The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: lightweightforyou.com

I ran this command: sudo certbot --nginx --test-cert -v

It produced this output:

2024-09-07 03:07:19,279:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2024-09-07 03:07:19,371:DEBUG:certbot._internal.main:certbot version: 2.11.0
2024-09-07 03:07:19,372:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3834/bin/certbot
2024-09-07 03:07:19,372:DEBUG:certbot._internal.main:Arguments: ['--nginx', '--test-cert', '-v', '--preconfigured-renewal']
2024-09-07 03:07:19,372:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-09-07 03:07:19,380:DEBUG:certbot._internal.log:Root logging level set at 20
2024-09-07 03:07:19,381:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2024-09-07 03:07:19,464:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='nginx', value='certbot_nginx._internal.configurator:NginxConfigurator', group='certbot.plugins')
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f62a9a02a30>
Prep: True
2024-09-07 03:07:19,464:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f62a9a02a30> and installer <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f62a9a02a30>
2024-09-07 03:07:19,464:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2024-09-07 03:07:19,506:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/162283333', new_authzr_uri=None, terms_of_service=None), 66f7de70fe593620898078f1e3ef9b78, Meta(creation_dt=datetime.datetime(2024, 9, 6, 16, 6, 29, tzinfo=<UTC>), creation_host='ubuntu-24.localhost', register_to_eff='dileep.learner@gmail.com'))>
2024-09-07 03:07:19,507:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2024-09-07 03:07:19,508:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2024-09-07 03:07:20,242:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 820
2024-09-07 03:07:20,242:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 07 Sep 2024 03:07:20 GMT
Content-Type: application/json
Content-Length: 820
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "3Kf-gSDA_fU": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
    "website": "https://letsencrypt.org/docs/staging-environment/"
  },
  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-09-07 03:07:20,244:DEBUG:certbot.util:Not suggesting name "_"
Traceback (most recent call last):
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/util.py", line 389, in get_filtered_names
    filtered_names.add(enforce_le_validity(name))
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/util.py", line 575, in enforce_le_validity
    raise errors.ConfigurationError(
certbot.errors.ConfigurationError: _ contains an invalid character. Valid characters are A-Z, a-z, 0-9, ., and -.
2024-09-07 03:07:23,426:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for lightweightforyou.com and www.lightweightforyou.com
2024-09-07 03:07:23,429:DEBUG:acme.client:Requesting fresh nonce
2024-09-07 03:07:23,429:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2024-09-07 03:07:23,669:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2024-09-07 03:07:23,670:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 07 Sep 2024 03:07:23 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 6wrlOJ0Tgm_-mWinXbLe0AFmote2aqFF5L0U_rL69C7Gd8oNIb0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2024-09-07 03:07:23,670:DEBUG:acme.client:Storing nonce: 6wrlOJ0Tgm_-mWinXbLe0AFmote2aqFF5L0U_rL69C7Gd8oNIb0
2024-09-07 03:07:23,670:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "lightweightforyou.com"\n    },\n    {\n      "type": "dns",\n      "value": "www.lightweightforyou.com"\n    }\n  ]\n}'
2024-09-07 03:07:23,671:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNjIyODMzMzMiLCAibm9uY2UiOiAiNndybE9KMFRnbV8tbVdpblhiTGUwQUZtb3RlMmFxRkY1TDBVX3JMNjlDN0dkOG9OSWIwIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "fYzNbPgM7PqEE2_IcDVLq1HHkh6ObArSDhl-oN-72siXgDbacddQRO5_X5AUyZe0ahiGsvgzmwnsT4t5clbtUJaE7PyJPko1AJQvr3TR3z7q7i2Uw5dyt2Z2B6JBE0whxKgvxvPgqrjo64ccxr7pr8_wJRzqwPUZFkYgrJ55PaURO6Gh92dalZXri8dE0e1mF6zAPF7AZuNR1mdqK9BTjP4C9lc0MFVKTIViTS-RzcoWOkuygG2_h8yPPdtNba4eiK4aMT7PE48IHeumNJ9KyzBXQATazrLb5LckWuQNQHISJJZwsM8iY_s9-VfJexXP_m6KoPFbfa7Yf9Kv_BCRtw",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImxpZ2h0d2VpZ2h0Zm9yeW91LmNvbSIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJ3d3cubGlnaHR3ZWlnaHRmb3J5b3UuY29tIgogICAgfQogIF0KfQ"
}
2024-09-07 03:07:23,970:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 515
2024-09-07 03:07:23,970:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sat, 07 Sep 2024 03:07:23 GMT
Content-Type: application/json
Content-Length: 515
Connection: keep-alive
Boulder-Requester: 162283333
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/162283333/18928497613
Replay-Nonce: _yLDrU7Hwwcmf2p-DOWHS4ZpDeL-2O0wLYQqcBJChAFl8bRB7ms
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2024-09-14T03:07:23Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "lightweightforyou.com"
    },
    {
      "type": "dns",
      "value": "www.lightweightforyou.com"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13902850853",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13902850863"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/162283333/18928497613"
}
2024-09-07 03:07:23,971:DEBUG:acme.client:Storing nonce: _yLDrU7Hwwcmf2p-DOWHS4ZpDeL-2O0wLYQqcBJChAFl8bRB7ms
2024-09-07 03:07:23,971:DEBUG:acme.client:JWS payload:
b''
2024-09-07 03:07:23,971:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13902850853:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNjIyODMzMzMiLCAibm9uY2UiOiAiX3lMRHJVN0h3d2NtZjJwLURPV0hTNFpwRGVMLTJPMHdMWVFxY0JKQ2hBRmw4YlJCN21zIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzEzOTAyODUwODUzIn0",
  "signature": "H2cTBFWJhBNnMxMEQX2ZTVqjh7cFsSiPtQfZ0inFeWc_GvggWupiJbnZuktPvytxCv-YHgNJyrmDZLGQB9LgGedDk5h8oTZjih245eTJ9mWefBgKtk6KsAkPTkoQSRviu3truDx71Al4FamGxZiHGicnY71VMHex-Y66jZhQtpVmAtXRyUyK6iped5j9dZYW30_M4I6NGkXx4n7I3u-R8LnYb-6dRPVDj2dkr6WNFmi7du9SFOSU7PvRmYyEt-GVBzKKRl_7HvF6yz5kJX4Ca_Qt4EEdlirmUMqWYUSvwYumjZZpm1z_a_QD_LHdjDRa1YD64v2v53gDBjBnY3ZKOw",
  "payload": ""
}
2024-09-07 03:07:24,220:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13902850853 HTTP/1.1" 200 826
2024-09-07 03:07:24,220:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 07 Sep 2024 03:07:24 GMT
Content-Type: application/json
Content-Length: 826
Connection: keep-alive
Boulder-Requester: 162283333
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: _yLDrU7Hs6qN-NDcNT9of3u9gH2_mlhjaBpsT5fSjKGEw4dzHZM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "lightweightforyou.com"
  },
  "status": "pending",
  "expires": "2024-09-14T03:07:23Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13902850853/s-bZFA",
      "status": "pending",
      "token": "M6eOfB65Ltdjmj7RzQpcGGWSL8AF2uguk1EoQ7CLOU8"
    },
    {
      "type": "tls-alpn-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13902850853/snV90w",
      "status": "pending",
      "token": "M6eOfB65Ltdjmj7RzQpcGGWSL8AF2uguk1EoQ7CLOU8"
    },
    {
      "type": "dns-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13902850853/abmhYA",
      "status": "pending",
      "token": "M6eOfB65Ltdjmj7RzQpcGGWSL8AF2uguk1EoQ7CLOU8"
    }
  ]
}
2024-09-07 03:07:24,221:DEBUG:acme.client:Storing nonce: _yLDrU7Hs6qN-NDcNT9of3u9gH2_mlhjaBpsT5fSjKGEw4dzHZM
2024-09-07 03:07:24,221:DEBUG:acme.client:JWS payload:
b''
2024-09-07 03:07:24,222:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13902850863:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNjIyODMzMzMiLCAibm9uY2UiOiAiX3lMRHJVN0hzNnFOLU5EY05UOW9mM3U5Z0gyX21saGphQnBzVDVmU2pLR0V3NGR6SFpNIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzEzOTAyODUwODYzIn0",
  "signature": "OtqS2t_p3Do8Ixkwlw1vToyrku5BjbFZQNF4rgDQU6fYP64d3BfwkPERLbd5YW4fatP-PILLI_e80OvSyfkSSDZGJdO4a_3NLhmdPt1-nLH-s3GY6JD4mvm6UZJtMf2S0cSUPh8nMceLU7fs5ddRkFZm2qtsIC08SzDK90A7SU487-K3rWBd2TDDGdM_A5WpWXg2Ghhl6JEIfRHG27Kogk6szhJL-i3tkSRzt5Fyf5cG_Lb5r1nhoEn1_j_qcOcnB-6rww1-IOPjvEeLmUmfe0yqMwJokvDL_dvtBFSNAJ7-A6OGOQQ_xDSflnkb3QABiioMT2JyP3RrOyJC-2MY4w",
  "payload": ""
}
2024-09-07 03:07:24,469:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13902850863 HTTP/1.1" 200 830
2024-09-07 03:07:24,469:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 07 Sep 2024 03:07:24 GMT
Content-Type: application/json
Content-Length: 830
Connection: keep-alive
Boulder-Requester: 162283333
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: _yLDrU7HBRYhrLPWzh0uANVppcRQoAT9eq5tkYZVcqvtBLhj7zM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.lightweightforyou.com"
  },
  "status": "pending",
  "expires": "2024-09-14T03:07:23Z",
  "challenges": [
    {
      "type": "tls-alpn-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13902850863/Y-i1ow",
      "status": "pending",
      "token": "PEWy4cwY8NRyWNFFJ8Gu3PhlKcB7XJ-5na4wnFazUtY"
    },
    {
      "type": "dns-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13902850863/-qRbDA",
      "status": "pending",
      "token": "PEWy4cwY8NRyWNFFJ8Gu3PhlKcB7XJ-5na4wnFazUtY"
    },
    {
      "type": "http-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13902850863/Lb_Dng",
      "status": "pending",
      "token": "PEWy4cwY8NRyWNFFJ8Gu3PhlKcB7XJ-5na4wnFazUtY"
    }
  ]
}
2024-09-07 03:07:24,469:DEBUG:acme.client:Storing nonce: _yLDrU7HBRYhrLPWzh0uANVppcRQoAT9eq5tkYZVcqvtBLhj7zM
2024-09-07 03:07:24,470:INFO:certbot._internal.auth_handler:Performing the following challenges:
2024-09-07 03:07:24,470:INFO:certbot._internal.auth_handler:http-01 challenge for lightweightforyou.com
2024-09-07 03:07:24,470:INFO:certbot._internal.auth_handler:http-01 challenge for www.lightweightforyou.com
2024-09-07 03:07:24,480:DEBUG:certbot_nginx._internal.http_01:Generated server block:
[]
2024-09-07 03:07:24,480:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
2024-09-07 03:07:24,481:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/default
2024-09-07 03:07:24,481:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/lightweightforyou.com
2024-09-07 03:07:24,481:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
2024-09-07 03:07:24,481:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {
server_names_hash_bucket_size 128;
include /etc/letsencrypt/le_http_01_cert_challenge.conf;

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;

	##
	# Gzip Settings
	##

	gzip on;

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
#
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

2024-09-07 03:07:24,482:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/sites-enabled/lightweightforyou.com:
server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot

rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot


    listen 80;
    root /var/www/html;
    index index.html index.htm index.nginx-debian.html;
            server_name lightweightforyou.com www.lightweightforyou.com;
            location / {
                    proxy_pass http://localhost:3000;
                    proxy_http_version 1.1;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection 'upgrade';
                    proxy_set_header Host $host;
                    proxy_cache_bypass $http_upgrade;
                }
    location = /.well-known/acme-challenge/M6eOfB65Ltdjmj7RzQpcGGWSL8AF2uguk1EoQ7CLOU8{default_type text/plain;return 200 M6eOfB65Ltdjmj7RzQpcGGWSL8AF2uguk1EoQ7CLOU8.Ln_1V-a2y4AtnaPPY2wnmwP5lxDNs470WRA2ATOQq3k;} # managed by Certbot

location = /.well-known/acme-challenge/PEWy4cwY8NRyWNFFJ8Gu3PhlKcB7XJ-5na4wnFazUtY{default_type text/plain;return 200 PEWy4cwY8NRyWNFFJ8Gu3PhlKcB7XJ-5na4wnFazUtY.Ln_1V-a2y4AtnaPPY2wnmwP5lxDNs470WRA2ATOQq3k;} # managed by Certbot

}

2024-09-07 03:07:25,491:DEBUG:acme.client:JWS payload:
b'{}'
2024-09-07 03:07:25,493:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13902850853/s-bZFA:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNjIyODMzMzMiLCAibm9uY2UiOiAiX3lMRHJVN0hCUllockxQV3poMHVBTlZwcGNSUW9BVDllcTV0a1laVmNxdnRCTGhqN3pNIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzEzOTAyODUwODUzL3MtYlpGQSJ9",
  "signature": "iRsqAGxj0KwXgFd72J9p-VJljYUdPTyxhCfwncM4aja6zdyx2MYpW3iiDgw_zLwffcQIbgt_nUTxQQDckuwcmC5_YZZgkP4VBlxDl6c5VCfn5d3lOM_q8LYHDf0uVqmFQGVTDPCjiIrnNOimWo0d-QJ_8QZOQzpD4uQC34anr-IjE-55Vy5KkXhrb03db_6W_AubkCMrJ7Ni-im0vT5p7uDPeu-H7gDluGl7DqxfQcptkJnrOLaupHAcK0MvnFWcbAq4_W6HLftm_43EGZXUHwtW1AmGv_P_blMgQxbypAgSIwNqTNYBryK-JkrcHhnjGZCFXdx-EaaGkPckMbHIBg",
  "payload": "e30"
}
2024-09-07 03:07:25,744:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/13902850853/s-bZFA HTTP/1.1" 200 194
2024-09-07 03:07:25,745:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 07 Sep 2024 03:07:25 GMT
Content-Type: application/json
Content-Length: 194
Connection: keep-alive
Boulder-Requester: 162283333
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13902850853>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13902850853/s-bZFA
Replay-Nonce: 6wrlOJ0TiUX2DBU9YSwWWxmJVI63_jq7Xs2b5ZfoV8ELsJg3Too
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13902850853/s-bZFA",
  "status": "pending",
  "token": "M6eOfB65Ltdjmj7RzQpcGGWSL8AF2uguk1EoQ7CLOU8"
}
2024-09-07 03:07:25,745:DEBUG:acme.client:Storing nonce: 6wrlOJ0TiUX2DBU9YSwWWxmJVI63_jq7Xs2b5ZfoV8ELsJg3Too
2024-09-07 03:07:25,745:DEBUG:acme.client:JWS payload:
b'{}'
2024-09-07 03:07:25,746:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13902850863/Lb_Dng:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNjIyODMzMzMiLCAibm9uY2UiOiAiNndybE9KMFRpVVgyREJVOVlTd1dXeG1KVkk2M19qcTdYczJiNVpmb1Y4RUxzSmczVG9vIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzEzOTAyODUwODYzL0xiX0RuZyJ9",
  "signature": "VZBTIbfBEz_alf5DsZ_TlKL7Ldi20-9ULhJMA2rniAVMKZiZoybKVVUpOgJzErqUJZ9Y8NeqfjU4V6g2Yn3R-tdC-bHaUYTt7qEaiwiO1QIZe0Q1NtwrH-lsQcITnoyvAdJe78TQMTkj9XYiN8dR1VoxlVkzpo4pGkH1-_Ub0-xP2xA0f0cuN-S5fVItLkQ_1PUAXbMLKUoS7jgEqgU8rIt8TZ1Wg9vaE_GxLHlLFm_Clt6u9UvWwPUcLK8h9HdhubD1jLkCK3QH0NmBkGMzEhgY03jjUduLCMazHAzeNc3DZLSjrHx-oeqV0yz23hG3AygCKr9vuNnOOZOyGW1YEA",
  "payload": "e30"
}
2024-09-07 03:07:25,995:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/13902850863/Lb_Dng HTTP/1.1" 200 194
2024-09-07 03:07:25,995:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 07 Sep 2024 03:07:25 GMT
Content-Type: application/json
Content-Length: 194
Connection: keep-alive
Boulder-Requester: 162283333
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13902850863>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13902850863/Lb_Dng
Replay-Nonce: 6wrlOJ0TqD8hOex2yXmY_0ZuCjdRHQlXeYb6CpXuE5GvJF-UZI0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13902850863/Lb_Dng",
  "status": "pending",
  "token": "PEWy4cwY8NRyWNFFJ8Gu3PhlKcB7XJ-5na4wnFazUtY"
}
2024-09-07 03:07:25,995:DEBUG:acme.client:Storing nonce: 6wrlOJ0TqD8hOex2yXmY_0ZuCjdRHQlXeYb6CpXuE5GvJF-UZI0
2024-09-07 03:07:25,995:INFO:certbot._internal.auth_handler:Waiting for verification...
2024-09-07 03:07:26,997:DEBUG:acme.client:JWS payload:
b''
2024-09-07 03:07:26,998:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13902850853:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNjIyODMzMzMiLCAibm9uY2UiOiAiNndybE9KMFRxRDhoT2V4MnlYbVlfMFp1Q2pkUkhRbFhlWWI2Q3BYdUU1R3ZKRi1VWkkwIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzEzOTAyODUwODUzIn0",
  "signature": "AXSeS5Za6MV4TGYISynNBdNyVtKS4TPQmq9yxTtLKBHDRVN5II4yws79xkiI2n4Fj5z8kQS9zP5r2jylYMrHJFfN7FV-PXaS8HqmD34EsevYO0kgCIBFv0VoVaS8E2wQE15tL0ZOSTdXwQM9ugRwFmyqyh5XyopjoZKBx78OeEzx9vrvGHk0S5CCXJEGhtt66wnbB4jpnoaTMBxzt8_7ojRXa-Fky9QIOL9SsAobgPItHj99Q_coxVpSqOQ1ja40DVqqDBfo9cZ7KcEhXvTc5GTu9VhXVYnW1BuCg1EIebxdlFKA7dx7ACIPZnLMvKYc5RNEPfxjBHs_W0jeHmSBjw",
  "payload": ""
}
2024-09-07 03:07:27,245:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13902850853 HTTP/1.1" 200 1109
2024-09-07 03:07:27,245:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 07 Sep 2024 03:07:27 GMT
Content-Type: application/json
Content-Length: 1109
Connection: keep-alive
Boulder-Requester: 162283333
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 6wrlOJ0Tneybdw_AKlb07b1yomdBdiojiFG7NtvDqMm9oV31-NI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "lightweightforyou.com"
  },
  "status": "invalid",
  "expires": "2024-09-14T03:07:23Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13902850853/s-bZFA",
      "status": "invalid",
      "validated": "2024-09-07T03:07:25Z",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "2a02:4780:12:e89f::1: Invalid response from http://lightweightforyou.com/.well-known/acme-challenge/M6eOfB65Ltdjmj7RzQpcGGWSL8AF2uguk1EoQ7CLOU8: 404",
        "status": 403
      },
      "token": "M6eOfB65Ltdjmj7RzQpcGGWSL8AF2uguk1EoQ7CLOU8",
      "validationRecord": [
        {
          "url": "http://lightweightforyou.com/.well-known/acme-challenge/M6eOfB65Ltdjmj7RzQpcGGWSL8AF2uguk1EoQ7CLOU8",
          "hostname": "lightweightforyou.com",
          "port": "80",
          "addressesResolved": [
            "88.222.244.47",
            "2a02:4780:12:e89f::1"
          ],
          "addressUsed": "2a02:4780:12:e89f::1"
        }
      ]
    }
  ]
}
2024-09-07 03:07:27,246:DEBUG:acme.client:Storing nonce: 6wrlOJ0Tneybdw_AKlb07b1yomdBdiojiFG7NtvDqMm9oV31-NI
2024-09-07 03:07:27,246:DEBUG:acme.client:JWS payload:
b''
2024-09-07 03:07:27,247:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13902850863:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNjIyODMzMzMiLCAibm9uY2UiOiAiNndybE9KMFRuZXliZHdfQUtsYjA3YjF5b21kQmRpb2ppRkc3TnR2RHFNbTlvVjMxLU5JIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzEzOTAyODUwODYzIn0",
  "signature": "ktPUXY5t_hFrMxdq3QhTBcb5yBJy_hc5QqCCEMH6RH73M_rsFfZJL_99ksOfQrY0288D5O4FeNwmeGWBNOt2OU5tuoZgzRb0hsEuoXp-XoBC95SP6tNRNo7chkQV5nssY4_dSVBjslqpqfbDBtKUZoAa6HSDvneXsmIZGdiwXkvB-SpR3e561he4UM4E-EXRKVwMw5sxj0LfGcHj7G3ryYXe7qb8Fkh2Kw4Of_kTNsIOQPNbpxTOjC-4YNSwCkEGDAJty2wL2tigbKGbwWeA_swsC0AQNsEDOk85tuDm96Uu0N9c2fRpu3_L5tFmSyPeyW7QrMSEppvY5_YwqpRujQ",
  "payload": ""
}
2024-09-07 03:07:27,492:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13902850863 HTTP/1.1" 200 1125
2024-09-07 03:07:27,493:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 07 Sep 2024 03:07:27 GMT
Content-Type: application/json
Content-Length: 1125
Connection: keep-alive
Boulder-Requester: 162283333
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: _yLDrU7HOPuGXOPGr7NCcwpFnFahq8z7pC10bOwrYx9TEDdl5UE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.lightweightforyou.com"
  },
  "status": "invalid",
  "expires": "2024-09-14T03:07:23Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13902850863/Lb_Dng",
      "status": "invalid",
      "validated": "2024-09-07T03:07:25Z",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "2a02:4780:12:e89f::1: Invalid response from http://www.lightweightforyou.com/.well-known/acme-challenge/PEWy4cwY8NRyWNFFJ8Gu3PhlKcB7XJ-5na4wnFazUtY: 404",
        "status": 403
      },
      "token": "PEWy4cwY8NRyWNFFJ8Gu3PhlKcB7XJ-5na4wnFazUtY",
      "validationRecord": [
        {
          "url": "http://www.lightweightforyou.com/.well-known/acme-challenge/PEWy4cwY8NRyWNFFJ8Gu3PhlKcB7XJ-5na4wnFazUtY",
          "hostname": "www.lightweightforyou.com",
          "port": "80",
          "addressesResolved": [
            "88.222.244.47",
            "2a02:4780:12:e89f::1"
          ],
          "addressUsed": "2a02:4780:12:e89f::1"
        }
      ]
    }
  ]
}
2024-09-07 03:07:27,493:DEBUG:acme.client:Storing nonce: _yLDrU7HOPuGXOPGr7NCcwpFnFahq8z7pC10bOwrYx9TEDdl5UE
2024-09-07 03:07:27,493:INFO:certbot._internal.auth_handler:Challenge failed for domain lightweightforyou.com
2024-09-07 03:07:27,493:INFO:certbot._internal.auth_handler:Challenge failed for domain www.lightweightforyou.com
2024-09-07 03:07:27,493:INFO:certbot._internal.auth_handler:http-01 challenge for lightweightforyou.com
2024-09-07 03:07:27,493:INFO:certbot._internal.auth_handler:http-01 challenge for www.lightweightforyou.com
2024-09-07 03:07:27,493:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: lightweightforyou.com
  Type:   unauthorized
  Detail: 2a02:4780:12:e89f::1: Invalid response from http://lightweightforyou.com/.well-known/acme-challenge/M6eOfB65Ltdjmj7RzQpcGGWSL8AF2uguk1EoQ7CLOU8: 404

  Domain: www.lightweightforyou.com
  Type:   unauthorized
  Detail: 2a02:4780:12:e89f::1: Invalid response from http://www.lightweightforyou.com/.well-known/acme-challenge/PEWy4cwY8NRyWNFFJ8Gu3PhlKcB7XJ-5na4wnFazUtY: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

2024-09-07 03:07:27,494:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2024-09-07 03:07:27,494:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-09-07 03:07:27,494:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-09-07 03:07:28,553:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/3834/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/main.py", line 1450, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2024-09-07 03:07:28,554:ERROR:certbot._internal.log:Some challenges have failed.

My web server is (include version): nginx/1.24.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 24.04.1 LTS

My hosting provider, if applicable, is: Hostinger VPS. But domain acquired from Squarespace

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.11.0

Welcome to the community @dileepg2005 and thanks for all the info.

The server block above only has a listen for IPv4. But, in your DNS there are both IPv4 and IPv6 addresses. To support IPv6 you need to add this

listen [::]:80;

and also ensure the IPv6 AAAA record has the correct address. If you do not support IPv6 you don't need this listen statement but then you need to remove the AAAA record from the DNS.

We often see new Hostinger systems with a wrong AAAA record as they set one up automatically and people don't know to remove it or change it. This may be helpful: How to manage AAAA records | Hostinger Help Center

And use this site to test connections
https://letsdebug.net

3 Likes

For the record, here is the current IP info:

Name:      lightweightforyou.com
Addresses: 2a02:4780:12:e89f::1
           88.222.244.47
2 Likes

Thanks a lot guys. Adding listen [::]:80; worked great.

Another help. I tested with test-cert and it's worked fine. And I wanted to point to PRODUCTION certificate. Executing certbot command is reinstalling test certificate only even though I didn't mention that. I ended up in modifying file in /etc/nginx/sites-available manually. Is there any command which I can use which removes all the certificate files and remove entries from the changed files and do clean up for a fresh certfiicate installation.

1 Like

I would not recommend that. Removing --test-cert from the command line should simply provide you with a production certificate, overwriting the previous test cert.

What's the output of sudo certbot certificates?

2 Likes