Status 400 ao tentar renovar / criar certificado

Posso ler respostas em inglês: sim

Meu nome de domínio é: estetika.com.br

Executei esse comando: estou fazendo atualização automática de certificado pelo CWP, mas todos os domínios retornam o mesmo erro e não consigo renovar ou criar novo certificado

Produziu essa saída:
[Wed Aug 19 22:05:01 -03 2020] _main_domain=‘www.estetika.com.br’
[Wed Aug 19 22:05:01 -03 2020] _alt_domains=‘estetika.com.br’
[Wed Aug 19 22:05:01 -03 2020] Using config home:/root/.acme.sh
[Wed Aug 19 22:05:01 -03 2020] default_acme_server
[Wed Aug 19 22:05:01 -03 2020] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory
[Wed Aug 19 22:05:01 -03 2020] DOMAIN_PATH=’/root/.acme.sh/cwp_certs/www.estetika.com.br’
[Wed Aug 19 22:05:01 -03 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Wed Aug 19 22:05:01 -03 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Wed Aug 19 22:05:01 -03 2020] GET
[Wed Aug 19 22:05:01 -03 2020] url=‘https://acme-v02.api.letsencrypt.org/directory
[Wed Aug 19 22:05:01 -03 2020] timeout=
[Wed Aug 19 22:05:02 -03 2020] _CURL=‘curl -L --silent --dump-header /root/.acme.sh/http.header -g ’
[Wed Aug 19 22:05:06 -03 2020] ret=‘0’
[Wed Aug 19 22:05:07 -03 2020] ACME_KEY_CHANGE=‘https://acme-v02.api.letsencrypt.org/acme/key-change
[Wed Aug 19 22:05:07 -03 2020] ACME_NEW_AUTHZ
[Wed Aug 19 22:05:07 -03 2020] ACME_NEW_ORDER=‘https://acme-v02.api.letsencrypt.org/acme/new-order
[Wed Aug 19 22:05:07 -03 2020] ACME_NEW_ACCOUNT=‘https://acme-v02.api.letsencrypt.org/acme/new-acct
[Wed Aug 19 22:05:07 -03 2020] ACME_REVOKE_CERT=‘https://acme-v02.api.letsencrypt.org/acme/revoke-cert
[Wed Aug 19 22:05:07 -03 2020] ACME_AGREEMENT=‘https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
[Wed Aug 19 22:05:07 -03 2020] ACME_NEW_NONCE=‘https://acme-v02.api.letsencrypt.org/acme/new-nonce
[Wed Aug 19 22:05:08 -03 2020] ACME_VERSION=‘2’
[Wed Aug 19 22:05:08 -03 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Aug 19 22:05:08 -03 2020] _on_before_issue
[Wed Aug 19 22:05:08 -03 2020] _chk_main_domain=‘www.estetika.com.br’
[Wed Aug 19 22:05:08 -03 2020] _chk_alt_domains=‘estetika.com.br’
[Wed Aug 19 22:05:08 -03 2020] Le_LocalAddress
[Wed Aug 19 22:05:08 -03 2020] d=‘www.estetika.com.br’
[Wed Aug 19 22:05:08 -03 2020] Check for domain=‘www.estetika.com.br’
[Wed Aug 19 22:05:08 -03 2020] _currentRoot=’/usr/local/apache/autossl_tmp/’
[Wed Aug 19 22:05:08 -03 2020] d=‘estetika.com.br’
[Wed Aug 19 22:05:08 -03 2020] Check for domain=‘estetika.com.br’
[Wed Aug 19 22:05:08 -03 2020] _currentRoot=’/usr/local/apache/autossl_tmp/’
[Wed Aug 19 22:05:08 -03 2020] d
[Wed Aug 19 22:05:09 -03 2020] _saved_account_key_hash is not changed, skip register account.
[Wed Aug 19 22:05:09 -03 2020] Read key length:
[Wed Aug 19 22:05:09 -03 2020] Creating domain key
[Wed Aug 19 22:05:09 -03 2020] Use DEFAULT_DOMAIN_KEY_LENGTH=2048
[Wed Aug 19 22:05:09 -03 2020] Using config home:/root/.acme.sh
[Wed Aug 19 22:05:09 -03 2020] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory
[Wed Aug 19 22:05:09 -03 2020] Use length 2048
[Wed Aug 19 22:05:09 -03 2020] Using RSA: 2048
[Wed Aug 19 22:05:11 -03 2020] The domain key is here: /root/.acme.sh/cwp_certs/www.estetika.com.br/www.estetika.com.br.key
[Wed Aug 19 22:05:11 -03 2020] _createcsr
[Wed Aug 19 22:05:12 -03 2020] Multi domain=‘DNS:www.estetika.com.br,DNS:estetika.com.br’
[Wed Aug 19 22:05:12 -03 2020] Getting domain auth token for each domain
[Wed Aug 19 22:05:12 -03 2020] d=‘estetika.com.br’
[Wed Aug 19 22:05:12 -03 2020] d
[Wed Aug 19 22:05:12 -03 2020] url=‘https://acme-v02.api.letsencrypt.org/acme/new-order
[Wed Aug 19 22:05:12 -03 2020] payload=’{“identifiers”: [{“type”:“dns”,“value”:“www.estetika.com.br”},{“type”:“dns”,“value”:“estetika.com.br”}]}’
[Wed Aug 19 22:05:12 -03 2020] RSA key
[Wed Aug 19 22:05:13 -03 2020] HEAD
[Wed Aug 19 22:05:13 -03 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/new-nonce
[Wed Aug 19 22:05:13 -03 2020] _CURL=‘curl -L --silent --dump-header /root/.acme.sh/http.header -g -I ’
[Wed Aug 19 22:05:15 -03 2020] _ret=‘0’
[Wed Aug 19 22:05:15 -03 2020] POST
[Wed Aug 19 22:05:15 -03 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/new-order
[Wed Aug 19 22:05:15 -03 2020] _CURL=‘curl -L --silent --dump-header /root/.acme.sh/http.header -g ’
[Wed Aug 19 22:05:20 -03 2020] _ret=‘0’
[Wed Aug 19 22:05:20 -03 2020] code=‘201’
[Wed Aug 19 22:05:20 -03 2020] Le_LinkOrder=‘https://acme-v02.api.letsencrypt.org/acme/order/70496486/4770512954
[Wed Aug 19 22:05:20 -03 2020] Le_OrderFinalize=‘https://acme-v02.api.letsencrypt.org/acme/finalize/70496486/4770512954
[Wed Aug 19 22:05:21 -03 2020] url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/6649883762
[Wed Aug 19 22:05:21 -03 2020] payload
[Wed Aug 19 22:05:21 -03 2020] POST
[Wed Aug 19 22:05:21 -03 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/6649883762
[Wed Aug 19 22:05:21 -03 2020] _CURL=‘curl -L --silent --dump-header /root/.acme.sh/http.header -g ’
[Wed Aug 19 22:05:23 -03 2020] _ret=‘0’
[Wed Aug 19 22:05:23 -03 2020] code=‘200’
[Wed Aug 19 22:05:23 -03 2020] url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/6649883765
[Wed Aug 19 22:05:23 -03 2020] payload
[Wed Aug 19 22:05:24 -03 2020] POST
[Wed Aug 19 22:05:24 -03 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/6649883765
[Wed Aug 19 22:05:24 -03 2020] _CURL=‘curl -L --silent --dump-header /root/.acme.sh/http.header -g ’
[Wed Aug 19 22:05:31 -03 2020] _ret=‘0’
[Wed Aug 19 22:05:31 -03 2020] code=‘200’
[Wed Aug 19 22:05:31 -03 2020] d=‘www.estetika.com.br’
[Wed Aug 19 22:05:31 -03 2020] Getting webroot for domain=‘www.estetika.com.br’
[Wed Aug 19 22:05:31 -03 2020] _w=’/usr/local/apache/autossl_tmp/’
[Wed Aug 19 22:05:31 -03 2020] _currentRoot=’/usr/local/apache/autossl_tmp/’
[Wed Aug 19 22:05:32 -03 2020] entry=’“type”:“http-01”,“status”:“pending”,“url”:“https://acme-v02.api.letsencrypt.org/acme/chall-v3/6649883765/3HLJqQ",“token”:"26BdVRU8FIWlbwiF6til2ERmMIFqs5UgA_eVpT-iVQg”’
[Wed Aug 19 22:05:32 -03 2020] token=‘26BdVRU8FIWlbwiF6til2ERmMIFqs5UgA_eVpT-iVQg’
[Wed Aug 19 22:05:32 -03 2020] uri=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/6649883765/3HLJqQ
[Wed Aug 19 22:05:32 -03 2020] keyauthorization=‘26BdVRU8FIWlbwiF6til2ERmMIFqs5UgA_eVpT-iVQg.9HgPoPRLj1OjZsUYw_LhXRzZH5ZcjnfiwM0iCo711As’
[Wed Aug 19 22:05:32 -03 2020] dvlist=‘www.estetika.com.br#26BdVRU8FIWlbwiF6til2ERmMIFqs5UgA_eVpT-iVQg.9HgPoPRLj1OjZsUYw_LhXRzZH5ZcjnfiwM0iCo711As#https://acme-v02.api.letsencrypt.org/acme/chall-v3/6649883765/3HLJqQ#http-01#/usr/local/apache/autossl_tmp/
[Wed Aug 19 22:05:32 -03 2020] d=‘estetika.com.br’
[Wed Aug 19 22:05:32 -03 2020] Getting webroot for domain=‘estetika.com.br’
[Wed Aug 19 22:05:32 -03 2020] _w=’/usr/local/apache/autossl_tmp/’
[Wed Aug 19 22:05:32 -03 2020] _currentRoot=’/usr/local/apache/autossl_tmp/’
[Wed Aug 19 22:05:32 -03 2020] entry=’“type”:“http-01”,“status”:“pending”,“url”:“https://acme-v02.api.letsencrypt.org/acme/chall-v3/6649883762/3vJXYg",“token”:"_srpAURa9LUrRdtj0qrzWdjPIsSkaAFicmAbb7wC4c8”’
[Wed Aug 19 22:05:32 -03 2020] token=’_srpAURa9LUrRdtj0qrzWdjPIsSkaAFicmAbb7wC4c8’
[Wed Aug 19 22:05:33 -03 2020] uri=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/6649883762/3vJXYg
[Wed Aug 19 22:05:33 -03 2020] keyauthorization=’_srpAURa9LUrRdtj0qrzWdjPIsSkaAFicmAbb7wC4c8.9HgPoPRLj1OjZsUYw_LhXRzZH5ZcjnfiwM0iCo711As’
[Wed Aug 19 22:05:33 -03 2020] dvlist=‘estetika.com.br#_srpAURa9LUrRdtj0qrzWdjPIsSkaAFicmAbb7wC4c8.9HgPoPRLj1OjZsUYw_LhXRzZH5ZcjnfiwM0iCo711As#https://acme-v02.api.letsencrypt.org/acme/chall-v3/6649883762/3vJXYg#http-01#/usr/local/apache/autossl_tmp/
[Wed Aug 19 22:05:33 -03 2020] d
[Wed Aug 19 22:05:33 -03 2020] vlist=‘www.estetika.com.br#26BdVRU8FIWlbwiF6til2ERmMIFqs5UgA_eVpT-iVQg.9HgPoPRLj1OjZsUYw_LhXRzZH5ZcjnfiwM0iCo711As#https://acme-v02.api.letsencrypt.org/acme/chall-v3/6649883765/3HLJqQ#http-01#/usr/local/apache/autossl_tmp/,estetika.com.br#_srpAURa9LUrRdtj0qrzWdjPIsSkaAFicmAbb7wC4c8.9HgPoPRLj1OjZsUYw_LhXRzZH5ZcjnfiwM0iCo711As#https://acme-v02.api.letsencrypt.org/acme/chall-v3/6649883762/3vJXYg#http-01#/usr/local/apache/autossl_tmp/,’
[Wed Aug 19 22:05:33 -03 2020] d=‘www.estetika.com.br’
[Wed Aug 19 22:05:33 -03 2020] d=‘estetika.com.br’
[Wed Aug 19 22:05:33 -03 2020] ok, let’s start to verify
[Wed Aug 19 22:05:33 -03 2020] Verifying: www.estetika.com.br
[Wed Aug 19 22:05:33 -03 2020] d=‘www.estetika.com.br’
[Wed Aug 19 22:05:33 -03 2020] keyauthorization=‘26BdVRU8FIWlbwiF6til2ERmMIFqs5UgA_eVpT-iVQg.9HgPoPRLj1OjZsUYw_LhXRzZH5ZcjnfiwM0iCo711As’
[Wed Aug 19 22:05:33 -03 2020] uri=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/6649883765/3HLJqQ
[Wed Aug 19 22:05:33 -03 2020] _currentRoot=’/usr/local/apache/autossl_tmp/’
[Wed Aug 19 22:05:33 -03 2020] wellknown_path=’/usr/local/apache/autossl_tmp/.well-known/acme-challenge’
[Wed Aug 19 22:05:33 -03 2020] writing token:26BdVRU8FIWlbwiF6til2ERmMIFqs5UgA_eVpT-iVQg to /usr/local/apache/autossl_tmp/.well-known/acme-challenge/26BdVRU8FIWlbwiF6til2ERmMIFqs5UgA_eVpT-iVQg
[Wed Aug 19 22:05:33 -03 2020] Changing owner/group of .well-known to root:root
[Wed Aug 19 22:05:33 -03 2020] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/6649883765/3HLJqQ
[Wed Aug 19 22:05:33 -03 2020] payload=’{}’
[Wed Aug 19 22:05:34 -03 2020] POST
[Wed Aug 19 22:05:34 -03 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/6649883765/3HLJqQ
[Wed Aug 19 22:05:34 -03 2020] _CURL=‘curl -L --silent --dump-header /root/.acme.sh/http.header -g ’
[Wed Aug 19 22:05:35 -03 2020] _ret=‘0’
[Wed Aug 19 22:05:35 -03 2020] code=‘200’
[Wed Aug 19 22:05:36 -03 2020] trigger validation code: 200
[Wed Aug 19 22:05:36 -03 2020] sleep 2 secs to verify
[Wed Aug 19 22:05:38 -03 2020] checking
[Wed Aug 19 22:05:38 -03 2020] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/6649883765/3HLJqQ
[Wed Aug 19 22:05:38 -03 2020] payload
[Wed Aug 19 22:05:38 -03 2020] POST
[Wed Aug 19 22:05:38 -03 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/6649883765/3HLJqQ
[Wed Aug 19 22:05:38 -03 2020] _CURL=‘curl -L --silent --dump-header /root/.acme.sh/http.header -g ’
[Wed Aug 19 22:05:40 -03 2020] _ret=‘0’
[Wed Aug 19 22:05:40 -03 2020] code=‘200’
[Wed Aug 19 22:05:40 -03 2020] Pending
[Wed Aug 19 22:05:40 -03 2020] sleep 2 secs to verify
[Wed Aug 19 22:05:42 -03 2020] checking
[Wed Aug 19 22:05:42 -03 2020] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/6649883765/3HLJqQ
[Wed Aug 19 22:05:42 -03 2020] payload
[Wed Aug 19 22:05:43 -03 2020] POST
[Wed Aug 19 22:05:43 -03 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/6649883765/3HLJqQ
[Wed Aug 19 22:05:43 -03 2020] _CURL=‘curl -L --silent --dump-header /root/.acme.sh/http.header -g ’
[Wed Aug 19 22:05:44 -03 2020] _ret=‘0’
[Wed Aug 19 22:05:44 -03 2020] code=‘200’
[Wed Aug 19 22:05:45 -03 2020] www.estetika.com.br:Verify error:Fetching http://www.estetika.com.br/.well-known/acme-challenge/26BdVRU8FIWlbwiF6til2ERmMIFqs5UgA_eVpT-iVQg: Connection reset by peer
[Wed Aug 19 22:05:45 -03 2020] pid
[Wed Aug 19 22:05:45 -03 2020] No need to restore nginx, skip.
[Wed Aug 19 22:05:45 -03 2020] _clearupdns
[Wed Aug 19 22:05:45 -03 2020] dns_entries
[Wed Aug 19 22:05:45 -03 2020] skip dns.
[Wed Aug 19 22:05:45 -03 2020] _on_issue_err
[Wed Aug 19 22:05:45 -03 2020] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Wed Aug 19 22:05:45 -03 2020] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/6649883765/3HLJqQ
[Wed Aug 19 22:05:45 -03 2020] payload=’{}’
[Wed Aug 19 22:05:45 -03 2020] POST
[Wed Aug 19 22:05:45 -03 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/6649883765/3HLJqQ
[Wed Aug 19 22:05:46 -03 2020] _CURL=‘curl -L --silent --dump-header /root/.acme.sh/http.header -g ’
[Wed Aug 19 22:05:47 -03 2020] _ret=‘0’
[Wed Aug 19 22:05:47 -03 2020] code=‘400’
[Wed Aug 19 22:05:48 -03 2020] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/6649883762/3vJXYg
[Wed Aug 19 22:05:48 -03 2020] payload=’{}’
[Wed Aug 19 22:05:48 -03 2020] POST
[Wed Aug 19 22:05:48 -03 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/6649883762/3vJXYg
[Wed Aug 19 22:05:48 -03 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g ’
[Wed Aug 19 22:05:49 -03 2020] _ret=‘0’
[Wed Aug 19 22:05:50 -03 2020] code=‘200’

Meu servidor web é (com versão):

O sistema operacional no meu servidor web é (com versão): CentOS 7.8

Posso acessar um shell root na minha máquina (sim ou não, ou não sei): sim

Uso um painel de controle para administrar meu site (não, ou indique o nome e a versão do painel de controle): CWP 7

Oi @ednerbertao,

Esse erro me sugere que tem um firewall que bloqueia alguns tipos de conexões. É possível?

Olá ! Agradeço a atenção.

Eu já tentei criar o certificado após derrubar o filtro de IP, depois da sua mensagem lembrei do mod_security, desativei ele pra um dos domínios e o retorno foi exatamente o mesmo. Fora esses dois filtros de acesso não existe mais nenhum.

Até a resposta da AC quando você tentar solicitar o certificado de novo?

Sim, a resposta é sempre a mesma. No inicio pensei que era algum problema de atualização do certificado, exclui td e tentei criar novamente, mas a mensagem é sempre a mesma, não importa oq eu faça.

Derrubei firewall, derrubei mod security, deixei o servidor td aberto, mas nada. Esses certificados estão configurados pra atualizar automático, até 1 mês atrás estava tudo OK, acredito que isso começou por volta de 30 dias atrás.

Cheguei a atualizar o servidor, tentei mudar umas configurações do acme, mas nada.