Some challenges have failed (AuthorizationErro)

My domain is: www.projetosbrgaap.xyz

I ran this command: sudo certbot --apache -v

It produced this output:
Which names would you like to activate HTTPS for?


1: www.projetosbrgaap.xyz


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Requesting a certificate for www.projetosbrgaap.xyz
Performing the following challenges:
http-01 challenge for www.projetosbrgaap.xyz
Waiting for verification...
Challenge failed for domain www.projetosbrgaap.xyz
http-01 challenge for www.projetosbrgaap.xyz

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: www.projetosbrgaap.xyz
Type: dns
Detail: DNS problem: SERVFAIL looking up CAA for projetosbrgaap.xyz - the domain's nameservers may be malfunctioning

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

I'm have openproject hosted on this server

My S. O is:
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.5 LTS"

My hosting provider, if applicable, is: digital ocean

I`m using root user and my ssh key

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.18.0

FULL LOG:

2021-08-29 22:47:18,735:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2021-08-29 22:47:19,120:DEBUG:certbot._internal.main:certbot version: 1.18.0
2021-08-29 22:47:19,120:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1343/bin/certbot
2021-08-29 22:47:19,120:DEBUG:certbot._internal.main:Arguments: ['--apache', '-v', '--preconfigured-renewal']
2021-08-29 22:47:19,120:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-08-29 22:47:19,138:DEBUG:certbot._internal.log:Root logging level set at 20
2021-08-29 22:47:19,139:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2021-08-29 22:47:19,247:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.29
2021-08-29 22:47:19,553:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7f3f27c9dfd0>
Prep: True
2021-08-29 22:47:19,554:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7f3f27c9dfd0> and installer <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7f3f27c9dfd0>
2021-08-29 22:47:19,554:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2021-08-29 22:47:19,561:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/180690730', new_authzr_uri=None, terms_of_service=None), a08b95a7be09a9845441d7012cd5eefe, Meta(creation_dt=datetime.datetime(2021, 8, 29, 22, 40, 57, tzinfo=<UTC>), creation_host='brgaap-openproject', register_to_eff='moises.miranda@brgaap.com'))>
2021-08-29 22:47:19,562:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-08-29 22:47:19,564:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-08-29 22:47:19,731:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-08-29 22:47:19,732:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 29 Aug 2021 22:47:19 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "l_gqHz3gODk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-08-29 22:47:24,238:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for www.projetosbrgaap.xyz
2021-08-29 22:47:24,291:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0003_key-certbot.pem
2021-08-29 22:47:24,296:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0003_csr-certbot.pem
2021-08-29 22:47:24,297:DEBUG:acme.client:Requesting fresh nonce
2021-08-29 22:47:24,297:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-08-29 22:47:24,339:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-08-29 22:47:24,340:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 29 Aug 2021 22:47:24 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 01013OOtzMEytcgaqCKR4WQJt9ZPGoA3_hZMGx-ihT6OrVU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-08-29 22:47:24,341:DEBUG:acme.client:Storing nonce: 01013OOtzMEytcgaqCKR4WQJt9ZPGoA3_hZMGx-ihT6OrVU
2021-08-29 22:47:24,341:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "www.projetosbrgaap.xyz"\n    }\n  ]\n}'
2021-08-29 22:47:24,343:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTgwNjkwNzMwIiwgIm5vbmNlIjogIjAxMDEzT090ek1FeXRjZ2FxQ0tSNFdRSnQ5WlBHb0EzX2haTUd4LWloVDZPclZVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "C7yJ2sF7X0HyoLT3EO4MQACDYtiVr3I-wAOkIx2owNMWDkHY34CafO2VqUrg02HLyzVK-wZeouSHaOR_wXdGTWF0IZcNnovmE52G85a5nWqMlNSbZF5Yt_ATHmceXm4V_eeILCPD18_8Sadu2sK8YRCyL-k0bIEd5u1zVc4Rx4TpbY12_uWHO_-NoTCX58I0_iHl5sG0VvHuh6dRHVkTxfjspIIg-U51bsljw0sJFJHYdj0LUZEqVX0S0GjpIOz9yFDOIluH5ChG5rTYBoz0b1KvJ5bYPhJdnNrIAYX_73w8K6Tcn80FN40xlzvNfnngkj8w93oIZBmc0t2zVS7LUA",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5wcm9qZXRvc2JyZ2FhcC54eXoiCiAgICB9CiAgXQp9"
}
2021-08-29 22:47:24,652:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 345
2021-08-29 22:47:24,653:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sun, 29 Aug 2021 22:47:24 GMT
Content-Type: application/json
Content-Length: 345
Connection: keep-alive
Boulder-Requester: 180690730
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/180690730/20581639640
Replay-Nonce: 0101K28-W0UihgnsGhbn_D45uLAiZ9uQQ_W0huFJvzsmc9A
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-09-05T22:47:24Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "www.projetosbrgaap.xyz"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/26268159310"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/180690730/20581639640"
}
2021-08-29 22:47:24,653:DEBUG:acme.client:Storing nonce: 0101K28-W0UihgnsGhbn_D45uLAiZ9uQQ_W0huFJvzsmc9A
2021-08-29 22:47:24,653:DEBUG:acme.client:JWS payload:
b''
2021-08-29 22:47:24,656:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/26268159310:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTgwNjkwNzMwIiwgIm5vbmNlIjogIjAxMDFLMjgtVzBVaWhnbnNHaGJuX0Q0NXVMQWlaOXVRUV9XMGh1Rkp2enNtYzlBIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNjI2ODE1OTMxMCJ9",
  "signature": "OmpQP3lUtWLdhnp8R2p9l04zfvRgbcLSFDarj7UYeDdxf4RGhN7RqTcMQZrPljG_T075h1iwUk-c_IpRxiNj8eqsu_67GY-JKRTK7yvFa0WBtNqD0j05D48YYQUol3g28Fa8-MtEdvX7RKjLXlMRsnePzDKD5UQ7hg_a7R6Jfy7cRGZrnYkK42axVCUDRpcabdJJyWtKeh8ZnZtHKpkMTweGuVDAewZKLupTIxTbUx4APTkbNXp4pxHIKiTz2oT8AkU2fuZZXGDn7sko3Nq1o-gaXqI-l_rZnrvf8NoQiLqhfa_DkmXOD9NpzNoycX5xXsPgoQhiZsHEif3utueH8A",
  "payload": ""
}
2021-08-29 22:47:24,753:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/26268159310 HTTP/1.1" 200 803
2021-08-29 22:47:24,754:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 29 Aug 2021 22:47:24 GMT
Content-Type: application/json
Content-Length: 803
Connection: keep-alive
Boulder-Requester: 180690730
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 01029YL4FgGECpJNeRaG3duh0Ujr9SRdJVcFpyzWOwP5lVQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.projetosbrgaap.xyz"
  },
  "status": "pending",
  "expires": "2021-09-05T22:47:24Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/26268159310/Z4hATw",
      "token": "pUZVnHPE1fWFDC1Ex8eWTMqCkESIIXjYPpK-2SV9CWM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/26268159310/5GA32w",
      "token": "pUZVnHPE1fWFDC1Ex8eWTMqCkESIIXjYPpK-2SV9CWM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/26268159310/uUUiVg",
      "token": "pUZVnHPE1fWFDC1Ex8eWTMqCkESIIXjYPpK-2SV9CWM"
    }
  ]
}
2021-08-29 22:47:24,754:DEBUG:acme.client:Storing nonce: 01029YL4FgGECpJNeRaG3duh0Ujr9SRdJVcFpyzWOwP5lVQ
2021-08-29 22:47:24,755:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-08-29 22:47:24,755:INFO:certbot._internal.auth_handler:http-01 challenge for www.projetosbrgaap.xyz
2021-08-29 22:47:24,762:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: www.projetosbrgaap.xyz in: /etc/apache2/sites-enabled/openproject.conf
2021-08-29 22:47:24,763:DEBUG:certbot_apache._internal.http_01:writing a pre config file with text:
         RewriteEngine on
        RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
    
2021-08-29 22:47:24,763:DEBUG:certbot_apache._internal.http_01:writing a post config file with text:
         <Directory /var/lib/letsencrypt/http_challenges>
            Require all granted
        </Directory>
        <Location /.well-known/acme-challenge>
            Require all granted
        </Location>
    
2021-08-29 22:47:24,777:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/openproject.conf
2021-08-29 22:47:27,966:DEBUG:acme.client:JWS payload:
b'{}'
2021-08-29 22:47:27,969:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/26268159310/Z4hATw:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTgwNjkwNzMwIiwgIm5vbmNlIjogIjAxMDI5WUw0RmdHRUNwSk5lUmFHM2R1aDBVanI5U1JkSlZjRnB5eldPd1A1bFZRIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8yNjI2ODE1OTMxMC9aNGhBVHcifQ",
  "signature": "izYxhXh9M42Qqa7HTMmRrK9wy99CU8UZie3Stkitw6v-KUWEIHCgvL3qhoqWZ-k1OESqVkcSk1pjUToI4NosE0Xv3a3k_tw98iCCYsoT0V9WUjECava0qQvryoAYPmBTNzuwVlcT07OgliPQVHosR8cL8uDc_CYWqlYAkDV1Zx5lqFhWy91_Oz-pH1tBtakm5iB5m6dZygVj3LO6deruD-5Y-m4pReBG4SVRXZq52yjSCzYhKLLtJzRds9rFR34da0e-D9T5jBBx46zc7ecY3UB966GhkQpVgaFZTpq7K8xdXLg77_e8NKq8JEHfor2G_2DK5p-ICxm6z0qS5jsmWA",
  "payload": "e30"
}
2021-08-29 22:47:28,081:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/26268159310/Z4hATw HTTP/1.1" 200 186
2021-08-29 22:47:28,082:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 29 Aug 2021 22:47:28 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 180690730
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/26268159310>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/26268159310/Z4hATw
Replay-Nonce: 010251qicWdCnX7f160PONxOc3230xLT29l0uxO4BFl-PIM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/26268159310/Z4hATw",
  "token": "pUZVnHPE1fWFDC1Ex8eWTMqCkESIIXjYPpK-2SV9CWM"
}
2021-08-29 22:47:28,083:DEBUG:acme.client:Storing nonce: 010251qicWdCnX7f160PONxOc3230xLT29l0uxO4BFl-PIM
2021-08-29 22:47:28,083:INFO:certbot._internal.auth_handler:Waiting for verification...
2021-08-29 22:47:29,084:DEBUG:acme.client:JWS payload:
b''
2021-08-29 22:47:29,087:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/26268159310:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTgwNjkwNzMwIiwgIm5vbmNlIjogIjAxMDI1MXFpY1dkQ25YN2YxNjBQT054T2MzMjMweExUMjlsMHV4TzRCRmwtUElNIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNjI2ODE1OTMxMCJ9",
  "signature": "bbMeD8HjU5IsyoHnIQj_KNvEEdcqHTImQgaMzZqPWCZtghdtZfPyo4a6ojbTID38NfKghG0zmD09Lg6NLDGJ6_v_FbXrpIwB6A0gqYJZ56udM6HAsf9y_cwZttkgSS0MZ8pqu3bgQCM6BKllnJc7f9YbjpV5J0TUTIMrD4uEzdAjYcZz11lLa24e0Sqfn6fSp6J7MoP58tacIx7wgXQn_gpKYcp76YG6kHtDyR1drLMxCMRGExKIknhYnmYopugOd-l6zl8A-kzcOeMe5zM9B9553Bi8IFVSN1_f6wFbDPyINrkL3JYMpqtfBv5B5mjE-h0TOfFiySdZLuwV6wuurg",
  "payload": ""
}
2021-08-29 22:47:29,187:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/26268159310 HTTP/1.1" 200 803
2021-08-29 22:47:29,187:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 29 Aug 2021 22:47:29 GMT
Content-Type: application/json
Content-Length: 803
Connection: keep-alive
Boulder-Requester: 180690730
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 01012r_iBXWivGK8BofFDezq_U9t4zf6gfzSQMwMewUiGlI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.projetosbrgaap.xyz"
  },
  "status": "pending",
  "expires": "2021-09-05T22:47:24Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/26268159310/Z4hATw",
      "token": "pUZVnHPE1fWFDC1Ex8eWTMqCkESIIXjYPpK-2SV9CWM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/26268159310/5GA32w",
      "token": "pUZVnHPE1fWFDC1Ex8eWTMqCkESIIXjYPpK-2SV9CWM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/26268159310/uUUiVg",
      "token": "pUZVnHPE1fWFDC1Ex8eWTMqCkESIIXjYPpK-2SV9CWM"
    }
  ]
}
2021-08-29 22:47:29,187:DEBUG:acme.client:Storing nonce: 01012r_iBXWivGK8BofFDezq_U9t4zf6gfzSQMwMewUiGlI
2021-08-29 22:47:32,191:DEBUG:acme.client:JWS payload:
b''
2021-08-29 22:47:32,194:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/26268159310:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTgwNjkwNzMwIiwgIm5vbmNlIjogIjAxMDEycl9pQlhXaXZHSzhCb2ZGRGV6cV9VOXQ0emY2Z2Z6U1FNd01ld1VpR2xJIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNjI2ODE1OTMxMCJ9",
  "signature": "PCdBXCC3LquCMJfogHhouCdekejlLJ45QIPYb7_C8lwXeEwLAbbst2c4f0y8-S-STiZKx616GCeA-WxuQeAGDJhM6Rqe28ZoDkJhMsUMTxoUrxC30EeK15Yb74t8l0uWQD0HKxzIFU1u807cQOylmUsT0nOt7ZjB8Xiu0TCODFjT6arlDBxzA_Zt4DAwz59l7zao9eeojMFz8GK3qeudhCPFPVEvGhVQ0DrR92vjr5hhEZy0VHwg-6nWo5dqjlN5R5dp6eHKjUxbyaalzSTLrLf8nUZTlo8C7aUnYdHvK3s_PK4b5hKDD7jyiXOnNVz7OSFdMXebE6jvhZl1HmsBGg",
  "payload": ""
}
2021-08-29 22:47:32,275:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/26268159310 HTTP/1.1" 200 1014
2021-08-29 22:47:32,276:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 29 Aug 2021 22:47:32 GMT
Content-Type: application/json
Content-Length: 1014
Connection: keep-alive
Boulder-Requester: 180690730
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102nVwVCV9fqaxiNahyRLNXk0ehpLPS0t7_rJjoxvAsofs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.projetosbrgaap.xyz"
  },
  "status": "invalid",
  "expires": "2021-09-05T22:47:24Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "DNS problem: SERVFAIL looking up CAA for projetosbrgaap.xyz - the domain's nameservers may be malfunctioning",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/26268159310/Z4hATw",
      "token": "pUZVnHPE1fWFDC1Ex8eWTMqCkESIIXjYPpK-2SV9CWM",
      "validationRecord": [
        {
          "url": "http://www.projetosbrgaap.xyz/.well-known/acme-challenge/pUZVnHPE1fWFDC1Ex8eWTMqCkESIIXjYPpK-2SV9CWM",
          "hostname": "www.projetosbrgaap.xyz",
          "port": "80",
          "addressesResolved": [
            "167.99.229.202"
          ],
          "addressUsed": "167.99.229.202"
        }
      ],
      "validated": "2021-08-29T22:47:28Z"
    }
  ]
}
2021-08-29 22:47:32,276:DEBUG:acme.client:Storing nonce: 0102nVwVCV9fqaxiNahyRLNXk0ehpLPS0t7_rJjoxvAsofs
2021-08-29 22:47:32,277:INFO:certbot._internal.auth_handler:Challenge failed for domain www.projetosbrgaap.xyz
2021-08-29 22:47:32,277:INFO:certbot._internal.auth_handler:http-01 challenge for www.projetosbrgaap.xyz
2021-08-29 22:47:32,278:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: www.projetosbrgaap.xyz
  Type:   dns
  Detail: DNS problem: SERVFAIL looking up CAA for projetosbrgaap.xyz - the domain's nameservers may be malfunctioning

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

2021-08-29 22:47:32,278:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2021-08-29 22:47:32,279:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-08-29 22:47:32,279:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-08-29 22:47:32,701:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/1343/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/main.py", line 1566, in main
    return config.func(config, plugins)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/main.py", line 1280, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/main.py", line 128, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/client.py", line 456, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/client.py", line 386, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/client.py", line 436, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-08-29 22:47:32,704:ERROR:certbot._internal.log:Some challenges have failed.

It seems your DNS servers are happily answering requests for the www subdomain, but refusing all requests (with the DNS answer SERVFAIL) for either other subdomains (e.g. www2 or foo) and for the apex domain name (projetosbrgaap.xyz).

For a graphical explanation, see: projetosbrgaap.xyz | DNSViz

Usually, this isn't an issue if you just would like to use the www subdomain and not URLs like https://projetosbrgaap.xyz, but Let's Encrypt is required to check the CAA DNS records of all parent hostnames of the hostname you want a certificate for. So for example, if you want a certificate for bar.example.com the LE server needs to check the CAA record for bar.example.com but also the CAA records for example.com and com.

So if your DNS servers are refusing to answer properly to requests for a CAA record for projetosbrgaap.xyz, Let's Encrypt will refuse to issue a certificate for you.

Note that it isn't mandatory to have CAA records. It's just that the SERVFAIL error answered by your DNS servers is not acceptable. It would have been acceptable to answer with the status "NOERROR" without any answer at all (i.e.: no CAA record). It's just the SERVFAIL error of the DNS server which is the problem here.

I would recommend you to fix your DNS server so it doesn answer with SERVFAIL for requests it should answer NOERROR to.

1 Like

Hello, firstly thank you a lot,
I tried removing www from domain name in the Ocean:

After removed, I can access via ssh normally, ex: ssh root@projetosbrgaap.xyz
ssh root@projetosbrgaap.xyz
Welcome to Ubuntu 18.04.5 LTS (GNU/Linux 4.15.0-154-generic x86_64)

I no undertaking where is the problem, can you be more specific?

The CAA problems that were seen 20 hours ago are gone.
Please try certbot one more time.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.