Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator None and installer None
Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f00e041c668>
Prep: True
Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7f00e041c668> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7f00e041c668>
Plugins selected: Authenticator nginx, Installer nginx
Picked account: <Account(RegistrationResource(uri='https://acme-v01.api.letsencrypt.org/acme/reg/13254777', new_authzr_uri='https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf', body=Registration(contact=('mailto:letsencrypt@shitter.tv',), agreement='https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf', only_return_existing=None, status=None, external_account_binding=None, terms_of_service_agreed=None, key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f00e02fd6a0>)>))), 424db555ee2113ea41a3fbc222cc1a85, Meta(creation_dt=datetime.datetime(2017, 4, 24, 19, 31, 53, tzinfo=<UTC>), creation_host='domain'))>
Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
"GET /directory HTTP/1.1" 200 658
Received response:
HTTP 200
Cache-Control: public, max-age=0, no-cache
Connection: keep-alive
X-Frame-Options: DENY
Content-Type: application/json
Server: nginx
Content-Length: 658
Date: Tue, 19 May 2020 19:57:22 GMT
Strict-Transport-Security: max-age=604800
{
"C9n9jRCPCxg": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: domain.de
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Generating key (2048 bits): /etc/letsencrypt/keys/0098_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0098_csr-certbot.pem
Requesting fresh nonce
Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
"HEAD /acme/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Cache-Control: public, max-age=0, no-cache
Connection: keep-alive
Replay-Nonce: 0102yLBaXdiKLdjEbezA-WVcWMyPLoeDWvw66abTF-uUpdw
X-Frame-Options: DENY
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Server: nginx
Date: Tue, 19 May 2020 19:57:26 GMT
Strict-Transport-Security: max-age=604800
Storing nonce: 0102yLBaXdiKLdjEbezA-WVcWMyPLoeDWvw66abTF-uUpdw
JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "domain.de"\n }\n ]\n}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"signature": "J5_UKGvpIeM-9OhbfPhQu4kDVE8rmpc_HBfN-s9y2AACo2Uj-FHJQ-BOBjXRC03mnTh11LNiLDcmlSfc2nynm7GsMzshy4Pbr768YAquWealeh3KMJ1kKa2rdIkcNR5KfYbsbobjur-tq75_J52ScqHPoaAk0q_v0LhShlvA66AzzOOKLQr4K-boMHCdnAQsZ0qQ4puN9OEBxn2hnem2uinydepcMvqMErYAXEDmsQsjDJnUYW3DeJ0ev5TdTu0TIuP3AYChBwHCHmb-1ourYyG5ZXauM_tpH9nTUqpSPa0GzR2TQ9sBNt3MOxElSthBaGPP3wBLssnVLcGF2JP4n4L7ZLOaBfNlabWjf1NPXlVIVBFoZXl6GN20e9VPYr8pcAh_nys_cr_IeaCew-Z8LgM2608KGaZCKgavfXsjHlTIdoVR_T7ExyeZjj2GJAmUtHdsNeAf0d6-EWjFdZJkTu9MlGAzeNjWShJ7ejkEEDZTM6cqbq3kul5V4WwBVcLM48v3BpG4RRlBMwbJc2O4J0cJwl5WVIYT3R5PJBagxVbYyIObRwGP3q0yQouPzmheH-v0S-1WxF0mfWqdlfHOPwHzH-cNSXQmN2ep6b3-gf3EhAIVj2S5yA9Aq4_8Y79wHklgu7c_3BzF9cn11FW-3LsE-SJBlzDH89gTRxHukss",
"protected": "eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9yZWcvMTMyNTQ3NzciLCAibm9uY2UiOiAiMDEwMnlMQmFYZGlLTGRqRWJlekEtV1ZjV015UExvZURXdnc2NmFiVEYtdVVwZHciLCAiYWxnIjogIlJTMjU2In0",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImFybmkucnV0ZWMuZGUiCiAgICB9CiAgXQp9"
}
"POST /acme/new-order HTTP/1.1" 201 343
Received response:
HTTP 201
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Location: https://acme-v02.api.letsencrypt.org/acme/order/13254777/3426934433
Content-Length: 343
Date: Tue, 19 May 2020 19:57:27 GMT
Strict-Transport-Security: max-age=604800
Connection: keep-alive
Replay-Nonce: 0102bFH5iL4s9oJxcQn0GkfkyP9V3SemnJCWZ-UvODYnqF8
Content-Type: application/json
Boulder-Requester: 13254777
Server: nginx
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
{
"status": "pending",
"expires": "2020-05-26T19:57:27.175057788Z",
"identifiers": [
{
"type": "dns",
"value": "domain.de"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/4685944164"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/13254777/3426934433"
}
Storing nonce: 0102bFH5iL4s9oJxcQn0GkfkyP9V3SemnJCWZ-UvODYnqF8
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/4685944164:
{
"signature": "ub5rEqSDgcXD3W5EJl6rU9bkUvIGZWAYQFuyhr7-vXfAGzp2YWh8NAGY52PzYBvIc9scgpQmgra32Qir4XoFrXKgzqSLyO7FpvdXpInr1dtFYtpInhiMOSx-tmaX7Hac8gMHP-AhIvVCQaNUjMiLe38PtQjFnqN6aPohft7q6styhUrA8pv6cxzcmQiDKoBULFBR6bPPg5x-RKXBbBAODgnYfo3XtrKUV2vMdZAWs_iTiV9uZMrjmypdi9OZGkUNP9xz-7291o6uFfflk2gd6sNgS9GzTcwYUfeAQ-oHL6nTLLVqPR6qo86EaKxS4kv7h4RgBDJQgh22k6z5DlIzbqoX9_F-pbXMqEpynlpcjkfuDbizp-tuX8ch_YHoz2oSatzWVq66WfwZDuXtwmM551kOmk3aqFOlJt0_6t1Ef2vqQEL50vAUPiOhI8_BYcQqiC9_mIWDxBEFPV6bJmG8fyvQEvA12PBbvevhmtFxcsMju8wAZ0wVKHBf5r7n_CkPVODUyOln-ztVA76aX18uwaLvYEXKtkTYrTbZjYGR0diEioX4C4QRYbXtedyeRFLyBlgx5JV0X-h25uKrmGitgrnFPKJoFuVeN2nkHEeUVUv2mR9vIBrJynUKTK6SaiP8oY0GF1KRlOFI_N1n1R0bnHSecToH8cPF--J5tMoWS1k",
"protected": "eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNDY4NTk0NDE2NCIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMS5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvcmVnLzEzMjU0Nzc3IiwgIm5vbmNlIjogIjAxMDJiRkg1aUw0czlvSnhjUW4wR2tma3lQOVYzU2VtbkpDV1otVXZPRFlucUY4IiwgImFsZyI6ICJSUzI1NiJ9",
"payload": ""
}
"POST /acme/authz-v3/4685944164 HTTP/1.1" 200 791
Received response:
HTTP 200
Cache-Control: public, max-age=0, no-cache
Boulder-Requester: 13254777
Replay-Nonce: 0101m8Neu2SiAwfn3nPIVpn7lFazhwJQvwNdopFL5dnp1RU
X-Frame-Options: DENY
Server: nginx
Connection: keep-alive
Strict-Transport-Security: max-age=604800
Content-Length: 791
Date: Tue, 19 May 2020 19:57:27 GMT
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Content-Type: application/json
{
"identifier": {
"type": "dns",
"value": "domain.de"
},
"status": "pending",
"expires": "2020-05-26T19:57:27Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4685944164/oKUouw",
"token": "uWKvs1DxOjOSV8kcQ52Gm9A-Abn-1qsLMYwhzF7yrsA"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4685944164/reGjdg",
"token": "uWKvs1DxOjOSV8kcQ52Gm9A-Abn-1qsLMYwhzF7yrsA"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4685944164/UM34EQ",
"token": "uWKvs1DxOjOSV8kcQ52Gm9A-Abn-1qsLMYwhzF7yrsA"
}
]
}
Storing nonce: 0101m8Neu2SiAwfn3nPIVpn7lFazhwJQvwNdopFL5dnp1RU
Performing the following challenges:
http-01 challenge for domain.de
Generated server block:
[]
Creating backup of /etc/nginx/mime.types
Creating backup of /etc/nginx/nginx.conf
Creating backup of /etc/nginx/conf.d/server.conf
Writing nginx conf tree to /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
include /etc/letsencrypt/le_http_01_cert_challenge.conf;
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
client_body_timeout 15;
client_header_timeout 15;
types_hash_max_size 2048;
server_tokens off;
server_names_hash_bucket_size 128;
server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 30m;
ssl_session_tickets off;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128- GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE- ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA- AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256- SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA- AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3- SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128- SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3- SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH- RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ecdh_curve secp384r1; ssl_prefer_server_ciphers on; ssl_dhparam /etc/nginx/dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
resolver_timeout 5s;
##
# Additional headers
##
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "SAMEORIGIN";
##
# Logging Settings
##
access_log /var/log/nginx/access.log combined buffer=16k;
error_log /var/log/nginx/error.log warn;
##
# File cache
##
open_file_cache max=10000 inactive=300s;
open_file_cache_valid 5m;
open_file_cache_min_uses 2;
open_file_cache_errors off;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 9;
gzip_min_length 1000;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/png image/gif image/jpeg;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
Writing nginx conf tree to /etc/nginx/conf.d/server.conf:
server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
listen 80;
listen 443 ssl http2;
listen [::]:80;
listen [::]:443 ssl http2;
server_name domain.de;
client_max_body_size 132m;
root /home/project/website;
index index.php;
try_files $uri $uri/ index.php?$args;
ssl_certificate /etc/letsencrypt/live/domain.de/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.de/privkey.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/domain.de/chain.pem;
location ~ /.+\.php$ {
try_files $uri /index.php;
fastcgi_index index.php;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location ~ /.well-known {
allow all;
}
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
location = /.well-known/acme-challenge/uWKvs1DxOjOSV8kcQ52Gm9A-Abn-1qsLMYwhzF7yrsA{default_type text/plain;return 200 uWKvs1DxOjOSV8kcQ52Gm9A-Abn-1qsLMYwhzF7yrsA.09aCJ3tIiWYvz2SggLO1SKbjjSGTWiZYGed8VquwcOA;} # managed by Certbot
}
Waiting for verification...
JWS payload:
b'{\n "type": "http-01",\n "resource": "challenge"\n}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/4685944164/oKUouw:
{
"signature": "TOrlimf0-H_e_W15cK7WSgMYOiY0S4963TQU6AxM5hfuITN8QzGoY0anF71TKthaNnhLuTKt25ZP2hmfepM_VrXWQoqTpGrY-s2fLmsjSbl-_Dsc2frhd_uFypOgw4UcOYJ3VlIoTnOMejCIinx-6BH4-fKQKnp8iWLmX8jLlF0L-h19PFI2O80Azz6AZ0h9RU6lvO8QV5m0veHZvIkV4C5kMST-ZBsHawjxWkGFAVN6_HrjFI9lESCxKzn7ei7t3yNsJv1V7Xj5c4AQVyq0aItGXoH9ZIALhQtO2OqIpro5gL4KiqVxoeRPCVZqYQwot6AU4XR8wzoGjlBA9tS6FXEXzL02bC4MVRj9ORiB6hxckxbLsgy5SWijiRA5-yrlW0g1qRp4R32D3tWPxw6LCC-jXCENtn1Y-qOHM8_OJQiyKK-H5zWIAAA4LoEfm6R9Teo0612sIlZ7_AINTO233dpnL7sJWq3r0k2p9mR7lAObaiGGaUkv3hAI7R6KJerMtnGQ8h0Tfr4vBO03P0YYZKC42ezp1nVoaAmNk_ZklYm4Z0cu6VtMhArtG4LM2NJjJt0a8k0hCFBw3CtyG2enCGuFqOshpehCF77pm0z1wGhMgktgPmkg1gj7iMgNPbrkRie1tjz0DMsdbf7EZehOcKCHcmZ1_86ZbnzQ6NEeU5o",
"protected": "eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvNDY4NTk0NDE2NC9vS1VvdXciLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8xMzI1NDc3NyIsICJub25jZSI6ICIwMTAxbThOZXUyU2lBd2ZuM25QSVZwbjdsRmF6aHdKUXZ3TmRvcEZMNWRucDFSVSIsICJhbGciOiAiUlMyNTYifQ",
"payload": "ewogICJ0eXBlIjogImh0dHAtMDEiLAogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiCn0"
}
"POST /acme/chall-v3/4685944164/oKUouw HTTP/1.1" 200 185
Received response:
HTTP 200
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/4685944164/oKUouw
Content-Length: 185
Date: Tue, 19 May 2020 19:57:28 GMT
Strict-Transport-Security: max-age=604800
Connection: keep-alive
Replay-Nonce: 0101ucxTk0pF0e9rugCCqJ6yLT_F2g_DZwzuBckS1TfuybE
Content-Type: application/json
Boulder-Requester: 13254777
Server: nginx
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/4685944164>;rel="up"
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4685944164/oKUouw",
"token": "uWKvs1DxOjOSV8kcQ52Gm9A-Abn-1qsLMYwhzF7yrsA"
}
Storing nonce: 0101ucxTk0pF0e9rugCCqJ6yLT_F2g_DZwzuBckS1TfuybE
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/4685944164:
{
"signature": "Zis5Jc11rlnauNdn-MzVtfWtpn2_Xm7C_-KyDx4QiXbjsmCKHYls3_vTN6x8PdwKIbRKwC_bbaD_Q8Pdg47pdtaz0oDFaZrKTj48OFftpr2O-k5ue11iqet7q60Jg_EuiSaAMLOyaoOgl5-rQi4y0-uQerRR0b-L3JgCdBc5f3rGmspqv1Vm1hnAaVBS7bHW81ybzDveWP1sHQ5kgP1AtrNvIHGgYeGbMbAZwpbU9Ezjes4aVxhxNWtLhr1Z934gxfJUOdD7z6tb4QA4PmkhlakZgGwvy0l1x13-BUxjdSzMKlW54BR5pSCqBARhwrShihzI85nH2EKP_SO5J4O5Tu8MQpHjrnxMa-dsZiToeneXu0qgUg9Qb3aVPr_4kE-eFw5ixZQ4Prb9GdUXwpIC0Ev0kjms_utIei6nY-TNR4srwB4allRm8Jax7dahdFNfPIUyAhJrP5y34_uKKbHFn25BclwuEvO0L5mBDFi1silgsB2Tua88jGo2JGIUgUFzxBaaOAfLyyFuytrf6H8RVxyUEuaRzr90XKeVRLBR6ibauUP_lQVGNiUaOfCsvxS1x2V7V7X2kmK5ddVTvDtQEmaT1HubWTjeHktbCpX3ne65yTjumcQirUExeNVVwhneX_8phFtG8voF-vwcH8I5sC88SYBNG7GWxnm_69EmiAY",
"protected": "eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNDY4NTk0NDE2NCIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMS5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvcmVnLzEzMjU0Nzc3IiwgIm5vbmNlIjogIjAxMDF1Y3hUazBwRjBlOXJ1Z0NDcUo2eUxUX0YyZ19EWnd6dUJja1MxVGZ1eWJFIiwgImFsZyI6ICJSUzI1NiJ9",
"payload": ""
}
"POST /acme/authz-v3/4685944164 HTTP/1.1" 200 791
Received response:
HTTP 200
Cache-Control: public, max-age=0, no-cache
Boulder-Requester: 13254777
Replay-Nonce: 0101U0lT1Y_rz-QPGQdE71k2MKXUlOa1sxMcAvrD9vm8ii4
X-Frame-Options: DENY
Server: nginx
Connection: keep-alive
Strict-Transport-Security: max-age=604800
Content-Length: 791
Date: Tue, 19 May 2020 19:57:32 GMT
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Content-Type: application/json
{
"identifier": {
"type": "dns",
"value": "domain.de"
},
"status": "pending",
"expires": "2020-05-26T19:57:27Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4685944164/oKUouw",
"token": "uWKvs1DxOjOSV8kcQ52Gm9A-Abn-1qsLMYwhzF7yrsA"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4685944164/reGjdg",
"token": "uWKvs1DxOjOSV8kcQ52Gm9A-Abn-1qsLMYwhzF7yrsA"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4685944164/UM34EQ",
"token": "uWKvs1DxOjOSV8kcQ52Gm9A-Abn-1qsLMYwhzF7yrsA"
}
]
}
Storing nonce: 0101U0lT1Y_rz-QPGQdE71k2MKXUlOa1sxMcAvrD9vm8ii4
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/4685944164:
{
"signature": "OLiUd3hxz-G4pmEEgumrUZmrL6QXvmF6BF4WM4VM3QoedIjCtsUP60IE-T3LvC1iPJdImd5QUTN5Sq39fDP8CozcVRV4y_0eYWH4hbabq7_PZ6rPZblSafOUXjU4JLkWRin4depj4wGdadCNKLK3mOyAXf49QWewKI1ExM4kT9rZjedb3YS28xxmThpXT2kxG_xHQT4UdzzIs7Ri4o2shJZqHjlnOjJB1Hgl2_sMRrTpQmJkkDUzEQmJUYDOQ99Xq7d4Eo3f8de2s8C0WWG3RZgVYnBqbH_X18UJNbswYKkVmEluA-bvecPA18rHYQi0IlcrFVQJnkau9CcNJTFhl5UGJeZOHeOC0mZjAGqdQ_U6LLp7DG0gZbAzfyHWHbqEL0Diz-Y4hhZA80JbdYrmNg0W5Vb9oV8x3WD0EhDxsFrzlTdyf6zY11CrQZU7vzsHWcjPUbs8S4qyTPFR5DOy6x7e8usdh_CZDyIpEmqrluidNpOmDstFLsinG6ug-vjobDTwnHiRz_iHyKNhPcEacjqSUuvY2Dr95z684HGwc_JkBb7U-c9ZYUfT2_oLiUAV9G6UVbgcCc47R7s25svypjqINzB61yJopF68q2p48JFhiLYd6MkdGRtgkE9yFQTJ-bTsMonsaahSz6cfLRJb05NcMgCWvSZ8np9cw53OkEw",
"protected": "eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNDY4NTk0NDE2NCIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMS5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvcmVnLzEzMjU0Nzc3IiwgIm5vbmNlIjogIjAxMDFVMGxUMVlfcnotUVBHUWRFNzFrMk1LWFVsT2Exc3hNY0F2ckQ5dm04aWk0IiwgImFsZyI6ICJSUzI1NiJ9",
"payload": ""
}
"POST /acme/authz-v3/4685944164 HTTP/1.1" 200 1127
Received response:
HTTP 200
Cache-Control: public, max-age=0, no-cache
Boulder-Requester: 13254777
Replay-Nonce: 0101pyNgpFXaTFU2morUnm-R4LAEBLHuKYOUu-rsoBf_KYE
X-Frame-Options: DENY
Server: nginx
Connection: keep-alive
Strict-Transport-Security: max-age=604800
Content-Length: 1127
Date: Tue, 19 May 2020 19:57:35 GMT
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Content-Type: application/json
{
"identifier": {
"type": "dns",
"value": "domain.de"
},
"status": "invalid",
"expires": "2020-05-26T19:57:27Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://domain.de/.well-known/acme-challenge/uWKvs1DxOjOSV8kcQ52Gm9A-Abn-1qsLMYwhzF7yrsA [87.128.29.169]: \"DOCUMENT NOT FOUND\\r\\n\u003cP\u003e\\r\\n\\r\\nThe requested document does not [or no longer] exist on this server. The link could be outdated or wr\"",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4685944164/oKUouw",
"token": "uWKvs1DxOjOSV8kcQ52Gm9A-Abn-1qsLMYwhzF7yrsA",
"validationRecord": [
{
"url": "http://domain.de/.well-known/acme-challenge/uWKvs1DxOjOSV8kcQ52Gm9A-Abn-1qsLMYwhzF7yrsA",
"hostname": "domain.de",
"port": "80",
"addressesResolved": [
"87.128.29.169"
],
"addressUsed": "87.128.29.169"
}
]
}
]
}
Storing nonce: 0101pyNgpFXaTFU2morUnm-R4LAEBLHuKYOUu-rsoBf_KYE
Reporting to user: The following errors were reported by the server:
Domain: domain.de
Type: unauthorized
Detail: Invalid response from http://domain.de/.well-known/acme-challenge/uWKvs1DxOjOSV8kcQ52Gm9A-Abn-1qsLMYwhzF7yrsA [87.128.29.169]: "DOCUMENT NOT FOUND\r\n<P>\r\n\r\nThe requested document does not [or no longer] exist on this server. The link could be outdated or wr"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. domain.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.de/.well-known/acme-challenge/uWKvs1DxOjOSV8kcQ52Gm9A-Abn-1qsLMYwhzF7yrsA [87.128.29.169]: "DOCUMENT NOT FOUND\r\n<P>\r\n\r\nThe requested document does not [or no longer] exist on this server. The link could be outdated or wr"
Calling registered functions
Cleaning up challenges
Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1119, in run
certname, lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 410, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. domain.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.de/.well-known/acme-challenge/uWKvs1DxOjOSV8kcQ52Gm9A-Abn-1qsLMYwhzF7yrsA [87.128.29.169]: "DOCUMENT NOT FOUND\r\n<P>\r\n\r\nThe requested document does not [or no longer] exist on this server. The link could be outdated or wr"
Failed authorization procedure. domain.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.de/.well-known/acme-challenge/uWKvs1DxOjOSV8kcQ52Gm9A-Abn-1qsLMYwhzF7yrsA [87.128.29.169]: "DOCUMENT NOT FOUND\r\n<P>\r\n\r\nThe requested document does not [or no longer] exist on this server. The link could be outdated or wr"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: domain.de
Type: unauthorized
Detail: Invalid response from
http://domain.de/.well-known/acme-challenge/uWKvs1DxOjOSV8kcQ52Gm9A-Abn-1qsLMYwhzF7yrsA
[87.128.29.169]: "DOCUMENT NOT FOUND\r\n<P>\r\n\r\nThe requested
document does not [or no longer] exist on this server. The link
could be outdated or wr"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
it doesn’t say anything about trying to create that specific file.