I am getting this error when try to create SSL certs on my application using certbot.
following are details on docker-compose, nginx cong and logs from certbot.
I would really appreciate any help. Thanks
domain: bot.lagen.law
digitalocean server.
prod.conf
server {
listen 80;
listen [::]:80;
server_name bot.lagen.law;
client_max_body_size 10M;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
try_files $uri $uri/ =404;
}
location / {
return 301 https://$host$request_uri; # Redirect all other requests to HTTPS
}
}
Docker Compose:
version: "3.4"
x-common: &common
stdin_open: true
tty: true
restart: unless-stopped
x-django-build: &chainlit-build
build:
context: .
services:
chainlit:
<<: [*chainlit-build, *common]
command: bash -c "poetry run chainlit run app.py --host=0.0.0.0 --port=8000"
ports:
- "8000:8000"
env_file:
- .env
volumes:
- ./:/code
nginx:
image: nginx:1.20.1
ports:
- "80:80"
- "443:443"
volumes:
- ./config/prod.conf:/etc/nginx/conf.d/default.conf
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
depends_on:
- chainlit
command: '/bin/sh -c ''while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"'''
<<: *common
certbot:
image: certbot/certbot
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
<<: *common
My domain is:
I ran this command:
/opt/certbot # certbot certonly --webroot -w /var/www/certbot -d bot.lagen.law --staging --agree-tos --register-unsafely-without-email --rsa-key-size 4096 --force-renewal -v
It produced this output:
docker exec -it lagenlaw20-certbot-1 /bin/sh
/opt/certbot # certbot certonly --webroot -w /var/www/certbot -d bot.lagen.law --staging --agree-tos --register-unsafely-without-email --rsa-key-size 4096 --force-renewal -v
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for bot.lagen.law
Performing the following challenges:
http-01 challenge for bot.lagen.law
Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification...
Challenge failed for domain bot.lagen.law
http-01 challenge for bot.lagen.law
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: bot.lagen.law
Type: unauthorized
Detail: 2a02:4780:4b:2424:5a49:23e6:f159:5a78: Invalid response from http://bot.lagen.law/.well-known/acme-challenge/kuGAkzmhON_tpvGAIZdaqDUhaI_2yZpBlxc8NUsD7P8: 404
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
/opt/certbot # cat /var/log/letsencrypt/letsencrypt.log
2025-05-15 18:15:54,781:DEBUG:certbot._internal.main:certbot version: 4.0.0
2025-05-15 18:15:54,782:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/local/bin/certbot
2025-05-15 18:15:54,782:DEBUG:certbot._internal.main:Arguments: ['--webroot', '-w', '/var/www/certbot', '-d', 'bot.lagen.law', '--staging', '--agree-tos', '--register-unsafely-without-email', '--rsa-key-size', '4096', '--force-renewal', '-v']
2025-05-15 18:15:54,782:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-05-15 18:15:54,806:DEBUG:certbot._internal.log:Root logging level set at 20
2025-05-15 18:15:54,809:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2025-05-15 18:15:54,809:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A separate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f6d178b1c40>
Prep: True
2025-05-15 18:15:54,810:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f6d178b1c40> and installer None
2025-05-15 18:15:54,810:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2025-05-15 18:15:55,185:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/199910224', new_authzr_uri=None, terms_of_service=None), c3c2a1ef8260a8beab2caa4200c421e4, Meta(creation_dt=datetime.datetime(2025, 5, 14, 20, 41, 54, tzinfo=datetime.timezone.utc), creation_host='9665c19d9229', register_to_eff=None))>
2025-05-15 18:15:55,187:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2025-05-15 18:15:55,192:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2025-05-15 18:15:55,620:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 1086
2025-05-15 18:15:55,620:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 15 May 2025 18:15:55 GMT
Content-Type: application/json
Content-Length: 1086
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"profiles": {
"classic": "https://letsencrypt.org/docs/profiles#classic",
"shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
"tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
},
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
"website": "https://letsencrypt.org/docs/staging-environment/"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert",
"yfvDUN7XJUE": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
2025-05-15 18:15:55,623:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for bot.lagen.law
2025-05-15 18:15:55,628:DEBUG:acme.client:Requesting fresh nonce
2025-05-15 18:15:55,628:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2025-05-15 18:15:55,769:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-05-15 18:15:55,769:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 15 May 2025 18:15:55 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: wQsUmzDh5qAa-c-4U8awG_h14u_HJgAx4UvP4IEsoNntmEGyU-I
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2025-05-15 18:15:55,770:DEBUG:acme.client:Storing nonce: wQsUmzDh5qAa-c-4U8awG_h14u_HJgAx4UvP4IEsoNntmEGyU-I
2025-05-15 18:15:55,770:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "bot.lagen.law"\n }\n ]\n}'
2025-05-15 18:15:55,778:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTk5MTAyMjQiLCAibm9uY2UiOiAid1FzVW16RGg1cUFhLWMtNFU4YXdHX2gxNHVfSEpnQXg0VXZQNElFc29ObnRtRUd5VS1JIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "MYT-yq8DyxRWaKbTabQN69MQ7FSo5LT381nfwr5kVYnruESjNFRLXBO8FBJjBW-Ejd-u4HspQf7DAH8mz-qJqifGe80k5ylL7r1AXDvZ68ke4A_dlgZ6H2DmY8d8v3MDJQgKHyh8aTEAACpUugXFvdIFA9iPUiY79kNstBQsZ9kuqRKixVy2aY0IU4nTRcWycSJC3urPqpJIjD1PK61RHeWRViGEM-OHzJu_fZ1MiSBOQ7Cups3ULja1atVQHL3lCWWoOWMMiGpKaplwtNcOHLffVu5fKJkohcWv7jC1P8CtLYhcyLQtMKIJEcliJaa3-AlFtzK-XqgGZXflCG7L07ob_CAUBZyKGOIL5FO5oR4iClw-XJAiSNI_Udbugx5MyJXtDaz__d7tJ3sAKpkk9p3d0Il_tsARjaAweBl3kuVQ_6MpAVwlziPWJleeOoaD-EvglIRSQB8xSHzuKtChvMQBNNJB0vN9_DfQ82jTM5Sr_zBMnYCkDrjG9ZkBrbuwsTLxoivcX5V2LL4iy_-fxVcCetxLtU6vq1hFaL-o3zkR0-bmzBbV2ptRgJzp_v8IY_hAkptkbF5S8bG9v2fVLezIifnrxFJ9Tcms-1BblTyfu7SF3mRGn9UNXpTpJEqiFHifxdKqU43t3xaLeKE5k6JnL6lb9T6qZLxxJJWjEDg",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImJvdC5sYWdlbi5sYXciCiAgICB9CiAgXQp9"
}
2025-05-15 18:15:55,950:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 359
2025-05-15 18:15:55,951:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 15 May 2025 18:15:55 GMT
Content-Type: application/json
Content-Length: 359
Connection: keep-alive
Boulder-Requester: 199910224
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/199910224/24653919504
Replay-Nonce: wQsUmzDhocf-bBFD-E_WkUKUcYNiL76FFuegA6QUwg68fHnRm80
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2025-05-22T18:15:55Z",
"identifiers": [
{
"type": "dns",
"value": "bot.lagen.law"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz/199910224/17391851224"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/199910224/24653919504"
}
2025-05-15 18:15:55,951:DEBUG:acme.client:Storing nonce: wQsUmzDhocf-bBFD-E_WkUKUcYNiL76FFuegA6QUwg68fHnRm80
2025-05-15 18:15:55,952:DEBUG:acme.client:JWS payload:
b''
2025-05-15 18:15:55,959:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/199910224/17391851224:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTk5MTAyMjQiLCAibm9uY2UiOiAid1FzVW16RGhvY2YtYkJGRC1FX1drVUtVY1lOaUw3NkZGdWVnQTZRVXdnNjhmSG5SbTgwIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzE5OTkxMDIyNC8xNzM5MTg1MTIyNCJ9",
"signature": "lba4z84TV9dVNtrXt7VRUIjSG2xaPCdBe96mCV8Mm6zGinLBl955xH3Uho9dTY37kkxScWXgXEVQ6LgoBe44HB82EXJg_qmqh3Un5Gi8UWch8In-Ntq8g8XiH74KwEijRtECu-3b9iiLqOJsaQKWN7Xo1TLnE3ZVeaClXlcZlr3P8fYeYAFOJxhiFq2-PnyI4brq-aCnRtpar576GdIWb_sN6M5SO7V2bOGLqB2XyjxAjTqIUlJWngPcQ-g3_Jw-oxxGcbE8XqYidFgXyQejY6K0pjxEszj-PcH8snWRGNwo311u-d1HimE1NOkXWYpDEuUj3p6A9b-yWw0i21mJTq34OSJ4kLwMqPQcsKiAR_S69dWe_g7TJqOvQJjw2dMnRo1EXSmmPJuriMLnhpZIGI0oPLnWDTbt0V45TsYchWv0V555jGSatJh8KzLyRbvRGMnWqXvwXCVU_62f_LelYI20AM6F21uXFyrzGnF1nKb2BgTvrcA7Fuom0kURLdiPYMYGhsKSegysm2pVGOUZLd61Cb-S1XW2nZjsPWVah4hoWRN9Gz4WHZH_T3nzsCBoemz5TFU4nQHr84bOrq-MEcvAJpiv0zHW1wqOxYZ7rKdlQC6Hqslgq72NPKaH-hx-st2_WYhdHdeelHNKd7Ei2jOuhdiOhbPaIoVU9SSBBpA",
"payload": ""
}
2025-05-15 18:15:56,108:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/199910224/17391851224 HTTP/1.1" 200 839
2025-05-15 18:15:56,108:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 15 May 2025 18:15:56 GMT
Content-Type: application/json
Content-Length: 839
Connection: keep-alive
Boulder-Requester: 199910224
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: wQsUmzDh4gHmjbFXg_RTg0ud8EMpO2ttQGZj1ispUKkMHvqP2_s
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "bot.lagen.law"
},
"status": "pending",
"expires": "2025-05-22T18:15:55Z",
"challenges": [
{
"type": "tls-alpn-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/199910224/17391851224/AYYkrw",
"status": "pending",
"token": "kuGAkzmhON_tpvGAIZdaqDUhaI_2yZpBlxc8NUsD7P8"
},
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/199910224/17391851224/W8DIrg",
"status": "pending",
"token": "kuGAkzmhON_tpvGAIZdaqDUhaI_2yZpBlxc8NUsD7P8"
},
{
"type": "dns-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/199910224/17391851224/Zd3Kwg",
"status": "pending",
"token": "kuGAkzmhON_tpvGAIZdaqDUhaI_2yZpBlxc8NUsD7P8"
}
]
}
2025-05-15 18:15:56,109:DEBUG:acme.client:Storing nonce: wQsUmzDh4gHmjbFXg_RTg0ud8EMpO2ttQGZj1ispUKkMHvqP2_s
2025-05-15 18:15:56,110:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-05-15 18:15:56,110:INFO:certbot._internal.auth_handler:http-01 challenge for bot.lagen.law
2025-05-15 18:15:56,110:INFO:certbot._internal.plugins.webroot:Using the webroot path /var/www/certbot for all unmatched domains.
2025-05-15 18:15:56,111:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/certbot/.well-known/acme-challenge
2025-05-15 18:15:56,114:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/certbot/.well-known/acme-challenge/kuGAkzmhON_tpvGAIZdaqDUhaI_2yZpBlxc8NUsD7P8
2025-05-15 18:15:56,114:DEBUG:acme.client:JWS payload:
b'{}'
2025-05-15 18:15:56,120:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall/199910224/17391851224/W8DIrg:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTk5MTAyMjQiLCAibm9uY2UiOiAid1FzVW16RGg0Z0htamJGWGdfUlRnMHVkOEVNcE8ydHRRR1pqMWlzcFVLa01IdnFQMl9zIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzE5OTkxMDIyNC8xNzM5MTg1MTIyNC9XOERJcmcifQ",
"signature": "S-EZl2QjEAXcDcAMtpJn2pQ5dDFIWePkfUkRghS1dRWECVEB7Pwarn9c8IOFVCG3qOoBmNbCwTDx0AdDu1uiYGYAWSt2LQIUsOjCBeZ4oUIZIQpkavGGdP3FZwL7PicfNsuyZbjgT5tphGbwpIh7aA6MiOxyj93LCphALrK5uXKtDViw0mJRqkZtFa3Kt6ZpZpFJQ5p1x18MXoFLT4aBZUc2ohGKO5q99n6oeV8ttK6cTnb9EpL8Qtvmou-IZ3acDRk-Ij9BYQLDVE5e9XH71ubSnMx3UPvTSa7T6u22T1lSE50iC5MU98vDq-QZbsHiqVsymXObfxzpyGkgnQRbwSUI10FAr6dC9Ihaofge6AN8BrMMOnuNa9YNiMHMnXWT_adkijUkx_ZpheTsZlEM_WppO4PSNNmMKz29lotAMfkZ6BQ8EdWj8DeMtfsS4gvmWE9DhqqHTmkQaY_O6t_LnbQRxM-fiGvNnhqCXXKtV9YVuypSpExlDhPqsehcm0KWIRAl6JZuCv94P6Jj6bzJn9nqOgLNHQ3ZXLmJmY8ikBNDZEfzSokK353MEzuFF2VDDc50AFwTmvAkOq0ucaLNQNS-CUY6RVIIC8PODNArjWnSNyTLUaH7pR5GRINb7mJos6JPF2ADCt48xAcknKr15WDxf7Nt4jEPPUSLmjwOufI",
"payload": "e30"
}
2025-05-15 18:15:56,275:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall/199910224/17391851224/W8DIrg HTTP/1.1" 200 201
2025-05-15 18:15:56,276:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 15 May 2025 18:15:56 GMT
Content-Type: application/json
Content-Length: 201
Connection: keep-alive
Boulder-Requester: 199910224
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz/199910224/17391851224>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall/199910224/17391851224/W8DIrg
Replay-Nonce: eLNO5LzXivTMZW9z7sASyYX4Q97I6hpPjZrAgwFTfHo-XEw0Ml4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/199910224/17391851224/W8DIrg",
"status": "pending",
"token": "kuGAkzmhON_tpvGAIZdaqDUhaI_2yZpBlxc8NUsD7P8"
}
2025-05-15 18:15:56,276:DEBUG:acme.client:Storing nonce: eLNO5LzXivTMZW9z7sASyYX4Q97I6hpPjZrAgwFTfHo-XEw0Ml4
2025-05-15 18:15:56,277:INFO:certbot._internal.auth_handler:Waiting for verification...
2025-05-15 18:15:57,277:DEBUG:acme.client:JWS payload:
b''
2025-05-15 18:15:57,284:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/199910224/17391851224:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTk5MTAyMjQiLCAibm9uY2UiOiAiZUxOTzVMelhpdlRNWlc5ejdzQVN5WVg0UTk3STZocFBqWnJBZ3dGVGZIby1YRXcwTWw0IiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzE5OTkxMDIyNC8xNzM5MTg1MTIyNCJ9",
"signature": "YeHQsYy9C6UNQT1dyDZJDQ74L0BtWfTUyoiWDl0W-lhs4FfCuORsAx5nQgcjQnuoAU4sxg5YHIBtOTVbB4UB3k820QA_C-njvzb-INSZ6MqcrYrcTWogc2OLscCqI7Yqny21cAi-KwXXK2f_Qs7z2exuZ7nJt0CHAI6vdwg60f0B9qhyyFC9aOr7Z2PBl0abLulfeUJAdQblHVDnd-xYaKy4dIXiJ_xY9Xdmvy_49AnT3G_8QKsDsJW_YGzCwtCGFNfOzUzig5-M701Tngee8F38d8jRYc_CTyiy3fxD5G4-2kWtQf8aBBwK8cd0U8lGF7OuMCjgmk6V2gu1pbeZ7XbHtCZPV9hjiabBaGWvh2Sd8v633Y5GrdA0OaEOEhnvF50MMGyOERfrfXchPUGyBi64TlOWd5dW3RAggGkE6tNUqTZaBmKFfZx1ToF3zAF-4mWA7VThb1jAT4_cKUztNYl_LY3rSLki90ULj7deeOgr_etcgJqwun4Goi4T6XAB8PLClV7ZOZFVP7S0ojBA8BeDREzo5oOjJLsp0Nwp3EroIrC-ZQk2wvJRW9rY0X5bxO_4OGML1vgcLPIcn_1tz3mRlPP4OhyaBybZNzTM7wZ_JUARburXrfHjvuFtYe3jjFe6kymmhOUpVV9ElIJAtXrCtITK9jhtl8m2gpIm8g0",
"payload": ""
}
2025-05-15 18:15:57,429:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/199910224/17391851224 HTTP/1.1" 200 1137
2025-05-15 18:15:57,430:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 15 May 2025 18:15:57 GMT
Content-Type: application/json
Content-Length: 1137
Connection: keep-alive
Boulder-Requester: 199910224
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: wQsUmzDhKXUFpF-f9631XWx9Rb1v9PLj9KJ7GTQgSReB77DvtkU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "bot.lagen.law"
},
"status": "invalid",
"expires": "2025-05-22T18:15:55Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/199910224/17391851224/W8DIrg",
"status": "invalid",
"validated": "2025-05-15T18:15:56Z",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "2a02:4780:4b:2424:5a49:23e6:f159:5a78: Invalid response from http://bot.lagen.law/.well-known/acme-challenge/kuGAkzmhON_tpvGAIZdaqDUhaI_2yZpBlxc8NUsD7P8: 404",
"status": 403
},
"token": "kuGAkzmhON_tpvGAIZdaqDUhaI_2yZpBlxc8NUsD7P8",
"validationRecord": [
{
"url": "http://bot.lagen.law/.well-known/acme-challenge/kuGAkzmhON_tpvGAIZdaqDUhaI_2yZpBlxc8NUsD7P8",
"hostname": "bot.lagen.law",
"port": "80",
"addressesResolved": [
"159.223.234.103",
"2a02:4780:4b:2424:5a49:23e6:f159:5a78"
],
"addressUsed": "2a02:4780:4b:2424:5a49:23e6:f159:5a78"
}
]
}
]
}
2025-05-15 18:15:57,430:DEBUG:acme.client:Storing nonce: wQsUmzDhKXUFpF-f9631XWx9Rb1v9PLj9KJ7GTQgSReB77DvtkU
2025-05-15 18:15:57,431:INFO:certbot._internal.auth_handler:Challenge failed for domain bot.lagen.law
2025-05-15 18:15:57,431:INFO:certbot._internal.auth_handler:http-01 challenge for bot.lagen.law
2025-05-15 18:15:57,431:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: bot.lagen.law
Type: unauthorized
Detail: 2a02:4780:4b:2424:5a49:23e6:f159:5a78: Invalid response from http://bot.lagen.law/.well-known/acme-challenge/kuGAkzmhON_tpvGAIZdaqDUhaI_2yZpBlxc8NUsD7P8: 404
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
2025-05-15 18:15:57,433:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2025-05-15 18:15:57,433:DEBUG:certbot._internal.error_handler:Calling registered functions
2025-05-15 18:15:57,434:INFO:certbot._internal.auth_handler:Cleaning up challenges
2025-05-15 18:15:57,434:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/certbot/.well-known/acme-challenge/kuGAkzmhON_tpvGAIZdaqDUhaI_2yZpBlxc8NUsD7P8
2025-05-15 18:15:57,434:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2025-05-15 18:15:57,436:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 33, in <module>
sys.exit(load_entry_point('certbot', 'console_scripts', 'certbot')())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/src/certbot/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1872, in main
return config.func(config, plugins)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1578, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 143, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 523, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 424, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 502, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2025-05-15 18:15:57,444:ERROR:certbot._internal.log:Some challenges have failed.
/opt/certbot #
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot --version
certbot 4.0.0
