Some challenges have failed

Please fill out the fields below so we can help you better.

My domain is: sjdev.partaker.net

I ran this command: certbot --apache

It produced this output: Some challenges have failed

My web server is (include version): Apache 2.4.6

The operating system my web server runs on is (include version): CentOS 7

My hosting provider, if applicable, is: self-hosted

I can login to a root shell on my machine: yes

I'm NOT using a control panel to manage my site.

The version of my client is (e.g. output of certbot --version): 1.29.0

I had a certificate for this domain, but it apparently did not renew and expired. I got errors renewing it, and got errors trying to create it again, so I removed the certificate from /etc/letsencrypt/renewal and /etc/letsencrypt/live and /etc/httpd/sites-available and /etc/httpd/conf/httpd.conf.

I can access this website via http on port 80. I have successfully created other certificates on the same server. But for some reason, every time I try to create a certificate for this domain, I get an error. I have been trying to get it to work for about 4 hours now.

My latest log file output is:

2022-09-06 17:13:36,819:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2022-09-06 17:13:37,418:DEBUG:certbot._internal.main:certbot version: 1.29.0
2022-09-06 17:13:37,418:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/2192/bin/certbot
2022-09-06 17:13:37,418:DEBUG:certbot._internal.main:Arguments: ['--apache', '--preconfigured-renewal']
2022-09-06 17:13:37,419:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-09-06 17:13:37,493:DEBUG:certbot._internal.log:Root logging level set at 30
2022-09-06 17:13:37,496:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2022-09-06 17:13:37,718:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.6
2022-09-06 17:13:38,259:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f70e6520c10>
Prep: True
2022-09-06 17:13:38,261:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f70e6520c10> and installer <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f70e6520c10>
2022-09-06 17:13:38,261:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2022-09-06 17:13:38,277:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f70e64cd910>)>), contact=('mailto:steve@cloudmountainmarketing.com',), agreement='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf', status='valid', terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v01.api.letsencrypt.org/acme/reg/34339760', new_authzr_uri='https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'), 298aaef0d86c327fcf553a80bb1c1ec1, Meta(creation_dt=datetime.datetime(2018, 5, 3, 6, 54, 18, tzinfo=<UTC>), creation_host='50-253-111-228-static.hfc.comcastbusiness.net', register_to_eff=None))>
2022-09-06 17:13:38,279:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-09-06 17:13:38,281:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-09-06 17:13:46,400:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 672
2022-09-06 17:13:46,401:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 06 Sep 2022 23:14:25 GMT
Content-Type: application/json
Content-Length: 672
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "lMPPw_gLcXE": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017-w-v1.3-notice.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2022-09-06 17:14:09,588:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for sjdev.partaker.net
2022-09-06 17:14:09,895:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/1225_key-certbot.pem
2022-09-06 17:14:09,923:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/1225_csr-certbot.pem
2022-09-06 17:14:09,924:DEBUG:acme.client:Requesting fresh nonce
2022-09-06 17:14:09,924:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2022-09-06 17:14:09,941:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-09-06 17:14:09,942:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 06 Sep 2022 23:14:48 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001pV2J9TOZXcwwm0dqDw5x3-vOXdi93sjBCoEmBkDxVdM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2022-09-06 17:14:09,942:DEBUG:acme.client:Storing nonce: 0001pV2J9TOZXcwwm0dqDw5x3-vOXdi93sjBCoEmBkDxVdM
2022-09-06 17:14:09,943:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "sjdev.partaker.net"\n    }\n  ]\n}'
2022-09-06 17:14:09,946:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNDMzOTc2MCIsICJub25jZSI6ICIwMDAxcFYySjlUT1pYY3d3bTBkcUR3NXgzLXZPWGRpOTNzakJDb0VtQmtEeFZkTSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
  "signature": "rT2fV-HjEJJIn8dnWoXcK3tnvcfMCfhOjAkj2lmsUHXJSWv_NDyd0UZWDHDMwaXN_7rlaRCXn6IejxIk1LvZny0bFfCAmhuJSvewYdRFMjV5JRnWtTuIB66xksFGQqz4WlsW4vn-8YTxByEd8i5OZ64fP7UrPa_K61Gj_KRYHQDNEPjoXffSN7Cbs1bByK4lEdcNLhEkmz8bAZDPO08owvIMDvqS_KjtDzWL21M-ArXHbrqZ2m1ksprxh829LoUoLZpkVu2M6_RRTWUpBbBg4syPhuTN78AFn40pT9R6wVXgl0pPGV3amIUS9EXGRwZlrVZnvx3yGBjn3nE6R3sT9A",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNqZGV2LnBhcnRha2VyLm5ldCIKICAgIH0KICBdCn0"
}
2022-09-06 17:14:10,042:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 342
2022-09-06 17:14:10,042:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 06 Sep 2022 23:14:49 GMT
Content-Type: application/json
Content-Length: 342
Connection: keep-alive
Boulder-Requester: 34339760
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/34339760/123165200777
Replay-Nonce: 0002bFH-pIcG23Jak5-0__s6a1tCy4CbsT02pPJ70nJEPLk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2022-09-13T23:14:48Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "sjdev.partaker.net"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/150534502337"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/34339760/123165200777"
}
2022-09-06 17:14:10,043:DEBUG:acme.client:Storing nonce: 0002bFH-pIcG23Jak5-0__s6a1tCy4CbsT02pPJ70nJEPLk
2022-09-06 17:14:10,043:DEBUG:acme.client:JWS payload:
b''
2022-09-06 17:14:10,046:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/150534502337:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNDMzOTc2MCIsICJub25jZSI6ICIwMDAyYkZILXBJY0cyM0phazUtMF9fczZhMXRDeTRDYnNUMDJwUEo3MG5KRVBMayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTUwNTM0NTAyMzM3In0",
  "signature": "wM9QUqzxaBO0iLOp149eftGWI-muK44oUeLFAO797CcvzXaYpN2nQmxVQkXigG_XEo2lFXx7-RJ7njNvy_xuNQpUiZw8VThCLnCVDAtZVJ-KG3L0VtbnDclxqPmqTUesrocG4xEcgT8wFBDSjwgbVU3l3OrBCJHelQ1RtSR6ikKKzpyz_EEBYRRnZdm_GmaZt2ExLZMaZGmDKLmZUUyZh5aTV2TfkIv90ufmbqVHmGE9SdjP13qHgrCV-8XKeciEQwRLUZp5OwfxDy8XLFXBov8eCAQGIeeXGKxT8BPE0kYCcsLXnA_95B8lk4sVV0XDv0ODgQeND22ek6fx-_4f4g",
  "payload": ""
}
2022-09-06 17:14:10,065:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/150534502337 HTTP/1.1" 200 802
2022-09-06 17:14:10,066:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 06 Sep 2022 23:14:49 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 34339760
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002aZ9F400Ei-ErGuS8zSpU1wZHMlDm7aHbWkb4Vr1ET30
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "sjdev.partaker.net"
  },
  "status": "pending",
  "expires": "2022-09-13T23:14:48Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150534502337/m0o9Ig",
      "token": "cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150534502337/qYqAqA",
      "token": "cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150534502337/50KdAQ",
      "token": "cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4"
    }
  ]
}
2022-09-06 17:14:10,066:DEBUG:acme.client:Storing nonce: 0002aZ9F400Ei-ErGuS8zSpU1wZHMlDm7aHbWkb4Vr1ET30
2022-09-06 17:14:10,067:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-09-06 17:14:10,067:INFO:certbot._internal.auth_handler:http-01 challenge for sjdev.partaker.net
2022-09-06 17:14:10,108:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: sjdev.partaker.net in: /etc/httpd/sites-enabled/sjdev.partaker.net.conf
2022-09-06 17:14:10,109:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: None in: /etc/httpd/conf.d/ssl.conf
2022-09-06 17:14:10,109:DEBUG:certbot_apache._internal.http_01:writing a pre config file with text:
         RewriteEngine on
        RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
    
2022-09-06 17:14:10,110:DEBUG:certbot_apache._internal.http_01:writing a post config file with text:
         <Directory /var/lib/letsencrypt/http_challenges>
            Require all granted
        </Directory>
        <Location /.well-known/acme-challenge>
            Require all granted
        </Location>
    
2022-09-06 17:14:10,223:DEBUG:certbot.reverter:Creating backup of /etc/httpd/sites-enabled/sjdev.partaker.net.conf
2022-09-06 17:14:10,223:DEBUG:certbot.reverter:Creating backup of /etc/httpd/conf.d/ssl.conf
2022-09-06 17:14:13,569:DEBUG:acme.client:JWS payload:
b'{}'
2022-09-06 17:14:13,576:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/150534502337/m0o9Ig:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNDMzOTc2MCIsICJub25jZSI6ICIwMDAyYVo5RjQwMEVpLUVyR3VTOHpTcFUxd1pITWxEbTdhSGJXa2I0VnIxRVQzMCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTUwNTM0NTAyMzM3L20wbzlJZyJ9",
  "signature": "PwyEsWuuinyLIxjPSpF7azkPV5xYMigSMe8tmnsLDSrtGvLcH_Ge1Cbu6tciRC0UcCGCIyQ4ALnIjaKgGW1cA-YPPNuJGPlu-4ot3T1Hc5NW2YWuF451iotB4synJFSCiHui81ApPBGj23Yh-Ts7fRPxzbTO9Oofhne9vpA2cny3eBMPjn5P40EsTlWlZnfMhFGB01OWG4txLAhS-CHwzuG7Brdxgt3UT-Lt1qVyOE_rQwzSOEp-O_0iKYezrkp0VwOvIIif5bnO0-rLMcAVixL8d5NowH4ExftwiaxSpZHshGoVcPmgRkPnnjH5N-CvX-ruPa7A75TAsBPaVRThvw",
  "payload": "e30"
}
2022-09-06 17:14:13,609:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/150534502337/m0o9Ig HTTP/1.1" 200 187
2022-09-06 17:14:13,610:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 06 Sep 2022 23:14:52 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 34339760
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/150534502337>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/150534502337/m0o9Ig
Replay-Nonce: 0001Lp26Gpt-1j6vPPOBv0X5WBrUtroo-hQ-AngUNEKBk_Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150534502337/m0o9Ig",
  "token": "cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4"
}
2022-09-06 17:14:13,611:DEBUG:acme.client:Storing nonce: 0001Lp26Gpt-1j6vPPOBv0X5WBrUtroo-hQ-AngUNEKBk_Y
2022-09-06 17:14:13,612:INFO:certbot._internal.auth_handler:Waiting for verification...
2022-09-06 17:14:14,613:DEBUG:acme.client:JWS payload:
b''
2022-09-06 17:14:14,619:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/150534502337:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNDMzOTc2MCIsICJub25jZSI6ICIwMDAxTHAyNkdwdC0xajZ2UFBPQnYwWDVXQnJVdHJvby1oUS1BbmdVTkVLQmtfWSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTUwNTM0NTAyMzM3In0",
  "signature": "p2enKZSQMqTaqtMLercFk4od7nOlF_OX5AiurdaueiR3SEGBH_zhr_c2N4aJjLsLI9SBQBP91CIZobpWdHrSDahWE1Z6xaLEn5RXKoTFmoapazNtfMUJtbgzDNKo-IPDgfV-nagbwiKQnMfc4QIdtMLL7ETZ2H-S14fsnTEZl-jAwY2r3tKJNWe5kKFYTQpqFya2cQhi-Ph6HRCTJ7EpVqOPgy0pWiv_PfEXVQCcsVmF4evCw_QNjsO9seV5Lbo7V6trwaLuu53jrlY7hxtXko9cbVfcxh9TiO4uI3nUWWOFmWhnA-sNNpLUNO-vOYp5FwmMn3LyX8ANT_keSAskIg",
  "payload": ""
}
2022-09-06 17:14:14,642:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/150534502337 HTTP/1.1" 200 802
2022-09-06 17:14:14,643:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 06 Sep 2022 23:14:53 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 34339760
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001k9Nkexj0MVK_rYgb_QgvVuJnxIgg3zQ8mEXhPzR9Cu0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "sjdev.partaker.net"
  },
  "status": "pending",
  "expires": "2022-09-13T23:14:48Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150534502337/m0o9Ig",
      "token": "cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150534502337/qYqAqA",
      "token": "cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150534502337/50KdAQ",
      "token": "cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4"
    }
  ]
}
2022-09-06 17:14:14,643:DEBUG:acme.client:Storing nonce: 0001k9Nkexj0MVK_rYgb_QgvVuJnxIgg3zQ8mEXhPzR9Cu0
2022-09-06 17:14:17,647:DEBUG:acme.client:JWS payload:
b''
2022-09-06 17:14:17,653:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/150534502337:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNDMzOTc2MCIsICJub25jZSI6ICIwMDAxazlOa2V4ajBNVktfcllnYl9RZ3ZWdUpueElnZzN6UThtRVhoUHpSOUN1MCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTUwNTM0NTAyMzM3In0",
  "signature": "YGVC5C9LRXaS-5fWTBf_pWJexcbrJTEzZqqPkt23TLdR3FN4Z9MKMtksPh3A4MWVRBgzXelH0hWlMO9zPTg3LnWVe5HvtjakA9nRKNm_ST6ScBTgrQn3YK9xK_9uKJuAD8KYzrj7GEftx6kxnqEQSV8PhwNdGs-whWUGGFld58pgTX9DlhaG2s5mzZzIKU0YVtNVq4iWEv8drbW0Zd-1sWczag4DO5Q9cBOBiMinBIAKAbnTBmGYbRz_TOqGPF61sF-PNHbFEVSAnsoI9YXJCaGQ8GArY73c7gP3RUg7Hqv-98myXAfb1jCzX7_jmlcN_NPIXYGwX-rf1QSE0J8QfQ",
  "payload": ""
}
2022-09-06 17:14:17,674:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/150534502337 HTTP/1.1" 200 802
2022-09-06 17:14:17,675:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 06 Sep 2022 23:14:56 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 34339760
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001zYYdKLrAsJnYiHiUMpPhDCFjpbB37ZOGKIv2DKJCDes
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "sjdev.partaker.net"
  },
  "status": "pending",
  "expires": "2022-09-13T23:14:48Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150534502337/m0o9Ig",
      "token": "cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150534502337/qYqAqA",
      "token": "cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150534502337/50KdAQ",
      "token": "cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4"
    }
  ]
}
2022-09-06 17:14:17,675:DEBUG:acme.client:Storing nonce: 0001zYYdKLrAsJnYiHiUMpPhDCFjpbB37ZOGKIv2DKJCDes
2022-09-06 17:14:20,679:DEBUG:acme.client:JWS payload:
b''
2022-09-06 17:14:20,685:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/150534502337:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNDMzOTc2MCIsICJub25jZSI6ICIwMDAxellZZEtMckFzSm5ZaUhpVU1wUGhEQ0ZqcGJCMzdaT0dLSXYyREtKQ0RlcyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTUwNTM0NTAyMzM3In0",
  "signature": "A52aGw-NN8x8J_NigE8EUgSQ6zg2FxlZDlQzHgpDMOgsYwAF9iP0F4QYRSMkb3HKY7tgSk8mQIg9fR2lUt5EQoAsqXQJMe5-_oerrq1gjWDZ2Qme7fWzWLkj-UooASfx3MAjS346RVCld5NODskAaF7ZuJg8Wh7WGqsWsOF4BAfm4WFo9KgeS4C0oRIDxoxE3A1AviYrouD4NF8ghuxYFKha8v8iUn2NwVttpvqTXlriZxopDNKi3GIwAfeA8ndXp3-twMcgSgo6yXEfyVHvIUGbK4X0iA61jPqBJWBHwVMyZKu0JVVyV7ecdhELI39bK6l7IGzP5yKoovTWxSuOlg",
  "payload": ""
}
2022-09-06 17:14:20,710:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/150534502337 HTTP/1.1" 200 802
2022-09-06 17:14:20,711:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 06 Sep 2022 23:14:59 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 34339760
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001C_LlMTEwCW3vBRzGScTkNB1TsulA8HGQdw2G3DfHz14
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "sjdev.partaker.net"
  },
  "status": "pending",
  "expires": "2022-09-13T23:14:48Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150534502337/m0o9Ig",
      "token": "cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150534502337/qYqAqA",
      "token": "cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150534502337/50KdAQ",
      "token": "cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4"
    }
  ]
}
2022-09-06 17:14:20,711:DEBUG:acme.client:Storing nonce: 0001C_LlMTEwCW3vBRzGScTkNB1TsulA8HGQdw2G3DfHz14
2022-09-06 17:14:23,715:DEBUG:acme.client:JWS payload:
b''
2022-09-06 17:14:23,721:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/150534502337:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNDMzOTc2MCIsICJub25jZSI6ICIwMDAxQ19MbE1URXdDVzN2QlJ6R1NjVGtOQjFUc3VsQThIR1FkdzJHM0RmSHoxNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTUwNTM0NTAyMzM3In0",
  "signature": "xwC8uYhrrvda5Is-LJtcKjUk2UCj_OxZLSsCWDraNlGRgzuJrdDMTOL2YktkQe7SeL0JR8zldwGrfclXFtKrNaWgPGkrBmyx1YGsYAJ7yy1iyXPH9BCKa077ViP_TLULmybHOp7DC8wrhHz4i7FWe5fXc_84VkHW_Az9jkMphTwlrmnrGfWeye5QzvPG2QWrwK27bGT6AvKsrfgLw0j4JKlcaAfX_gBKuV4WsWNolcosskh83vqfnaB__wPci2BjsnboR71vCCXrBKvebpLYYJlP2-2noUyQKS-sVia8BkRyMTtEZolgDGF5-HbC6jUG9PeHHaUl6EJ2E1S2nT70uw",
  "payload": ""
}
2022-09-06 17:14:23,746:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/150534502337 HTTP/1.1" 200 802
2022-09-06 17:14:23,747:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 06 Sep 2022 23:15:02 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 34339760
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001jgKMwRxpisyO58Wu91y7m_JZpKjWcRAZf-sXwZxdgkA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "sjdev.partaker.net"
  },
  "status": "pending",
  "expires": "2022-09-13T23:14:48Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150534502337/m0o9Ig",
      "token": "cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150534502337/qYqAqA",
      "token": "cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150534502337/50KdAQ",
      "token": "cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4"
    }
  ]
}
2022-09-06 17:14:23,747:DEBUG:acme.client:Storing nonce: 0001jgKMwRxpisyO58Wu91y7m_JZpKjWcRAZf-sXwZxdgkA
2022-09-06 17:14:26,751:DEBUG:acme.client:JWS payload:
b''
2022-09-06 17:14:26,756:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/150534502337:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNDMzOTc2MCIsICJub25jZSI6ICIwMDAxamdLTXdSeHBpc3lPNThXdTkxeTdtX0pacEtqV2NSQVpmLXNYd1p4ZGdrQSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTUwNTM0NTAyMzM3In0",
  "signature": "mr3pyokyDjohjaYZBtex0R4ue-sMIg58Fr3IB_ALUxypA7lqFFBDbPZJ3xsQL5GkI7DO0IBB_jCjIeLp-RD_iq_UVa4hAco-OedoJBPKm0dbBYVJIP-UGflH6TOHMnj_w5jMUpfUNtoYNGXKmxDWJMWkDWZyZZ-u0FbLJ6V4ID9pungPX5Jp2Jvm8pHCvIKfY3kuUGbewDpji4PE2YfTkHcdRmYYuu-0GQ5iGdNK2KxpUtnrJ0AgNmJoombHh8_vQHPKfZb4iUrhUT5lItZ_36dQ_D_HoBq7WP5VM-AE_H50hldNZ_Sf4fSCrYki5WFMZlhOeIYvjCBv7N-HLJv8Ig",
  "payload": ""
}
2022-09-06 17:14:26,780:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/150534502337 HTTP/1.1" 200 1064
2022-09-06 17:14:26,780:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 06 Sep 2022 23:15:05 GMT
Content-Type: application/json
Content-Length: 1064
Connection: keep-alive
Boulder-Requester: 34339760
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00018C_Bxx_7vr86Rqshzy2WaEYWrsUMkhd6HQMvLo8WD5A
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "sjdev.partaker.net"
  },
  "status": "invalid",
  "expires": "2022-09-13T23:14:48Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "64.98.50.25: Fetching http://sjdev.partaker.net/.well-known/acme-challenge/cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4: Timeout during connect (likely firewall problem)",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150534502337/m0o9Ig",
      "token": "cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4",
      "validationRecord": [
        {
          "url": "http://sjdev.partaker.net/.well-known/acme-challenge/cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4",
          "hostname": "sjdev.partaker.net",
          "port": "80",
          "addressesResolved": [
            "64.98.50.25"
          ],
          "addressUsed": "64.98.50.25"
        }
      ],
      "validated": "2022-09-06T23:14:52Z"
    }
  ]
}
2022-09-06 17:14:26,781:DEBUG:acme.client:Storing nonce: 00018C_Bxx_7vr86Rqshzy2WaEYWrsUMkhd6HQMvLo8WD5A
2022-09-06 17:14:26,781:INFO:certbot._internal.auth_handler:Challenge failed for domain sjdev.partaker.net
2022-09-06 17:14:26,781:INFO:certbot._internal.auth_handler:http-01 challenge for sjdev.partaker.net
2022-09-06 17:14:26,782:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: sjdev.partaker.net
  Type:   connection
  Detail: 64.98.50.25: Fetching http://sjdev.partaker.net/.well-known/acme-challenge/cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

2022-09-06 17:14:26,783:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2022-09-06 17:14:26,783:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-09-06 17:14:26,783:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-09-06 17:14:27,253:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/2192/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/main.py", line 1744, in main
    return config.func(config, plugins)
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/main.py", line 1441, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/client.py", line 530, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/client.py", line 442, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/client.py", line 510, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-09-06 17:14:27,256:ERROR:certbot._internal.log:Some challenges have failed.

2 Likes

Hello @SEJohnsen, welcome to the Let's Encrypt community. :slightly_smiling_face:

A great place to start debugging Let's Encrypt certificates is Let's Debug
And the current results from Let's Debug Let's Debug

Here are the certificate you have received so far crt.sh | sjdev.partaker.net ; none recently.

Current SSL Labs Report: SSL Server Test: sjdev.partaker.net (Powered by Qualys SSL Labs)

And

openssl s_client -servername sjdev.partaker.net -connect sjdev.partaker.net:443
CONNECTED(00000003)
depth=0 C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = aspen.cloudmountainmarketing.com, emailAddress = root@aspen.cloudmountainmarketing.com
verify error:num=18:self-signed certificate
verify return:1
depth=0 C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = aspen.cloudmountainmarketing.com, emailAddress = root@aspen.cloudmountainmarketing.com
verify error:num=10:certificate has expired
notAfter=Oct  3 19:08:51 2018 GMT
verify return:1
depth=0 C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = aspen.cloudmountainmarketing.com, emailAddress = root@aspen.cloudmountainmarketing.com
notAfter=Oct  3 19:08:51 2018 GMT
verify return:1
---
Certificate chain
 0 s:C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = aspen.cloudmountainmarketing.com, emailAddress = root@aspen.cloudmountainmarketing.com
   i:C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = aspen.cloudmountainmarketing.com, emailAddress = root@aspen.cloudmountainmarketing.com
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Oct  3 19:08:51 2017 GMT; NotAfter: Oct  3 19:08:51 2018 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEOjCCAyKgAwIBAgICKFwwDQYJKoZIhvcNAQELBQAwgdExCzAJBgNVBAYTAi0t
MRIwEAYDVQQIDAlTb21lU3RhdGUxETAPBgNVBAcMCFNvbWVDaXR5MRkwFwYDVQQK
DBBTb21lT3JnYW5pemF0aW9uMR8wHQYDVQQLDBZTb21lT3JnYW5pemF0aW9uYWxV
bml0MSkwJwYDVQQDDCBhc3Blbi5jbG91ZG1vdW50YWlubWFya2V0aW5nLmNvbTE0
MDIGCSqGSIb3DQEJARYlcm9vdEBhc3Blbi5jbG91ZG1vdW50YWlubWFya2V0aW5n
LmNvbTAeFw0xNzEwMDMxOTA4NTFaFw0xODEwMDMxOTA4NTFaMIHRMQswCQYDVQQG
EwItLTESMBAGA1UECAwJU29tZVN0YXRlMREwDwYDVQQHDAhTb21lQ2l0eTEZMBcG
A1UECgwQU29tZU9yZ2FuaXphdGlvbjEfMB0GA1UECwwWU29tZU9yZ2FuaXphdGlv
bmFsVW5pdDEpMCcGA1UEAwwgYXNwZW4uY2xvdWRtb3VudGFpbm1hcmtldGluZy5j
b20xNDAyBgkqhkiG9w0BCQEWJXJvb3RAYXNwZW4uY2xvdWRtb3VudGFpbm1hcmtl
dGluZy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKKlsqBRts
s6ESURBr5BlY787vL4OaYmsdHrEfqgEV3mdLsxnuI5osVcvON2k28f5ieXonatdS
fV4tJHFIF6J7IdDLyl2I7vm4JofT6XNemPFvFXggCpGmqncsVZTG6g5Px/H9GXPe
Me5wzlgytlYCApPEhOsA/lq7mQMBzUh//4Tkh4713cwTy6WAHRZ6IizrgRdpHX52
fCY+MpEW/rvxFAgdGzyVYy0qcqnoayD83G6jlgzPr1L3iUsAUsIOGw4AT5M88bMy
6abSNV691v6lidPIk/yzVzs7YV1J1tmAcCWWJPX8RM0ri+N1NAlr78sNOnNv0quD
ZegUEpuM5EF5AgMBAAGjGjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMA0GCSqG
SIb3DQEBCwUAA4IBAQBv7Seetaie8WUa+9Cs9GL5d2mBdOcR6NFl77Cg3MpLiwFS
lXjcwCCL0dndWquF+MgfE4wsfA4QI49IKXJ6faXMj8N/zoEAwmh6OMeLegxhVzCL
OtPxF7/XmkCg/sc4zaZA+UsC3etZ3lun7GTnsHQI6ARBU2Z8uLa6abWMil6TRAt4
bnCM4bCso+86lxMlBN/clCmG9gYOsuGnC4mq6qIviF4vGFN0SkbndijNlzSi7G1W
D+OQoYJsDr/Is1i2a7rRtWbx5cBwAIpqDK6FyA7mZ3195H9hVe74PbEJ04Qu8iEB
4kC363ZRYdeSdBBm/pwa/f1Nbvlw0YQ7pjn8XCOk
-----END CERTIFICATE-----
subject=C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = aspen.cloudmountainmarketing.com, emailAddress = root@aspen.cloudmountainmarketing.com
issuer=C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit, CN = aspen.cloudmountainmarketing.com, emailAddress = root@aspen.cloudmountainmarketing.com
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 1788 bytes and written 446 bytes
Verification error: certificate has expired
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 3C2910C487FA2BDDEB67B8083D9FF3B3D454E1E0F73674F88A1A878C9F1303C0
    Session-ID-ctx:
    Master-Key: 2AE43F6F6C9DF16BD34C58CBFCE2E8AB62C9DC9AD994035914679E52E43D94C1CADF57856F087F0CE0AD99921B1A8E07
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 7d bb 6b 67 67 13 bc 82-30 67 1d 6f 38 53 a3 d4   }.kgg...0g.o8S..
    0010 - 05 55 fd 8d 49 da d2 e2-16 a9 3c 11 85 4b 3f 23   .U..I.....<..K?#
    0020 - b5 3e ee 27 53 df cf bd-bd 4b 72 01 34 57 46 8b   .>.'S....Kr.4WF.
    0030 - 1f 84 0c 06 77 14 e3 63-9c db 10 5f f7 3c ec dd   ....w..c..._.<..
    0040 - a2 33 c1 bd 4b 69 41 38-61 03 56 72 d4 69 1b 8d   .3..KiA8a.Vr.i..
    0050 - 40 eb aa 7d e6 6d 28 72-66 96 8c d7 1e be 6f 3e   @..}.m(rf.....o>
    0060 - bf e2 3e c6 9f dc fb 10-b1 82 82 20 de 89 73 ef   ..>........ ..s.
    0070 - 6e 07 69 15 24 ec 38 f6-a3 54 af 2c e3 49 70 11   n.i.$.8..T.,.Ip.
    0080 - ba 39 f0 0f a6 f8 60 2f-46 35 04 1e 77 d8 74 bd   .9....`/F5..w.t.
    0090 - 71 e6 a8 9e 86 c6 24 8d-b5 c1 6a c7 61 73 2c 28   q.....$...j.as,(
    00a0 - c5 29 1c b7 07 48 93 ee-90 bd 42 ac bc 0c 56 e7   .)...H....B...V.
    00b0 - 55 02 b4 33 f7 26 25 55-e7 79 59 7b d2 c5 71 63   U..3.&%U.yY{..qc
    00c0 - c5 25 ef 30 9e 97 2f fc-c0 f3 8d 52 80 14 dd 13   .%.0../....R....

    Start Time: 1662507503
    Timeout   : 7200 (sec)
    Verify return code: 10 (certificate has expired)
    Extended master secret: no
---
closed

And that certificate you are currently serving up has no Subject Alternative Names (SAN)

2 Likes

Thanks. This is what LetsDebug tells me:

64.98.50.25: Fetching http://sjdev.partaker.net/.well-known/acme-challenge/xfugB_CDlp6e654A1Ixga56ygfSFMWso5WjkRBAnU5g: Timeout during connect (likely firewall problem)

There is no folder called .well-known on my server. Do I have to create it manually? I am running Certbot as root. Are there additional troubleshooting steps I can take? I have no problem reaching the domain by http (http://sjdev.partaker.net/).

1 Like

This is the key part of your error message. And, as Bruce noted, Let's Debug also shows a timeout for the Let's Encrypt staging system test. The simple connection test from Let's Debug works fine. And, I can connect to that domain fine too from my test server. I also probed for common problems caused by the Palo Alto Networks brand firewalls and I did not see that as a cause.

The URL failing is for an HTTP site so I don't see that the self-signed cert is involved.

The most likely explanation is you have a firewall that is blocking the IP address(es) used by the Let's Encrypt servers. Have you checked your firewalls?

4 Likes

No, you don't have to create it. Certbot does that for you. And, it's ok to be missing during the Let's Debug test. See my prior post about firewall and IP blocks.

4 Likes

According to my logs (/var/log/firewalld), I have not blocked any IP addresses today. Assuming there are no firewall blocks, is there anything that would cause LetsEncrypt to not be able to create the temporary .well-known file?

When you run a fresh Let's Debug test do you see any access attempts in your Apache access log?

Your last good cert for this domain name was on June8. Any changes since then could be affecting Let's Encrypt today. And, it looks like your renewal try would have started in early Aug so something went awry between Jun8 and early Aug and continues.

4 Likes

A timeout is a comms problem. A missing or faulty challenge token would be a different error

4 Likes

Yes, I see the access attempts in my Apache access logs.

172.104.24.29 - - [06/Sep/2022:17:55:54 -0600] "GET /.well-known/acme-challenge/letsdebug-test HTTP/1.1" 404 1552 "-" "Mozilla/5.0 (compatible; Let's Debug emulating Let's Encrypt validation server; +https://letsdebug.net)"
54.186.70.139 - - [06/Sep/2022:17:55:55 -0600] "GET /.well-known/acme-challenge/snJ0F0V4b-gdTPqY9QGOkkKpivTpTHA0gbgj8X2HA2c HTTP/1.1" 404 1552 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
3.68.116.125 - - [06/Sep/2022:17:55:55 -0600] "GET /.well-known/acme-challenge/snJ0F0V4b-gdTPqY9QGOkkKpivTpTHA0gbgj8X2HA2c HTTP/1.1" 404 1552 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
54.80.134.212 - - [06/Sep/2022:17:55:57 -0600] "GET /.well-known/acme-challenge/xfugB_CDlp6e654A1Ixga56ygfSFMWso5WjkRBAnU5g: HTTP/1.1" 404 1552 "-" "Slackbot-LinkExpanding 1.0 (+https://api.slack.com/robots)"
54.167.223.88 - - [06/Sep/2022:17:55:57 -0600] "GET /.well-known/acme-challenge/cqm4idg7TNzlnj7Xw0I_3BQUrNByRx_RW1xKR6fA0Z4 HTTP/1.1" 404 1552 "-" "Slackbot-LinkExpanding 1.0 (+https://api.slack.com/robots)"

Here is the verbose output from the LetsDebug retest:


IssueFromLetsEncrypt
Error
A test authorization for sjdev.partaker.net to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
64.98.50.25: Fetching http://sjdev.partaker.net/.well-known/acme-challenge/snJ0F0V4b-gdTPqY9QGOkkKpivTpTHA0gbgj8X2HA2c: Timeout during connect (likely firewall problem)
HTTPCheck
Debug
Requests made to the domain
Request to: sjdev.partaker.net/64.98.50.25, Result: [Address=64.98.50.25,Address Type=IPv4,Server=Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28,HTTP Status=404], Issue:
Trace:
@0ms: Making a request to http://sjdev.partaker.net/.well-known/acme-challenge/letsdebug-test (using initial IP 64.98.50.25)
@0ms: Dialing 64.98.50.25
@168ms: Server response: HTTP 404 Not Found

HTTPRecords
Debug
A and AAAA records found for this domain
sjdev.partaker.net. 0 IN A 64.98.50.25
LetsEncryptStaging
Debug
Challenge update failures for sjdev.partaker.net in order https://acme-staging-v02.api.letsencrypt.org/acme/order/5751349/3954868753
acme: error code 400 "urn:ietf:params:acme:error:connection": 64.98.50.25: Fetching http://sjdev.partaker.net/.well-known/acme-challenge/snJ0F0V4b-gdTPqY9QGOkkKpivTpTHA0gbgj8X2HA2c: Timeout during connect (likely firewall problem)
PublicSuffix
Debug
The IANA public suffix is the TLD of the Registered Domain
The TLD for sjdev.partaker.net is: net
StatusIO
Debug
The current status.io status for Let's Encrypt
Operational 

Also Let's Encrypt uses Multi-Perspective Validation Improves Domain Validation Security - Let's Encrypt
So you will have several different Challenge Validation servers making checks on your site.

And here is documentation on different types of Challenges that can be used Challenge Types - Let's Encrypt ; presently you are using HTTP-01 challenge. Not suggesting that you change but wanting to make you aware of the options open to you.

2 Likes

There are only 2 requests. There should be 4. The IP's often change (even every few hours) so I can't say what they should be.

This seems strongly like an IP firewall block

4 Likes

Agreed! :slightly_smiling_face:

1 Like

I disabled firewalld and ran cerbot again. It fails with exactly the same error message. I don't understand how it can be the firewall when the firewall is not running, and is not logging any blocks when it was running. Is there anything else I can try?

2022-09-06 18:03:49,003:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2022-09-06 18:03:49,609:DEBUG:certbot._internal.main:certbot version: 1.29.0
2022-09-06 18:03:49,609:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/2192/bin/certbot
2022-09-06 18:03:49,609:DEBUG:certbot._internal.main:Arguments: ['--apache', '--preconfigured-renewal']
2022-09-06 18:03:49,609:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-09-06 18:03:49,686:DEBUG:certbot._internal.log:Root logging level set at 30
2022-09-06 18:03:49,688:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2022-09-06 18:03:49,898:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.6
2022-09-06 18:03:50,479:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f13a0ffb970>
Prep: True
2022-09-06 18:03:50,481:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f13a0ffb970> and installer <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f13a0ffb970>
2022-09-06 18:03:50,481:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2022-09-06 18:03:50,499:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f13a0f99eb0>)>), contact=('mailto:steve@cloudmountainmarketing.com',), agreement='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf', status='valid', terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v01.api.letsencrypt.org/acme/reg/34339760', new_authzr_uri='https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'), 298aaef0d86c327fcf553a80bb1c1ec1, Meta(creation_dt=datetime.datetime(2018, 5, 3, 6, 54, 18, tzinfo=<UTC>), creation_host='50-253-111-228-static.hfc.comcastbusiness.net', register_to_eff=None))>
2022-09-06 18:03:50,500:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-09-06 18:03:50,503:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-09-06 18:03:58,626:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 672
2022-09-06 18:03:58,627:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 07 Sep 2022 00:04:37 GMT
Content-Type: application/json
Content-Length: 672
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017-w-v1.3-notice.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
  "riIGAEzUdx0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
2022-09-06 18:04:01,421:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for sjdev.partaker.net
2022-09-06 18:04:01,598:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/1226_key-certbot.pem
2022-09-06 18:04:01,628:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/1226_csr-certbot.pem
2022-09-06 18:04:01,629:DEBUG:acme.client:Requesting fresh nonce
2022-09-06 18:04:01,629:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2022-09-06 18:04:01,647:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-09-06 18:04:01,648:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 07 Sep 2022 00:04:40 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002LsHCmtu1PxSYKZ9td1rcgv4OcfCPmgB0voWq5LlCDvY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2022-09-06 18:04:01,648:DEBUG:acme.client:Storing nonce: 0002LsHCmtu1PxSYKZ9td1rcgv4OcfCPmgB0voWq5LlCDvY
2022-09-06 18:04:01,648:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "sjdev.partaker.net"\n    }\n  ]\n}'
2022-09-06 18:04:01,652:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNDMzOTc2MCIsICJub25jZSI6ICIwMDAyTHNIQ210dTFQeFNZS1o5dGQxcmNndjRPY2ZDUG1nQjB2b1dxNUxsQ0R2WSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
  "signature": "tb60qt_scvsokui_m5FOaXy_YAeccInVAf__my_r1VWuX7Ad_6ZicaEJWq4TughwZHJGq-bgd4sbO377sRGbjCztxM72KUvadVzHvPdGbTtysAhu_XeIxZmKXxw91le-5uVgv-EnC9V5H4ZUHQBwcogF4GmRBv4F45xQ5cDfmwZNz9tQ67FdMwEFYpVuNfc4qS6SLIGvjT_UVthSaeFstBwVSVpmCSwy_Zjd0y1pneNup1U3qX8pwRMCVLvyuoyXT8YhA0UUk6z1qDaGTg5Lz8RHdfVM2KLJxoOTiXSXj_7bSjStBBP1HeYsosOvb4S4BpCXX4_RrJxBaMlI1zYfaA",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNqZGV2LnBhcnRha2VyLm5ldCIKICAgIH0KICBdCn0"
}
2022-09-06 18:04:01,796:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 342
2022-09-06 18:04:01,797:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 07 Sep 2022 00:04:40 GMT
Content-Type: application/json
Content-Length: 342
Connection: keep-alive
Boulder-Requester: 34339760
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/34339760/123175847527
Replay-Nonce: 0002krxJZPMIR4bufYTUgNqh-avFvNw1iIMpheiViMYPCPA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2022-09-14T00:04:40Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "sjdev.partaker.net"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/150547363797"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/34339760/123175847527"
}
2022-09-06 18:04:01,797:DEBUG:acme.client:Storing nonce: 0002krxJZPMIR4bufYTUgNqh-avFvNw1iIMpheiViMYPCPA
2022-09-06 18:04:01,797:DEBUG:acme.client:JWS payload:
b''
2022-09-06 18:04:01,801:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/150547363797:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNDMzOTc2MCIsICJub25jZSI6ICIwMDAya3J4SlpQTUlSNGJ1ZllUVWdOcWgtYXZGdk53MWlJTXBoZWlWaU1ZUENQQSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTUwNTQ3MzYzNzk3In0",
  "signature": "bLGJibXrhR61PjeMST0nr5Pe2zCumlRvdWLImgg5gG44hFPBS879kD8vU09B0rWtXC3GFDgmRe2zNVS7eKMvW_d3finps3-4CqZefheGaaUrJtQmcIKsjesVuRFeAhI8IR12r0UR4mSbzqqKVzqijVGIp4Z7-8yTZLT4GoFQF_nxhp2XKuSsb-6VeII83vcv1BXIiE02Bpo0ZGR-iIo4D1usXvK9zT1axWdbJAUIguSnjycB1Ar2wtJwJPfsnj78z0uwCseV5ZIQCzem8-PD0Jh0kgipBihJ28_Iycv-hgBFhiO5HLMeLDIf9aj4ckAintKweqVUsQaCKe5h1o5KQA",
  "payload": ""
}
2022-09-06 18:04:01,827:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/150547363797 HTTP/1.1" 200 802
2022-09-06 18:04:01,828:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 07 Sep 2022 00:04:40 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 34339760
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002OD5ydfRNnqCr4ZQSlluj5p3UcPnEb-6EzrMkD9YzIVU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "sjdev.partaker.net"
  },
  "status": "pending",
  "expires": "2022-09-14T00:04:40Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150547363797/tRgtRA",
      "token": "8uKSmR5B-Z8T2dd2NhH7sm7yYQ7jv9FKppMQSp27ePA"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150547363797/djcgWg",
      "token": "8uKSmR5B-Z8T2dd2NhH7sm7yYQ7jv9FKppMQSp27ePA"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150547363797/034fnQ",
      "token": "8uKSmR5B-Z8T2dd2NhH7sm7yYQ7jv9FKppMQSp27ePA"
    }
  ]
}
2022-09-06 18:04:01,828:DEBUG:acme.client:Storing nonce: 0002OD5ydfRNnqCr4ZQSlluj5p3UcPnEb-6EzrMkD9YzIVU
2022-09-06 18:04:01,829:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-09-06 18:04:01,829:INFO:certbot._internal.auth_handler:http-01 challenge for sjdev.partaker.net
2022-09-06 18:04:01,853:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: sjdev.partaker.net in: /etc/httpd/sites-enabled/sjdev.partaker.net.conf
2022-09-06 18:04:01,853:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: None in: /etc/httpd/conf.d/ssl.conf
2022-09-06 18:04:01,854:DEBUG:certbot_apache._internal.http_01:writing a pre config file with text:
         RewriteEngine on
        RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
    
2022-09-06 18:04:01,854:DEBUG:certbot_apache._internal.http_01:writing a post config file with text:
         <Directory /var/lib/letsencrypt/http_challenges>
            Require all granted
        </Directory>
        <Location /.well-known/acme-challenge>
            Require all granted
        </Location>
    
2022-09-06 18:04:01,931:DEBUG:certbot.reverter:Creating backup of /etc/httpd/conf.d/ssl.conf
2022-09-06 18:04:01,932:DEBUG:certbot.reverter:Creating backup of /etc/httpd/sites-enabled/sjdev.partaker.net.conf
2022-09-06 18:04:05,323:DEBUG:acme.client:JWS payload:
b'{}'
2022-09-06 18:04:05,327:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/150547363797/tRgtRA:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNDMzOTc2MCIsICJub25jZSI6ICIwMDAyT0Q1eWRmUk5ucUNyNFpRU2xsdWo1cDNVY1BuRWItNkV6ck1rRDlZeklWVSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTUwNTQ3MzYzNzk3L3RSZ3RSQSJ9",
  "signature": "K_mSF-sVWsoNGiHqWQtRfybU0N7npK4n0Sey7aTH4gahEszq623PsLmSGKXLXV3RRQbVLdES_6-KgbsG7c_WzZ1Vj0UizhG_pVojc8clC9wK3MCPSeWSicfy-itM0tLSrdMoRIt1djBQU58ovUwvmxxQXX7SEDpBQWhK8e_3MlsXSqOoJsC8EXsPlQsl-6kJGNaAVVh4BUPnOfrLJaJufyKmseY0Dd6d0g1A01VNP18UotItfcTUGfhW8TAQMslT9ovl7_FhpCJCxFr1utlg7Y3NKxxy5VxbLuso6e6KR3a0HHzeRSwn_-dyUmmnc_h5bL_-dDMvL0HiNJMDt5YDNg",
  "payload": "e30"
}
2022-09-06 18:04:05,354:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/150547363797/tRgtRA HTTP/1.1" 200 187
2022-09-06 18:04:05,354:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 07 Sep 2022 00:04:44 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 34339760
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/150547363797>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/150547363797/tRgtRA
Replay-Nonce: 0001N1aqFNT7ljDQhQd44x4Eq1OSz334aPzGVeX6ELHFecY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150547363797/tRgtRA",
  "token": "8uKSmR5B-Z8T2dd2NhH7sm7yYQ7jv9FKppMQSp27ePA"
}
2022-09-06 18:04:05,355:DEBUG:acme.client:Storing nonce: 0001N1aqFNT7ljDQhQd44x4Eq1OSz334aPzGVeX6ELHFecY
2022-09-06 18:04:05,355:INFO:certbot._internal.auth_handler:Waiting for verification...
2022-09-06 18:04:06,357:DEBUG:acme.client:JWS payload:
b''
2022-09-06 18:04:06,362:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/150547363797:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNDMzOTc2MCIsICJub25jZSI6ICIwMDAxTjFhcUZOVDdsakRRaFFkNDR4NEVxMU9TejMzNGFQekdWZVg2RUxIRmVjWSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTUwNTQ3MzYzNzk3In0",
  "signature": "OdF_ilkN6KfYoC86xg2YptZQ-pSk_gDHhSNK-KgH4FZ8u4EtCmoLNKtpIiosQDbWTyd1KbYckPKS8w2_cvfDwMrw8SPeE-Il0kJzwU2sRvdpJFtpYJupxB0PZPIDdVUDMns0z3xjROY1Wv72MqCa2nhG7Qhz3YIjXKX7VsCP8RDCmYc01Kp2Hp1c8ioeHkwxjxkMmDmrcEsNgSuQ9ZDextzzj3wELJzZGvy_ah0-zL__p3lSXE6SQH5EvLqO0Sk18FFQ6ES8dEd678XViXnFiHkZ35F4iw0eFwmlV1vcMhnNPpLuaePDgMbclDhUcNfzd__HRlk1oQbjHX-TLnnr8w",
  "payload": ""
}
2022-09-06 18:04:06,388:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/150547363797 HTTP/1.1" 200 802
2022-09-06 18:04:06,389:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 07 Sep 2022 00:04:45 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 34339760
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001gvNYZDESL7KsiIxWGxw5Va96RwM37hzafCvl22pGH8A
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "sjdev.partaker.net"
  },
  "status": "pending",
  "expires": "2022-09-14T00:04:40Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150547363797/tRgtRA",
      "token": "8uKSmR5B-Z8T2dd2NhH7sm7yYQ7jv9FKppMQSp27ePA"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150547363797/djcgWg",
      "token": "8uKSmR5B-Z8T2dd2NhH7sm7yYQ7jv9FKppMQSp27ePA"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150547363797/034fnQ",
      "token": "8uKSmR5B-Z8T2dd2NhH7sm7yYQ7jv9FKppMQSp27ePA"
    }
  ]
}
2022-09-06 18:04:06,390:DEBUG:acme.client:Storing nonce: 0001gvNYZDESL7KsiIxWGxw5Va96RwM37hzafCvl22pGH8A
2022-09-06 18:04:09,394:DEBUG:acme.client:JWS payload:
b''
2022-09-06 18:04:09,399:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/150547363797:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNDMzOTc2MCIsICJub25jZSI6ICIwMDAxZ3ZOWVpERVNMN0tzaUl4V0d4dzVWYTk2UndNMzdoemFmQ3ZsMjJwR0g4QSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTUwNTQ3MzYzNzk3In0",
  "signature": "gHSZLwID7-pby1lFZYMFZ2NbadcbnTZ_vm-sfX1ttBqHOc-Xbr1ViKkE7GzFKj434m-1iEGAIMQGTIhvZYBODZp7VUuHi-EYifxl3iySdUqB84aolaPoM5WiymMvuSVupUEi0nNVivLAbAqIL3EAp0m2MD6Js-BQLi4ywe4sLbji-eo1d5nUeXP8zScTQFun5yMGpcRvW6lHNr8XDSnjlkSp791aAhPfUuv7Wmh8l2gyE3_dWG2oNnuisIUJpp-TkT2lV1s69xkZ1pPkc81kkbx-nZ4Jvq_4FZEtJ_zqfAeMQO7YZeUxIkgQt95_kBTNUshzOwymVf5rvre1PABJig",
  "payload": ""
}
2022-09-06 18:04:09,424:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/150547363797 HTTP/1.1" 200 802
2022-09-06 18:04:09,425:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 07 Sep 2022 00:04:48 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 34339760
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001zvJvZqbyyczzViqedWCGTf64SHo0GOiOhZh0e3BAqvg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "sjdev.partaker.net"
  },
  "status": "pending",
  "expires": "2022-09-14T00:04:40Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150547363797/tRgtRA",
      "token": "8uKSmR5B-Z8T2dd2NhH7sm7yYQ7jv9FKppMQSp27ePA"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150547363797/djcgWg",
      "token": "8uKSmR5B-Z8T2dd2NhH7sm7yYQ7jv9FKppMQSp27ePA"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150547363797/034fnQ",
      "token": "8uKSmR5B-Z8T2dd2NhH7sm7yYQ7jv9FKppMQSp27ePA"
    }
  ]
}
2022-09-06 18:04:09,425:DEBUG:acme.client:Storing nonce: 0001zvJvZqbyyczzViqedWCGTf64SHo0GOiOhZh0e3BAqvg
2022-09-06 18:04:12,429:DEBUG:acme.client:JWS payload:
b''
2022-09-06 18:04:12,435:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/150547363797:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNDMzOTc2MCIsICJub25jZSI6ICIwMDAxenZKdlpxYnl5Y3p6VmlxZWRXQ0dUZjY0U0hvMEdPaU9oWmgwZTNCQXF2ZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTUwNTQ3MzYzNzk3In0",
  "signature": "xkT2a7aE33lDYd74iqdVUhL71ep8H3lUlQG0DTwe9cktDzIoSxHFn7Ckmbq1pFuXjtIk0aVbOVeuQSXP9Ij2S9KBEp4EtxrPLg6c-g26V1ziLL1BXBO-a3VC9ZvzrVngutJYrWezMasrg1h_Nc-6PYOkf4_vo4tT2aYsIZTsHIHSItKSvOqzKXNiqo_YJno47NNPqDmP8SnIHAJaI_j89TYfbOzIjObDA-1qJ9B6ml38XWSR-N1UDVeFuMiA5HzFgtm29iohEF5Vnauh6uoor9X3PfsDJJ9cipJjCyAaSqjf-wqVBqOUMb6Gpanx_Ga1gNMmnQ5s2vw5D9qLK4RcQQ",
  "payload": ""
}
2022-09-06 18:04:12,457:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/150547363797 HTTP/1.1" 200 802
2022-09-06 18:04:12,458:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 07 Sep 2022 00:04:51 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 34339760
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002F3AaSKU_JhG8avhD2CiaLJFYRANKOn2nNELYDjb4pgU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "sjdev.partaker.net"
  },
  "status": "pending",
  "expires": "2022-09-14T00:04:40Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150547363797/tRgtRA",
      "token": "8uKSmR5B-Z8T2dd2NhH7sm7yYQ7jv9FKppMQSp27ePA"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150547363797/djcgWg",
      "token": "8uKSmR5B-Z8T2dd2NhH7sm7yYQ7jv9FKppMQSp27ePA"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150547363797/034fnQ",
      "token": "8uKSmR5B-Z8T2dd2NhH7sm7yYQ7jv9FKppMQSp27ePA"
    }
  ]
}
2022-09-06 18:04:12,458:DEBUG:acme.client:Storing nonce: 0002F3AaSKU_JhG8avhD2CiaLJFYRANKOn2nNELYDjb4pgU
2022-09-06 18:04:15,462:DEBUG:acme.client:JWS payload:
b''
2022-09-06 18:04:15,467:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/150547363797:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNDMzOTc2MCIsICJub25jZSI6ICIwMDAyRjNBYVNLVV9KaEc4YXZoRDJDaWFMSkZZUkFOS09uMm5ORUxZRGpiNHBnVSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTUwNTQ3MzYzNzk3In0",
  "signature": "rQHTRU1LltTy-liDWrt9z7Hh1M_vzOaRZubJfHk1cnN9SWAZp-xU5BECkijTyKKUgtgdGFERfK-yu8Ri8U2Xso1xH5NxZ7DOVWTPWdWZQytCB-8DHooPul_hMiaCZYyyuDQMTioZdakRHsFASImth8PSwT41XQiYpAzwYvY49Zcqts6OHhfR1XX_Tn_HykdGgQNGRqc1H3M0rWpskFWhLk9HbFuBfjKtlmTiwfUgn3ILjGcg0xYCK7zzAeIZm2nu7DDZHXeYYMQY8J8EF6mPozCr21zRilM-pIG1xT6zwMkV6Tw8rszGcsmpbJ2XNLsEcG196SEcrrCthkrLx4kFuw",
  "payload": ""
}
2022-09-06 18:04:15,497:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/150547363797 HTTP/1.1" 200 802
2022-09-06 18:04:15,498:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 07 Sep 2022 00:04:54 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 34339760
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001ezgkvJ6KpEksjWvXIfB--ZppWoKeBSAWMv8QHX-OGLM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "sjdev.partaker.net"
  },
  "status": "pending",
  "expires": "2022-09-14T00:04:40Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150547363797/tRgtRA",
      "token": "8uKSmR5B-Z8T2dd2NhH7sm7yYQ7jv9FKppMQSp27ePA"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150547363797/djcgWg",
      "token": "8uKSmR5B-Z8T2dd2NhH7sm7yYQ7jv9FKppMQSp27ePA"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150547363797/034fnQ",
      "token": "8uKSmR5B-Z8T2dd2NhH7sm7yYQ7jv9FKppMQSp27ePA"
    }
  ]
}
2022-09-06 18:04:15,498:DEBUG:acme.client:Storing nonce: 0001ezgkvJ6KpEksjWvXIfB--ZppWoKeBSAWMv8QHX-OGLM
2022-09-06 18:04:18,502:DEBUG:acme.client:JWS payload:
b''
2022-09-06 18:04:18,508:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/150547363797:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNDMzOTc2MCIsICJub25jZSI6ICIwMDAxZXpna3ZKNktwRWtzald2WElmQi0tWnBwV29LZUJTQVdNdjhRSFgtT0dMTSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTUwNTQ3MzYzNzk3In0",
  "signature": "lsWXvuX33NkTHZXgj_R0lN2JL5Yr4FyO-cvo6bPe5IMu2dDSBpC0h6_XXiN2LwhzmedtCNxkO0JIU_qZDm1BbjWjvMdmaOV76muNx6OH97ptyRbkR1KwqEvZMhLT73hzD4uriVOBX4QjFn8rppQ-Mo4EaLqvB_XF85EFg3KwQrTafh3DweHqDThhIBZ4uTwwQsgcXmV4Ut8WiG173dIm7qyHjJjDhH0jrh3pwCIiRtOYM7mNzOgcGSOzZLTIy7W-oR14FNJKHjlEIBQcuIrsoCOg4oYsBurCysv1en8ZfAevduX3IjZDhAcizgqxW6t70ecMjUHptr_TSB6HQcoPiA",
  "payload": ""
}
2022-09-06 18:04:18,535:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/150547363797 HTTP/1.1" 200 1064
2022-09-06 18:04:18,536:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 07 Sep 2022 00:04:57 GMT
Content-Type: application/json
Content-Length: 1064
Connection: keep-alive
Boulder-Requester: 34339760
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001fSDcnz1WNMM_tmhvndXvQKHYCZRoZ_tm_IUpiZV-bIw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "sjdev.partaker.net"
  },
  "status": "invalid",
  "expires": "2022-09-14T00:04:40Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "64.98.50.25: Fetching http://sjdev.partaker.net/.well-known/acme-challenge/8uKSmR5B-Z8T2dd2NhH7sm7yYQ7jv9FKppMQSp27ePA: Timeout during connect (likely firewall problem)",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/150547363797/tRgtRA",
      "token": "8uKSmR5B-Z8T2dd2NhH7sm7yYQ7jv9FKppMQSp27ePA",
      "validationRecord": [
        {
          "url": "http://sjdev.partaker.net/.well-known/acme-challenge/8uKSmR5B-Z8T2dd2NhH7sm7yYQ7jv9FKppMQSp27ePA",
          "hostname": "sjdev.partaker.net",
          "port": "80",
          "addressesResolved": [
            "64.98.50.25"
          ],
          "addressUsed": "64.98.50.25"
        }
      ],
      "validated": "2022-09-07T00:04:44Z"
    }
  ]
}
2022-09-06 18:04:18,536:DEBUG:acme.client:Storing nonce: 0001fSDcnz1WNMM_tmhvndXvQKHYCZRoZ_tm_IUpiZV-bIw
2022-09-06 18:04:18,537:INFO:certbot._internal.auth_handler:Challenge failed for domain sjdev.partaker.net
2022-09-06 18:04:18,537:INFO:certbot._internal.auth_handler:http-01 challenge for sjdev.partaker.net
2022-09-06 18:04:18,538:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: sjdev.partaker.net
  Type:   connection
  Detail: 64.98.50.25: Fetching http://sjdev.partaker.net/.well-known/acme-challenge/8uKSmR5B-Z8T2dd2NhH7sm7yYQ7jv9FKppMQSp27ePA: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

2022-09-06 18:04:18,539:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2022-09-06 18:04:18,540:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-09-06 18:04:18,540:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-09-06 18:04:19,078:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/2192/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/main.py", line 1744, in main
    return config.func(config, plugins)
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/main.py", line 1441, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/client.py", line 530, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/client.py", line 442, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/client.py", line 510, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-09-06 18:04:19,080:ERROR:certbot._internal.log:Some challenges have failed.

Using Let's Debug is better for now. Anyway, were there still just 2 entries in your access log?

Do you have any other network gear, like a router, that might also have a firewall? There are some that have DDoS protections and call them "smart firewall" or "adaptive firewall". If they are very sensitive they can block some requests from LE because they are identical requests from various parts of the globe arriving at the same time.

Or, maybe even some sort of GEO block ? (geographic)

Or, did your ISP start a similar kind of DDoS service that is new since Jun8?

5 Likes

Mike, great suggestion. Some of the IPs were on a blocklist due to known hacking attempts in the past, and my router was blocking them. Everything is working now.

3 Likes

FYI - denylist or blocklist, etc. is the preferred language over the word chosen in the quoted content.

1 Like