk3Mm15X21SZ3ZaUW9GTkwzb2h5SDBCRjFMYkpldyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovMTA5OTQzMDI0LzU3MDQ4MDUzNTE2NyJ9",
  "signature": "orXQI8EdgfSWb4OGVcWVOR7DXzEaiGPsjCq7XDrQCfmCdqoUyf1Tkd2Iq0SI5ybAgOtohDKtzEbUGpSStVBjY-JowrWBzEuf3TeGgcxiwCXjfhpIGZBuXtHbFsrz-5cNgYz0q6rlPJcNyhEqtEhSlZE_Fzp3EZW1TFNTeSVro2wjs8N0F7WISep4mZ_sEiCXTnMTm1hocm3yQEW9XU6hhUYghL_JOnUrn-PyEuTU-6JsBtKnIc4y7PKWNyvaKL1IsMxfap9sZ7zDe3j58QRwC8-ZmTd5udqJPivOs84NvVhzVUMU37aHt3c6RA2c0jDEPCTkLfaWBI0SkqvNNI46Iw",
  "payload": ""
}
2025-08-25 08:42:17,947:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/109943024/570480535167 HTTP/1.1" 200 782
2025-08-25 08:42:17,947:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 25 Aug 2025 15:42:17 GMT
Content-Type: application/json
Content-Length: 782
Connection: keep-alive
Boulder-Requester: 109943024
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 50rCTjU66_dNZZ41w_C4y86mj1WrFRRBst9RiCEiW88YkDF7tVk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "suave2.tirebiter.org"
  },
  "status": "valid",
  "expires": "2025-09-17T00:39:45Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/109943024/570480535167/LYV3Vg",
      "status": "valid",
      "validated": "2025-08-18T00:39:43Z",
      "token": "kmtrFYpm0PbvolH16TI5gpakJluuIXOPvq36-NOoJ9s",
      "validationRecord": [
        {
          "url": "http://suave2.tirebiter.org/.well-known/acme-challenge/kmtrFYpm0PbvolH16TI5gpakJluuIXOPvq36-NOoJ9s",
          "hostname": "suave2.tirebiter.org",
          "port": "80",
          "addressesResolved": [
            "76.79.152.134"
          ],
          "addressUsed": "76.79.152.134"
        }
      ]
    }
  ]
}
2025-08-25 08:42:17,947:DEBUG:acme.client:Storing nonce: 50rCTjU66_dNZZ41w_C4y86mj1WrFRRBst9RiCEiW88YkDF7tVk
2025-08-25 08:42:17,947:DEBUG:acme.client:JWS payload:
b''
2025-08-25 08:42:17,948:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/109943024/574091671407:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5OTQzMDI0IiwgIm5vbmNlIjogIjUwckNUalU2Nl9kTlpaNDF3X0M0eTg2bWoxV3JGUlJCc3Q5UmlDRWlXODhZa0RGN3RWayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovMTA5OTQzMDI0LzU3NDA5MTY3MTQwNyJ9",
  "signature": "RKWM4mAdTPdCUCwxeatCNIuZIOZ9jkzVKnnENbWGhn7dcvb6IH9pZnLTnfIZIEwLQj129PxBXqXnDk7BfT5pjVyTkdC8uXtJgHpjqpkAYpOPBGFv6R752yrfUjBSU7lx0t0KD9ZtyDRvsZJ1U3CnxBPVLdkNZSDI4kYgzewmDgdbjoel1zh0zsb872X79Jt8HI4UzzZgGAJJK6kSyqnqCaYPWsLAkDIIv5Iaj1w-7SIG-fplf2t6HSFCFHAHfRzduOcznyztEyAXiR7Tth7a7-KxIIXgvrO9qJt8NA-EXtoSdHQiKOTGUYAEtxW7LIhhyF3mgRtg4BoMmHKLSeHOpg",
  "payload": ""
}
2025-08-25 08:42:17,979:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/109943024/574091671407 HTTP/1.1" 200 818
2025-08-25 08:42:17,979:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 25 Aug 2025 15:42:17 GMT
Content-Type: application/json
Content-Length: 818
Connection: keep-alive
Boulder-Requester: 109943024
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 50rCTjU6WqH581PWuwPuLLe6tHXD0iCWVDK8ahpXNA3PvnDLMl8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "tirebiter.org"
  },
  "status": "pending",
  "expires": "2025-09-01T15:42:17Z",
  "challenges": [
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/109943024/574091671407/4sn2pA",
      "status": "pending",
      "token": "87mMCL3CRilQKtySJBvDJt68hmRgAXarSZrwELTeRiw"
    },
    {
      "type": "tls-alpn-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/109943024/574091671407/jJRgmA",
      "status": "pending",
      "token": "87mMCL3CRilQKtySJBvDJt68hmRgAXarSZrwELTeRiw"
    },
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/109943024/574091671407/xPnCxA",
      "status": "pending",
      "token": "87mMCL3CRilQKtySJBvDJt68hmRgAXarSZrwELTeRiw"
    }
  ]
}
2025-08-25 08:42:17,979:DEBUG:acme.client:Storing nonce: 50rCTjU6WqH581PWuwPuLLe6tHXD0iCWVDK8ahpXNA3PvnDLMl8
2025-08-25 08:42:17,979:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-08-25 08:42:17,980:INFO:certbot._internal.auth_handler:http-01 challenge for tirebiter.org
2025-08-25 08:42:17,990:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: tirebiter.org in: /etc/apache2/sites-enabled/000-default-le-ssl.conf
2025-08-25 08:42:17,991:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: tirebiter.org in: /etc/apache2/sites-enabled/000-default-le-ssl.conf
2025-08-25 08:42:17,991:DEBUG:certbot_apache._internal.http_01:writing a pre config file with text:
         RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
    
2025-08-25 08:42:17,991:DEBUG:certbot_apache._internal.http_01:writing a post config file with text:
         RewriteEngine on
        <Directory /var/lib/letsencrypt/http_challenges>
            Require all granted
        </Directory>
        <Location /.well-known/acme-challenge>
            Require all granted
        </Location>
    
2025-08-25 08:42:18,025:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/000-default-le-ssl.conf
2025-08-25 08:42:21,163:DEBUG:acme.client:JWS payload:
b'{}'
2025-08-25 08:42:21,165:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/109943024/574091671407/xPnCxA:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5OTQzMDI0IiwgIm5vbmNlIjogIjUwckNUalU2V3FINTgxUFd1d1B1TExlNnRIWEQwaUNXVkRLOGFocFhOQTNQdm5ETE1sOCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwvMTA5OTQzMDI0LzU3NDA5MTY3MTQwNy94UG5DeEEifQ",
  "signature": "QWTqzrTSU_KiPtqCD8j8ZCqeMmvEY1q61odWTjBeGOxHs4AIEIj6523anbwkXzD0qAGNSmkaAl4p3z6ZT00KvQEPGcMRmGpIhnIZIZVrlTXJmgYYLkFzzEH_LTcWTTWNtztAsSbEF6UClRgVyEudrcgEKNQg1jv3FYf5aIBCb0stIRT58YcCyql7hcMQAGQPWio4582Zme_GW8oELp4nsp91vfD4oLlZezpNVHmlUYszIQfGUbt43gMlIVgOmihmWh_74yTBhtjPji0jz56D6CN4qEvXAKlZqITLLqQBgrV7hquIGJyMRgI1uHznOBzZ_di2_jfJd4sk2eq6f-90Yw",
  "payload": "e30"
}
2025-08-25 08:42:21,200:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/109943024/574091671407/xPnCxA HTTP/1.1" 200 194
2025-08-25 08:42:21,200:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 25 Aug 2025 15:42:21 GMT
Content-Type: application/json
Content-Length: 194
Connection: keep-alive
Boulder-Requester: 109943024
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz/109943024/574091671407>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/109943024/574091671407/xPnCxA
Replay-Nonce: p_cZL87hfG9pGqPnL5cTKGuIVfuum_MYMFF9d5H0NDsNycem3ZY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall/109943024/574091671407/xPnCxA",
  "status": "pending",
  "token": "87mMCL3CRilQKtySJBvDJt68hmRgAXarSZrwELTeRiw"
}
2025-08-25 08:42:21,201:DEBUG:acme.client:Storing nonce: p_cZL87hfG9pGqPnL5cTKGuIVfuum_MYMFF9d5H0NDsNycem3ZY
2025-08-25 08:42:21,201:INFO:certbot._internal.auth_handler:Waiting for verification...
2025-08-25 08:42:22,201:DEBUG:acme.client:JWS payload:
b''
2025-08-25 08:42:22,203:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/109943024/570480535117:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5OTQzMDI0IiwgIm5vbmNlIjogInBfY1pMODdoZkc5cEdxUG5MNWNUS0d1SVZmdXVtX01ZTUZGOWQ1SDBORHNOeWNlbTNaWSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovMTA5OTQzMDI0LzU3MDQ4MDUzNTExNyJ9",
  "signature": "A1Kwz1_IafOOyHvCCBRbNMJ8Xv0Ix-A6I_vORVnjHDU7MCKS2wUQZYsF7hSkO6TIDTz7GLG_5vbpZqqzFnPn1O5XcXsi00HCI1Uj9UlUzI5TvQ2_R61Mw74J-kxy1o2gXqaac0fmZ3QyTVEXnKc98IKzzCCwoj3PH5L9RSk8GnKM8nJVixufL3EjSOCuWnGRudPNqYLwVA0uC_zKakMDgclFE-4tBU5cFAyH5usKUHgQJPgskyG8SCjGOTqGbClXnv64FBSBFNjQLl90zmn1trD1ttRg_KBemE7u0KE3YwFJPbIwze9INazrgcT8QxamNQm7Jb5Qv3ZwOkcBmwXNdw",
  "payload": ""
}
2025-08-25 08:42:22,237:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/109943024/570480535117 HTTP/1.1" 200 791
2025-08-25 08:42:22,237:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 25 Aug 2025 15:42:22 GMT
Content-Type: application/json
Content-Length: 791
Connection: keep-alive
Boulder-Requester: 109943024
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 50rCTjU6yDBwBoWDywwNxCn0PijUYnQX7m-k3a9WwSlh96jBHGQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "corpus-db.tirebiter.org"
  },
  "status": "valid",
  "expires": "2025-09-17T00:39:45Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/109943024/570480535117/KXhn1w",
      "status": "valid",
      "validated": "2025-08-18T00:39:43Z",
      "token": "QglR4kYfoe1L6kC8oBq1sOzOTnqWGpE5I-Lumyabh9k",
      "validationRecord": [
        {
          "url": "http://corpus-db.tirebiter.org/.well-known/acme-challenge/QglR4kYfoe1L6kC8oBq1sOzOTnqWGpE5I-Lumyabh9k",
          "hostname": "corpus-db.tirebiter.org",
          "port": "80",
          "addressesResolved": [
            "76.79.152.134"
          ],
          "addressUsed": "76.79.152.134"
        }
      ]
    }
  ]
}
2025-08-25 08:42:22,237:DEBUG:acme.client:Storing nonce: 50rCTjU6yDBwBoWDywwNxCn0PijUYnQX7m-k3a9WwSlh96jBHGQ
2025-08-25 08:42:22,237:DEBUG:acme.client:JWS payload:
b''
2025-08-25 08:42:22,238:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/109943024/570480535137:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5OTQzMDI0IiwgIm5vbmNlIjogIjUwckNUalU2eURCd0JvV0R5d3dOeENuMFBpalVZblFYN20tazNhOVd3U2xoOTZqQkhHUSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovMTA5OTQzMDI0LzU3MDQ4MDUzNTEzNyJ9",
  "signature": "NuRNct56LmYU_HWxNpThbWn2HLmO0WzyzdAv_drv1c8CHY5tUFIhG-GUEz6ivdW4tvLDWIUd1AzYWtiaVufVKgGkxEs_McQy5_4bgdDoro4VEJT-ayfcsKoqlWUFW-33e9J2hpRV1SlSGgBkzxxYYJWghUVtY5EK2ayZf8YPaHutDgczFTbubxcDE3pLTRrDyc3KJc9meDseAf1LODpRS1OC0Zh8tiF36PPKnLs8TMld1csv2tPLaoiQFgEZBEjss7ztNOy3cJHRGhbtUVCW9eY3IW2r45uwlP1ZmUp00Slo918eDW1mgrcj0avnvG5MkPmBotn4ZRgsnfzkaJrsPA",
  "payload": ""
}
2025-08-25 08:42:22,269:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/109943024/570480535137 HTTP/1.1" 200 776
2025-08-25 08:42:22,269:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 25 Aug 2025 15:42:22 GMT
Content-Type: application/json
Content-Length: 776
Connection: keep-alive
Boulder-Requester: 109943024
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: p_cZL87hP6btchqPHHaqFjo_S1llD4oedvnt_xG0gxANB9e1j7g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "demo.tirebiter.org"
  },
  "status": "valid",
  "expires": "2025-09-17T00:39:45Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/109943024/570480535137/GpZuPw",
      "status": "valid",
      "validated": "2025-08-18T00:39:43Z",
      "token": "1-OE25lbtEnCZ_nkXSzWH4dFUpAk4r3woAP1fOICn9Q",
      "validationRecord": [
        {
          "url": "http://demo.tirebiter.org/.well-known/acme-challenge/1-OE25lbtEnCZ_nkXSzWH4dFUpAk4r3woAP1fOICn9Q",
          "hostname": "demo.tirebiter.org",
          "port": "80",
          "addressesResolved": [
            "76.79.152.134"
          ],
          "addressUsed": "76.79.152.134"
        }
      ]
    }
  ]
}
2025-08-25 08:42:22,269:DEBUG:acme.client:Storing nonce: p_cZL87hP6btchqPHHaqFjo_S1llD4oedvnt_xG0gxANB9e1j7g
2025-08-25 08:42:22,269:DEBUG:acme.client:JWS payload:
b''
2025-08-25 08:42:22,270:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/109943024/570480535147:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5OTQzMDI0IiwgIm5vbmNlIjogInBfY1pMODdoUDZidGNocVBISGFxRmpvX1MxbGxENG9lZHZudF94RzBneEFOQjllMWo3ZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovMTA5OTQzMDI0LzU3MDQ4MDUzNTE0NyJ9",
  "signature": "Ko6qv7-gjcIxk4yP5cUdJw_WWvto9jYXdPkam8fRElHwPdtJxVxRe2QWXcNzchU26lYdn0d8r5OClI3-dSwMXnIBqiPVgUE7O6MA29pJWaq7bh-DKsdToWEKEfXy3SlIMyaJUETqPTkVkU2TmkZBojhnhgSP3vB0HnrgqtSBtQU9m18Ah60klVjbZyfi3Np8uTtIMJdnlxKgVfSZ31CGC03ad0t2UZWlO4fSlfeQlytiAv8jho-nujZLlCnw41PqwFG2-8wbFBTkDjG57kfxXeN26Jds2Ks8X5AAHK95EliJm09Rc13Gq1fnesaGuuaAuQqLOTFIdBJk4xdkwrXe1w",
  "payload": ""
}
2025-08-25 08:42:22,301:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/109943024/570480535147 HTTP/1.1" 200 782
2025-08-25 08:42:22,301:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 25 Aug 2025 15:42:22 GMT
Content-Type: application/json
Content-Length: 782
Connection: keep-alive
Boulder-Requester: 109943024
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: p_cZL87h_-XEMnoSWdf3zdL53pRUUHRRKJhdp9FLL3sYdlPHzH4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "george.tirebiter.org"
  },
  "status": "valid",
  "expires": "2025-09-17T00:39:45Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/109943024/570480535147/eHhDug",
      "status": "valid",
      "validated": "2025-08-18T00:39:43Z",
      "token": "UoxFXRzEaqDlhV__HU2m-YW2SFMGlUtDhlZHiwWOrcA",
      "validationRecord": [
        {
          "url": "http://george.tirebiter.org/.well-known/acme-challenge/UoxFXRzEaqDlhV__HU2m-YW2SFMGlUtDhlZHiwWOrcA",
          "hostname": "george.tirebiter.org",
          "port": "80",
          "addressesResolved": [
            "76.79.152.134"
          ],
          "addressUsed": "76.79.152.134"
        }
      ]
    }
  ]
}
2025-08-25 08:42:22,301:DEBUG:acme.client:Storing nonce: p_cZL87h_-XEMnoSWdf3zdL53pRUUHRRKJhdp9FLL3sYdlPHzH4
2025-08-25 08:42:22,301:DEBUG:acme.client:JWS payload:
b''
2025-08-25 08:42:22,302:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/109943024/570480535157:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5OTQzMDI0IiwgIm5vbmNlIjogInBfY1pMODdoXy1YRU1ub1NXZGYzemRMNTNwUlVVSFJSS0poZHA5RkxMM3NZZGxQSHpINCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovMTA5OTQzMDI0LzU3MDQ4MDUzNTE1NyJ9",
  "signature": "iZ1zqBPfTp4UTelGPDnh9rEG_Bhvr4Rn2i4RimtLvNpLGfkKZ6kTpJenjyijG_godzrNnUKk3vyn6w7wDXw0H2PHkwGaArwBaw2rIp2Qj8fV_ZbGgH_i5eQZi1tNPIMyxu9TZ1L6BH_uf4Q7PuS6wQ1bJTjKstwfLzsJ8-EPMQ2IwsGHUyicv8zwYeOAOh-WtvArgzntb9jTMQG2CE7Fp09VM0k07SiYAS394Sy7q-nYV7HdP_7gkeaiHCdpoA-1Dx6e-Lak76Xw_3KSbMHM50NwhGnAJsV-kdMd-2GELxDvC8tegzJx0KtxcgxHyaM5ogBhp7_NR38Q3U1u3NKEJw",
  "payload": ""
}
2025-08-25 08:42:22,332:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/109943024/570480535157 HTTP/1.1" 200 776
2025-08-25 08:42:22,333:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 25 Aug 2025 15:42:22 GMT
Content-Type: application/json
Content-Length: 776
Connection: keep-alive
Boulder-Requester: 109943024
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 50rCTjU6CRprtuG22N-uvRdCgjNlDrCENBv7kzKaZa2whAwbIow
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "smtp.tirebiter.org"
  },
  "status": "valid",
  "expires": "2025-09-17T00:39:45Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/109943024/570480535157/Zr-9cQ",
      "status": "valid",
      "validated": "2025-08-18T00:39:43Z",
      "token": "OT3azBjXRtmOjSdViMX7otO241cH-buz9t6kDqW3PmI",
      "validationRecord": [
        {
          "url": "http://smtp.tirebiter.org/.well-known/acme-challenge/OT3azBjXRtmOjSdViMX7otO241cH-buz9t6kDqW3PmI",
          "hostname": "smtp.tirebiter.org",
          "port": "80",
          "addressesResolved": [
            "76.79.152.134"
          ],
          "addressUsed": "76.79.152.134"
        }
      ]
    }
  ]
}
2025-08-25 08:42:22,333:DEBUG:acme.client:Storing nonce: 50rCTjU6CRprtuG22N-uvRdCgjNlDrCENBv7kzKaZa2whAwbIow
2025-08-25 08:42:22,333:DEBUG:acme.client:JWS payload:
b''
2025-08-25 08:42:22,333:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/109943024/570480535167:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5OTQzMDI0IiwgIm5vbmNlIjogIjUwckNUalU2Q1JwcnR1RzIyTi11dlJkQ2dqTmxEckNFTkJ2N2t6S2FaYTJ3aEF3YklvdyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovMTA5OTQzMDI0LzU3MDQ4MDUzNTE2NyJ9",
  "signature": "CUlwHAYAiwmK3hvpJst6b3KN8100sHsyu1Qobp-GnjE7ReG72vm67F1Wk37CYkmFqAvPvvbR1R7nt52sOhcrb_IbHoJX3O8RyylsQ-W29YWV-Hc2Xs6BEuNK4ua4S3MOYdoM0zkWjJ9jlzj9agBLMHLZsmruRMUezM7865pG7cuHsqbAAJ5vea5Nu7qMKhcxvwXmorRg7js0vSGRAJI1MweJC489-UmSp41i8mCawvVlLYTRSK2_1GWR_mTMkneBd9VJq10tAg09e9AaoejsENuw__rCBz1Q-ERajy8_AdY4gl-76kdI5A28std0ZRRhLNd2oO-BL8VN8BREcfHxIQ",
  "payload": ""
}
2025-08-25 08:42:22,365:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/109943024/570480535167 HTTP/1.1" 200 782
2025-08-25 08:42:22,365:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 25 Aug 2025 15:42:22 GMT
Content-Type: application/json
Content-Length: 782
Connection: keep-alive
Boulder-Requester: 109943024
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: p_cZL87hziLJ8vsikb39wrt6U8iFL54Aoo8MWHLCH2aDoNNibLE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "suave2.tirebiter.org"
  },
  "status": "valid",
  "expires": "2025-09-17T00:39:45Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/109943024/570480535167/LYV3Vg",
      "status": "valid",
      "validated": "2025-08-18T00:39:43Z",
      "token": "kmtrFYpm0PbvolH16TI5gpakJluuIXOPvq36-NOoJ9s",
      "validationRecord": [
        {
          "url": "http://suave2.tirebiter.org/.well-known/acme-challenge/kmtrFYpm0PbvolH16TI5gpakJluuIXOPvq36-NOoJ9s",
          "hostname": "suave2.tirebiter.org",
          "port": "80",
          "addressesResolved": [
            "76.79.152.134"
          ],
          "addressUsed": "76.79.152.134"
        }
      ]
    }
  ]
}
2025-08-25 08:42:22,365:DEBUG:acme.client:Storing nonce: p_cZL87hziLJ8vsikb39wrt6U8iFL54Aoo8MWHLCH2aDoNNibLE
2025-08-25 08:42:22,366:DEBUG:acme.client:JWS payload:
b''
2025-08-25 08:42:22,367:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/109943024/574091671407:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5OTQzMDI0IiwgIm5vbmNlIjogInBfY1pMODdoemlMSjh2c2lrYjM5d3J0NlU4aUZMNTRBb284TVdITENIMmFEb05OaWJMRSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovMTA5OTQzMDI0LzU3NDA5MTY3MTQwNyJ9",
  "signature": "M7DI6WkQF31Msjq6WQIhZYVjtPbZKKrlBKMsdTzUNEFKkRR8l0hKYE6RP4mSP2GvC5mSCwKm8UcutflJmgqNRTltzAubhzZkLB-UZWJJUQudhNhLc3bEh_IKR0iE_ZoWBMq7Kh7xopAIVZovXJsKZIF32jR8NOJiajGt0NYXBqvvwcjKnp-3-2riCjnuHIdZcVLVV4M5wzGZScR5jLWo2ydnPds1bLvDPlDp9kpXRgxjs-2Ru0JlcLsOv79B6NO1jv4I3JctNWJuJ3A5ao0BhN8hs7kZcKlo-vXYpUEg3pqM04ri7aGFummWlv_U7XA75Lh8ulX_wk8ImLgObI4uNA",
  "payload": ""
}
2025-08-25 08:42:22,399:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/109943024/574091671407 HTTP/1.1" 200 1027
2025-08-25 08:42:22,399:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 25 Aug 2025 15:42:22 GMT
Content-Type: application/json
Content-Length: 1027
Connection: keep-alive
Boulder-Requester: 109943024
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: p_cZL87heymzVg3-mxteoRPhVbxGW9yEQ_Wx0TT4JVW5qddwx1A
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "tirebiter.org"
  },
  "status": "invalid",
  "expires": "2025-09-01T15:42:17Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/109943024/574091671407/xPnCxA",
      "status": "invalid",
      "validated": "2025-08-25T15:42:21Z",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "76.79.152.134: Invalid response from http://tirebiter.org/.well-known/acme-challenge/87mMCL3CRilQKtySJBvDJt68hmRgAXarSZrwELTeRiw: 404",
        "status": 403
      },
      "token": "87mMCL3CRilQKtySJBvDJt68hmRgAXarSZrwELTeRiw",
      "validationRecord": [
        {
          "url": "http://tirebiter.org/.well-known/acme-challenge/87mMCL3CRilQKtySJBvDJt68hmRgAXarSZrwELTeRiw",
          "hostname": "tirebiter.org",
          "port": "80",
          "addressesResolved": [
            "76.79.152.134"
          ],
          "addressUsed": "76.79.152.134"
        }
      ]
    }
  ]
}
2025-08-25 08:42:22,399:DEBUG:acme.client:Storing nonce: p_cZL87heymzVg3-mxteoRPhVbxGW9yEQ_Wx0TT4JVW5qddwx1A
2025-08-25 08:42:22,400:INFO:certbot._internal.auth_handler:Challenge failed for domain tirebiter.org
2025-08-25 08:42:22,400:INFO:certbot._internal.auth_handler:http-01 challenge for tirebiter.org
2025-08-25 08:42:22,400:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: tirebiter.org
  Type:   unauthorized
  Detail: 76.79.152.134: Invalid response from http://tirebiter.org/.well-known/acme-challenge/87mMCL3CRilQKtySJBvDJt68hmRgAXarSZrwELTeRiw: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

2025-08-25 08:42:22,401:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/4892/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/4892/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2025-08-25 08:42:22,401:DEBUG:certbot._internal.error_handler:Calling registered functions
2025-08-25 08:42:22,401:INFO:certbot._internal.auth_handler:Cleaning up challenges
2025-08-25 08:42:22,554:ERROR:certbot._internal.renewal:Failed to renew certificate tirebiter.org-0001 with error: Some challenges have failed.
2025-08-25 08:42:22,556:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/snap/certbot/4892/lib/python3.12/site-packages/certbot/_internal/renewal.py", line 667, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/snap/certbot/4892/lib/python3.12/site-packages/certbot/_internal/main.py", line 1535, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/snap/certbot/4892/lib/python3.12/site-packages/certbot/_internal/main.py", line 131, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/snap/certbot/4892/lib/python3.12/site-packages/certbot/_internal/renewal.py", line 520, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
                                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/snap/certbot/4892/lib/python3.12/site-packages/certbot/_internal/client.py", line 430, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/snap/certbot/4892/lib/python3.12/site-packages/certbot/_internal/client.py", line 508, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/snap/certbot/4892/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/4892/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2025-08-25 08:42:22,556:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2025-08-25 08:42:22,556:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2025-08-25 08:42:22,556:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/tirebiter.org-0001/fullchain.pem (failure)
2025-08-25 08:42:22,556:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2025-08-25 08:42:22,557:INFO:certbot.compat.misc:Running post-hook command: service apache2 restart
2025-08-25 08:42:33,089:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/4892/bin/certbot", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/snap/certbot/4892/lib/python3.12/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/snap/certbot/4892/lib/python3.12/site-packages/certbot/_internal/main.py", line 1877, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/snap/certbot/4892/lib/python3.12/site-packages/certbot/_internal/main.py", line 1623, in renew
    renewal.handle_renewal_request(config)
  File "/snap/certbot/4892/lib/python3.12/site-packages/certbot/_internal/renewal.py", line 697, in handle_renewal_request
    raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2025-08-25 08:42:33,090:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
1 Like
2

Thanks for the log @JustThisGuyYouKnow

The key part is below. Certbot creates a new, temporary, VirtualHost when it cannot find one for a specific domain name. If this new one isn't what Apache uses to reply to the HTTP Challenge it fails with a 404.

2025-08-25 08:42:17,979:DEBUG:acme.client:Storing nonce: 50rCTjU6WqH581PWuwPuLLe6tHXD0iCWVDK8ahpXNA3PvnDLMl8
2025-08-25 08:42:17,979:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-08-25 08:42:17,980:INFO:certbot._internal.auth_handler:http-01 challenge for tirebiter.org
2025-08-25 08:42:17,990:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: tirebiter.org in: /etc/apache2/sites-enabled/000-default-le-ssl.conf

Various things can cause this. Let's start by looking at output of this

sudo apache2ctl -t -D DUMP_VHOSTS
1 Like
3 
/usr/bin/sudo apache2ctl -t -D DUMP_VHOSTS
VirtualHost configuration:
76.79.152.134:443      is a NameVirtualHost
         default server tirebiter.org (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
         port 443 namevhost tirebiter.org (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
                 alias www.tirebiter.org
                 alias george.tirebiter.org
         port 443 namevhost suave2.tirebiter.org (/etc/apache2/sites-enabled/001-suave-le-ssl.conf:2)
         port 443 namevhost corpus-db.tirebiter.org (/etc/apache2/sites-enabled/003-flask-le-ssl.conf:2)
         port 443 namevhost demo.tirebiter.org (/etc/apache2/sites-enabled/004-demo-le-ssl.conf:2)
76.79.152.134:80       is a NameVirtualHost
         default server suave2.tirebiter.org (/etc/apache2/sites-enabled/001-suave-le-ssl.conf:19)
         port 80 namevhost suave2.tirebiter.org (/etc/apache2/sites-enabled/001-suave-le-ssl.conf:19)
         port 80 namevhost corpus-db.tirebiter.org (/etc/apache2/sites-enabled/003-flask.conf:1)
         port 80 namevhost demo.tirebiter.org (/etc/apache2/sites-enabled/004-demo-le-ssl.conf:59)
*:80                   is a NameVirtualHost
         default server tirebiter.org (/etc/apache2/sites-enabled/000-default-le-ssl.conf:50)
         port 80 namevhost tirebiter.org (/etc/apache2/sites-enabled/000-default-le-ssl.conf:50)
         port 80 namevhost suave2.tirebiter.org (/etc/apache2/sites-enabled/001-suave.conf:1)
4

Looks like you are mixing IP-based and Name-based VHosts for HTTP (port 80). I am not surprised that Certbot wouldn't find or update the correct one. That mix is tricky to get right.

Do you need that mix? Because you don't use the same pattern for HTTPS (port 443). If you do I think you should switch from --apache method to --webroot.

Usually though people don't need to use IP-based VHosts and so changing to Name-based would be more standard and what Certbot normally handles. You have suave2 as both IP and Name based so may take extra care when consolidating to name-based.

Let me know what you want to do with Apache config and I can give more details.

1 Like
5

Hm. Didn't intend to do that.

The IP address 76.79.152.134 doesn't show anywhere in the config files.

Do you think this might be the culprit?

<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port th
at
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	ServerName tirebiter.org

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
	RewriteEngine on
	RewriteCond %{SERVER_NAME} =www.tirebiter.org [OR]
	RewriteCond %{SERVER_NAME} =tirebiter.org [OR]
	RewriteCond %{SERVER_NAME} =george.tirebiter.org
	RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

</VirtualHost>

I suspect it's an artifact of the default configuration from when I originally set up the server ages ago, before I'd even thought about creating other virtual hosts.

6

That was it.

Fixed!

There is joy in Mudville.


george:/etc/apache2/sites-enabled# apache2ctl -t -D DUMP_VHOSTS
VirtualHost configuration:
76.79.152.134:443      is a NameVirtualHost
         default server tirebiter.org (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
         port 443 namevhost tirebiter.org (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
                 alias www.tirebiter.org
                 alias george.tirebiter.org
         port 443 namevhost suave2.tirebiter.org (/etc/apache2/sites-enabled/001-suave-le-ssl.conf:2)
         port 443 namevhost corpus-db.tirebiter.org (/etc/apache2/sites-enabled/003-flask-le-ssl.conf:2)
         port 443 namevhost demo.tirebiter.org (/etc/apache2/sites-enabled/004-demo-le-ssl.conf:2)
76.79.152.134:80       is a NameVirtualHost
         default server tirebiter.org (/etc/apache2/sites-enabled/000-default-le-ssl.conf:50)
         port 80 namevhost tirebiter.org (/etc/apache2/sites-enabled/000-default-le-ssl.conf:50)
         port 80 namevhost suave2.tirebiter.org (/etc/apache2/sites-enabled/001-suave-le-ssl.conf:19)
         port 80 namevhost corpus-db.tirebiter.org (/etc/apache2/sites-enabled/003-flask.conf:1)
         port 80 namevhost demo.tirebiter.org (/etc/apache2/sites-enabled/004-demo-le-ssl.conf:59)
george:/etc/apache2/sites-enabled# /snap/bin/certbot renew --apache --post-hook "service apache2 restart"
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/tirebiter.org-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for demo.tirebiter.org and 5 more domains
Reloading apache server after certificate renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded: 
  /etc/letsencrypt/live/tirebiter.org-0001/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Thanx for the help!

7

What did you change exactly? Because your overall setup doesn't look quite right. Note the ServerAlias names for port 443 but not port 80. Now, tirebiter in port 80 is the default so any non-matching names will fall there anyway. But, if you ever change your default (explicit or implicit) those alias names will stop working.

And, I'm puzzled why the IP shows in the display. It usually does not unless specified in the VirtualHost statement.

1 Like
8

I changed

<VirtualHost *:80>

to

<VirtualHost tirebiter.org:80>

in the conf file the default host and magic happened.

I obviously need to go through all the config files and clean up the random hacks and cruft that have accumulated.

Thanx, again.

9

Would have been better to change all VirtualHost statements to one of these. Apache does not recommend using domain names in the VirtualHost statement. It requires a DNS lookup at startup and possible server outage if DNS query fails.

<VirtualHost *:80>
<VirtualHost *:443>

See: Issues Regarding DNS and Apache HTTP Server - Apache HTTP Server Version 2.4

Instead of a domain name you can specify an explicit IP address. But, that can cause problems if you forget to update Apache when you get a different IP address. Best to use * unless you specifically need IP-based hosting (and doesn't look like you do). It is also cumbersome to use IP addresses here if you have both IPv4 and IPv6 support (which someday you hopefully will).

1 Like