Request for help regarding Cerbot on Virtualmin

DedoBoze · July 20, 2023, 7:09pm

My domain is: mebel.com.mk

I ran this command: certbot certonly --webroot -w /home/mebelhosting/public_html/ -d mebel.com.mk -d mail.mebel.com.mk

It produced this output:

2023-07-20 20:48:54,731:DEBUG:certbot._internal.main:certbot version: 1.22.0
2023-07-20 20:48:54,732:DEBUG:certbot._internal.main:Location of certbot entry point: /bin/letsencrypt
2023-07-20 20:48:54,732:DEBUG:certbot._internal.main:Arguments: ['--manual', '-d', 'mebel.com.mk', '-d', 'www.mebel.com.mk', '-d', 'mail.mebel.com.mk', '--preferred-challenges=dns', '--manual-auth-hook', '/etc/webmin/webmin/letsencrypt-dns.pl', '--manual-cleanup-hook', '/etc/webmin/webmin/letsencrypt-cleanup.pl', '--duplicate', '--force-renewal', '--non-interactive', '--agree-tos', '--config', '/tmp/.webmin/383218_140626_3_letsencrypt.cgi', '--rsa-key-size', '2048', '--cert-name', 'mebel.com.mk']
2023-07-20 20:48:54,733:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-07-20 20:48:54,756:DEBUG:certbot._internal.log:Root logging level set at 30
2023-07-20 20:48:54,758:DEBUG:certbot._internal.plugins.selection:Requested authenticator manual and installer None
2023-07-20 20:48:54,760:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: Authenticator, Plugin
Entry point: manual = certbot._internal.plugins.manual:Authenticator
Initialized: <certbot._internal.plugins.manual.Authenticator object at 0x7f54d550d320>
Prep: True
2023-07-20 20:48:54,760:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.manual.Authenticator object at 0x7f54d550d320> and installer None
2023-07-20 20:48:54,760:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator manual, Installer None
2023-07-20 20:48:54,767:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/680885657', new_authzr_uri=None, terms_of_service=None), a077aff20a751b3e220b5b29e3a8df1b, Meta(creation_dt=datetime.datetime(2022, 8, 16, 10, 4, 51, tzinfo=<UTC>), creation_host='localhost.localdomain', register_to_eff=None))>
2023-07-20 20:48:54,769:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-07-20 20:48:54,771:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2023-07-20 20:48:55,185:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2023-07-20 20:48:55,186:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jul 2023 18:48:55 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "lcyz5wY3EOE": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2023-07-20 20:48:55,186:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for mebel.com.mk and 2 more domains
2023-07-20 20:48:55,299:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/9764_key-certbot.pem
2023-07-20 20:48:55,356:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/9764_csr-certbot.pem
2023-07-20 20:48:55,357:DEBUG:acme.client:Requesting fresh nonce
2023-07-20 20:48:55,357:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2023-07-20 20:48:55,495:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2023-07-20 20:48:55,496:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jul 2023 18:48:55 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 2712JkAItsHjUh98R-DXNKDCnd-dJjR13shOJZUAPMko9To
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2023-07-20 20:48:55,496:DEBUG:acme.client:Storing nonce: 2712JkAItsHjUh98R-DXNKDCnd-dJjR13shOJZUAPMko9To
2023-07-20 20:48:55,497:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "mebel.com.mk"\n    },\n    {\n      "type": "dns",\n      "value": "www.mebel.com.mk"\n    },\n    {\n      "type": "dns",\n      "value": "mail.mebel.com.mk"\n    }\n  ]\n}'
2023-07-20 20:48:55,501:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjgwODg1NjU3IiwgIm5vbmNlIjogIjI3MTJKa0FJdHNIalVoOThSLURYTktEQ25kLWRKalIxM3NoT0paVUFQTWtvOVRvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "t-eyScoDi7_K-sK_byqZoSvg8EXeuwY7uS92b6vZPDTodbCy1NCaBgaWYAYXCJkAfcrXthyZwg27A-o3ekGn_PZQX3FA1V3fIT0N1sULcCHYK67dDFO9l4HPAEa30KpDCy1rnJWyn-306JMO6ns1d8uK_1h77JgoyWe9mFYwfvoRBgYjXFX7RB9So4OPgE_lilOPgfnzat-SbkbBSyxKM0CcEBmxRVgZvOI3bHTc78zSbMMwLe18YOkieyT53w512jaHCw3T3dH499haNpiF3wGDaOuRSmrbHUT38O9RUzw9KtbEIzFypP39gpufnRQ5gP-uIsn0ZSbG8dmJLJlN5w",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1lYmVsLmNvbS5tayIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJ3d3cubWViZWwuY29tLm1rIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1haWwubWViZWwuY29tLm1rIgogICAgfQogIF0KfQ"
}
2023-07-20 20:48:55,678:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 616
2023-07-20 20:48:55,679:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 20 Jul 2023 18:48:55 GMT
Content-Type: application/json
Content-Length: 616
Connection: keep-alive
Boulder-Requester: 680885657
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/680885657/196198164267
Replay-Nonce: 2712mxOccwUana3q6pL6g6FyC3m5UTy8JriBfKHoKYdlSj8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2023-07-27T18:48:55Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "mail.mebel.com.mk"
    },
    {
      "type": "dns",
      "value": "mebel.com.mk"
    },
    {
      "type": "dns",
      "value": "www.mebel.com.mk"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/247034569457",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/247392827837",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/247392827847"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/680885657/196198164267"
}
2023-07-20 20:48:55,680:DEBUG:acme.client:Storing nonce: 2712mxOccwUana3q6pL6g6FyC3m5UTy8JriBfKHoKYdlSj8
2023-07-20 20:48:55,680:DEBUG:acme.client:JWS payload:
b''
2023-07-20 20:48:55,681:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/247034569457:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjgwODg1NjU3IiwgIm5vbmNlIjogIjI3MTJteE9jY3dVYW5hM3E2cEw2ZzZGeUMzbTVVVHk4SnJpQmZLSG9LWWRsU2o4IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNDcwMzQ1Njk0NTcifQ",
  "signature": "CRKojU9vsVyWbWtkiA1lAHLzuOEgg2NY3RKOdcPGm9_GCaA1t43seFtg7a17hg4PyBKJ5j3xwgbTuLvUUAqE3tMxgC5CuPLWBR7ngy7DEzII_7UHxCll-UNoI3aXeZcbPgQezdUZ8pan4Q_PZk1TLW4U3cfLz5VhRLajHMKMOQAVOHx6hkQS5X-Kkj0GlZJWdD_j9JaX9e3qzP-fH7gIGsAnnHUcW7icqNOoIVDyKDJpZO8_eylh_iZeod9wpVtnhZXRbhHxNS8YDWkTzoyfoLlcHtpNs4rvbE1y0C-zu6jCSTULicrjl0xZFvB3A0QIFMl5q1qB1-Zn_Uf2Owdrzw",
  "payload": ""
}
2023-07-20 20:48:55,835:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/247034569457 HTTP/1.1" 200 767
2023-07-20 20:48:55,836:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jul 2023 18:48:55 GMT
Content-Type: application/json
Content-Length: 767
Connection: keep-alive
Boulder-Requester: 680885657
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 2712WkAaRr3U7C-DVFnfDsxte1E737JvG2mbqoB3zOIRGoE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.mebel.com.mk"
  },
  "status": "valid",
  "expires": "2023-08-18T14:27:09Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "valid",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247034569457/hg9rQQ",
      "token": "JG-zhpyUsdNI4O5kPAG2vseP8b2RgUI-z4QmHdTjucU",
      "validationRecord": [
        {
          "url": "http://www.mebel.com.mk/.well-known/acme-challenge/JG-zhpyUsdNI4O5kPAG2vseP8b2RgUI-z4QmHdTjucU",
          "hostname": "www.mebel.com.mk",
          "port": "80",
          "addressesResolved": [
            "139.162.191.184"
          ],
          "addressUsed": "139.162.191.184"
        }
      ],
      "validated": "2023-07-19T14:27:09Z"
    }
  ]
}
2023-07-20 20:48:55,836:DEBUG:acme.client:Storing nonce: 2712WkAaRr3U7C-DVFnfDsxte1E737JvG2mbqoB3zOIRGoE
2023-07-20 20:48:55,836:DEBUG:acme.client:JWS payload:
b''
2023-07-20 20:48:55,838:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/247392827837:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjgwODg1NjU3IiwgIm5vbmNlIjogIjI3MTJXa0FhUnIzVTdDLURWRm5mRHN4dGUxRTczN0p2RzJtYnFvQjN6T0lSR29FIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNDczOTI4Mjc4MzcifQ",
  "signature": "ooezl0tcXVv5NsBItQet-oPZiynSRaxW8Z3LJT1QR4eEd3K_t5vmrQLDwl57-pcJ27rzlOh41aCab3XZTZ1xY3WyY6b3Nx6anOl9rmtDMcU_vCsrVTy3XiGESXbAEBaJoL242jLUxMmLupbNbtJr73YCjZm7Ty59ucTM34ZJJ7Dcr__ljreTQXAQO_689jN9lxzPFyYZcPI2Wj3mv1ROQ1ica_F0jxwSnSCsDkIrw9Ru_PqOfiPVpulhSEQi9nsTI1m979v0s0M8fUaNN6TFkSAcB5NmdRyf45zLjL0bKxpxPjO_hq9uNaq0fbgABq0w1QvSeC_zyKLWtFYCPTnHqg",
  "payload": ""
}
2023-07-20 20:48:55,979:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/247392827837 HTTP/1.1" 200 801
2023-07-20 20:48:55,980:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jul 2023 18:48:55 GMT
Content-Type: application/json
Content-Length: 801
Connection: keep-alive
Boulder-Requester: 680885657
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 2712X40FpR8CSEhl4rO7Bl_rHFSASpPyjekrBfCXa6O2HHs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mail.mebel.com.mk"
  },
  "status": "pending",
  "expires": "2023-07-27T18:48:55Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247392827837/JHF77w",
      "token": "abg4x4xLkazdqyN1355Fc9OL0cvewqWNgfUnqVeg_TE"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247392827837/pat8vQ",
      "token": "abg4x4xLkazdqyN1355Fc9OL0cvewqWNgfUnqVeg_TE"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247392827837/udrCuA",
      "token": "abg4x4xLkazdqyN1355Fc9OL0cvewqWNgfUnqVeg_TE"
    }
  ]
}
2023-07-20 20:48:55,980:DEBUG:acme.client:Storing nonce: 2712X40FpR8CSEhl4rO7Bl_rHFSASpPyjekrBfCXa6O2HHs
2023-07-20 20:48:55,981:DEBUG:acme.client:JWS payload:
b''
2023-07-20 20:48:55,982:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/247392827847:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjgwODg1NjU3IiwgIm5vbmNlIjogIjI3MTJYNDBGcFI4Q1NFaGw0ck83QmxfckhGU0FTcFB5amVrckJmQ1hhNk8ySEhzIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNDczOTI4Mjc4NDcifQ",
  "signature": "Kb7PCXekkzOXq_HMk-GWmlrJkxWUyyCPYiGTieESDt_JUNY9obpiJ_rabP6o9_xluAr4eUm9T_rIkymaQHrUIl9S4nP0cErK3qbVrWO1JbWEhkMV2Mc3Cyt1JGD0fkKdA5BzfRv_RyLlIQ1xBx4O9VJGMEAVAbkB3siIsL7gIfENEcIvfEI1xjzQNvUmCHtAW-Aemsr3tHpeA1lIBsQoNOvkgCG79tlr9tbaNp1yPTTP5FIj7IMr1LyTuJIxY99qpIOMAiCA32j54i0uk4wh0zf8UI2IdaSrOM5tCy9BW1fPlePROuZ0XMIGdxRBrgS-K8p3162edb25-rOJQiOc2A",
  "payload": ""
}
2023-07-20 20:48:56,122:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/247392827847 HTTP/1.1" 200 796
2023-07-20 20:48:56,123:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jul 2023 18:48:56 GMT
Content-Type: application/json
Content-Length: 796
Connection: keep-alive
Boulder-Requester: 680885657
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 853Fyic63z0YCHFAOC9BzEVeI7A0ylANwxIEF8sMvLe75oM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mebel.com.mk"
  },
  "status": "pending",
  "expires": "2023-07-27T18:48:55Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247392827847/Pb6Weg",
      "token": "4OTQPXFDCdOPLvm685wIQ8xhGphYPYiSKl7haYRsTo0"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247392827847/M0n3tw",
      "token": "4OTQPXFDCdOPLvm685wIQ8xhGphYPYiSKl7haYRsTo0"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247392827847/Dd5_9A",
      "token": "4OTQPXFDCdOPLvm685wIQ8xhGphYPYiSKl7haYRsTo0"
    }
  ]
}
2023-07-20 20:48:56,123:DEBUG:acme.client:Storing nonce: 853Fyic63z0YCHFAOC9BzEVeI7A0ylANwxIEF8sMvLe75oM
2023-07-20 20:48:56,124:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-07-20 20:48:56,124:INFO:certbot._internal.auth_handler:dns-01 challenge for mail.mebel.com.mk
2023-07-20 20:48:56,124:INFO:certbot._internal.auth_handler:dns-01 challenge for mebel.com.mk
2023-07-20 20:48:56,126:INFO:certbot.compat.misc:Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
2023-07-20 20:49:07,741:INFO:certbot.compat.misc:Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
2023-07-20 20:49:19,341:DEBUG:acme.client:JWS payload:
b'{}'
2023-07-20 20:49:19,343:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/247392827837/pat8vQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjgwODg1NjU3IiwgIm5vbmNlIjogIjg1M0Z5aWM2M3owWUNIRkFPQzlCekVWZUk3QTB5bEFOd3hJRUY4c012TGU3NW9NIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8yNDczOTI4Mjc4MzcvcGF0OHZRIn0",
  "signature": "mYRyXENpdeb1LGh3dF4dpmrRbREHlfKoSCZWFIZQnpG7k7THpPRbRsxr-kIX7kvxIWJHDg_1bbpFf9kHby0F0y9UcW_pv2tTpTMV_wVCptn03mUbdOJ2tNyygduJUzOt0Br4Z7jcgSlsOsTuwCKe8MA4MvomQmjM-7AM3yCfrOufEWqibj9JVKdvm_e79Mq2qbEFIxcKnppS28BCt_icuCqGFzm61o_gMs0PI7ajjSdC17BGY1sBhAPf6H-xzbBD3x-HE50IwodSOZ1cpzDUfIuTgAr5j5T4kEAm4e8IdlcyY8j90Ms6q4cGSOOwZMuHoS4hY5ZeE_mog9f-xcACgA",
  "payload": "e30"
}
2023-07-20 20:49:19,487:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/247392827837/pat8vQ HTTP/1.1" 200 186
2023-07-20 20:49:19,488:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jul 2023 18:49:19 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 680885657
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/247392827837>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/247392827837/pat8vQ
Replay-Nonce: 853FG4dej6Chu05PLb8iIdFBPV5LV8P4h16wV1eyiXZ2QnU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247392827837/pat8vQ",
  "token": "abg4x4xLkazdqyN1355Fc9OL0cvewqWNgfUnqVeg_TE"
}
2023-07-20 20:49:19,488:DEBUG:acme.client:Storing nonce: 853FG4dej6Chu05PLb8iIdFBPV5LV8P4h16wV1eyiXZ2QnU
2023-07-20 20:49:19,488:DEBUG:acme.client:JWS payload:
b'{}'
2023-07-20 20:49:19,490:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/247392827847/M0n3tw:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjgwODg1NjU3IiwgIm5vbmNlIjogIjg1M0ZHNGRlajZDaHUwNVBMYjhpSWRGQlBWNUxWOFA0aDE2d1YxZXlpWFoyUW5VIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8yNDczOTI4Mjc4NDcvTTBuM3R3In0",
  "signature": "bvH8Oyey0K0UUoBqm-bUNmDd-NtxTN3eNZPqEofAKM2c1nRcHq22IqJH1p9EO-LNcbSKdb3iJsS6MGoYmay6bN40oRf0J6b3_0EKrFGE1rEY3IuRJYr63lk1jddOIqYC-9T6Okj_RQqZ3kUwo7YTOtEdTbazTVB5siaPkiv4P8VAs8v4-Gb7MhPbq5WQEWP9K8_zchXUorYUSrRszdIGh_uem6oqS8C_k8TX_2wicCe-E7HvLVBZkyoTVXir9CvzZNGJLsffNoCZaUOT1VAyNtDhcUFjtA9h0RlnsyIzP8XriKw6ELJQgHboc42WrrFrrtrSzNIY_G-YXZTjNYRoiw",
  "payload": "e30"
}
2023-07-20 20:49:19,631:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/247392827847/M0n3tw HTTP/1.1" 200 186
2023-07-20 20:49:19,632:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jul 2023 18:49:19 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 680885657
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/247392827847>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/247392827847/M0n3tw
Replay-Nonce: 2712pzP9A1PBKqGM-hBvJdXktOr9k4ar3xziEdwQEe5Ug8I
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247392827847/M0n3tw",
  "token": "4OTQPXFDCdOPLvm685wIQ8xhGphYPYiSKl7haYRsTo0"
}
2023-07-20 20:49:19,632:DEBUG:acme.client:Storing nonce: 2712pzP9A1PBKqGM-hBvJdXktOr9k4ar3xziEdwQEe5Ug8I
2023-07-20 20:49:19,633:INFO:certbot._internal.auth_handler:Waiting for verification...
2023-07-20 20:49:20,634:DEBUG:acme.client:JWS payload:
b''
2023-07-20 20:49:20,636:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/247034569457:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjgwODg1NjU3IiwgIm5vbmNlIjogIjI3MTJwelA5QTFQQktxR00taEJ2SmRYa3RPcjlrNGFyM3h6aUVkd1FFZTVVZzhJIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNDcwMzQ1Njk0NTcifQ",
  "signature": "W5stGUiVtYml8awPBWkWAPZT0JbbJHDG_P0UxnoZNYKajEJktr9-tUgS5k7WyPSes2pqab9-NsB7CfXeG5M5T9lfEJJvKQTpB1J69hvsz2iXeiAATwTFuTToaIIZeOIMLv_RqzS_TKUWFbnCq1SJzKZl1iit36kIBuLakXHVGfeg82KM8js5jeycBMUB6WtiLmibx6yuI-wzqlDXt1R3Khdyz4hegiIxBLFi7TrFtYQLAFEpHkoRz5pdh6Iu4WKaj1Z6HnfLF0rO4GBh5tMCHuuBHPnsowHfkjWdrwEK7SXT4MZ80i8K_G-F9ECLp1Ukg7TXdnQzrRTvsyf7Qs1JCQ",
  "payload": ""
}
2023-07-20 20:49:20,778:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/247034569457 HTTP/1.1" 200 767
2023-07-20 20:49:20,779:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jul 2023 18:49:20 GMT
Content-Type: application/json
Content-Length: 767
Connection: keep-alive
Boulder-Requester: 680885657
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 2712L3dwxiBVH1ws6do7y48GSOolapumK6FJDDTlDdCBrQo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.mebel.com.mk"
  },
  "status": "valid",
  "expires": "2023-08-18T14:27:09Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "valid",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247034569457/hg9rQQ",
      "token": "JG-zhpyUsdNI4O5kPAG2vseP8b2RgUI-z4QmHdTjucU",
      "validationRecord": [
        {
          "url": "http://www.mebel.com.mk/.well-known/acme-challenge/JG-zhpyUsdNI4O5kPAG2vseP8b2RgUI-z4QmHdTjucU",
          "hostname": "www.mebel.com.mk",
          "port": "80",
          "addressesResolved": [
            "139.162.191.184"
          ],
          "addressUsed": "139.162.191.184"
        }
      ],
      "validated": "2023-07-19T14:27:09Z"
    }
  ]
}
2023-07-20 20:49:20,779:DEBUG:acme.client:Storing nonce: 2712L3dwxiBVH1ws6do7y48GSOolapumK6FJDDTlDdCBrQo
2023-07-20 20:49:20,780:DEBUG:acme.client:JWS payload:
b''
2023-07-20 20:49:20,781:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/247392827837:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjgwODg1NjU3IiwgIm5vbmNlIjogIjI3MTJMM2R3eGlCVkgxd3M2ZG83eTQ4R1NPb2xhcHVtSzZGSkREVGxEZENCclFvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNDczOTI4Mjc4MzcifQ",
  "signature": "dKhZCzWyE39G4t1g5CD27PFn7GAPXF8L1FGLYtXuQdeCG7hIvH2f_qj3YAC86_AB-KWvOv_OUz1i5VHZ1c_e36sSpSe6c2_pxm8nxDNZx_7V1Kq_5s-a6X3hU16pr5s1I8G__pFxJ60IyYuYZ8tJa9gitnm0XdtWD6I-G_cnRCVfxnyemzk0SAIr8OJkHiI_ISLDtkUO0mc3gKfv5d_EuiiGx6niPTFcOm2v3vqMUFqHCPgXJrlPhZu6XjcEoHs24qtbGuh4jNsp4V_p2jW453slbxVg3i6hcYeIqO_fqvsbj7tvOADHU_6EFOh2up2au5U3y7iBBS_mZt3RtKkAiQ",
  "payload": ""
}
2023-07-20 20:49:20,924:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/247392827837 HTTP/1.1" 200 657
2023-07-20 20:49:20,925:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jul 2023 18:49:20 GMT
Content-Type: application/json
Content-Length: 657
Connection: keep-alive
Boulder-Requester: 680885657
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 2712pGQcCQaWPKBpOyH9Hg0CNVXEiAgLBqRewNJQw0lH3NE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mail.mebel.com.mk"
  },
  "status": "invalid",
  "expires": "2023-07-27T18:48:55Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mail.mebel.com.mk - check that a DNS record exists for this domain",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247392827837/pat8vQ",
      "token": "abg4x4xLkazdqyN1355Fc9OL0cvewqWNgfUnqVeg_TE",
      "validated": "2023-07-20T18:49:19Z"
    }
  ]
}
2023-07-20 20:49:20,925:DEBUG:acme.client:Storing nonce: 2712pGQcCQaWPKBpOyH9Hg0CNVXEiAgLBqRewNJQw0lH3NE
2023-07-20 20:49:20,926:DEBUG:acme.client:JWS payload:
b''
2023-07-20 20:49:20,928:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/247392827847:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjgwODg1NjU3IiwgIm5vbmNlIjogIjI3MTJwR1FjQ1FhV1BLQnBPeUg5SGcwQ05WWEVpQWdMQnFSZXdOSlF3MGxIM05FIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNDczOTI4Mjc4NDcifQ",
  "signature": "rvJxAwiiAdTbfHSNZCyBSiXkgn07WwjF45RvuCXpwIklbTZ-VxYkzlKHrklHSX9ZgoaxCXwbDpt48WQu48TBJdPWFAf7MJQyVqCh1DerfEaF9MuqrvvqAAUuKZ1Q-GQqw6IxYczuBFdzjtdnIhUPaLUuvHWFvFOvjgqezLKLQ8RcG3gsbU1EvzAwNOKTOk9bGzAzw7tBU-9aYl-7mIzhsPMASVUOA2AdIxoIei7lJd7ab70Kvf17hT3uLaVapMJdpH3QXFcwSvoP9hlflhJ1ESBki6KCjRtPZ8puaIEo-ZogQTqxncg9rfW5dW2RzaQtIIqHcPqqMIFn0AsZU9bR7w",
  "payload": ""
}
2023-07-20 20:49:21,068:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/247392827847 HTTP/1.1" 200 589
2023-07-20 20:49:21,068:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jul 2023 18:49:20 GMT
Content-Type: application/json
Content-Length: 589
Connection: keep-alive
Boulder-Requester: 680885657
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 853FrM-st1hbwYWaknrX7toOEn2vbeWSdDLdyROQZ4c98dQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mebel.com.mk"
  },
  "status": "invalid",
  "expires": "2023-07-27T18:48:55Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "No TXT record found at _acme-challenge.mebel.com.mk",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247392827847/M0n3tw",
      "token": "4OTQPXFDCdOPLvm685wIQ8xhGphYPYiSKl7haYRsTo0",
      "validated": "2023-07-20T18:49:19Z"
    }
  ]
}
2023-07-20 20:49:21,069:DEBUG:acme.client:Storing nonce: 853FrM-st1hbwYWaknrX7toOEn2vbeWSdDLdyROQZ4c98dQ
2023-07-20 20:49:21,069:INFO:certbot._internal.auth_handler:Challenge failed for domain mail.mebel.com.mk
2023-07-20 20:49:21,069:INFO:certbot._internal.auth_handler:Challenge failed for domain mebel.com.mk
2023-07-20 20:49:21,069:INFO:certbot._internal.auth_handler:dns-01 challenge for mail.mebel.com.mk
2023-07-20 20:49:21,069:INFO:certbot._internal.auth_handler:dns-01 challenge for mebel.com.mk
2023-07-20 20:49:21,070:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
  Domain: mail.mebel.com.mk
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mail.mebel.com.mk - check that a DNS record exists for this domain

  Domain: mebel.com.mk
  Type:   unauthorized
  Detail: No TXT record found at _acme-challenge.mebel.com.mk

Hint: The Certificate Authority failed to verify the DNS TXT records created by the --manual-auth-hook. Ensure that this hook is functioning correctly and that it waits a sufficient duration of time for DNS propagation. Refer to "certbot --help manual" and the Certbot User Guide.

2023-07-20 20:49:21,070:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/certbot/_internal/auth_handler.py", line 105, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3.6/site-packages/certbot/_internal/auth_handler.py", line 205, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-07-20 20:49:21,070:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-07-20 20:49:21,070:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-07-20 20:49:21,071:INFO:certbot.compat.misc:Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
2023-07-20 20:49:22,677:INFO:certbot.compat.misc:Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
2023-07-20 20:49:24,294:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/letsencrypt", line 11, in <module>
    load_entry_point('certbot==1.22.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3.6/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3.6/site-packages/certbot/_internal/main.py", line 1632, in main
    return config.func(config, plugins)
  File "/usr/lib/python3.6/site-packages/certbot/_internal/main.py", line 1491, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python3.6/site-packages/certbot/_internal/main.py", line 139, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python3.6/site-packages/certbot/_internal/client.py", line 496, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python3.6/site-packages/certbot/_internal/client.py", line 424, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3.6/site-packages/certbot/_internal/client.py", line 476, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3.6/site-packages/certbot/_internal/auth_handler.py", line 105, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3.6/site-packages/certbot/_internal/auth_handler.py", line 205, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-07-20 20:49:24,296:ERROR:certbot._internal.log:Some challenges have failed.

My web server is (include version): Apache

The operating system my web server runs on is (include version): AlmaLinux release 8.8 (Sapphire Caracal) || Linux 4.18.0-477.13.1.el8_8.x86_64 on x86_64

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Virtualmin 7.7

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.22.0

MikeMcQ · July 20, 2023, 7:15pm

The above command does not match the log you show.

Notably, command is webroot but log says manual; webroot is http challenge but log says dns challenge, and various other discrepancies.

DedoBoze · July 20, 2023, 7:21pm

Sorry this was log from runned command from Virtualmin SSL Certificat automatic script

now i just run

[root@server ~]# certbot certonly --webroot -w /home/mebelhosting/public_html/ -d mebel.com.mk -d mail.mebel.com.mk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for mebel.com.mk and mail.mebel.com.mk

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: mail.mebel.com.mk
  Type:   unauthorized
  Detail: 2a01:7e01::f03c:93ff:fe75:c2d4: Invalid response from http://mail.mebel.com.mk/.well-known/acme-challenge/noPnQ1mi4xIb2wo44MjNvpvKuZkcmDc7cGHzGCVpJzM: 404

  Domain: mebel.com.mk
  Type:   unauthorized
  Detail: 2a01:7e01::f03c:93ff:fe75:c2d4: Invalid response from http://mebel.com.mk/.well-known/acme-challenge/fMH0iwP561LpA1uE7RdinlJT47lMDcLc7c4OKgMHVLA: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[root@server ~]#

and this is the last log from /var/log/letsencrypt/letsencrypt.log

2023-07-20 21:19:03,504:DEBUG:acme.client:Storing nonce: 2712p4rDl8aKCu8BG_zbIdvNsiuqEwew6oW9mfAqmT4Zz4c
2023-07-20 21:19:03,504:INFO:certbot._internal.auth_handler:Challenge failed for domain mail.mebel.com.mk
2023-07-20 21:19:03,504:INFO:certbot._internal.auth_handler:Challenge failed for domain mebel.com.mk
2023-07-20 21:19:03,504:INFO:certbot._internal.auth_handler:http-01 challenge for mail.mebel.com.mk
2023-07-20 21:19:03,504:INFO:certbot._internal.auth_handler:http-01 challenge for mebel.com.mk
2023-07-20 21:19:03,504:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: mail.mebel.com.mk
  Type:   unauthorized
  Detail: 2a01:7e01::f03c:93ff:fe75:c2d4: Invalid response from http://mail.mebel.com.mk/.well-known/acme-challenge/noPnQ1mi4xIb2wo44MjNvpvKuZkcmDc7cGHzGCVpJzM: 404

  Domain: mebel.com.mk
  Type:   unauthorized
  Detail: 2a01:7e01::f03c:93ff:fe75:c2d4: Invalid response from http://mebel.com.mk/.well-known/acme-challenge/fMH0iwP561LpA1uE7RdinlJT47lMDcLc7c4OKgMHVLA: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2023-07-20 21:19:03,505:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/certbot/_internal/auth_handler.py", line 105, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3.6/site-packages/certbot/_internal/auth_handler.py", line 205, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-07-20 21:19:03,505:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-07-20 21:19:03,505:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-07-20 21:19:03,505:DEBUG:certbot._internal.plugins.webroot:Removing /home/mebelhosting/public_html/.well-known/acme-challenge/noPnQ1mi4xIb2wo44MjNvpvKuZkcmDc7cGHzGCVpJzM
2023-07-20 21:19:03,505:DEBUG:certbot._internal.plugins.webroot:Removing /home/mebelhosting/public_html/.well-known/acme-challenge/fMH0iwP561LpA1uE7RdinlJT47lMDcLc7c4OKgMHVLA
2023-07-20 21:19:03,506:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2023-07-20 21:19:03,506:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/certbot", line 11, in <module>
    load_entry_point('certbot==1.22.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3.6/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3.6/site-packages/certbot/_internal/main.py", line 1632, in main
    return config.func(config, plugins)
  File "/usr/lib/python3.6/site-packages/certbot/_internal/main.py", line 1491, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python3.6/site-packages/certbot/_internal/main.py", line 139, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python3.6/site-packages/certbot/_internal/client.py", line 496, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python3.6/site-packages/certbot/_internal/client.py", line 424, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3.6/site-packages/certbot/_internal/client.py", line 476, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3.6/site-packages/certbot/_internal/auth_handler.py", line 105, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3.6/site-packages/certbot/_internal/auth_handler.py", line 205, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-07-20 21:19:03,507:ERROR:certbot._internal.log:Some challenges have failed.

rg305 · July 20, 2023, 7:21pm

Hi @DedoBoze, and welcome to the LE community forum

It seems Virtualmin is also trying to renew your domain:
2023-07-20 20:48:54,732:DEBUG:certbot._internal.main:Arguments: ['--manual', '-d', 'mebel.com.mk', '-d', 'www.mebel.com.mk', '-d', 'mail.mebel.com.mk', '--preferred-challenges=dns', '--manual-auth-hook', '/etc/webmin/webmin/letsencrypt-dns.pl', '--manual-cleanup-hook', '/etc/webmin/webmin/letsencrypt-cleanup.pl', '--duplicate', '--force-renewal', '--non-interactive', '--agree-tos', '--config', '/tmp/.webmin/383218_140626_3_letsencrypt.cgi', '--rsa-key-size', '2048', '--cert-name', 'mebel.com.mk']
But it does it with unnecessary force:
'--force-renewal`

rg305 · July 20, 2023, 7:22pm

Do both names use the same webroot?

DedoBoze · July 20, 2023, 7:23pm

Yes all domains use the same root, as mail.mebel.com.mk is just a DNS on mebel.com.mk

mebel.com.mk.	IN	A	139.177.179.93
www.mebel.com.mk.	IN	A	139.177.179.93
ftp.mebel.com.mk.	IN	A	139.177.179.93
m.mebel.com.mk.	IN	A	139.177.179.93
server.mebel.com.mk.	IN	A	139.177.179.93
localhost.mebel.com.mk.	IN	A	127.0.0.1
server.mebel.com.mk.	IN	A	139.177.179.93
webmail.mebel.com.mk.	IN	A	139.177.179.93
admin.mebel.com.mk.	IN	A	139.177.179.93
mail.mebel.com.mk.	IN	A	139.177.179.93
mebel.com.mk.	IN	MX	5 mail.mebel.com.mk.

rg305 · July 20, 2023, 7:24pm

DNS only shows the same IP.
Show:
sudo apachectl -t -D DUMP_VHOSTS

DedoBoze · July 20, 2023, 7:24pm

VirtualHost configuration:
139.162.191.184:80     is a NameVirtualHost
         default server dikfagus.com.mk (/etc/httpd/conf/httpd.conf:362)
         port 80 namevhost dikfagus.com.mk (/etc/httpd/conf/httpd.conf:362)
                 alias www.dikfagus.com.mk
                 alias mail.dikfagus.com.mk
                 alias webmail.dikfagus.com.mk
                 alias admin.dikfagus.com.mk
         port 80 namevhost dikfagus.mk (/etc/httpd/conf/httpd.conf:439)
                 alias www.dikfagus.mk
                 alias mail.dikfagus.mk
                 alias webmail.dikfagus.mk
                 alias admin.dikfagus.mk
         port 80 namevhost fagus.mk (/etc/httpd/conf/httpd.conf:516)
                 alias www.fagus.mk
                 alias mail.fagus.mk
                 alias webmail.fagus.mk
                 alias admin.fagus.mk
         port 80 namevhost mebel.com.mk (/etc/httpd/conf/httpd.conf:556)
                 alias www.mebel.com.mk
                 alias mail.mebel.com.mk
                 alias webmail.mebel.com.mk
                 alias admin.mebel.com.mk
         port 80 namevhost agrorial.mk (/etc/httpd/conf/httpd.conf:684)
                 alias www.agrorial.mk
                 alias mail.agrorial.mk
                 alias webmail.agrorial.mk
                 alias admin.agrorial.mk
139.162.191.184:443    is a NameVirtualHost
         default server dikfagus.com.mk (/etc/httpd/conf/httpd.conf:398)
         port 443 namevhost dikfagus.com.mk (/etc/httpd/conf/httpd.conf:398)
                 alias www.dikfagus.com.mk
                 alias mail.dikfagus.com.mk
                 alias webmail.dikfagus.com.mk
                 alias admin.dikfagus.com.mk
         port 443 namevhost dikfagus.mk (/etc/httpd/conf/httpd.conf:475)
                 alias www.dikfagus.mk
                 alias mail.dikfagus.mk
                 alias webmail.dikfagus.mk
                 alias admin.dikfagus.mk
         port 443 namevhost fagus.mk (/etc/httpd/conf/httpd.conf:595)
                 alias www.fagus.mk
                 alias mail.fagus.mk
                 alias webmail.fagus.mk
                 alias admin.fagus.mk
         port 443 namevhost mebel.com.mk (/etc/httpd/conf/httpd.conf:640)
                 alias www.mebel.com.mk
                 alias mail.mebel.com.mk
                 alias webmail.mebel.com.mk
                 alias admin.mebel.com.mk
         port 443 namevhost agrorial.mk (/etc/httpd/conf/httpd.conf:722)
                 alias www.agrorial.mk
                 alias mail.agrorial.mk
                 alias webmail.agrorial.mk
                 alias admin.agrorial.mk
[2a01:7e01::f03c:93ff:fe86:f1de]:80 is a NameVirtualHost
         default server dikfagus.com.mk (/etc/httpd/conf/httpd.conf:362)
         port 80 namevhost dikfagus.com.mk (/etc/httpd/conf/httpd.conf:362)
                 alias www.dikfagus.com.mk
                 alias mail.dikfagus.com.mk
                 alias webmail.dikfagus.com.mk
                 alias admin.dikfagus.com.mk
         port 80 namevhost dikfagus.mk (/etc/httpd/conf/httpd.conf:439)
                 alias www.dikfagus.mk
                 alias mail.dikfagus.mk
                 alias webmail.dikfagus.mk
                 alias admin.dikfagus.mk
         port 80 namevhost fagus.mk (/etc/httpd/conf/httpd.conf:516)
                 alias www.fagus.mk
                 alias mail.fagus.mk
                 alias webmail.fagus.mk
                 alias admin.fagus.mk
         port 80 namevhost mebel.com.mk (/etc/httpd/conf/httpd.conf:556)
                 alias www.mebel.com.mk
                 alias mail.mebel.com.mk
                 alias webmail.mebel.com.mk
                 alias admin.mebel.com.mk
         port 80 namevhost agrorial.mk (/etc/httpd/conf/httpd.conf:684)
                 alias www.agrorial.mk
                 alias mail.agrorial.mk
                 alias webmail.agrorial.mk
                 alias admin.agrorial.mk
[2a01:7e01::f03c:93ff:fe86:f1de]:443 is a NameVirtualHost
         default server dikfagus.com.mk (/etc/httpd/conf/httpd.conf:398)
         port 443 namevhost dikfagus.com.mk (/etc/httpd/conf/httpd.conf:398)
                 alias www.dikfagus.com.mk
                 alias mail.dikfagus.com.mk
                 alias webmail.dikfagus.com.mk
                 alias admin.dikfagus.com.mk
         port 443 namevhost dikfagus.mk (/etc/httpd/conf/httpd.conf:475)
                 alias www.dikfagus.mk
                 alias mail.dikfagus.mk
                 alias webmail.dikfagus.mk
                 alias admin.dikfagus.mk
         port 443 namevhost fagus.mk (/etc/httpd/conf/httpd.conf:595)
                 alias www.fagus.mk
                 alias mail.fagus.mk
                 alias webmail.fagus.mk
                 alias admin.fagus.mk
         port 443 namevhost mebel.com.mk (/etc/httpd/conf/httpd.conf:640)
                 alias www.mebel.com.mk
                 alias mail.mebel.com.mk
                 alias webmail.mebel.com.mk
                 alias admin.mebel.com.mk
         port 443 namevhost agrorial.mk (/etc/httpd/conf/httpd.conf:722)
                 alias www.agrorial.mk
                 alias mail.agrorial.mk
                 alias webmail.agrorial.mk
                 alias admin.agrorial.mk

rg305 · July 20, 2023, 7:25pm

Show the vhost at location in that file.

DedoBoze · July 20, 2023, 7:26pm

<VirtualHost 139.162.191.184:80 [2a01:7e01::f03c:93ff:fe86:f1de]:80>
    SuexecUserGroup "#1004" "#1003"
    ServerName mebel.com.mk
    ServerAlias www.mebel.com.mk
    ServerAlias mail.mebel.com.mk
    ServerAlias webmail.mebel.com.mk
    ServerAlias admin.mebel.com.mk
    DocumentRoot /home/mebelhosting/public_html
    ErrorLog /var/log/virtualmin/mebel.com.mk_error_log
    CustomLog /var/log/virtualmin/mebel.com.mk_access_log combined
    ScriptAlias /cgi-bin/ /home/mebelhosting/cgi-bin/
    DirectoryIndex index.php index.php4 index.php5 index.htm index.html
    <Directory /home/mebelhosting/public_html>
        Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch
        Allow from all
        AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    </Directory>
    <Directory /home/mebelhosting/cgi-bin>
        allow from all
        AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
        Require all granted
        SetHandler proxy:unix:/var/fcgiwrap/166066962138533.sock/socket|fcgi://localhost
        ProxyFCGISetEnvIf true SCRIPT_FILENAME "/home/mebelhosting%{reqenv:SCRIPT_NAME}"
    </Directory>
    RewriteEngine on
    RewriteCond %{HTTP_HOST} =webmail.mebel.com.mk
    RewriteRule ^(?!/.well-known)(.*) https://mebel.com.mk:20000/ [R]
    RewriteCond %{HTTP_HOST} =admin.mebel.com.mk
    RewriteRule ^(?!/.well-known)(.*) https://mebel.com.mk:10000/ [R]
    RemoveHandler .php
    RemoveHandler .php7.2
    RemoveHandler .php7.4
    RemoveHandler .php8.0
    RemoveHandler .php8.1
    RemoveHandler .php8.2
    <FilesMatch \.php$>
        SetHandler proxy:unix:/var/php-fpm/166066962138533.sock|fcgi://127.0.0.1
    </FilesMatch>
</VirtualHost>

rg305 · July 20, 2023, 7:29pm

Looks like the IPv6 address has changed.

That is why it is bad practice to hardcode IP address info in the vhost definition.
[not your fault - Virtualmin faulty]

rg305 · July 20, 2023, 7:30pm

Name:      mebel.com.mk
Addresses: 2a01:7e01::f03c:93ff:fe75:c2d4
           139.162.191.184

DedoBoze · July 20, 2023, 7:32pm

So if i change the IPv6 in the host file and request a new certification it will fix the error?

rg305 · July 20, 2023, 7:37pm

You would have to do that in Virtualmin OR it might get overridden later.
First: Find which is the correct IPv6 address.
Second: Learn how/where Virtualmin finds/uses IP addresses.
Third: Decide what to do next.

For a "quick fix", you could remove the IPv6 address from DNS.
And do that until you are better informed and make your decision.

DedoBoze · July 20, 2023, 7:40pm

Thanks for the help. By some meaning Linode assaing new IPV6 on every restart. In the Virtualmin there was a new ipv6 idk why was that

i just change to the Address that was in the host file

restart the apache and request the new certificate and the certbot get the new cert.

thanks for the help <3

rg305 · July 20, 2023, 7:43pm

Is that page used to request new IP addresses?

DedoBoze · July 20, 2023, 7:45pm

For some reason after the restart of the VPS virtualmin get a new IPv6 address

rg305 · July 20, 2023, 7:47pm

Then it better be married to the DNS zone - LOL

DedoBoze · July 20, 2023, 7:49pm

I have like 10 server on linode and this is the first time this happend to change the IPV6 address. I`ll issuse this problem also to the Linode. And again thanks for the help, and have a great day/night.

system · August 19, 2023, 7:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.