"status": "invalid",

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
www.realisemotion.com

I ran this command:
sudo certbot --nginx -d RealiseMotion.com -d www.RealiseMotion.com

It produced this output:

Server: nginx
Date: Sat, 13 Jul 2024 20:46:32 GMT
Content-Type: application/json
Content-Length: 746
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"pn3EFVJlg0M": "Adding random entries to the directory",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-07-13 21:46:34,788:DEBUG:certbot._internal.cert_manager:Renewal conf file /etc/letsencrypt/renewal/www.realisemotion.com.conf is broken. Skipping.
2024-07-13 21:46:34,789:DEBUG:certbot._internal.cert_manager:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/_internal/cert_manager.py", line 408, in _search_lineages
candidate_lineage = storage.RenewableCert(renewal_file, cli_config)
File "/usr/lib/python3/dist-packages/certbot/_internal/storage.py", line 475, in init
self._check_symlinks()
File "/usr/lib/python3/dist-packages/certbot/_internal/storage.py", line 545, in _check_symlinks
raise errors.CertStorageError(
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/www.realisemotion.com/cert.pem to be a symlink

2024-07-13 21:46:34,789:DEBUG:certbot._internal.cert_manager:Renewal conf file /etc/letsencrypt/renewal/www.realisemotion.online.conf is broken. Skipping.
2024-07-13 21:46:34,789:DEBUG:certbot._internal.cert_manager:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/_internal/cert_manager.py", line 408, in _search_lineages
candidate_lineage = storage.RenewableCert(renewal_file, cli_config)
File "/usr/lib/python3/dist-packages/certbot/_internal/storage.py", line 475, in init
self._check_symlinks()
File "/usr/lib/python3/dist-packages/certbot/_internal/storage.py", line 545, in _check_symlinks
raise errors.CertStorageError(
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/www.realisemotion.online/cert.pem to be a symlink

2024-07-13 21:46:34,789:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for realisemotion.com and www.realisemotion.com
2024-07-13 21:46:34,914:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0019_key-certbot.pem
2024-07-13 21:46:34,916:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0019_csr-certbot.pem
2024-07-13 21:46:34,917:DEBUG:acme.client:Requesting fresh nonce
2024-07-13 21:46:34,917:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2024-07-13 21:46:35,060:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2024-07-13 21:46:35,060:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 13 Jul 2024 20:46:33 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 9v6OBnJdLMybO1irFWzSjEVaKV1H-6lQWoCX6sOI9dCPyCzEexM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2024-07-13 21:46:35,061:DEBUG:acme.client:Storing nonce: 9v6OBnJdLMybO1irFWzSjEVaKV1H-6lQWoCX6sOI9dCPyCzEexM
2024-07-13 21:46:35,061:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "realisemotion.com"\n },\n {\n "type": "dns",\n "value": "www.realisemotion.com"\n }\n ]\n}'
2024-07-13 21:46:35,063:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTgzMzIxOTcxNyIsICJub25jZSI6ICI5djZPQm5KZExNeWJPMWlyRld6U2pFVmFLVjFILTZsUVdvQ1g2c09JOWRDUHlDekVleE0iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "ec7k-YH1kbGwFNJsVZZRcS2IEplHHTn_uc08WF2SmVdKOqraeSN_NbgwZEewdcSImNw0ZnDQscPDrMWA_ApRnP1_YuhJvRQ-2Wv-oDX_dOEijpGDubkq0YXnIYydeDvyL8c_tPm97we88GcZBwJ_3du6xMiYlJQm8f_E-yMXIw2TccKoYPlyFhOr6UZLqkGoFDoGxRcaXkf-AsvCTxIs4HrTvvo8rcJjoWet4i94Ag-g9eJrNNHOoHGY8oUD6Z6khNSAosjFpSoPz6X9vc7WlHrI1yyUqhn__gqWriaoMT7OazF0syonsMATVxQI_kDuhFZYbeflak23QqYfQ8haFw",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInJlYWxpc2Vtb3Rpb24uY29tIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5yZWFsaXNlbW90aW9uLmNvbSIKICAgIH0KICBdCn0"
}
2024-07-13 21:46:35,249:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 487
2024-07-13 21:46:35,250:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sat, 13 Jul 2024 20:46:33 GMT
Content-Type: application/json
Content-Length: 487
Connection: keep-alive
Boulder-Requester: 1833219717
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1833219717/287007457757
Replay-Nonce: XrsdoYfryTxq--9gvfiPS0B8TAasAYFktMPBJUXhQznr7AMMIUo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2024-07-20T20:46:33Z",
"identifiers": [
{
"type": "dns",
"value": "realisemotion.com"
},
{
"type": "dns",
"value": "www.realisemotion.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/376027912647",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/376603050667"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1833219717/287007457757"
}
2024-07-13 21:46:35,250:DEBUG:acme.client:Storing nonce: XrsdoYfryTxq--9gvfiPS0B8TAasAYFktMPBJUXhQznr7AMMIUo
2024-07-13 21:46:35,250:DEBUG:acme.client:JWS payload:
b''
2024-07-13 21:46:35,251:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/376027912647:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTgzMzIxOTcxNyIsICJub25jZSI6ICJYcnNkb1lmcnlUeHEtLTlndmZpUFMwQjhUQWFzQVlGa3RNUEJKVVhoUXpucjdBTU1JVW8iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM3NjAyNzkxMjY0NyJ9",
"signature": "a5E6AFPEbn0NtD83DxfM4KQuvezq-ZAaP0m_3KgT8w-gY3mXODqJ86HQx8vACkX48W2NntrwgEAn7VIet_qbGulXcI0OsUhY8gKAiUGDuuJpw4qzkioiZtyCGO1JUMnraAmwGtr7Qz5_1b4iLJFsgCnPnnoTh-SGD0LOT-UL3md8xIL6diK1KuYK5eu0Pot7k8kU6ASjeF3drgMUN-PWkG309HyfFdd0I7HQj5QcZXhzPy_rmmMujJc4hFVfe4graxcNL40aEkH_eIaDEfRamKJMJkSWld7_VjZEiN6NzplE0ElpudJTnx158t8MnfffiVPE6iNEQoBZPUVfjR4n-w",
"payload": ""
}
2024-07-13 21:46:35,399:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/376027912647 HTTP/1.1" 200 774
2024-07-13 21:46:35,399:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 13 Jul 2024 20:46:33 GMT
Content-Type: application/json
Content-Length: 774
Connection: keep-alive
Boulder-Requester: 1833219717
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 9v6OBnJdRiHS1rwT-1nuCD7BMpeBa_QZEPB00WjptYjtbmx9meQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "www.realisemotion.com"
},
"status": "valid",
"expires": "2024-08-11T12:19:01Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/376027912647/P0bDnw",
"status": "valid",
"validated": "2024-07-12T12:19:00Z",
"token": "XAFGSZCWOm6PCwnIqw2uCO_tAxAEXFnHSuykeudVZ-I",
"validationRecord": [
{
"url": "RealiseMotion Weatherproof Nature Cameras With Motion Detection",
"hostname": "www.realisemotion.com",
"port": "80",
"addressesResolved": [
"37.9.59.190"
],
"addressUsed": "37.9.59.190"
}
]
}
]
}
2024-07-13 21:46:35,399:DEBUG:acme.client:Storing nonce: 9v6OBnJdRiHS1rwT-1nuCD7BMpeBa_QZEPB00WjptYjtbmx9meQ
2024-07-13 21:46:35,400:DEBUG:acme.client:JWS payload:
b''
2024-07-13 21:46:35,401:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/376603050667:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTgzMzIxOTcxNyIsICJub25jZSI6ICI5djZPQm5KZFJpSFMxcndULTFudUNEN0JNcGVCYV9RWkVQQjAwV2pwdFlqdGJteDltZVEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM3NjYwMzA1MDY2NyJ9",
"signature": "srp4t3kJCatbihH-Y0fn0MV-ZzYoVuBxWRHOU0ntizCWbkU00p-bjGfDrHH7xHOWUWgel2p6gH9o5MKSYB61e2FtJY5RZ9NnjWlbBcGcmAKsnI9MCASR2VJ5gwTQdmvXaSyCsi-T1Ao-W77cWGCm4IEL2bJciwlvo-rUEebNo-k8ujynIQkG-f2dEZm2hEpjdFK8AMZYiJ4sttZcI01VieRXqfv1_AnDGgF73ZNFs3583NvlnNgX9os752flGZ0lnfJtdHEiJfpQS82Z6Nz9iiN9iT-bBeAaNQH8SusZy60qObb1CvMoe4TjRgXuXbnMvovoxVeUpy_eqkezThDcYQ",
"payload": ""
}
2024-07-13 21:46:35,546:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/376603050667 HTTP/1.1" 200 801
2024-07-13 21:46:35,546:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 13 Jul 2024 20:46:33 GMT
Content-Type: application/json
Content-Length: 801
Connection: keep-alive
Boulder-Requester: 1833219717
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 9v6OBnJduguknlF6KbtqFkQtt7gbvEZrleigSVPrEtDl_GjALug
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "realisemotion.com"
},
"status": "pending",
"expires": "2024-07-20T20:46:33Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/376603050667/ul3zjQ",
"status": "pending",
"token": "PGqWxV8r07MthmaI9jil04UQtw4MMUr0u9Ptn6CdD8E"
},
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/376603050667/UkTf_w",
"status": "pending",
"token": "PGqWxV8r07MthmaI9jil04UQtw4MMUr0u9Ptn6CdD8E"
},
{
"type": "tls-alpn-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/376603050667/R2Y_sQ",
"status": "pending",
"token": "PGqWxV8r07MthmaI9jil04UQtw4MMUr0u9Ptn6CdD8E"
}
]
}
2024-07-13 21:46:35,546:DEBUG:acme.client:Storing nonce: 9v6OBnJduguknlF6KbtqFkQtt7gbvEZrleigSVPrEtDl_GjALug
2024-07-13 21:46:35,547:INFO:certbot._internal.auth_handler:Performing the following challenges:
2024-07-13 21:46:35,547:INFO:certbot._internal.auth_handler:http-01 challenge for realisemotion.com
2024-07-13 21:46:35,572:DEBUG:certbot_nginx._internal.http_01:Generated server block:

2024-07-13 21:46:35,573:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-geoip2.conf
2024-07-13 21:46:35,573:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/70-mod-stream-geoip2.conf
2024-07-13 21:46:35,573:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/default
2024-07-13 21:46:35,573:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf
2024-07-13 21:46:35,574:DEBUG:certbot.reverter:Creating backup of /etc/letsencrypt/options-ssl-nginx.conf
2024-07-13 21:46:35,574:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
2024-07-13 21:46:35,574:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-stream.conf
2024-07-13 21:46:35,574:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-image-filter.conf
2024-07-13 21:46:35,574:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
2024-07-13 21:46:35,575:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-mail.conf
2024-07-13 21:46:35,576:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
worker_connections 768;
# multi_accept on;
}

http {
include /etc/letsencrypt/le_http_01_cert_challenge.conf;
server_names_hash_bucket_size 128;

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

}

#mail {

# See sample authentication script at:

# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript

# auth_http localhost/auth.php;

# pop3_capabilities "TOP" "USER";

# imap_capabilities "IMAP4rev1" "UIDPLUS";

server {

listen localhost:110;

protocol pop3;

proxy on;

}

server {

listen localhost:143;

protocol imap;

proxy on;

}

#}

2024-07-13 21:46:35,586:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/sites-enabled/default:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}

upstream websocketLive {
server 127.0.0.1:9779;
}
server {
server_name www.realisemotion.live realisemotion.live;
location / {
error_page 503 = /blank.html;
error_page 502 = /blank.html;
error_page 404 /blank.html;
error_page 500 502 503 504 /blank.html;

 proxy_http_version 1.1;
 proxy_set_header   Upgrade $http_upgrade;
 proxy_set_header   Connection keep-alive;
 proxy_set_header   Host $host;
 proxy_cache_bypass $http_upgrade;
 proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header   X-Forwarded-Proto $scheme;
 proxy_read_timeout 86400s;
 proxy_send_timeout 86400s;
 client_max_body_size 2M;


 proxy_pass     https://websocketLive;
 }
 
 
 
add_header Last-Modified $date_gmt;
    add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
    if_modified_since off;
    expires off;
    etag off;


 location /BaseAiHub {
	proxy_pass     https://websocketLive;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_set_header Host $host;
	proxy_cache_bypass $http_upgrade;
}



location = /blank.html {
    root /var/www/html/ErrorPages;
}



listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/realisemotion.live/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/realisemotion.live/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

upstream websocketAdmin {
server 127.0.0.1:7771;
}

server {
server_name www.realisemotion.online realisemotion.online;
location / {
error_page 503 = /blank.html;
error_page 502 = /blank.html;
error_page 404 /blank.html;
error_page 500 502 503 504 /blank.html;

 proxy_http_version 1.1;
 proxy_set_header   Upgrade $http_upgrade;
 proxy_set_header   Connection keep-alive;
 proxy_set_header   Host $host;
 proxy_cache_bypass $http_upgrade;
 proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header   X-Forwarded-Proto $scheme;
 proxy_read_timeout 86400s;
 proxy_send_timeout 86400s;
 client_max_body_size 2M;


 proxy_pass     https://websocketAdmin;
 }
 
 
 
add_header Last-Modified $date_gmt;
    add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
    if_modified_since off;
    expires off;
    etag off;

location /BaseDiagnosticsHub {
	proxy_pass     https://websocketAdmin;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_set_header Host $host;
	proxy_cache_bypass $http_upgrade;
}

location = /blank.html {
    root /var/www/html/ErrorPages;
}

}

upstream websocketCloud {
server 127.0.0.1:9771;
}

server {
server_name www.realisemotion.Foundation realisemotion.Foundation;
location / {
error_page 503 = /blank.html;
error_page 502 = /blank.html;
error_page 404 /blank.html;
error_page 500 502 503 504 /blank.html;

 proxy_http_version 1.1;
 proxy_set_header   Upgrade $http_upgrade;
 proxy_set_header   Connection keep-alive;
 proxy_set_header   Host $host;
 proxy_cache_bypass $http_upgrade;
 proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header   X-Forwarded-Proto $scheme;
 proxy_read_timeout 86400s;
 proxy_send_timeout 86400s;
 client_max_body_size 2M;

 proxy_pass     https://websocketCloud;
}
 
 location /Firmware {
		alias /var/www/Firmware/;
}

 location /media {
		alias /var/www/media/;
}
 
add_header Last-Modified $date_gmt;
    add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
    if_modified_since off;
    expires off;
    etag off;

location /BaseUserHub { 
	proxy_pass     https://websocketCloud;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_set_header Host $host;
	proxy_cache_bypass $http_upgrade;
}

location = /blank.html {
    root /var/www/html/ErrorPages;
}




listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/realisemotion.foundation/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/realisemotion.foundation/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

upstream websocketHome {
server 127.0.0.1:5001;
}

server {
server_name www.realisemotion.ai realisemotion.ai ;
location / {
error_page 503 = /blank.html;
error_page 502 = /blank.html;
error_page 404 /blank.html;
error_page 500 502 503 504 /blank.html;

 proxy_http_version 1.1;
 proxy_set_header   Upgrade $http_upgrade;
 proxy_set_header   Connection keep-alive;
 proxy_set_header   Host $host;
 proxy_cache_bypass $http_upgrade;
 proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header   X-Forwarded-Proto $scheme;
 proxy_read_timeout 86400s;
 proxy_send_timeout 86400s;
 client_max_body_size 2M;

 proxy_pass     https://websocketHome;
}
 
 	 location /downloads {
		alias /var/www/downloads/;
}
 
add_header Last-Modified $date_gmt;
    add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
    if_modified_since off;
    expires off;
    etag off;



location = /blank.html {
    root /var/www/html/ErrorPages;
}


listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/realisemotion.ai/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/realisemotion.ai/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot

 server_name  www.realisemotion.com realisemotion.com;
 location / {


return 301 https://realisemotion.ai;
}

location = /.well-known/acme-challenge/PGqWxV8r07MthmaI9jil04UQtw4MMUr0u9Ptn6CdD8E{default_type text/plain;return 200 PGqWxV8r07MthmaI9jil04UQtw4MMUr0u9Ptn6CdD8E.PXwkggciJXkMERMt1w7uxb8SVaLRZn4ETi4KJGbSHNI;} # managed by Certbot

}

server {
if ($host = www.realisemotion.foundation) {
return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = realisemotion.foundation) {
    return 301 https://$host$request_uri;
} # managed by Certbot


 server_name  www.realisemotion.Foundation realisemotion.Foundation;
listen 80;
return 404; # managed by Certbot

}

server {
if ($host = www.realisemotion.live) {
return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = realisemotion.live) {
    return 301 https://$host$request_uri;
} # managed by Certbot


 server_name  www.realisemotion.live realisemotion.live;
listen 80;
return 404; # managed by Certbot

}

2024-07-13 21:46:36,611:DEBUG:acme.client:JWS payload:
b'{}'
2024-07-13 21:46:36,614:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/376603050667/ul3zjQ:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTgzMzIxOTcxNyIsICJub25jZSI6ICI5djZPQm5KZHVndWtubEY2S2J0cUZrUXR0N2didkVacmxlaWdTVlByRXREbF9HakFMdWciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzM3NjYwMzA1MDY2Ny91bDN6alEifQ",
"signature": "S50WaaSrXEVQCn4GpyBM_4t5-Nr_XM0SHpMLyfvofl6nduhPHn5laxYW6PZ2rg7YfIWBx-T_9FKq08UvLb8mr4Uw7Fl8nKfAIKyA-gbgTNoJQveg6Uv0S7nOrWACdVMFKBkNgLMYkit7VIzmcKGhh6UcX_e2g6tqDuv7ukII4h4XKEjjPSIJoMdb8mz6pjtz6uwNm0XJAsgdtwQuptupgK5t11ekJE0dH4IubUodLuEWP7z_CEQVtEInDqTUCgKHeyWGSNIFC1dnYPR9NARjG8019Vs3b9T1vXWU0J3Pi639EHN_GzC2wBgh7cNDnVRxy0a4loQQl0141PJlUBpBHw",
"payload": "e30"
}
2024-07-13 21:46:36,764:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/376603050667/ul3zjQ HTTP/1.1" 200 187
2024-07-13 21:46:36,765:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 13 Jul 2024 20:46:34 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1833219717
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz-v3/376603050667;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/376603050667/ul3zjQ
Replay-Nonce: 9v6OBnJdxx-i8884B_2w9zvKc8-S6P2E0T8e2Xovog0_Bxm9KCU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/376603050667/ul3zjQ",
"status": "pending",
"token": "PGqWxV8r07MthmaI9jil04UQtw4MMUr0u9Ptn6CdD8E"
}
2024-07-13 21:46:36,765:DEBUG:acme.client:Storing nonce: 9v6OBnJdxx-i8884B_2w9zvKc8-S6P2E0T8e2Xovog0_Bxm9KCU
2024-07-13 21:46:36,766:INFO:certbot._internal.auth_handler:Waiting for verification...
2024-07-13 21:46:37,767:DEBUG:acme.client:JWS payload:
b''
2024-07-13 21:46:37,772:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/376027912647:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTgzMzIxOTcxNyIsICJub25jZSI6ICI5djZPQm5KZHh4LWk4ODg0Ql8ydzl6dktjOC1TNlAyRTBUOGUyWG92b2cwX0J4bTlLQ1UiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM3NjAyNzkxMjY0NyJ9",
"signature": "wCcYzVE3jtmys2y9z3-KojqdcsYiQABQBQPp8RONn9Mfm-tKVWSVHymA37lghhb8BKAfYNwN2rJl04KcpZc4wcFOlDwkQmdUe3VbDX2M5Dtof9BNRqQkiyu3vCd58IWAfD575fllu7O1DmcultnGKCPaaEAvdGbpYNkS7yGPmb2AWVvvNQoakAJ-RzvUC6OebAkTbprtG6OMXGtY11WullMIhJd1o7Dg-eGO5ez2P0JSoZPo5YsNxdlTJ2dgqsZde46be1J_kv-I7kuZrHT5brvyKa0uXgPDIjtPJ1vU-z2r1Hg6mCgcrgPkulDfoBHz68Vi2WUrjqD7k_UO3ksdRg",
"payload": ""
}
2024-07-13 21:46:37,921:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/376027912647 HTTP/1.1" 200 774
2024-07-13 21:46:37,922:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 13 Jul 2024 20:46:36 GMT
Content-Type: application/json
Content-Length: 774
Connection: keep-alive
Boulder-Requester: 1833219717
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: XrsdoYfrhuUzNSlA8dZ9QXeLB5b6PTpkGm9BXRQST0FW9-nH7-U
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "www.realisemotion.com"
},
"status": "valid",
"expires": "2024-08-11T12:19:01Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/376027912647/P0bDnw",
"status": "valid",
"validated": "2024-07-12T12:19:00Z",
"token": "XAFGSZCWOm6PCwnIqw2uCO_tAxAEXFnHSuykeudVZ-I",
"validationRecord": [
{
"url": "RealiseMotion Weatherproof Nature Cameras With Motion Detection",
"hostname": "www.realisemotion.com",
"port": "80",
"addressesResolved": [
"37.9.59.190"
],
"addressUsed": "37.9.59.190"
}
]
}
]
}
2024-07-13 21:46:37,923:DEBUG:acme.client:Storing nonce: XrsdoYfrhuUzNSlA8dZ9QXeLB5b6PTpkGm9BXRQST0FW9-nH7-U
2024-07-13 21:46:37,924:DEBUG:acme.client:JWS payload:
b''
2024-07-13 21:46:37,928:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/376603050667:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTgzMzIxOTcxNyIsICJub25jZSI6ICJYcnNkb1lmcmh1VXpOU2xBOGRaOVFYZUxCNWI2UFRwa0dtOUJYUlFTVDBGVzktbkg3LVUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM3NjYwMzA1MDY2NyJ9",
"signature": "VQmsUws4aiGE9triLVnJsQNLSRRpUNfGGOXBF210IkyU0R1MMn8zRef4_i3LtUJtSjnhXYgSIPQGDOsJokZHkWUgqXnVn33cdimmVOC4oslit92kKYFSkRW7X9v28qC3pznTsH05xjOVqf1jXjHGB4ly25HCUZcdX4T5fDjyECwooisnLStl_-F6IgjtZXWvMzuu9G43Xf1tfgz6x1vVoibpGTztvoy2pCO3fiGoH_p97GkAQ8hnJwx5PGCi-kVk2NqN2Io2LVX9_2fVz_0hnci5z6MX4ZJAemW8uRJR9_VlfvIgiqMUat--chCZMwC_qv3Tv0G5zFDE3RkFr4rLrQ",
"payload": ""
}
2024-07-13 21:46:38,076:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/376603050667 HTTP/1.1" 200 1248
2024-07-13 21:46:38,077:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 13 Jul 2024 20:46:36 GMT
Content-Type: application/json
Content-Length: 1248
Connection: keep-alive
Boulder-Requester: 1833219717
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 9v6OBnJdpH9wj89soh2N3jqFjHIB1dP2G6tKM-rg9SqbGj8dUrU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "realisemotion.com"
},
"status": "invalid",
"expires": "2024-07-20T20:46:33Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/376603050667/ul3zjQ",
"status": "invalid",
"validated": "2024-07-13T20:46:34Z",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "During secondary validation: 37.9.59.190: Invalid response from https://www.realisemotion.com: "\u003c!DOCTYPE html\u003e\r\n\u003chtml lang=\"en\" style=\"margin:0; padding:0; height: 100vh\"\u003e\r\n\u003chead\u003e\u003ctitle\u003eCamera OffLine\u003c/title\u003e\u003c/head\u003e\r\n\r\n\r\n\r\n"",
"status": 403
},
"token": "PGqWxV8r07MthmaI9jil04UQtw4MMUr0u9Ptn6CdD8E",
"validationRecord": [
{
"url": "RealiseMotion Weatherproof Nature Cameras With Motion Detection",
"hostname": "realisemotion.com",
"port": "80",
"addressesResolved": [
"37.9.59.190",
"192.64.119.166"
],
"addressUsed": "37.9.59.190"
}
]
}
]
}
2024-07-13 21:46:38,078:DEBUG:acme.client:Storing nonce: 9v6OBnJdpH9wj89soh2N3jqFjHIB1dP2G6tKM-rg9SqbGj8dUrU
2024-07-13 21:46:38,079:INFO:certbot._internal.auth_handler:Challenge failed for domain realisemotion.com
2024-07-13 21:46:38,079:INFO:certbot._internal.auth_handler:http-01 challenge for realisemotion.com
2024-07-13 21:46:38,080:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: realisemotion.com
Type: unauthorized
Detail: During secondary validation: 37.9.59.190: Invalid response from https://www.realisemotion.com: "\r\n<html lang="en" style="margin:0; padding:0; height: 100vh">\r\nCamera OffLine\r\n\r\n\r\n\r\n"

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

2024-07-13 21:46:38,080:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2024-07-13 21:46:38,081:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-07-13 21:46:38,081:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-07-13 21:46:39,312:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in
sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1574, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1287, in run
new_lineage = _get_and_save_cert(le_client, config, domains,
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 459, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 389, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 439, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2024-07-13 21:46:39,313:ERROR:certbot._internal.log:Some challenges have failed.

My web server is (include version):
nginx 1.18.0

The operating system my web server runs on is (include version):
ubuntu 22.04

My hosting provider, if applicable, is:
none

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
1.21.0

I have 2 domains:

  1. realisemotion.ai

  2. realisemotion.com

  3. is working.
    With 2) I am trying to redirect it to 1).

This is my config file:

upstream websocketHome {
server 127.0.0.1:5001;
}

server {
server_name www.realisemotion.ai realisemotion.ai ;
location / {
error_page 503 = /blank.html;
error_page 502 = /blank.html;
error_page 404 /blank.html;
error_page 500 502 503 504 /blank.html;

 proxy_http_version 1.1;
 proxy_set_header   Upgrade $http_upgrade;
 proxy_set_header   Connection keep-alive;
 proxy_set_header   Host $host;
 proxy_cache_bypass $http_upgrade;
 proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header   X-Forwarded-Proto $scheme;
 proxy_read_timeout 86400s;
 proxy_send_timeout 86400s;
 client_max_body_size 2M;

 proxy_pass     https://websocketHome;
}
 
 	 location /downloads {
		alias /var/www/downloads/;
}
 
add_header Last-Modified $date_gmt;
    add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
    if_modified_since off;
    expires off;
    etag off;



location = /blank.html {
    root /var/www/html/ErrorPages;
}


listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/realisemotion.ai/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/realisemotion.ai/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

any help would be great.

thanks

1 Like
2

You are using the NameCheap URL Redirect service on your '.com' domain. Well, at least for one of the IP in your DNS (there are two). That URL Redirect won't work for HTTPS redirects. You need to disable that and set the DNS to point only at the public IP of your nginx server.

Your '.ai' has just the one IP. Is a '.live' domain also yours? Because that also points to just the same single IP

Query results for A realisemotion.com
realisemotion.com.	0	IN	A	192.64.119.166
realisemotion.com.	0	IN	A	37.9.59.190
3 Likes
3

Hi
Thank you so much for your reply. I thought i had deleted all those redirects. I have not paid attention to detail. You have added to my knowledge though. I now do A lookups (I know obvious to me now) to determine these type of problems.

thank you! You are a life saver!

2 Likes
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.