Some challenges have failed

M1WaNA · July 29, 2023, 12:08am

PowerShell:

PS C:\WINDOWS\system32> certbot certonly --webroot -w E:\Apache24\htdocs -d m1wanas.ddns.net -v
Saving debug log to C:\Certbot\log\letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for m1wanas.ddns.net
Performing the following challenges:
http-01 challenge for m1wanas.ddns.net
Using the webroot path E:\Apache24\htdocs for all unmatched domains.
Creating a web.config file in E:\Apache24\htdocs\.well-known\acme-challenge to allow IIS to serve challenge files.
Waiting for verification...
Challenge failed for domain m1wanas.ddns.net
http-01 challenge for m1wanas.ddns.net

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: m1wanas.ddns.net
  Type:   dns
  Detail: no valid A records found for m1wanas.ddns.net; no valid AAAA records found for m1wanas.ddns.net

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Cleaning up challenges
Cleaning web.config file generated by Certbot in E:\Apache24\htdocs\.well-known\acme-challenge.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.

Log:

2023-07-29 03:05:27,631:DEBUG:certbot._internal.main:certbot version: 2.6.0
2023-07-29 03:05:27,631:DEBUG:certbot._internal.main:Location of certbot entry point: C:\Program Files\Certbot\bin\certbot.exe
2023-07-29 03:05:27,631:DEBUG:certbot._internal.main:Arguments: ['--webroot', '-w', 'E:\\Apache24\\htdocs', '-d', 'm1wanas.ddns.net', '-v', '--preconfigured-renewal']
2023-07-29 03:05:27,631:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-07-29 03:05:27,824:DEBUG:certbot._internal.log:Root logging level set at 20
2023-07-29 03:05:27,834:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2023-07-29 03:05:27,839:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A seperate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x00000222B769CE80>
Prep: True
2023-07-29 03:05:27,840:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x00000222B769CE80> and installer None
2023-07-29 03:05:27,840:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2023-07-29 03:05:27,942:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1227817686', new_authzr_uri=None, terms_of_service=None), 378b8434db9fa45ccd654cd8522c5390, Meta(creation_dt=datetime.datetime(2023, 7, 27, 13, 24, 42, tzinfo=<UTC>), creation_host='M1WaNA', register_to_eff=None))>
2023-07-29 03:05:27,975:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-07-29 03:05:27,981:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2023-07-29 03:05:28,453:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2023-07-29 03:05:28,454:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 29 Jul 2023 00:05:29 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "5UTtuePErVQ": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2023-07-29 03:05:28,456:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for m1wanas.ddns.net
2023-07-29 03:05:28,464:DEBUG:acme.client:Requesting fresh nonce
2023-07-29 03:05:28,465:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2023-07-29 03:05:28,617:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2023-07-29 03:05:28,618:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 29 Jul 2023 00:05:29 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 371CpmCYj6RuQbrIk0DHHNTp-RFHiNuEP81QuNOeBcDfrQA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2023-07-29 03:05:28,619:DEBUG:acme.client:Storing nonce: 371CpmCYj6RuQbrIk0DHHNTp-RFHiNuEP81QuNOeBcDfrQA
2023-07-29 03:05:28,619:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "m1wanas.ddns.net"\n    }\n  ]\n}'
2023-07-29 03:05:28,624:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTIyNzgxNzY4NiIsICJub25jZSI6ICIzNzFDcG1DWWo2UnVRYnJJazBESEhOVHAtUkZIaU51RVA4MVF1Tk9lQmNEZnJRQSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
  "signature": "Ty5TLu7x2wWjJFc42sbPrJwakWWalrPMEEZkT71xSmcUvJcSdqdaLddZRbWdXWq7HWeck8d3Nl1DvVocoBrJbTVx9unpidgaRhPfiNivngsU2Le5j9vyVb-DFzvTbebx_COFL2hyOFeQ4gMyXdhHvn5p8kNyq3uVxxmHya8XFeqATv-KIJJnnKno4TI3PCwqh5tZjGQTH879yv8rI3LE7rfUjrTxmuKOo3A9CT2Qy9PZ8V7voay99bkyNtOXQp0tGZRdnb8jCk99MflKPzLQi6gw0h3b96U5mhmT-mY_zvsowoNIN3cmylxOuAjlQiNHh82P8gp-CyVs3Z2fLFhmhg",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm0xd2FuYXMuZGRucy5uZXQiCiAgICB9CiAgXQp9"
}
2023-07-29 03:05:29,025:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 342
2023-07-29 03:05:29,026:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sat, 29 Jul 2023 00:05:29 GMT
Content-Type: application/json
Content-Length: 342
Connection: keep-alive
Boulder-Requester: 1227817686
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1227817686/197960537236
Replay-Nonce: 371C5GKlqbuz0QVPtq6bN4o9Mk3F54jRE8QT1rTI8sMaSXc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2023-08-05T00:05:29Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "m1wanas.ddns.net"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/249893084646"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1227817686/197960537236"
}
2023-07-29 03:05:29,027:DEBUG:acme.client:Storing nonce: 371C5GKlqbuz0QVPtq6bN4o9Mk3F54jRE8QT1rTI8sMaSXc
2023-07-29 03:05:29,028:DEBUG:acme.client:JWS payload:
b''
2023-07-29 03:05:29,030:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/249893084646:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTIyNzgxNzY4NiIsICJub25jZSI6ICIzNzFDNUdLbHFidXowUVZQdHE2Yk40bzlNazNGNTRqUkU4UVQxclRJOHNNYVNYYyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQ5ODkzMDg0NjQ2In0",
  "signature": "IJPg2ZEeGjKhhXIPmKF-wznG4Z_FnuIKcunfHra4iMIvfjEG2KR_MbRiaulHZt7intaY5heQuNFi-t8iJTk7tSyOIwnhPjat_MTofR22d9bqMa4lw9y3BLJGifpGO0tZ05ZkxsqA2BrBDyt9wEeQqFsJsrcvIQHJ8d5pTfGuBD1eBU12ROcrfNmC4eTwKTd7mNjWCKsxs6LcabP5CTwsnj5CS6CJNCmnJyzrzmS-morWlU8PVO_-DrjkPFndzB3eOo_AZvCgSJaUJRbRiR42WPN_-TsoMxxL3nmkU9G5VwkRH4MTbvOIQ4XKbwMN3GRCFRMB8tkYV31B0KcLRxAIkg",
  "payload": ""
}
2023-07-29 03:05:29,186:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/249893084646 HTTP/1.1" 200 800
2023-07-29 03:05:29,187:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 29 Jul 2023 00:05:29 GMT
Content-Type: application/json
Content-Length: 800
Connection: keep-alive
Boulder-Requester: 1227817686
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 371CCqMew1Aw9UifQmZ9t59JfeXrlOpm-oxEFWBZqCAo33I
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "m1wanas.ddns.net"
  },
  "status": "pending",
  "expires": "2023-08-05T00:05:29Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/249893084646/kIfeJg",
      "token": "oC4zrsiBrm-i2ANrDy6n5fDiErJp_cRLwUVbjnXoOrw"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/249893084646/aBXUmg",
      "token": "oC4zrsiBrm-i2ANrDy6n5fDiErJp_cRLwUVbjnXoOrw"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/249893084646/Id7g_w",
      "token": "oC4zrsiBrm-i2ANrDy6n5fDiErJp_cRLwUVbjnXoOrw"
    }
  ]
}
2023-07-29 03:05:29,188:DEBUG:acme.client:Storing nonce: 371CCqMew1Aw9UifQmZ9t59JfeXrlOpm-oxEFWBZqCAo33I
2023-07-29 03:05:29,189:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-07-29 03:05:29,190:INFO:certbot._internal.auth_handler:http-01 challenge for m1wanas.ddns.net
2023-07-29 03:05:29,191:INFO:certbot._internal.plugins.webroot:Using the webroot path E:\Apache24\htdocs for all unmatched domains.
2023-07-29 03:05:29,192:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at E:\Apache24\htdocs\.well-known\acme-challenge
2023-07-29 03:05:29,201:INFO:certbot._internal.plugins.webroot:Creating a web.config file in E:\Apache24\htdocs\.well-known\acme-challenge to allow IIS to serve challenge files.
2023-07-29 03:05:29,205:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to E:\Apache24\htdocs\.well-known\acme-challenge\oC4zrsiBrm-i2ANrDy6n5fDiErJp_cRLwUVbjnXoOrw
2023-07-29 03:05:29,208:DEBUG:acme.client:JWS payload:
b'{}'
2023-07-29 03:05:29,211:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/249893084646/kIfeJg:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTIyNzgxNzY4NiIsICJub25jZSI6ICIzNzFDQ3FNZXcxQXc5VWlmUW1aOXQ1OUpmZVhybE9wbS1veEVGV0JacUNBbzMzSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMjQ5ODkzMDg0NjQ2L2tJZmVKZyJ9",
  "signature": "hIrVdp8wUV9f9kETqyMxwLoMjHKsd6dnuM8xm35VsLD94IERFfOycYLjZkgkos9U5fKrCplFh7d_fU8wZEW8-NFmC0eRy-3b28ikeHIiWonNZ2rOA-_eXIQy4wq2sINwSc4egYQMnNt3yBjuzqspWSPyBDu1Htj5ITb9oadlEdboK_JVXhuj7O7Eoz9BwrCHqRfK8mhiydLtla3Jt2M5so3auJSzldZ4Co3NRR2FRSoj9nIYTkKMoyok8t85FxCXja0p95RokoVXzdeSOCABTafMQLvPfVIeGACr4zFlJE5Xw3OM65iQf1mpz6aDHOrZrrC6ZaJdg-QVsyBzYYPwWQ",
  "payload": "e30"
}
2023-07-29 03:05:29,364:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/249893084646/kIfeJg HTTP/1.1" 200 187
2023-07-29 03:05:29,365:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 29 Jul 2023 00:05:30 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1227817686
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/249893084646>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/249893084646/kIfeJg
Replay-Nonce: 1AADP-AZ1DpcmSWik3Jmph3xC3l8VAcsUeNFz0CCt2q9rRA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/249893084646/kIfeJg",
  "token": "oC4zrsiBrm-i2ANrDy6n5fDiErJp_cRLwUVbjnXoOrw"
}
2023-07-29 03:05:29,366:DEBUG:acme.client:Storing nonce: 1AADP-AZ1DpcmSWik3Jmph3xC3l8VAcsUeNFz0CCt2q9rRA
2023-07-29 03:05:29,367:INFO:certbot._internal.auth_handler:Waiting for verification...
2023-07-29 03:05:30,374:DEBUG:acme.client:JWS payload:
b''
2023-07-29 03:05:30,377:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/249893084646:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTIyNzgxNzY4NiIsICJub25jZSI6ICIxQUFEUC1BWjFEcGNtU1dpazNKbXBoM3hDM2w4VkFjc1VlTkZ6MENDdDJxOXJSQSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQ5ODkzMDg0NjQ2In0",
  "signature": "iTbbCo_4jd9X0SvLfkOvebnYeS8h9KnIcmGZhRWhovO56L7XvULGfw7hH4J5-BtFSSKu-Z3BquhvVrCFiTyOJkY1ritTe1zcV8CZKStozbleK7LMVhCkpg0pHzNl3Y4bIAIuJu7cbbamhlgYmKjVwHayG54vtwTPuusgyXgtU06f2sSzc-PyF2Dg-9oGA5bvgOgxKx-sZyVFY3eT705Ape1M2OxnyC83fGUiSTUUwu8vH6WKchfIkryO3LKXXUugSIyN40F7vtRhi0Y7KSCaRWMqBSW0d0yt0muMxCKpDroqjKR2kJ5ZFgB9w7ddL41xO8Ed8Y0GuWsDK40ZGkYK_g",
  "payload": ""
}
2023-07-29 03:05:30,531:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/249893084646 HTTP/1.1" 200 629
2023-07-29 03:05:30,532:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 29 Jul 2023 00:05:31 GMT
Content-Type: application/json
Content-Length: 629
Connection: keep-alive
Boulder-Requester: 1227817686
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 371CA-4r898xClTokiE67GKW-nzJHSwbKZEWPEiaLhkeOJI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "m1wanas.ddns.net"
  },
  "status": "invalid",
  "expires": "2023-08-05T00:05:29Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "no valid A records found for m1wanas.ddns.net; no valid AAAA records found for m1wanas.ddns.net",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/249893084646/kIfeJg",
      "token": "oC4zrsiBrm-i2ANrDy6n5fDiErJp_cRLwUVbjnXoOrw",
      "validated": "2023-07-29T00:05:30Z"
    }
  ]
}
2023-07-29 03:05:30,533:DEBUG:acme.client:Storing nonce: 371CA-4r898xClTokiE67GKW-nzJHSwbKZEWPEiaLhkeOJI
2023-07-29 03:05:30,533:INFO:certbot._internal.auth_handler:Challenge failed for domain m1wanas.ddns.net
2023-07-29 03:05:30,534:INFO:certbot._internal.auth_handler:http-01 challenge for m1wanas.ddns.net
2023-07-29 03:05:30,535:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: m1wanas.ddns.net
  Type:   dns
  Detail: no valid A records found for m1wanas.ddns.net; no valid AAAA records found for m1wanas.ddns.net

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2023-07-29 03:05:30,537:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "C:\Program Files\Certbot\pkgs\certbot\_internal\auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "C:\Program Files\Certbot\pkgs\certbot\_internal\auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-07-29 03:05:30,537:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-07-29 03:05:30,538:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-07-29 03:05:30,540:DEBUG:certbot._internal.plugins.webroot:Removing E:\Apache24\htdocs\.well-known\acme-challenge\oC4zrsiBrm-i2ANrDy6n5fDiErJp_cRLwUVbjnXoOrw
2023-07-29 03:05:30,543:INFO:certbot._internal.plugins.webroot:Cleaning web.config file generated by Certbot in E:\Apache24\htdocs\.well-known\acme-challenge.
2023-07-29 03:05:30,545:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2023-07-29 03:05:30,546:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "runpy.py", line 197, in _run_module_as_main
  File "runpy.py", line 87, in _run_code
  File "C:\Program Files\Certbot\bin\certbot.exe\__main__.py", line 29, in <module>
    sys.exit(main())
  File "C:\Program Files\Certbot\pkgs\certbot\main.py", line 19, in main
    return internal_main.main(cli_args)
  File "C:\Program Files\Certbot\pkgs\certbot\_internal\main.py", line 1864, in main
    return config.func(config, plugins)
  File "C:\Program Files\Certbot\pkgs\certbot\_internal\main.py", line 1597, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "C:\Program Files\Certbot\pkgs\certbot\_internal\main.py", line 141, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "C:\Program Files\Certbot\pkgs\certbot\_internal\client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "C:\Program Files\Certbot\pkgs\certbot\_internal\client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "C:\Program Files\Certbot\pkgs\certbot\_internal\client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "C:\Program Files\Certbot\pkgs\certbot\_internal\auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "C:\Program Files\Certbot\pkgs\certbot\_internal\auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-07-29 03:05:30,549:ERROR:certbot._internal.log:Some challenges have failed.

MikeMcQ · July 29, 2023, 1:59am

With an HTTP Challenge (webroot) the Let's Encrypt server will send HTTP requests to your domain to prove you control it. That is, the LE servers look for the token Certbot placed in your webroot folder.

You must have an A and/or AAAA record in your DNS for the public IPv4 or IPv6 address of your server so that LE can find it. And, anyone on the public internet will need that to find you.

You have a private IP address as your A record. That isn't valid for use on the public internet.

Bruce5051 · July 30, 2023, 10:04pm

Presently Port 80 is Not Open (but filtered), firewalls are a common reason for this.
The HTTP-01 challenge of the Challenge Types - Let's Encrypt requires Port 80 open and accessible.
Best Practice - Keep Port 80 Open

$ nmap -Pn -p80,443 m1wanas.ddns.net
Starting Nmap 7.80 ( https://nmap.org ) at 2023-07-30 14:59 PDT
Nmap scan report for m1wanas.ddns.net (91.237.241.175)
Host is up (0.20s latency).

PORT    STATE    SERVICE
80/tcp  filtered http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 0.35 seconds

system · August 29, 2023, 10:05pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.