Hello, I was trying to renew my certificate, as last time when it was working, this time not anymore.
I had the same issue "Some challenges have failed"... I have purged everything related to certbot and nginx, installed again, nothing, I have checked the CAA record, all looks fine... I don't now where to search, what to change.
My domain is:
protektwar.net
I ran this command:
certbot -vvv --nginx -d protektwar.net,git.protektwar.net,www.protektwar.net,git.protektwar.net,matrix.protektwar.net,gitweb.protektwar.net
It produced this output:
Root logging level set at 0
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator nginx and installer nginx
Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7fbc54499d50>
Prep: True
Selected authenticator <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7fbc54499d50> and installer <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7fbc54499d50>
Plugins selected: Authenticator nginx, Installer nginx
Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1533758236', new_authzr_uri=None, terms_of_service=None), f869e091a820affc1decb1f674f38c6d, Meta(creation_dt=datetime.datetime(2024, 1, 24, 13, 34, 35, tzinfo=<UTC>), creation_host='mail.protektwar.net', register_to_eff='alexandru.herlas@protektwar.net'))>
Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
Received response:
HTTP 200
Server: nginx
Date: Wed, 24 Jan 2024 14:53:11 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"cXctY0Fj5Ik": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
Notifying user: Requesting a certificate for protektwar.net and 4 more domains
Requesting a certificate for protektwar.net and 4 more domains
Generating RSA key (2048 bits): /etc/letsencrypt/keys/0009_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0009_csr-certbot.pem
Requesting fresh nonce
Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Server: nginx
Date: Wed, 24 Jan 2024 14:53:12 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: Dg17S3e1_1uRcoc-_bQXwSPSvO3t28YFaf3kYf1FuTMVbGsTAYo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Storing nonce: Dg17S3e1_1uRcoc-_bQXwSPSvO3t28YFaf3kYf1FuTMVbGsTAYo
JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "protektwar.net"\n },\n {\n "type": "dns",\n "value": "git.protektwar.net"\n },\n {\n "type": "dns",\n "value": "www.protektwar.net"\n },\n {\n "type": "dns",\n "value": "matrix.protektwar.net"\n },\n {\n "type": "dns",\n "value": "gitweb.protektwar.net"\n }\n ]\n}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTUzMzc1ODIzNiIsICJub25jZSI6ICJEZzE3UzNlMV8xdVJjb2MtX2JRWHdTUFN2TzN0MjhZRmFmM2tZZjFGdVRNVmJHc1RBWW8iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "KRBne3G2_OboC87PE9_CApbQ5OnBEBNQYsu7aHmeH6GMPFw79WeMES_elmoEwFjLrNn5ca0h6X0jzwE74-pbHPydEiEjbyVJ8He5r9la8kzz9lHGnz7jx9NvBd1w9bv1HoiJJvbR4Uxs1S3tCF3yUnWd8mib8RnXAHQbcoTy2MCB4BIFRQ9Y_55pSaDdDRGYusl_Vg-g5kClophTZingSRXcolI932rhBYYlFJZI_73glHrmLwG5eIXZTU8_zblqyXXfvuO0JFUfyPAmYyRJyMbQDz8hq_du3HmZZiuTiuGReJeIvTPwY3kgLTbkeB_2EB8qdSTXPlgYGUvZ_shYsg",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInByb3Rla3R3YXIubmV0IgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImdpdC5wcm90ZWt0d2FyLm5ldCIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJ3d3cucHJvdGVrdHdhci5uZXQiCiAgICB9LAogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAibWF0cml4LnByb3Rla3R3YXIubmV0IgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImdpdHdlYi5wcm90ZWt0d2FyLm5ldCIKICAgIH0KICBdCn0"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 910
Received response:
HTTP 201
Server: nginx
Date: Wed, 24 Jan 2024 14:53:12 GMT
Content-Type: application/json
Content-Length: 910
Connection: keep-alive
Boulder-Requester: 1533758236
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1533758236/239095386506
Replay-Nonce: Dg17S3e1wJwOLP2uO21FBM32DmYaczWYa27Lw1slX7gqi42XhT4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2024-01-31T14:53:12Z",
"identifiers": [
{
"type": "dns",
"value": "git.protektwar.net"
},
{
"type": "dns",
"value": "gitweb.protektwar.net"
},
{
"type": "dns",
"value": "matrix.protektwar.net"
},
{
"type": "dns",
"value": "protektwar.net"
},
{
"type": "dns",
"value": "www.protektwar.net"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/307658609096",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/307658609106",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/307658609116",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/307658609126",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/307658609136"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1533758236/239095386506"
}
Storing nonce: Dg17S3e1wJwOLP2uO21FBM32DmYaczWYa27Lw1slX7gqi42XhT4
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/307658609096:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTUzMzc1ODIzNiIsICJub25jZSI6ICJEZzE3UzNlMXdKd09MUDJ1TzIxRkJNMzJEbVlhY3pXWWEyN0x3MXNsWDdncWk0MlhoVDQiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMwNzY1ODYwOTA5NiJ9",
"signature": "WZyADA-b0yg7QAyUfhAh96tVquK9Ny91pzDWjkYfWFoGvrc104hNHCBodtfDb7aT-HByw0JNvB5k-Yu-YVK30Pg27p2rzs4wd0D7t90xi7i0aOWB0kLvYhtPSWZIX7-CyovXDSnKhvqssE_mm3rE8FXAwVUVkQd5Jak2UIJW4kBbh1qajVafrNgsCfugc564ylxUznBLut5DxeK9gzBuop3ppZafleKqstGmWJ2jrLmT5lNNYuWotRHyJLO3dZAb2kFiUQwCjpeDkSiKrhsuURJsk9zH134nr1H45pF-yON9wkiM6X_45PCevRU4FbMNb41dMEiq8eG-9rXPETaSPA",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/307658609096 HTTP/1.1" 200 802
Received response:
HTTP 200
Server: nginx
Date: Wed, 24 Jan 2024 14:53:12 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 1533758236
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: Dg17S3e1zNjs3yWLB1GkA32iAwxXUpDo9L7DkaP3jlS5LZWqRUk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "git.protektwar.net"
},
"status": "pending",
"expires": "2024-01-31T14:53:12Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609096/Tq4LsA",
"token": "NmC_OndOvKN532oJgfhkOJ1XXcvdAKtVwrYtkz8GIfE"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609096/7qy8VA",
"token": "NmC_OndOvKN532oJgfhkOJ1XXcvdAKtVwrYtkz8GIfE"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609096/Nzk6lg",
"token": "NmC_OndOvKN532oJgfhkOJ1XXcvdAKtVwrYtkz8GIfE"
}
]
}
Storing nonce: Dg17S3e1zNjs3yWLB1GkA32iAwxXUpDo9L7DkaP3jlS5LZWqRUk
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/307658609106:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTUzMzc1ODIzNiIsICJub25jZSI6ICJEZzE3UzNlMXpOanMzeVdMQjFHa0EzMmlBd3hYVXBEbzlMN0RrYVAzamxTNUxaV3FSVWsiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMwNzY1ODYwOTEwNiJ9",
"signature": "Ojaka87ahevU5aTUuruSPfrfD9nZ72OnJo0_3JBLI5tuo0AG7ZXiLR-liEmuntZzg0oJeO_FimD4iA-wYsBQVsO4vpQnr_5jq8FdSM7kvz3wtAaGNxgVpp_CdTqxsqF33rsOn7gLJFSHUehAGO3cQF23QW48BtxOTe132fw2tveRHzgbbIzLSl9vYwd-RE_NC6WXqA-R4aNFb5366XdVuqSXAyBjA9lvDe6vJqiUGSyIcR9ohwk5JW2qwEng__C_PIXxOVieUDdTevR0qoAChPSFIU9KXeoW4zzRegW61uSCKO6pCxID2UJ7LglcpF01Lv_4Sf8sS6rORbDKsFF_4g",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/307658609106 HTTP/1.1" 200 805
Received response:
HTTP 200
Server: nginx
Date: Wed, 24 Jan 2024 14:53:12 GMT
Content-Type: application/json
Content-Length: 805
Connection: keep-alive
Boulder-Requester: 1533758236
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: tI90Q3sPhKEDgC8BpATJGAos8UEvVy2uytv2OA-OE-A2xTbty00
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "gitweb.protektwar.net"
},
"status": "pending",
"expires": "2024-01-31T14:53:12Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609106/Lp4Y_A",
"token": "GzC8vozzhRvOBWCM5QUTU7B9VoI3oACqAdkNGjD6SvQ"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609106/ub0zBA",
"token": "GzC8vozzhRvOBWCM5QUTU7B9VoI3oACqAdkNGjD6SvQ"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609106/j-ag2Q",
"token": "GzC8vozzhRvOBWCM5QUTU7B9VoI3oACqAdkNGjD6SvQ"
}
]
}
Storing nonce: tI90Q3sPhKEDgC8BpATJGAos8UEvVy2uytv2OA-OE-A2xTbty00
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/307658609116:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTUzMzc1ODIzNiIsICJub25jZSI6ICJ0STkwUTNzUGhLRURnQzhCcEFUSkdBb3M4VUV2VnkydXl0djJPQS1PRS1BMnhUYnR5MDAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMwNzY1ODYwOTExNiJ9",
"signature": "g1eJqH6VmJl9pgjjEeIoxSEOcLekoctV2Pn5b1TmVhDQtPmv_bPR8RW8Hnn17ADnI3GI40uz530yTM7CrbcIDehkh6T1GBaskO3wXn_9ijHkMsyPuybVcLlHp7LY1QN6R2vdvFj7MF0G2hMGmSVx1q5S2LIclgDYqtpjPuh3QsnIN5LWGpgaN9lt6bhJdPo5BKzhIfkMPjfwUqwCiwN8A6aNu6MrPMrnSO36tKO6bFGxTfRzu6GuQEltQzR2Z38c0M4RtUFRqhGGku0xbfTlGw3WygjSXTeP_5xaI1YGXNLLADw6CkLN6ZFR9OuxmqUeV4qJaDX4sRqpZgP8m9MSlA",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/307658609116 HTTP/1.1" 200 805
Received response:
HTTP 200
Server: nginx
Date: Wed, 24 Jan 2024 14:53:12 GMT
Content-Type: application/json
Content-Length: 805
Connection: keep-alive
Boulder-Requester: 1533758236
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: tI90Q3sPJbzs0MC1X8fOoIDvhv4TLpTXTImZ25NeFnS7UCulK1c
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "matrix.protektwar.net"
},
"status": "pending",
"expires": "2024-01-31T14:53:12Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609116/BAHj2Q",
"token": "nzylukb0aYRTamDzThN6XFKA2nEOIXj515H7MAaXs4Y"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609116/P-qXEA",
"token": "nzylukb0aYRTamDzThN6XFKA2nEOIXj515H7MAaXs4Y"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609116/A4178A",
"token": "nzylukb0aYRTamDzThN6XFKA2nEOIXj515H7MAaXs4Y"
}
]
}
Storing nonce: tI90Q3sPJbzs0MC1X8fOoIDvhv4TLpTXTImZ25NeFnS7UCulK1c
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/307658609126:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTUzMzc1ODIzNiIsICJub25jZSI6ICJ0STkwUTNzUEpienMwTUMxWDhmT29JRHZodjRUTHBUWFRJbVoyNU5lRm5TN1VDdWxLMWMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMwNzY1ODYwOTEyNiJ9",
"signature": "gu2EFAb0-znTf05pxvvhGNfhuENY62vHVL19d40dQKIpLr6J0gIucHjzec0s2bBrDXKPUqLA149DHJ_HOsqufAQxUcZA44pfbz6YO3Y1P0NUzl-QE189PDD1SOIhx8SfIzo9NmonB2seyFgVU568gcJm1OXUkrqQfDcvYEIQhs5RfRJ0IduM80WBg8pIGb5itVYo64FMaBIgJm-qrXHTPyxohsLsaCdXCGbrM-AfC2RtyqeIPS27XKePUue7qGaBN97f3jWb1-YqRbmHGMggp3yGFsIDzMTlj4hmgnWskBmxe49VFNT-4vDPw4hd0yHNj5ybbtx7ftLcVqNfhmCsTg",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/307658609126 HTTP/1.1" 200 798
Received response:
HTTP 200
Server: nginx
Date: Wed, 24 Jan 2024 14:53:13 GMT
Content-Type: application/json
Content-Length: 798
Connection: keep-alive
Boulder-Requester: 1533758236
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: tI90Q3sP9ZR-WznJVaeb4nK-L0ZxXIY7A7LM2dBs8wo2L566JAM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "protektwar.net"
},
"status": "pending",
"expires": "2024-01-31T14:53:12Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609126/fefu6w",
"token": "pY4zezBz3pRooxVDh9OJUvHAVP89a_vz7lABQtv_fzA"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609126/Go6V_g",
"token": "pY4zezBz3pRooxVDh9OJUvHAVP89a_vz7lABQtv_fzA"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609126/AqnNmQ",
"token": "pY4zezBz3pRooxVDh9OJUvHAVP89a_vz7lABQtv_fzA"
}
]
}
Storing nonce: tI90Q3sP9ZR-WznJVaeb4nK-L0ZxXIY7A7LM2dBs8wo2L566JAM
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/307658609136:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTUzMzc1ODIzNiIsICJub25jZSI6ICJ0STkwUTNzUDlaUi1Xem5KVmFlYjRuSy1MMFp4WElZN0E3TE0yZEJzOHdvMkw1NjZKQU0iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMwNzY1ODYwOTEzNiJ9",
"signature": "XGpBT4Ml8NAiCAfWx-loXYGs24RvO6ohYsX_Up2WFPhdA90pb0jeHcbDBQkQVaLTnZwPJyFkE6hhpy15BjAHXTY7tknZhuZr5HmPJrpTIfUtB7Qk7oLekN2rV14klxYbFWzR5y9St0jXSZRwMuqePFjmnnLaHCBbqyuL_YTDgyq0f4mUV-Zo15BiyDBFtrXkpskwsyuFvAur_HixjcKWJ-AGQsp2S9yjXIoRzlF2OyNUCU5h7c1_KEn3QSxy5TIQJ8NsqSUmNdOTcm0mHD_XBydJ5DAHGj99Ug32RJzbV1V2FsawPWGZQiHg9xssrUIDBCkaXtt2kAjgmSY3Q9iwVA",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/307658609136 HTTP/1.1" 200 802
Received response:
HTTP 200
Server: nginx
Date: Wed, 24 Jan 2024 14:53:13 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 1533758236
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: Dg17S3e1ltNuOdBdr3MPp3W7I5tSOm_L0-IGnP5EJAOhzsLzV7o
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "www.protektwar.net"
},
"status": "pending",
"expires": "2024-01-31T14:53:12Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609136/UvRlag",
"token": "QWukjnl720qgTQ6nEsfPrHDsNDILP4nj-nwXfsALPek"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609136/vDOAkw",
"token": "QWukjnl720qgTQ6nEsfPrHDsNDILP4nj-nwXfsALPek"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609136/uvXb3w",
"token": "QWukjnl720qgTQ6nEsfPrHDsNDILP4nj-nwXfsALPek"
}
]
}
Storing nonce: Dg17S3e1ltNuOdBdr3MPp3W7I5tSOm_L0-IGnP5EJAOhzsLzV7o
Performing the following challenges:
http-01 challenge for git.protektwar.net
http-01 challenge for gitweb.protektwar.net
http-01 challenge for matrix.protektwar.net
http-01 challenge for protektwar.net
http-01 challenge for www.protektwar.net
Generated server block:
[]
Creating backup of /etc/nginx/mime.types
Creating backup of /etc/nginx/sites-enabled/default
Creating backup of /etc/nginx/nginx.conf
Creating backup of /etc/nginx/modules-enabled/50-mod-mail.conf
Creating backup of /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf
Creating backup of /etc/nginx/modules-enabled/50-mod-http-image-filter.conf
Creating backup of /etc/nginx/modules-enabled/50-mod-http-geoip2.conf
Creating backup of /etc/nginx/modules-enabled/70-mod-stream-geoip2.conf
Creating backup of /etc/nginx/modules-enabled/50-mod-stream.conf
Writing nginx conf tree to /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
include /etc/letsencrypt/le_http_01_cert_challenge.conf;
server_names_hash_bucket_size 128;
##
# Basic Settings
##
sendfile on;
fastcgi_read_timeout 2040;
keepalive_timeout 1000;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
Writing nginx conf tree to /etc/nginx/sites-enabled/default:
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
listen 80 ;
listen [::]:80 ;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name git.protektwar.net gitweb.protektwar.net protektwar.net matrix.protektwar.net www.protektwar.net; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
location = /.well-known/acme-challenge/NmC_OndOvKN532oJgfhkOJ1XXcvdAKtVwrYtkz8GIfE{default_type text/plain;return 200 NmC_OndOvKN532oJgfhkOJ1XXcvdAKtVwrYtkz8GIfE.jJPwFITWV8df4R_fYwWgTjFGaIG1TGpt2bYo_DRgL2Q;} # managed by Certbot
location = /.well-known/acme-challenge/GzC8vozzhRvOBWCM5QUTU7B9VoI3oACqAdkNGjD6SvQ{default_type text/plain;return 200 GzC8vozzhRvOBWCM5QUTU7B9VoI3oACqAdkNGjD6SvQ.jJPwFITWV8df4R_fYwWgTjFGaIG1TGpt2bYo_DRgL2Q;} # managed by Certbot
location = /.well-known/acme-challenge/nzylukb0aYRTamDzThN6XFKA2nEOIXj515H7MAaXs4Y{default_type text/plain;return 200 nzylukb0aYRTamDzThN6XFKA2nEOIXj515H7MAaXs4Y.jJPwFITWV8df4R_fYwWgTjFGaIG1TGpt2bYo_DRgL2Q;} # managed by Certbot
location = /.well-known/acme-challenge/pY4zezBz3pRooxVDh9OJUvHAVP89a_vz7lABQtv_fzA{default_type text/plain;return 200 pY4zezBz3pRooxVDh9OJUvHAVP89a_vz7lABQtv_fzA.jJPwFITWV8df4R_fYwWgTjFGaIG1TGpt2bYo_DRgL2Q;} # managed by Certbot
location = /.well-known/acme-challenge/QWukjnl720qgTQ6nEsfPrHDsNDILP4nj-nwXfsALPek{default_type text/plain;return 200 QWukjnl720qgTQ6nEsfPrHDsNDILP4nj-nwXfsALPek.jJPwFITWV8df4R_fYwWgTjFGaIG1TGpt2bYo_DRgL2Q;} # managed by Certbot
}
JWS payload:
b'{}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609096/Tq4LsA:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTUzMzc1ODIzNiIsICJub25jZSI6ICJEZzE3UzNlMWx0TnVPZEJkcjNNUHAzVzdJNXRTT21fTDAtSUduUDVFSkFPaHpzTHpWN28iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMwNzY1ODYwOTA5Ni9UcTRMc0EifQ",
"signature": "p9oy_lno6Z30Cw528q1zO6_o1p0zOrjFEHPxKY22n-VmFinDSwwcyxXuYAq33ijrvAUOFmdrddutv8ihI3W9HWaATxnAZBaN01ufBhow83oY_qFYYRAIXHmxaWr9SROChwXQJ9W-Zw9H9gDXfHejI1ertn4RzNI8ho4b8sfAqnJQtTJGkkWNvMYNC3PgRdG-ag1IOiYwGkO7hHMhKkIskXKl5qRCX6RAqoQC9QCg97hFmF5DQ0MiZBllENenndQ7DEsjE7Lzbe0TERjrmyHt4ixaI3RLleHGvsCDx7Mc1ALWQpwJXyHrOnc4yLMAgASwGpHp0g7k3ztA8JjjSfc91g",
"payload": "e30"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/307658609096/Tq4LsA HTTP/1.1" 200 187
Received response:
HTTP 200
Server: nginx
Date: Wed, 24 Jan 2024 14:53:14 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1533758236
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/307658609096>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609096/Tq4LsA
Replay-Nonce: Dg17S3e1edLX7jfhHMDpq_ZNGDcG369ls3QGYCKMa33Qxqz7rB8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609096/Tq4LsA",
"token": "NmC_OndOvKN532oJgfhkOJ1XXcvdAKtVwrYtkz8GIfE"
}
Storing nonce: Dg17S3e1edLX7jfhHMDpq_ZNGDcG369ls3QGYCKMa33Qxqz7rB8
JWS payload:
b'{}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609106/Lp4Y_A:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTUzMzc1ODIzNiIsICJub25jZSI6ICJEZzE3UzNlMWVkTFg3amZoSE1EcHFfWk5HRGNHMzY5bHMzUUdZQ0tNYTMzUXhxejdyQjgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMwNzY1ODYwOTEwNi9McDRZX0EifQ",
"signature": "RtxvLNsNDbZJ8tQ8vJ9AVZxtijqztbghBOJr8PHkI3ZOMDRR3QUbASmiOQin3w3g3P-hmfMSDuG4NR9bGPZytbhVSkpBjH18YL_7L_Ppp0339GgnjIa3e6xKYHbqdbYs4QEqRtYT9y1Z-3IBbakOmSDCQXIR-6QS0iO3cyws9G-uJMCwbE-RFOwiSTYZ9XLdmOMXewO6oDjUnU1pccTc4cWNXHrR4XfMiM1CWati3DarU6b6qy3li84MTCxd58110xtxMtygPDdar0VQ4FsqbdeuBDLcDemBGzX0l5siFs3ioJxwdmLKrg2Y5TjhMMYcE310Yc3HquTmfNDa-WSWpg",
"payload": "e30"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/307658609106/Lp4Y_A HTTP/1.1" 200 187
Received response:
HTTP 200
Server: nginx
Date: Wed, 24 Jan 2024 14:53:14 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1533758236
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/307658609106>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609106/Lp4Y_A
Replay-Nonce: tI90Q3sPwCiEjdscIucE5s1aTDkvaxq9Eoi9VoFw-Nu2uv3fjfw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609106/Lp4Y_A",
"token": "GzC8vozzhRvOBWCM5QUTU7B9VoI3oACqAdkNGjD6SvQ"
}
Storing nonce: tI90Q3sPwCiEjdscIucE5s1aTDkvaxq9Eoi9VoFw-Nu2uv3fjfw
JWS payload:
b'{}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609116/BAHj2Q:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTUzMzc1ODIzNiIsICJub25jZSI6ICJ0STkwUTNzUHdDaUVqZHNjSXVjRTVzMWFURGt2YXhxOUVvaTlWb0Z3LU51MnV2M2ZqZnciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMwNzY1ODYwOTExNi9CQUhqMlEifQ",
"signature": "AewSwvVgHxUzbqxrSR22nWcU5mLT9tC9_-4daraUouXh8FffWs1Ef7wIbPfLyLxiSn1UPCF1rOZHgKKHIJB9yB1e029zoQd-sDzooRGjHOmKQn9c2u-4drdixpB2phTSSKh0Kj6B5s4BVGM_8L-zGjpzscZceGe-bdYTIUD81g-H1m4YZxPUXrDk0849xxGGsAuvZIMGZj2TcbmmnVMLyMkmSi9SCtY4ftUafdNWS4XS8xLoZvN6Ycwydy3XPRJM6o50J59p240pTFTvSrIrw2ywBKuBENHX3fZVHtqTyAxnXMOatv7n_LbXy8Ywuhmi3_eNHaikP2aVsST0pyV6Gg",
"payload": "e30"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/307658609116/BAHj2Q HTTP/1.1" 200 187
Received response:
HTTP 200
Server: nginx
Date: Wed, 24 Jan 2024 14:53:14 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1533758236
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/307658609116>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609116/BAHj2Q
Replay-Nonce: Dg17S3e1FgkRQsVTFLpGr0oeRu3AbdBAvoVG3fuax-xyzSTAc-s
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609116/BAHj2Q",
"token": "nzylukb0aYRTamDzThN6XFKA2nEOIXj515H7MAaXs4Y"
}
Storing nonce: Dg17S3e1FgkRQsVTFLpGr0oeRu3AbdBAvoVG3fuax-xyzSTAc-s
JWS payload:
b'{}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609126/fefu6w:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTUzMzc1ODIzNiIsICJub25jZSI6ICJEZzE3UzNlMUZna1JRc1ZURkxwR3Iwb2VSdTNBYmRCQXZvVkczZnVheC14eXpTVEFjLXMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMwNzY1ODYwOTEyNi9mZWZ1NncifQ",
"signature": "NDwrq0RwVidvq6iUaUDayaRVXN3zqV0eDVqG9ZfVgaszaQJI8iTZwN5GCzl-8hvYbLhw3w1uSeCPXxhd3wjvkp8WcWML9unz02fMWF6zufp01O-624-v2D1jNvKr-HibF08DLjYm2XEtvSgcwqMyDMjYp_TabTmFNlq23H9y46hZRX_r-qaub0v_kagba66ESdb2euMDHT3Jr8x-wT2qw6pUCAygW4uahs-9SKDbLpr53SRsPtvD5U0vIAMq9xWkGplwT2n5Es6wR13h3z0ihbiVbrqEo-ThZ69A4QVJtPXZGcs5hWxaBwjhdsjYTtcTBmenBF2dBU63H-Xi_5cE3A",
"payload": "e30"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/307658609126/fefu6w HTTP/1.1" 200 187
Received response:
HTTP 200
Server: nginx
Date: Wed, 24 Jan 2024 14:53:14 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1533758236
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/307658609126>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609126/fefu6w
Replay-Nonce: Dg17S3e1jU226fFucKmnxdXuZbNQrcTVAaprXv3m-zGhEIcIig8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609126/fefu6w",
"token": "pY4zezBz3pRooxVDh9OJUvHAVP89a_vz7lABQtv_fzA"
}
Storing nonce: Dg17S3e1jU226fFucKmnxdXuZbNQrcTVAaprXv3m-zGhEIcIig8
JWS payload:
b'{}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609136/UvRlag:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTUzMzc1ODIzNiIsICJub25jZSI6ICJEZzE3UzNlMWpVMjI2ZkZ1Y0ttbnhkWHVaYk5RcmNUVkFhcHJYdjNtLXpHaEVJY0lpZzgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMwNzY1ODYwOTEzNi9VdlJsYWcifQ",
"signature": "cXb4ARZaa3Zbe_7LKNgIJanWe70wN264WV6QCyTFSYtajKLtOMiZjoCQbpknk3M-lVhgSKqDEda283t4xB926pZl5koIafn6eSipaXo5wuy5Z9daWOWvSgtVtsBsP5blyH-S1hXtbbV_YeHiziGvEUKZB9XZ_eBUDpyEsNUGfR8PlXdm5VoSi_nPdpt_ybY4NPC2eIZbjckGS7Xw5iM95qxjEnAsK9EbZMTDsRZdTnieHSkrY853_Gqphv4HpWGSZeM6u8ZL7OSlqgTzSF7vhbD1SB-gLxkAM_gxA_h5G9lz8OSqYs284wuUobw6n4qIGsXIWDiesFCiJimuSMofog",
"payload": "e30"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/307658609136/UvRlag HTTP/1.1" 200 187
Received response:
HTTP 200
Server: nginx
Date: Wed, 24 Jan 2024 14:53:15 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1533758236
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/307658609136>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609136/UvRlag
Replay-Nonce: Dg17S3e1iYbXkILIoTIqo334YKIXXD3NyCf4JKNh2bwBQygCJ7Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609136/UvRlag",
"token": "QWukjnl720qgTQ6nEsfPrHDsNDILP4nj-nwXfsALPek"
}
Storing nonce: Dg17S3e1iYbXkILIoTIqo334YKIXXD3NyCf4JKNh2bwBQygCJ7Y
Waiting for verification...
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/307658609096:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTUzMzc1ODIzNiIsICJub25jZSI6ICJEZzE3UzNlMWlZYlhrSUxJb1RJcW8zMzRZS0lYWEQzTnlDZjRKS05oMmJ3QlF5Z0NKN1kiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMwNzY1ODYwOTA5NiJ9",
"signature": "p114xVw-vx9sA0ki28c4wQg0O0ZSffE-4zNIMg84uJGmQm7J5uOdYShHi--SUrjS6WCgPgveW_LOanpvdv_2qL8idt6m1LxjIrpxIVf5_EXHcAfRp41NrG8f2lmmbYUO9K19Zrib1W7lPtFWMRUZ66NjkBWsBMSr010HEEg86YYXQowaMutGy37eZggVw6jNTFPP62EFjOd8MRZE8hG3TOzXFHL8i76ssQtGP-T9wk0VEsji-mCcYXWtqpdGIY3i90-BS1QmBvLWChMZ5crO-qt9cNzAtkYo2I4mszo8xG8u7WLWLfHATlolM9UEgjFc-xz3D6jG8tcPKck2Z1ac8g",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/307658609096 HTTP/1.1" 200 944
Received response:
HTTP 200
Server: nginx
Date: Wed, 24 Jan 2024 14:53:16 GMT
Content-Type: application/json
Content-Length: 944
Connection: keep-alive
Boulder-Requester: 1533758236
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: tI90Q3sP00i0BjX40ELEGxiQIkzWw0h_mGeD_LlLLjoyA0brRao
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "git.protektwar.net"
},
"status": "invalid",
"expires": "2024-01-31T14:53:12Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:caa",
"detail": "CAA record for git.protektwar.net prevents issuance",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609096/Tq4LsA",
"token": "NmC_OndOvKN532oJgfhkOJ1XXcvdAKtVwrYtkz8GIfE",
"validationRecord": [
{
"url": "http://git.protektwar.net/.well-known/acme-challenge/NmC_OndOvKN532oJgfhkOJ1XXcvdAKtVwrYtkz8GIfE",
"hostname": "git.protektwar.net",
"port": "80",
"addressesResolved": [
"161.97.153.13"
],
"addressUsed": "161.97.153.13"
}
],
"validated": "2024-01-24T14:53:14Z"
}
]
}
Storing nonce: tI90Q3sP00i0BjX40ELEGxiQIkzWw0h_mGeD_LlLLjoyA0brRao
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/307658609106:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTUzMzc1ODIzNiIsICJub25jZSI6ICJ0STkwUTNzUDAwaTBCalg0MEVMRUd4aVFJa3pXdzBoX21HZURfTGxMTGpveUEwYnJSYW8iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMwNzY1ODYwOTEwNiJ9",
"signature": "FDpdrz6KKpuNl-27kfRkeyIvL2-m0fK-QgeGJzH1suo7M95UYjDGY1y1WQlmUHHFRdtZAR-NnniRNXdAJVZY6hO2ZwkovhU5qA8_zOsjDr_EncIzFe7JC4s-IMTxzwzoMlXlCgGhSEEjDr_HWQhtHBpIEr8vRdSS9mSZ4S6yAYOqIE-NBF11wYFfF2G-L6xWVufFhhZTgv_9cnilGwRq2y-RraGR1ddYfjk_TWLZ8-TbZJvAvd5UUpp28DrIMBfkxL5_oyqBw2heHM5rgPVvCz626Wyk6A8pHhOeDI7pJEA_wmvyQLvNqT-ATqbfyc_sCamBVaR1fzb6051kxDdRFQ",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/307658609106 HTTP/1.1" 200 956
Received response:
HTTP 200
Server: nginx
Date: Wed, 24 Jan 2024 14:53:16 GMT
Content-Type: application/json
Content-Length: 956
Connection: keep-alive
Boulder-Requester: 1533758236
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: tI90Q3sP6mlDwl6dsJwUY0xqNfV2qMu9vnkadAjAfX58tknWAJQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "gitweb.protektwar.net"
},
"status": "invalid",
"expires": "2024-01-31T14:53:12Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:caa",
"detail": "CAA record for gitweb.protektwar.net prevents issuance",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609106/Lp4Y_A",
"token": "GzC8vozzhRvOBWCM5QUTU7B9VoI3oACqAdkNGjD6SvQ",
"validationRecord": [
{
"url": "http://gitweb.protektwar.net/.well-known/acme-challenge/GzC8vozzhRvOBWCM5QUTU7B9VoI3oACqAdkNGjD6SvQ",
"hostname": "gitweb.protektwar.net",
"port": "80",
"addressesResolved": [
"161.97.153.13"
],
"addressUsed": "161.97.153.13"
}
],
"validated": "2024-01-24T14:53:14Z"
}
]
}
Storing nonce: tI90Q3sP6mlDwl6dsJwUY0xqNfV2qMu9vnkadAjAfX58tknWAJQ
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/307658609116:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTUzMzc1ODIzNiIsICJub25jZSI6ICJ0STkwUTNzUDZtbER3bDZkc0p3VVkweHFOZlYycU11OXZua2FkQWpBZlg1OHRrbldBSlEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMwNzY1ODYwOTExNiJ9",
"signature": "g0J74rNiXFR055uZds3WFM2JYC37oroAA-mm91ukvIP5AOiYAXtIz-cC1xgYU-LyZCW-mbEXwHWKtEr50PBzeYjIOQG7soRIU6up7jqokuHwTkx0IFVJf3e2Ak_-U07dVFLhVBVetWytdaZR-vFO89G8BYQLnu9K4CkCvTgxTaoUsQkjcM1IAnO-OTaowtL2DeAH5B2RsNj4b2dqFtO3q4LR81hSfDnmii1lAkWi9-trKf30q7rnBLHsa0dD2qus4MRH4L2v47gC4Ney-7-G108yvfONVIK5TqTzloUlUMM7nGYVxzAHsFhEZtuJEvu9OCFGf9lN2PmkTD4s-49Grg",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/307658609116 HTTP/1.1" 200 956
Received response:
HTTP 200
Server: nginx
Date: Wed, 24 Jan 2024 14:53:16 GMT
Content-Type: application/json
Content-Length: 956
Connection: keep-alive
Boulder-Requester: 1533758236
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: tI90Q3sP9Xdt9qkNjzNkXSh0eU59HjtmGpn6ZViWNQqqN9q8mBc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "matrix.protektwar.net"
},
"status": "invalid",
"expires": "2024-01-31T14:53:12Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:caa",
"detail": "CAA record for matrix.protektwar.net prevents issuance",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609116/BAHj2Q",
"token": "nzylukb0aYRTamDzThN6XFKA2nEOIXj515H7MAaXs4Y",
"validationRecord": [
{
"url": "http://matrix.protektwar.net/.well-known/acme-challenge/nzylukb0aYRTamDzThN6XFKA2nEOIXj515H7MAaXs4Y",
"hostname": "matrix.protektwar.net",
"port": "80",
"addressesResolved": [
"161.97.153.13"
],
"addressUsed": "161.97.153.13"
}
],
"validated": "2024-01-24T14:53:14Z"
}
]
}
Storing nonce: tI90Q3sP9Xdt9qkNjzNkXSh0eU59HjtmGpn6ZViWNQqqN9q8mBc
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/307658609126:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTUzMzc1ODIzNiIsICJub25jZSI6ICJ0STkwUTNzUDlYZHQ5cWtOanpOa1hTaDBlVTU5SGp0bUdwbjZaVmlXTlFxcU45cThtQmMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMwNzY1ODYwOTEyNiJ9",
"signature": "qWNH8Yc10edwO-SySfkwN363HWwxs0PLMg4IAWTRz3EukZUsbwq_H3bYltWJ156eL58kgX097obh3hW2432nusnVtlabfQe3sJWiWnEKkjx3Hrhov_uWn68UqIRZ8K_anYNs-c4lj3QboE5VwMiRTWPqAKVmQmd67UPFAagS0wrkBmfJoRt9qgXvmk8K6o1jg29VH-fzRNqZQlCO9eqRHIjL8UaTcnbjWSERuXuaOSWhHvxU2C123xNahLCyHs7vqJoBt_lAhjzTAV_ie-C8HJaCasrw3RHf_vFzjMRKvfRo3CQu5C9yT4yOZzhqQcmPju5cEOam5tbLuDnYhhKJug",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/307658609126 HTTP/1.1" 200 975
Received response:
HTTP 200
Server: nginx
Date: Wed, 24 Jan 2024 14:53:16 GMT
Content-Type: application/json
Content-Length: 975
Connection: keep-alive
Boulder-Requester: 1533758236
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: Dg17S3e1O4Rnboi7YLnM2IofGoBYRgGOjlE_6VXPd7AALAJPLi0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "protektwar.net"
},
"status": "invalid",
"expires": "2024-01-31T14:53:12Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:caa",
"detail": "CAA record for protektwar.net prevents issuance",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609126/fefu6w",
"token": "pY4zezBz3pRooxVDh9OJUvHAVP89a_vz7lABQtv_fzA",
"validationRecord": [
{
"url": "http://protektwar.net/.well-known/acme-challenge/pY4zezBz3pRooxVDh9OJUvHAVP89a_vz7lABQtv_fzA",
"hostname": "protektwar.net",
"port": "80",
"addressesResolved": [
"161.97.153.13",
"2a02:c206:3007:3035::1"
],
"addressUsed": "2a02:c206:3007:3035::1"
}
],
"validated": "2024-01-24T14:53:14Z"
}
]
}
Storing nonce: Dg17S3e1O4Rnboi7YLnM2IofGoBYRgGOjlE_6VXPd7AALAJPLi0
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/307658609136:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTUzMzc1ODIzNiIsICJub25jZSI6ICJEZzE3UzNlMU80Um5ib2k3WUxuTTJJb2ZHb0JZUmdHT2psRV82VlhQZDdBQUxBSlBMaTAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMwNzY1ODYwOTEzNiJ9",
"signature": "R1Ohb9rkkfd86RjYg73QJOP-HcujIK4eS8ikCnn7jtLcv9yGmbrMrbQf6nt943l56hRFASDRAdMuIBl_ARxdFBo1Lx775B9mih-EyqeaAeakXhmFf_q3ej5oLkaGz6zvoGKcZlq5EMxdfscZDPivsoxefwksqp6iHErMcBO_uMomF3-1Y7n-l3cmAZTLrh1TUvMnYQpblbVeJ-OF2RCrKjSx73Zyq_i3Jnfc9LUNncFiP76c22mzME54ujxA7jjX1G1Xf_s0ENsWap65WG4ExMSTjfXIBMuJxZmbMpUaAIB4sVutcwziAsaIWwBCgAFX-LHECfKvTldjQJC9piKZHA",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/307658609136 HTTP/1.1" 200 991
Received response:
HTTP 200
Server: nginx
Date: Wed, 24 Jan 2024 14:53:16 GMT
Content-Type: application/json
Content-Length: 991
Connection: keep-alive
Boulder-Requester: 1533758236
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: tI90Q3sP4AA2jnrdhGDTzP7Gh7hxYHt50cHi8wBJ7M0Le3jL-QQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "www.protektwar.net"
},
"status": "invalid",
"expires": "2024-01-31T14:53:12Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:caa",
"detail": "CAA record for www.protektwar.net prevents issuance",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/307658609136/UvRlag",
"token": "QWukjnl720qgTQ6nEsfPrHDsNDILP4nj-nwXfsALPek",
"validationRecord": [
{
"url": "http://www.protektwar.net/.well-known/acme-challenge/QWukjnl720qgTQ6nEsfPrHDsNDILP4nj-nwXfsALPek",
"hostname": "www.protektwar.net",
"port": "80",
"addressesResolved": [
"161.97.153.13",
"2a02:c206:3007:3035::1"
],
"addressUsed": "2a02:c206:3007:3035::1"
}
],
"validated": "2024-01-24T14:53:15Z"
}
]
}
Storing nonce: tI90Q3sP4AA2jnrdhGDTzP7Gh7hxYHt50cHi8wBJ7M0Le3jL-QQ
Challenge failed for domain git.protektwar.net
Challenge failed for domain gitweb.protektwar.net
Challenge failed for domain matrix.protektwar.net
Challenge failed for domain protektwar.net
Challenge failed for domain www.protektwar.net
http-01 challenge for git.protektwar.net
http-01 challenge for gitweb.protektwar.net
http-01 challenge for matrix.protektwar.net
http-01 challenge for protektwar.net
http-01 challenge for www.protektwar.net
Notifying user:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: git.protektwar.net
Type: caa
Detail: CAA record for git.protektwar.net prevents issuance
Domain: gitweb.protektwar.net
Type: caa
Detail: CAA record for gitweb.protektwar.net prevents issuance
Domain: matrix.protektwar.net
Type: caa
Detail: CAA record for matrix.protektwar.net prevents issuance
Domain: protektwar.net
Type: caa
Detail: CAA record for protektwar.net prevents issuance
Domain: www.protektwar.net
Type: caa
Detail: CAA record for www.protektwar.net prevents issuance
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: git.protektwar.net
Type: caa
Detail: CAA record for git.protektwar.net prevents issuance
Domain: gitweb.protektwar.net
Type: caa
Detail: CAA record for gitweb.protektwar.net prevents issuance
Domain: matrix.protektwar.net
Type: caa
Detail: CAA record for matrix.protektwar.net prevents issuance
Domain: protektwar.net
Type: caa
Detail: CAA record for protektwar.net prevents issuance
Domain: www.protektwar.net
Type: caa
Detail: CAA record for www.protektwar.net prevents issuance
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
Calling registered functions
Cleaning up challenges
Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in <module>
sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1574, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1287, in run
new_lineage = _get_and_save_cert(le_client, config, domains,
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 459, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 389, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 439, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version):
protektwar.net
www.protektwar.net
git.protektwar.net
gitweb.protektwar.net
in addition:
matrix.protektwar.net
The operating system my web server runs on is (include version):
Ubuntu 22.04
My hosting provider, if applicable, is:
VPS provider contabo.de
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 1.21.0
