Timeout during connect (likely firewall problem)

I ran this command:
Variants (see attached logs) of sudo certbot renew --agree-tos

It produced this output:
(see attached logs)

My web server is (include version):
apache2 2.4.29-1ubuntu4.14

The operating system my web server runs on is (include version):
Ubuntu 18.04.5 LTS

My hosting provider, if applicable, is:
Own machine

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

Attached logs (anonymised):

Standard: Using apache authenticator and apache installer
2021-03-31 08:47:58,243:DEBUG:certbot.main:certbot version: 0.31.0
2021-03-31 08:47:58,249:DEBUG:certbot.main:Arguments: []
2021-03-31 08:47:58,253:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-03-31 08:47:58,308:DEBUG:certbot.log:Root logging level set at 20
2021-03-31 08:47:58,313:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-03-31 08:47:58,366:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0xb45728cc> and installer <certbot.cli._Default object at 0xb45728cc>
2021-03-31 08:47:58,429:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2021-04-18 04:25:55 UTC.
2021-03-31 08:47:58,429:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2021-03-31 08:47:58,430:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-03-31 08:47:58,983:DEBUG:certbot_apache.configurator:Apache version is 2.4.29
2021-03-31 08:48:05,666:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0xb45614cc>
Prep: True
2021-03-31 08:48:05,674:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0xb45614cc>
Prep: True
2021-03-31 08:48:05,675:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_debian.DebianConfigurator object at 0xb45614cc> and installer <certbot_apache.override_debian.DebianConfigurator object at 0xb45614cc>
2021-03-31 08:48:05,676:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2021-03-31 08:48:05,699:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/71984299', new_authzr_uri=None, terms_of_service=None), 11588215928fdd8186b0af7bb68c03c2, Meta(creation_dt=datetime.datetime(2019, 11, 17, 23, 42, 15, tzinfo=<UTC>), creation_host='samsung'))>
2021-03-31 08:48:05,707:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-03-31 08:48:05,717:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2021-03-31 08:48:06,813:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-03-31 08:48:06,817:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:18:06 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "5ItX7Yecuyw": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-03-31 08:48:06,820:INFO:certbot.main:Renewing an existing certificate
2021-03-31 08:48:07,368:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0053_key-certbot.pem
2021-03-31 08:48:07,433:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0053_csr-certbot.pem
2021-03-31 08:48:07,436:DEBUG:acme.client:Requesting fresh nonce
2021-03-31 08:48:07,436:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-03-31 08:48:07,661:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-03-31 08:48:07,665:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:18:07 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104F6gjSBh-iJU1GTHhHGBFt_ByECdY9qk-GtE1-hkCSZo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-03-31 08:48:07,667:DEBUG:acme.client:Storing nonce: 0104F6gjSBh-iJU1GTHhHGBFt_ByECdY9qk-GtE1-hkCSZo
2021-03-31 08:48:07,669:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "example.com"\n    },\n    {\n      "type": "dns",\n      "value": "www.example.com"\n    }\n  ]\n}'
2021-03-31 08:48:07,731:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwNEY2Z2pTQmgtaUpVMUdUSGhIR0JGdF9CeUVDZFk5cWstR3RFMS1oa0NTWm8iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "mcR5mCpvMQ4gSJ0hCmuTm-c52b8fDp9cwBaBT7NObgidRkS14sHnp8oUdLTtqWj1lz9IM_g5wya0iorvqWOnFL3F-3LW9rdtVUTeG9lcEb0G6gWmMAwmhAejNeZoNuaCqwunWlDPbjFWYTt6Z9hoVYIubCgy_8rl7axc8ee6y0VCUgzmGyl0AOGCdDahvmY6DD2eVHrqDhBXknq8j_8HMt58da06iy38P8HajM1UIv_FEy8zp8Y4GLkWr5Ni-N1EiPN2WOe4vcJZZLp2mqP6GM5uFhME7lDq8Rhb3kEO9qaEIpQAK0KPfAQmcspgLFVgIq9pbvuHBTPcQuF6XrMDMA",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNhbmRidXJuZXIubmV0IgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5zYW5kYnVybmVyLm5ldCIKICAgIH0KICBdCn0"
}
2021-03-31 08:48:08,107:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 475
2021-03-31 08:48:08,111:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 30 Mar 2021 22:18:08 GMT
Content-Type: application/json
Content-Length: 475
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/71984299/8767903542
Replay-Nonce: 0104ZZo2GPIFWyLDoqh4MYlCiFgwI8dcpKvBQe9bjRQxl68
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-04-06T22:18:07Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "example.com"
    },
    {
      "type": "dns",
      "value": "www.example.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/11964817928",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/11964817930"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/71984299/8767903542"
}
2021-03-31 08:48:08,112:DEBUG:acme.client:Storing nonce: 0104ZZo2GPIFWyLDoqh4MYlCiFgwI8dcpKvBQe9bjRQxl68
2021-03-31 08:48:08,115:DEBUG:acme.client:JWS payload:
b''
2021-03-31 08:48:08,170:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11964817928:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwNFpabzJHUElGV3lMRG9xaDRNWWxDaUZnd0k4ZGNwS3ZCUWU5YmpSUXhsNjgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTY0ODE3OTI4In0",
  "signature": "Ygm6TK4hkd_i5jvlWYoUcXFWvjAKJgOidFa0SdRL9zRJwygCgnF8fkgdybFIof4bgN-4D15cwmYj-u1o6gRNJUnP2ZxSA2hN3faDpYHnZHziL5CXXJXSvbHTZRBg1mrI09bRorfuN06Pz4b4kjItGKzCtCF2zOVKIGhnpG0p3XPdCxinHoOCDAqseDFd93TU0PTqamUtrhbFzpqjhyF1E2GglYGlPlSveVB0hxMm8_yZ1Ryfj7SCCJF9KJEP87CCqDRQR249Ga2AKAFiSIQk6zlp7oTzwQVZbl_gxumrvYguUmKAZ3yHJEOfXnSnOaWyLQtEh2MNEsa0B7FElMWQ3A",
  "payload": ""
}
2021-03-31 08:48:08,423:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11964817928 HTTP/1.1" 200 795
2021-03-31 08:48:08,427:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:18:08 GMT
Content-Type: application/json
Content-Length: 795
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103J2k8PsM_d_8lIz04mNOLg1ZNVA3Klfy59fLcjd2BxWA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "example.com"
  },
  "status": "pending",
  "expires": "2021-04-06T22:18:07Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817928/0UaIDA",
      "token": "fpG99vQ5oqthf7Ude06v2isApdOkE1rUguSaD-PkcfM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817928/W-wY6w",
      "token": "fpG99vQ5oqthf7Ude06v2isApdOkE1rUguSaD-PkcfM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817928/RKypZg",
      "token": "fpG99vQ5oqthf7Ude06v2isApdOkE1rUguSaD-PkcfM"
    }
  ]
}
2021-03-31 08:48:08,428:DEBUG:acme.client:Storing nonce: 0103J2k8PsM_d_8lIz04mNOLg1ZNVA3Klfy59fLcjd2BxWA
2021-03-31 08:48:08,432:DEBUG:acme.client:JWS payload:
b''
2021-03-31 08:48:08,487:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11964817930:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwM0oyazhQc01fZF84bEl6MDRtTk9MZzFaTlZBM0tsZnk1OWZMY2pkMkJ4V0EiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTY0ODE3OTMwIn0",
  "signature": "Gj52ZglD9ypwvJvfo6C4PliWYaVUT1h96LlCVtLOasURsvlBZ760P9RMUJkPBpmRh3HMd7cLBsUSyv7JCqPHm_IkgL03aiqyxIR9BIaV5q4aVaMJ-McC_R9bUk-fC9qVtsrgursOwXRJhG2cbgIvVHqseyxtxZZJ5rw7o-O6O5GxoK-dXvAsHfX79jYBKns9aavJdzFVBfIfGrWMVDkI1thI1DwMvhpmkiJwgyX6oCmH9zgxLE0xyCCGfdxt9GrzOQbKfCQ33TbxfY5g-Mjsa2cmOG1Y5lAE0s73XWilWPqcnm6eyJhpLNlv2gDuP34DULBhFFAXnl7ZnuuTeVFYOA",
  "payload": ""
}
2021-03-31 08:48:08,743:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11964817930 HTTP/1.1" 200 799
2021-03-31 08:48:08,747:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:18:08 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104mvGsfIt3B81S7aaFau2fqIaDbysbqzLRWmoU_5vnz9I
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.example.com"
  },
  "status": "pending",
  "expires": "2021-04-06T22:18:07Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817930/w8kT-A",
      "token": "Ft34TQmTqsA8IuZnt78vr_B8nnV79lEJKsl31QGHpec"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817930/yKIU6Q",
      "token": "Ft34TQmTqsA8IuZnt78vr_B8nnV79lEJKsl31QGHpec"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817930/aRQkjQ",
      "token": "Ft34TQmTqsA8IuZnt78vr_B8nnV79lEJKsl31QGHpec"
    }
  ]
}
2021-03-31 08:48:08,748:DEBUG:acme.client:Storing nonce: 0104mvGsfIt3B81S7aaFau2fqIaDbysbqzLRWmoU_5vnz9I
2021-03-31 08:48:08,753:INFO:certbot.auth_handler:Performing the following challenges:
2021-03-31 08:48:08,754:INFO:certbot.auth_handler:http-01 challenge for example.com
2021-03-31 08:48:08,756:INFO:certbot.auth_handler:http-01 challenge for www.example.com
2021-03-31 08:48:09,744:DEBUG:certbot_apache.http_01:Adding a temporary challenge validation Include for name: example.com in: /etc/apache2/sites-enabled/example_80-le-ssl.conf
2021-03-31 08:48:09,745:DEBUG:certbot_apache.http_01:Adding a temporary challenge validation Include for name: None in: /etc/apache2/sites-enabled/example_80.conf
2021-03-31 08:48:09,747:DEBUG:certbot_apache.http_01:writing a pre config file with text:
         RewriteEngine on
        RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
    
2021-03-31 08:48:09,748:DEBUG:certbot_apache.http_01:writing a post config file with text:
         <Directory /var/lib/letsencrypt/http_challenges>
            Require all granted
        </Directory>
        <Location /.well-known/acme-challenge>
            Require all granted
        </Location>
    
2021-03-31 08:48:09,919:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/example_80-le-ssl.conf
2021-03-31 08:48:09,921:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/example_80.conf
2021-03-31 08:48:14,431:INFO:certbot.auth_handler:Waiting for verification...
2021-03-31 08:48:14,435:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "challenge",\n  "type": "http-01"\n}'
2021-03-31 08:48:14,493:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817928/0UaIDA:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwNG12R3NmSXQzQjgxUzdhYUZhdTJmcUlhRGJ5c2JxekxSV21vVV81dm56OUkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzExOTY0ODE3OTI4LzBVYUlEQSJ9",
  "signature": "mumiM12mpm_zodzYI9bnv-pDdBe-UTs8K1M3dW8CzlxBtC4XEXT76YeSInF45gTZ8_Xml4gmGwH8_HTOOhfP4eGek8DOZ02phh2nm3addi91BOc_qXoXtcHF2APjQp3H4608ghXO-sfeQFwzuIqk0SanOEzs-AohmdVwA9SrcomXyJwswbsLS0v-GYQzcmNWgavm0r5pmQEUvsh-GleZcanSLY6DLvKWGb18HcmIB1PKCtRL6P7G5DERZawbXl2QUgc5H84SuiTQ0sEa95oAW14nrVO3HgV6ol7LUnO1eNUtl3hERyaiHVSqz7x523CdUFwmzsdnh1q63lLIifeUGw",
  "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
2021-03-31 08:48:14,765:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/11964817928/0UaIDA HTTP/1.1" 200 186
2021-03-31 08:48:14,770:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:18:14 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/11964817928>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817928/0UaIDA
Replay-Nonce: 0104FnXGbZsawxp99FPHEYqTByAAmqgV2wO97A3P_Z_JE7g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817928/0UaIDA",
  "token": "fpG99vQ5oqthf7Ude06v2isApdOkE1rUguSaD-PkcfM"
}
2021-03-31 08:48:14,771:DEBUG:acme.client:Storing nonce: 0104FnXGbZsawxp99FPHEYqTByAAmqgV2wO97A3P_Z_JE7g
2021-03-31 08:48:14,775:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "challenge",\n  "type": "http-01"\n}'
2021-03-31 08:48:14,828:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817930/w8kT-A:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwNEZuWEdiWnNhd3hwOTlGUEhFWXFUQnlBQW1xZ1Yyd085N0EzUF9aX0pFN2ciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzExOTY0ODE3OTMwL3c4a1QtQSJ9",
  "signature": "h4WZA0opABC3WjWgCwtVaGeTK-ZxRUpVj9ifUWznMfsJkNtnSsdipAd7iiyQsCif1hAsOFFlfvegt37sM2nscO5hc4AXmjwbiyqmPPimO52NGvuLMez8q8lA3m51rXRBoE3fMIsPO4E9widkrbRqelK6AuYmZHUiWfoWf1CGjMSd0PLmArwlYsvS-sjccHq6Ro43VMhPwj0SWCtFkf0VKUpwKXUtvxpB645mlBC-XADfTUYACLTZBPNn-lcXdSa6WiUEf35Wc15ze55CsVXpOzkqPOMQMz58wxbGy52RVvTG460DD9XIf2-ParkFQo8hvOkeFgPF4QFeAqAbnuu4JQ",
  "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
2021-03-31 08:48:15,108:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/11964817930/w8kT-A HTTP/1.1" 200 186
2021-03-31 08:48:15,113:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:18:15 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/11964817930>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817930/w8kT-A
Replay-Nonce: 0104IDoKhn5Ak3YjOM2r7eb9ZfeX_y3YD_Z5mutjNciRULY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817930/w8kT-A",
  "token": "Ft34TQmTqsA8IuZnt78vr_B8nnV79lEJKsl31QGHpec"
}
2021-03-31 08:48:15,114:DEBUG:acme.client:Storing nonce: 0104IDoKhn5Ak3YjOM2r7eb9ZfeX_y3YD_Z5mutjNciRULY
2021-03-31 08:48:18,119:DEBUG:acme.client:JWS payload:
b''
2021-03-31 08:48:18,178:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11964817928:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwNElEb0tobjVBazNZak9NMnI3ZWI5WmZlWF95M1lEX1o1bXV0ak5jaVJVTFkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTY0ODE3OTI4In0",
  "signature": "OJzaGnDZIWdETvt2Wj94gOU_xQ05vADqaYmQcKwxExVl9aKSv8C1OV_hq24xCbU9PsfEfNO__vsrd5Ykur_CNnmvSOChnTfV607bJiohoq6TB6dcDJnyUI-b_enVYYGEs_Np1fO4J4xeNwPfJFNr0iAnuP3NgAgPxUblrljaJI5yrkcuho4EQqQJZVpQRLwJ72GSCOj8D0HZxQN255WoVLZD1igMIUFgcevfPJwgF-9NexTZi_Ku6c25feh2b0yLONdhhbrAGsNsiNU6C-b9McHLGfH3I_u3fm96eo1LkiX8QiyBQvwxghfPhGWZADxVtw2anx0K6QlXhcC7G4b5HA",
  "payload": ""
}
2021-03-31 08:48:18,433:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11964817928 HTTP/1.1" 200 795
2021-03-31 08:48:18,437:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:18:18 GMT
Content-Type: application/json
Content-Length: 795
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104XNLJsx3uvoG6y3SyfMvIGRklTHQyyw3PB25HHcoK5CA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "example.com"
  },
  "status": "pending",
  "expires": "2021-04-06T22:18:07Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817928/0UaIDA",
      "token": "fpG99vQ5oqthf7Ude06v2isApdOkE1rUguSaD-PkcfM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817928/W-wY6w",
      "token": "fpG99vQ5oqthf7Ude06v2isApdOkE1rUguSaD-PkcfM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817928/RKypZg",
      "token": "fpG99vQ5oqthf7Ude06v2isApdOkE1rUguSaD-PkcfM"
    }
  ]
}
2021-03-31 08:48:18,439:DEBUG:acme.client:Storing nonce: 0104XNLJsx3uvoG6y3SyfMvIGRklTHQyyw3PB25HHcoK5CA
2021-03-31 08:48:18,442:DEBUG:acme.client:JWS payload:
b''
2021-03-31 08:48:18,497:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11964817930:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwNFhOTEpzeDN1dm9HNnkzU3lmTXZJR1JrbFRIUXl5dzNQQjI1SEhjb0s1Q0EiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTY0ODE3OTMwIn0",
  "signature": "HI92sY1O2IqkIAYKoATAdYirsBxvPz-rOkB35KvmP8oZmMRm2i4YTHsN-qn7VKQ2IwaNp7W00NFodmGkKFvJUBYrRqspOo8ghPN7szmVDoVaBDWmW9piePoJPPQ5FaIr6ks0TXi70TpURHpRgVfLi4rdgLbZCaes11HZiIpuNBN7Ok4KdyXAftfF_bZQbWsQugYe9s5di50EIKdH-5AcJ4Lx4e882v2XV0weJ6Mk_n4S4JInarl7eLT7osCcvV8ebPpxewDddWMCvmthD2_2G4LE2NHs8vw2yKSHgfq2S7tt_88qitj2b6LAlpugKo7Xp2PubO49JDl6hTE3CK_Vow",
  "payload": ""
}
2021-03-31 08:48:18,749:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11964817930 HTTP/1.1" 200 799
2021-03-31 08:48:18,754:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:18:18 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103UdFBjfxH-BSslij_vW_zx0XL-4SPYrVlSxx3Pyuv21E
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.example.com"
  },
  "status": "pending",
  "expires": "2021-04-06T22:18:07Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817930/w8kT-A",
      "token": "Ft34TQmTqsA8IuZnt78vr_B8nnV79lEJKsl31QGHpec"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817930/yKIU6Q",
      "token": "Ft34TQmTqsA8IuZnt78vr_B8nnV79lEJKsl31QGHpec"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817930/aRQkjQ",
      "token": "Ft34TQmTqsA8IuZnt78vr_B8nnV79lEJKsl31QGHpec"
    }
  ]
}
2021-03-31 08:48:18,755:DEBUG:acme.client:Storing nonce: 0103UdFBjfxH-BSslij_vW_zx0XL-4SPYrVlSxx3Pyuv21E
2021-03-31 08:48:21,762:DEBUG:acme.client:JWS payload:
b''
2021-03-31 08:48:21,821:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11964817928:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwM1VkRkJqZnhILUJTc2xpal92V196eDBYTC00U1BZclZsU3h4M1B5dXYyMUUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTY0ODE3OTI4In0",
  "signature": "Ks0Pr9iytmmzZAUD_3nQkZ4YDRFP3VQhj_XJ49hqSVlgf4r0nK445jxmVAxB9c0x0JZIg7_iG4_D2H5LjtcSotP0tbftV43YthrrJT_rG_Fzwu9BnZ4ckrjjodbjlsZAWWPSwJn2nu0wbnMCMoC3ud1EwT-HUtIz1w5UwcH6TAq_Gx2tT5Sfd0d4mq7QgROFtNrBPMhLyDFbiBI0hahjYU7clpuQm6dparqAq1HJ_cbgYj8vBj3zOIMT8hDeiFTNmbmX5ah93IOPWNzWILznUCGm2vjpbDhMJV2HAC7XjeCUlt5V6kNugF8txRVfC0nIQC-bT77ThncK4J9H-DBJ3Q",
  "payload": ""
}
2021-03-31 08:48:22,077:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11964817928 HTTP/1.1" 200 795
2021-03-31 08:48:22,082:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:18:21 GMT
Content-Type: application/json
Content-Length: 795
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104wI3jouedEcj0boQNWcsFZSjjJYcVceq0xXT5UvSJkfo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "example.com"
  },
  "status": "pending",
  "expires": "2021-04-06T22:18:07Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817928/0UaIDA",
      "token": "fpG99vQ5oqthf7Ude06v2isApdOkE1rUguSaD-PkcfM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817928/W-wY6w",
      "token": "fpG99vQ5oqthf7Ude06v2isApdOkE1rUguSaD-PkcfM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817928/RKypZg",
      "token": "fpG99vQ5oqthf7Ude06v2isApdOkE1rUguSaD-PkcfM"
    }
  ]
}
2021-03-31 08:48:22,083:DEBUG:acme.client:Storing nonce: 0104wI3jouedEcj0boQNWcsFZSjjJYcVceq0xXT5UvSJkfo
2021-03-31 08:48:22,087:DEBUG:acme.client:JWS payload:
b''
2021-03-31 08:48:22,141:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11964817930:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwNHdJM2pvdWVkRWNqMGJvUU5XY3NGWlNqakpZY1ZjZXEweFhUNVV2U0prZm8iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTY0ODE3OTMwIn0",
  "signature": "Gn0Y4758Xiq6gcnQ1RcOOWNuc1tVr85TK3DhC59ckw8wM0RZgBUK3OwsjXeu0o8oI26wE2QAWdx0WHxqb8fPk3v5oaLbYP5kTc72eUsCvNWRZckfg_ksf6aLR0vG9DFgM_JACs6NLVzefeASEC5lxzglqTNBPOTgwX-HTk-sDg_Lvqi7rQnDSi2SG4PXIT7WEkcG6_H5r1hwgNIAYOnu8AlyrtJDt_VOrK7vLXLF5BTGcna9g8uURxOz03KWeBczOPwKNsvWR2Fv7tsu9kk4O1NX5iNfkXLq8qrpNytzwlxYdpVFWedl0GnWWCt-qtkWvquIVfgJoWgF7hb0-nPDrQ",
  "payload": ""
}
2021-03-31 08:48:22,398:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11964817930 HTTP/1.1" 200 799
2021-03-31 08:48:22,402:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:18:22 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103_COmpqpV-U9o6BgY0zYbrpw9kLK-bEAMr040KJ5VzU8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.example.com"
  },
  "status": "pending",
  "expires": "2021-04-06T22:18:07Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817930/w8kT-A",
      "token": "Ft34TQmTqsA8IuZnt78vr_B8nnV79lEJKsl31QGHpec"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817930/yKIU6Q",
      "token": "Ft34TQmTqsA8IuZnt78vr_B8nnV79lEJKsl31QGHpec"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817930/aRQkjQ",
      "token": "Ft34TQmTqsA8IuZnt78vr_B8nnV79lEJKsl31QGHpec"
    }
  ]
}
2021-03-31 08:48:22,404:DEBUG:acme.client:Storing nonce: 0103_COmpqpV-U9o6BgY0zYbrpw9kLK-bEAMr040KJ5VzU8
2021-03-31 08:48:25,410:DEBUG:acme.client:JWS payload:
b''
2021-03-31 08:48:25,483:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11964817928:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwM19DT21wcXBWLVU5bzZCZ1kwellicnB3OWtMSy1iRUFNcjA0MEtKNVZ6VTgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTY0ODE3OTI4In0",
  "signature": "LAPyTR5A28Ti2r4JIaELkGQZN8J-u8K1ouu9goiHHcLx1_v3F-HjS83qSVzIUjoxS3V4Um-6H6DSn5kYqvfDM-uwE3SlzuCpET_jkVilh1j-O348xpBUFUTQ2jhW7CrSRn9DLPEF9QM1yOXw4Z7MDEcAsiuqwcbYtar8Nry6goFV7QDd4PLsJPLlRSEOQPyVvm9hI1xhkldpLlrykUi0SUWmlDpZJ1dRqCUXV_TFrUPVJXg0K5UBx2VJOVw4r2ZnoC1vu-6YZISpJRxhA6OC42jfkLhXhELaTdpkemVuMmpgU0LjJ0cM_vKxhaqgpfNauQFZGZWpf7OD4TtT72PTmQ",
  "payload": ""
}
2021-03-31 08:48:25,741:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11964817928 HTTP/1.1" 200 1036
2021-03-31 08:48:25,745:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:18:25 GMT
Content-Type: application/json
Content-Length: 1036
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104L03gU-IH2vCdenXDXiJEyLIuWUkj8JS2DaK6IFpUDWE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "example.com"
  },
  "status": "invalid",
  "expires": "2021-04-06T22:18:07Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "Fetching http://example.com/.well-known/acme-challenge/fpG99vQ5oqthf7Ude06v2isApdOkE1rUguSaD-PkcfM: Timeout during connect (likely firewall problem)",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817928/0UaIDA",
      "token": "fpG99vQ5oqthf7Ude06v2isApdOkE1rUguSaD-PkcfM",
      "validationRecord": [
        {
          "url": "http://example.com/.well-known/acme-challenge/fpG99vQ5oqthf7Ude06v2isApdOkE1rUguSaD-PkcfM",
          "hostname": "example.com",
          "port": "80",
          "addressesResolved": [
            "1.2.3.4"
          ],
          "addressUsed": "1.2.3.4"
        }
      ],
      "validated": "2021-03-30T22:18:14Z"
    }
  ]
}
2021-03-31 08:48:25,747:DEBUG:acme.client:Storing nonce: 0104L03gU-IH2vCdenXDXiJEyLIuWUkj8JS2DaK6IFpUDWE
2021-03-31 08:48:25,752:DEBUG:acme.client:JWS payload:
b''
2021-03-31 08:48:25,806:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11964817930:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwNEwwM2dVLUlIMnZDZGVuWERYaUpFeUxJdVdVa2o4SlMyRGFLNklGcFVEV0UiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTY0ODE3OTMwIn0",
  "signature": "TwMTFsKzwdTDi7I4RuKz3TS8sN0yuKe2oHd_qO5Ie7dUo14-tqvMpIJdRHi0Lztf2uVClyJS2Rsp8QkC4Rkvyfg4V0Vw1ucHQMG7st4HkkdKBrfXcGIm6IaulH9qW3DSfmTNsJUvghzEaBIjc33_OsoPOwjjMsMAXICu9UlPun9oqftrwJqJ8Z2aLq4Ql3ywXOkCaYzj4Cum8lXSEK_g01XSPLRX0VCsOVbOSfR7mE5_vEO9VA95ZVu5a3QXQLH2rpg9sfGcFHfrWhtgMOV4T2e_vnV1zwjoIj0wT0TPsswmE3AVMj60DVTA6oZx6e20n0HnsyifXL2TAeieyfqmkg",
  "payload": ""
}
2021-03-31 08:48:26,077:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11964817930 HTTP/1.1" 200 1052
2021-03-31 08:48:26,081:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:18:25 GMT
Content-Type: application/json
Content-Length: 1052
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104jRaUXhFOyBZTxLYaXVE2bE6PNsPLHgaZUiWmqLXShPo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.example.com"
  },
  "status": "invalid",
  "expires": "2021-04-06T22:18:07Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "Fetching http://www.example.com/.well-known/acme-challenge/Ft34TQmTqsA8IuZnt78vr_B8nnV79lEJKsl31QGHpec: Timeout during connect (likely firewall problem)",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11964817930/w8kT-A",
      "token": "Ft34TQmTqsA8IuZnt78vr_B8nnV79lEJKsl31QGHpec",
      "validationRecord": [
        {
          "url": "http://www.example.com/.well-known/acme-challenge/Ft34TQmTqsA8IuZnt78vr_B8nnV79lEJKsl31QGHpec",
          "hostname": "www.example.com",
          "port": "80",
          "addressesResolved": [
            "1.2.3.4"
          ],
          "addressUsed": "1.2.3.4"
        }
      ],
      "validated": "2021-03-30T22:18:14Z"
    }
  ]
}
2021-03-31 08:48:26,083:DEBUG:acme.client:Storing nonce: 0104jRaUXhFOyBZTxLYaXVE2bE6PNsPLHgaZUiWmqLXShPo
2021-03-31 08:48:26,089:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: example.com
Type:   connection
Detail: Fetching http://example.com/.well-known/acme-challenge/fpG99vQ5oqthf7Ude06v2isApdOkE1rUguSaD-PkcfM: Timeout during connect (likely firewall problem)

Domain: www.example.com
Type:   connection
Detail: Fetching http://www.example.com/.well-known/acme-challenge/Ft34TQmTqsA8IuZnt78vr_B8nnV79lEJKsl31QGHpec: Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2021-03-31 08:48:26,092:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://example.com/.well-known/acme-challenge/fpG99vQ5oqthf7Ude06v2isApdOkE1rUguSaD-PkcfM: Timeout during connect (likely firewall problem), www.example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.example.com/.well-known/acme-challenge/Ft34TQmTqsA8IuZnt78vr_B8nnV79lEJKsl31QGHpec: Timeout during connect (likely firewall problem)

2021-03-31 08:48:26,092:DEBUG:certbot.error_handler:Calling registered functions
2021-03-31 08:48:26,093:INFO:certbot.auth_handler:Cleaning up challenges
2021-03-31 08:48:29,148:WARNING:certbot.renewal:Attempting to renew cert (example.com) from /etc/letsencrypt/renewal/example.com.conf produced an unexpected error: Failed authorization procedure. example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://example.com/.well-known/acme-challenge/fpG99vQ5oqthf7Ude06v2isApdOkE1rUguSaD-PkcfM: Timeout during connect (likely firewall problem), www.example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.example.com/.well-known/acme-challenge/Ft34TQmTqsA8IuZnt78vr_B8nnV79lEJKsl31QGHpec: Timeout during connect (likely firewall problem). Skipping.
2021-03-31 08:48:29,155:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 465, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1193, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 323, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://example.com/.well-known/acme-challenge/fpG99vQ5oqthf7Ude06v2isApdOkE1rUguSaD-PkcfM: Timeout during connect (likely firewall problem), www.example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.example.com/.well-known/acme-challenge/Ft34TQmTqsA8IuZnt78vr_B8nnV79lEJKsl31QGHpec: Timeout during connect (likely firewall problem)

2021-03-31 08:48:29,164:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2021-03-31 08:48:29,166:ERROR:certbot.renewal:  /etc/letsencrypt/live/example.com/fullchain.pem (failure)
2021-03-31 08:48:29,167:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 490, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)

...continued in next post because of size limit...

Using standalone authenticator and apache installer
2021-03-30 20:08:00,941:DEBUG:certbot.main:certbot version: 0.31.0
2021-03-30 20:08:00,947:DEBUG:certbot.main:Arguments: ['--standalone', '--agree-tos']
2021-03-30 20:08:00,951:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-03-30 20:08:01,006:DEBUG:certbot.log:Root logging level set at 20
2021-03-30 20:08:01,011:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-03-30 20:08:01,064:DEBUG:certbot.plugins.selection:Requested authenticator standalone and installer <certbot.cli._Default object at 0xb455e2ac>
2021-03-30 20:08:01,064:DEBUG:certbot.cli:Var authenticator=standalone (set by user).
2021-03-30 20:08:01,127:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2021-04-18 04:25:55 UTC.
2021-03-30 20:08:01,128:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2021-03-30 20:08:01,129:DEBUG:certbot.plugins.selection:Requested authenticator standalone and installer apache
2021-03-30 20:08:01,685:DEBUG:certbot_apache.configurator:Apache version is 2.4.29
2021-03-30 20:08:08,384:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0xb44fbdcc>
Prep: True
2021-03-30 20:08:09,492:DEBUG:certbot.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0xb44fb7ec>
Prep: True
2021-03-30 20:08:09,493:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.standalone.Authenticator object at 0xb44fb7ec> and installer <certbot_apache.override_debian.DebianConfigurator object at 0xb44fbdcc>
2021-03-30 20:08:09,493:INFO:certbot.plugins.selection:Plugins selected: Authenticator standalone, Installer apache
2021-03-30 20:08:09,516:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/71984299', new_authzr_uri=None, terms_of_service=None), 11588215928fdd8186b0af7bb68c03c2, Meta(creation_dt=datetime.datetime(2019, 11, 17, 23, 42, 15, tzinfo=<UTC>), creation_host='samsung'))>
2021-03-30 20:08:09,524:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-03-30 20:08:09,534:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2021-03-30 20:08:10,500:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-03-30 20:08:10,505:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 09:38:10 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "g4jwhV1lRWg": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-03-30 20:08:10,508:INFO:certbot.main:Renewing an existing certificate
2021-03-30 20:08:13,170:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0048_key-certbot.pem
2021-03-30 20:08:13,235:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0048_csr-certbot.pem
2021-03-30 20:08:13,238:DEBUG:acme.client:Requesting fresh nonce
2021-03-30 20:08:13,238:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-03-30 20:08:13,463:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-03-30 20:08:13,468:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 09:38:13 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104uCiAjH861ctJWv8vJpx8q8MyFENFclyq7LAGINYRpNQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-03-30 20:08:13,469:DEBUG:acme.client:Storing nonce: 0104uCiAjH861ctJWv8vJpx8q8MyFENFclyq7LAGINYRpNQ
2021-03-30 20:08:13,472:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "example.com"\n    },\n    {\n      "type": "dns",\n      "value": "www.example.com"\n    }\n  ]\n}'
2021-03-30 20:08:13,532:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwNHVDaUFqSDg2MWN0Sld2OHZKcHg4cThNeUZFTkZjbHlxN0xBR0lOWVJwTlEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "lan_WoTrs9OUjAzmjH5j3Ea3xaBD-0cOmjL4cx9O3kbBaoWoWXbhKz_041m2477SAWfz3xd3n5tKTJUD5_JzflhaWb_AnElAIAYKgEW1vGYEixNqikFs7c5Hcw-8ThW25Iq4yCUP2CgEKGXuw0ClXPOP2B40bXMn1BoJgItiZswHGWX9YyJ_HCxvk4Ec78aUxzq4AwC2YX914GZL6uwfE6X90AU8SngY8CHqGqGxyXObtDIfqBjBM6vxhs7f8MIoUHAC0peDBznzwmJUe59MwSX02cVRFXj177kmYXqGotm5_WaDwCUFf_NjDx958BNoqM_84Amb4FIV4qSlV-a7Nw",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNhbmRidXJuZXIubmV0IgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5zYW5kYnVybmVyLm5ldCIKICAgIH0KICBdCn0"
}
2021-03-30 20:08:13,946:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 475
2021-03-30 20:08:13,951:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 30 Mar 2021 09:38:13 GMT
Content-Type: application/json
Content-Length: 475
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/71984299/8757501914
Replay-Nonce: 0104t18Jbm-EcxPoldzmasWDJuZjnEcXpyVMCV42JveIzT0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-04-06T09:38:13Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "example.com"
    },
    {
      "type": "dns",
      "value": "www.example.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/11951386336",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/11951386337"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/71984299/8757501914"
}
2021-03-30 20:08:13,952:DEBUG:acme.client:Storing nonce: 0104t18Jbm-EcxPoldzmasWDJuZjnEcXpyVMCV42JveIzT0
2021-03-30 20:08:13,955:DEBUG:acme.client:JWS payload:
b''
2021-03-30 20:08:14,009:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11951386336:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwNHQxOEpibS1FY3hQb2xkem1hc1dESnVaam5FY1hweVZNQ1Y0Mkp2ZUl6VDAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTUxMzg2MzM2In0",
  "signature": "dDeGnM4JdWu0GzHG7rZNIy2jpTyIr5NDGzqcEMUZSXTvuaAmH8Ztbw4ZJc9cqm1OBM-q-XR-4OXq7UA87tR44cnLgcU9nj37NgKf1eodeyV8XOyLZViJNyYSLJiO1lCibFhI2ZSuHf3ytNc8UfXbMpCszeb0RgYB43XGKd9294Uy55Lf5O0gnD-lEsuKlIAQEEyjNInUeIoNYAjfDh5830ddJcDMDvdzhefmYQBlXZfRWDcuvor4i0CuxnE8niX7mEOVRuIL4oMq1k3AKE2bJs0bZmiqJrS7JAJLG8Z4D1oxm6gY4Sm69TaKZOpz6est3l6Hv8R0aIOkVujqItccqQ",
  "payload": ""
}
2021-03-30 20:08:14,266:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11951386336 HTTP/1.1" 200 795
2021-03-30 20:08:14,270:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 09:38:14 GMT
Content-Type: application/json
Content-Length: 795
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103VPYuEkH8G3yoM8FlS_rVk1aGcOPjcbUazZLhBzu27mk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "example.com"
  },
  "status": "pending",
  "expires": "2021-04-06T09:38:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386336/9uz3kg",
      "token": "8kcHy9adYnM2qCSxB71i6-pYFPv8AB8--KsY_OJVGNE"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386336/53Li3A",
      "token": "8kcHy9adYnM2qCSxB71i6-pYFPv8AB8--KsY_OJVGNE"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386336/TXxScw",
      "token": "8kcHy9adYnM2qCSxB71i6-pYFPv8AB8--KsY_OJVGNE"
    }
  ]
}
2021-03-30 20:08:14,271:DEBUG:acme.client:Storing nonce: 0103VPYuEkH8G3yoM8FlS_rVk1aGcOPjcbUazZLhBzu27mk
2021-03-30 20:08:14,274:DEBUG:acme.client:JWS payload:
b''
2021-03-30 20:08:14,328:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11951386337:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwM1ZQWXVFa0g4RzN5b004RmxTX3JWazFhR2NPUGpjYlVhelpMaEJ6dTI3bWsiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTUxMzg2MzM3In0",
  "signature": "WwX7sQ3W492KJKLXwtAZAvXm0z_clNsOaHUVCBOWpE08V8wB981ZwmhcvL1V2xr3kHHVNKC68etKFIcm-m_piVR-hInJRly_YW9r4OltpAFJASksK9MLe8wAjAmabqvNW7d5Yzxxm6nNYRdOgEcShsEyaq5jW5nJjiaAVfw9vD1IPlf9wIhUdENNfh1z6mxItceyJ3Jr58wRNdXpb2VwUXA7sKMSckLPyWJ0t5uvn_jjZl-6dVa_7qhaB9vwllLjikBbqcUi0htopN-p4yzJ4AhJ7Gu3lXTNmac9pMgQjh3qM-9zOoiXhhlphx-72u9HfSiixNyzPKxUY6frd8lOxQ",
  "payload": ""
}
2021-03-30 20:08:14,596:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11951386337 HTTP/1.1" 200 799
2021-03-30 20:08:14,600:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 09:38:14 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103mYCOUAZqzvYB08TtO6555qZJepaDdCPWad3svvGIHqo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.example.com"
  },
  "status": "pending",
  "expires": "2021-04-06T09:38:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386337/44g58w",
      "token": "PmCfJuruESilEUmqS8U0mADaYj2OfouoONVPJt33wnk"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386337/iHC23A",
      "token": "PmCfJuruESilEUmqS8U0mADaYj2OfouoONVPJt33wnk"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386337/VsfXow",
      "token": "PmCfJuruESilEUmqS8U0mADaYj2OfouoONVPJt33wnk"
    }
  ]
}
2021-03-30 20:08:14,602:DEBUG:acme.client:Storing nonce: 0103mYCOUAZqzvYB08TtO6555qZJepaDdCPWad3svvGIHqo
2021-03-30 20:08:14,607:INFO:certbot.auth_handler:Performing the following challenges:
2021-03-30 20:08:14,609:INFO:certbot.auth_handler:http-01 challenge for example.com
2021-03-30 20:08:14,610:INFO:certbot.auth_handler:http-01 challenge for www.example.com
2021-03-30 20:08:14,613:DEBUG:acme.standalone:Successfully bound to :80 using IPv6
2021-03-30 20:08:14,614:DEBUG:acme.standalone:Certbot wasn't able to bind to :80 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
2021-03-30 20:08:14,663:INFO:certbot.auth_handler:Waiting for verification...
2021-03-30 20:08:14,664:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "challenge",\n  "type": "http-01"\n}'
2021-03-30 20:08:14,722:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386336/9uz3kg:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwM21ZQ09VQVpxenZZQjA4VHRPNjU1NXFaSmVwYURkQ1BXYWQzc3Z2R0lIcW8iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzExOTUxMzg2MzM2Lzl1ejNrZyJ9",
  "signature": "khWGxLzXCZXDdgV2YRivgmXEUKyEvNHX9C_0MqxAQxvmJQ8h8IHsggOZzGfKXsng5IQjO7rvz5AX-gEibQg74tdlNTA9pdZfEd7tzOhb8X2FaLvH7AgimDPhQ7snnh7s4zFXeiBKomP1sBlw3amzspCAYVkq3G2l39Zc3WoU4gWL-jxoxYBlGcblOxH796jBO7CGzohh7R5KNCQRjwbH65-T87sRfJtiJwkNAst-jDZ9hlMhrpJ3KlywTPYwW5-d01bL7d9cOhh2qnpUFAlZrDKa7UtLP-qxLZoAhEGAISXJwvufZCAjDC-MQxipQ6EpZutMlqjtCRqxVZKSypRaOA",
  "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
2021-03-30 20:08:14,992:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/11951386336/9uz3kg HTTP/1.1" 200 186
2021-03-30 20:08:14,996:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 09:38:14 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/11951386336>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386336/9uz3kg
Replay-Nonce: 01046IVSs0oymuP3uSUD3xKIV59K3mz1b9aqipssL3n-qwE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386336/9uz3kg",
  "token": "8kcHy9adYnM2qCSxB71i6-pYFPv8AB8--KsY_OJVGNE"
}
2021-03-30 20:08:14,998:DEBUG:acme.client:Storing nonce: 01046IVSs0oymuP3uSUD3xKIV59K3mz1b9aqipssL3n-qwE
2021-03-30 20:08:15,002:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "challenge",\n  "type": "http-01"\n}'
2021-03-30 20:08:15,057:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386337/44g58w:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwNDZJVlNzMG95bXVQM3VTVUQzeEtJVjU5SzNtejFiOWFxaXBzc0wzbi1xd0UiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzExOTUxMzg2MzM3LzQ0ZzU4dyJ9",
  "signature": "V45-0CZzp8dXi4R4nbOPZ_nt2qnUH1pHsV9pyNtntkVPZ4HnNQ-9B_isyeDYgByDgaFseSxMJIDapPBVi2oY3ygBen0JvqW_hA3bMEcaKSpXwXyyt4mPfCRva8DOouMVABTnaZvVW5qPb_HEd4vTKGjpWfp5hSBz7TBCnpaYlZ7rP0pnyltx8ECfn49nA5dME3DvcxChJxIFjHJgK_DCCZsX15CF16YEQ_-0q_S7ixq14U2alZp_63hsS0FzSfVLWPin1nRE5D7m3gPy-nkaVJK29tMo-UEQrV62PZ6q0TY1T3PTPLTCiWdSf67DRn1FoEnLPeVMrhr4RyRM6vsh9A",
  "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
2021-03-30 20:08:15,328:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/11951386337/44g58w HTTP/1.1" 200 186
2021-03-30 20:08:15,332:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 09:38:15 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/11951386337>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386337/44g58w
Replay-Nonce: 0104Lqy0K4MUNQaxhfy7jspLSl5iwF9tbZuZASwkTzuxPjE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386337/44g58w",
  "token": "PmCfJuruESilEUmqS8U0mADaYj2OfouoONVPJt33wnk"
}
2021-03-30 20:08:15,334:DEBUG:acme.client:Storing nonce: 0104Lqy0K4MUNQaxhfy7jspLSl5iwF9tbZuZASwkTzuxPjE
2021-03-30 20:08:15,447:DEBUG:acme.standalone:::ffff:3.128.26.105 - - Incoming request
2021-03-30 20:08:15,450:DEBUG:acme.standalone:::ffff:3.128.26.105 - - Serving HTTP01 with token '8kcHy9adYnM2qCSxB71i6-pYFPv8AB8--KsY_OJVGNE'
2021-03-30 20:08:15,451:DEBUG:acme.standalone:::ffff:3.128.26.105 - - "GET /.well-known/acme-challenge/8kcHy9adYnM2qCSxB71i6-pYFPv8AB8--KsY_OJVGNE HTTP/1.1" 200 -
2021-03-30 20:08:15,764:DEBUG:acme.standalone:::ffff:3.128.26.105 - - Incoming request
2021-03-30 20:08:15,766:DEBUG:acme.standalone:::ffff:3.128.26.105 - - Serving HTTP01 with token 'PmCfJuruESilEUmqS8U0mADaYj2OfouoONVPJt33wnk'
2021-03-30 20:08:15,767:DEBUG:acme.standalone:::ffff:3.128.26.105 - - "GET /.well-known/acme-challenge/PmCfJuruESilEUmqS8U0mADaYj2OfouoONVPJt33wnk HTTP/1.1" 200 -
2021-03-30 20:08:18,338:DEBUG:acme.client:JWS payload:
b''
2021-03-30 20:08:18,397:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11951386336:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwNExxeTBLNE1VTlFheGhmeTdqc3BMU2w1aXdGOXRiWnVaQVN3a1R6dXhQakUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTUxMzg2MzM2In0",
  "signature": "bENT4_phZzMhcuQfNEU-A5bqBSFLAxpGhA2w8Im8qZJOL5ce2XBj4fRIz4B3spHr6ckKWEDC4kk1XGXhUBRcCDzI29PuPvtFHIEcVfmVKHKX34ssMx2bdHD2NOlhmBvhSNVaskN55lalq-l164xxqO9dLfJa4P4ENxPVb85l2dOuvmbdj4LnUf3Bn1UI3-7IAgNU1UBiYatbSVK-uHtu7wb4_s8gzAmUCbOBnRZUvkczvVz6lMLjG7P4YHAgUP9R3CI60oRqfk8etN7mGL23hhAPA08VLpeLzOLWC4bvXgE8QgCKoZ9KSKOtlBFgMo71dWKyFOgBSPrrkSHIfUYYCQ",
  "payload": ""
}
2021-03-30 20:08:18,656:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11951386336 HTTP/1.1" 200 795
2021-03-30 20:08:18,660:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 09:38:18 GMT
Content-Type: application/json
Content-Length: 795
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104YinExDoy_hsYkFxYeU1LP8PZYM5i6i2Su_ARKcmIlTw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "example.com"
  },
  "status": "pending",
  "expires": "2021-04-06T09:38:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386336/9uz3kg",
      "token": "8kcHy9adYnM2qCSxB71i6-pYFPv8AB8--KsY_OJVGNE"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386336/53Li3A",
      "token": "8kcHy9adYnM2qCSxB71i6-pYFPv8AB8--KsY_OJVGNE"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386336/TXxScw",
      "token": "8kcHy9adYnM2qCSxB71i6-pYFPv8AB8--KsY_OJVGNE"
    }
  ]
}
2021-03-30 20:08:18,661:DEBUG:acme.client:Storing nonce: 0104YinExDoy_hsYkFxYeU1LP8PZYM5i6i2Su_ARKcmIlTw
2021-03-30 20:08:18,665:DEBUG:acme.client:JWS payload:
b''
2021-03-30 20:08:18,720:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11951386337:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwNFlpbkV4RG95X2hzWWtGeFllVTFMUDhQWllNNWk2aTJTdV9BUktjbUlsVHciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTUxMzg2MzM3In0",
  "signature": "fH-PQJT1QjD3IbVpC6rrHbBgdrKLs4kjQbpxVr78_xHnIhniWRpRSTDXOoYNp3SGFkp2g7yf2nzlLTRK0KTlBTEIv52nFlsP_fJ6H0y9dN97OgYTx6xcHO_a8VzMDD8Dv57zQSI-jb_BQWr_KOh1jF6nZns-fnqhJ7nTXVThuOYNNndzPSKVRrlVj8re-Y9E2OxWI9eJEKO4Sd2YnU7nCZreVdUPwympPuIvxwY8eb4gM5wdWr1f55xVvX8n2pa0tM7X9HRHEixxfxpKPmXLtoIeWIsP0DMJkY0_hJYr3AyAYycwG2pGB2JgNjdKxSqIGNE4oSdKLu4SzqClncpNpw",
  "payload": ""
}
2021-03-30 20:08:18,977:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11951386337 HTTP/1.1" 200 799
2021-03-30 20:08:18,981:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 09:38:18 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103UavTCj5wkn91N35qLzR63hlYGtGpjU1YeZqOf9NvkT8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.example.com"
  },
  "status": "pending",
  "expires": "2021-04-06T09:38:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386337/44g58w",
      "token": "PmCfJuruESilEUmqS8U0mADaYj2OfouoONVPJt33wnk"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386337/iHC23A",
      "token": "PmCfJuruESilEUmqS8U0mADaYj2OfouoONVPJt33wnk"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386337/VsfXow",
      "token": "PmCfJuruESilEUmqS8U0mADaYj2OfouoONVPJt33wnk"
    }
  ]
}
2021-03-30 20:08:18,983:DEBUG:acme.client:Storing nonce: 0103UavTCj5wkn91N35qLzR63hlYGtGpjU1YeZqOf9NvkT8
2021-03-30 20:08:21,991:DEBUG:acme.client:JWS payload:
b''
2021-03-30 20:08:22,050:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11951386336:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwM1VhdlRDajV3a245MU4zNXFMelI2M2hsWUd0R3BqVTFZZVpxT2Y5TnZrVDgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTUxMzg2MzM2In0",
  "signature": "aGxNAaN6eUAWlRfFRi_lUeCOYczTBaryToa2P9UiclI-yONkVZMYw3KfeSA1BOYmuDzsN9eBuMeMnpa8RQMQlmnwCNYNY9PAht5o12_-h5F9YpugrDcA_KR54UtGdsE44Hi_vizYsZlmxyqQFD1qq2lwdHw6h6CW2tiMPNP2nqbrEY0mhx_Xq7CyiQtnTMobNqpc6Yy1Jr5vLe1m_OHKc2e0cwlOcstb6SG6U5QlBPuK6JLxExXKJ6tzPdw9PRYNYcNbPLQuo2Yne5elbMADOJxWSFU4_Il7U3APdzUGwKUNRWUaaL6MCj6p8fWj0PtaQ5vRsaOfeFacry6azotMmA",
  "payload": ""
}
2021-03-30 20:08:22,309:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11951386336 HTTP/1.1" 200 795
2021-03-30 20:08:22,314:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 09:38:22 GMT
Content-Type: application/json
Content-Length: 795
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103urI2THElSO36DEzN_r3ivSNAgAueKJC1VsZZJtq_hEc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "example.com"
  },
  "status": "pending",
  "expires": "2021-04-06T09:38:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386336/9uz3kg",
      "token": "8kcHy9adYnM2qCSxB71i6-pYFPv8AB8--KsY_OJVGNE"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386336/53Li3A",
      "token": "8kcHy9adYnM2qCSxB71i6-pYFPv8AB8--KsY_OJVGNE"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386336/TXxScw",
      "token": "8kcHy9adYnM2qCSxB71i6-pYFPv8AB8--KsY_OJVGNE"
    }
  ]
}
2021-03-30 20:08:22,315:DEBUG:acme.client:Storing nonce: 0103urI2THElSO36DEzN_r3ivSNAgAueKJC1VsZZJtq_hEc
2021-03-30 20:08:22,320:DEBUG:acme.client:JWS payload:
b''
2021-03-30 20:08:22,374:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11951386337:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwM3VySTJUSEVsU08zNkRFek5fcjNpdlNOQWdBdWVLSkMxVnNaWkp0cV9oRWMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTUxMzg2MzM3In0",
  "signature": "Ne1gks8gZl4IMO2DcUcVTFpUYJFntxAhUxU9afdyVkT0acfJ8Bxhq_FOYGLwgYDR-cwtVUjYPDL4-9nW4H4WphmBIJiHlVM7FiEJGFL5Y_elQ3PAnHecu6GkqNL-ZyPjeRKX1_wftgm56tc_NFIGOPLvtQcMDnhRJ0WCcbTc0wlHjVbI7XWa__5r0srrnd5A3Ldn6A_2SUNs6KsdJK1vYgT0YfdJGRkh3pgp4Ojk0B41cbucRfaJcSVKX3QxV9FICzo3-HdVLP1_yLPnWaJ0QrI0GclXQxUltH3RglkGP98NjM9Eo_UN9kfl30QzrIqbOyhjUcJyOUkhsYXCIpUJPA",
  "payload": ""
}
2021-03-30 20:08:22,633:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11951386337 HTTP/1.1" 200 799
2021-03-30 20:08:22,636:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 09:38:22 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 010410wA8ahT0155P15ySdskskzlBb1neGxSET0qJC6PmBY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.example.com"
  },
  "status": "pending",
  "expires": "2021-04-06T09:38:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386337/44g58w",
      "token": "PmCfJuruESilEUmqS8U0mADaYj2OfouoONVPJt33wnk"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386337/iHC23A",
      "token": "PmCfJuruESilEUmqS8U0mADaYj2OfouoONVPJt33wnk"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386337/VsfXow",
      "token": "PmCfJuruESilEUmqS8U0mADaYj2OfouoONVPJt33wnk"
    }
  ]
}
2021-03-30 20:08:22,638:DEBUG:acme.client:Storing nonce: 010410wA8ahT0155P15ySdskskzlBb1neGxSET0qJC6PmBY
2021-03-30 20:08:25,644:DEBUG:acme.client:JWS payload:
b''
2021-03-30 20:08:25,705:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11951386336:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwNDEwd0E4YWhUMDE1NVAxNXlTZHNrc2t6bEJiMW5lR3hTRVQwcUpDNlBtQlkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTUxMzg2MzM2In0",
  "signature": "aEtHhYAZzY-usqw5EVqOozF1bfd42c0XQ-H1lq4GEicF_VrxtznsjssHLPZaKLp5XLueMcpcqh7ai3zLZUcwABbT9xC-LWJ1ITf1G-xBelzghQR9-h3NDi9P-UksbAvxKOqPq_DWLlvU5aU1DInQDSdkb8Ab990gyDQ-gSq7VqQ7q4t0iFFN27cSNIMfqvw2iScbKtgsGsaazfeSO0DMGkwo7bbPFi7b0-hal8Ymc2KDmIRSvwaMzSIW-a7fBcNzkS3tH4rhj3jBTnVQ0KyLaH0rYl68-_wgra5OuhIYheg5o-vZCDjHJVvaiHlzdPfMVvKBDiRoPguwj7dsQsKuQg",
  "payload": ""
}
2021-03-30 20:08:25,962:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11951386336 HTTP/1.1" 200 1036
2021-03-30 20:08:25,966:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 09:38:25 GMT
Content-Type: application/json
Content-Length: 1036
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103MfE_dghNz80PgG2s_vO_RUVdpu4TJ4ZVz_qewew_0ks
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "example.com"
  },
  "status": "invalid",
  "expires": "2021-04-06T09:38:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "Fetching http://example.com/.well-known/acme-challenge/8kcHy9adYnM2qCSxB71i6-pYFPv8AB8--KsY_OJVGNE: Timeout during connect (likely firewall problem)",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386336/9uz3kg",
      "token": "8kcHy9adYnM2qCSxB71i6-pYFPv8AB8--KsY_OJVGNE",
      "validationRecord": [
        {
          "url": "http://example.com/.well-known/acme-challenge/8kcHy9adYnM2qCSxB71i6-pYFPv8AB8--KsY_OJVGNE",
          "hostname": "example.com",
          "port": "80",
          "addressesResolved": [
            "1.2.3.4"
          ],
          "addressUsed": "1.2.3.4"
        }
      ],
      "validated": "2021-03-30T09:38:14Z"
    }
  ]
}
2021-03-30 20:08:25,968:DEBUG:acme.client:Storing nonce: 0103MfE_dghNz80PgG2s_vO_RUVdpu4TJ4ZVz_qewew_0ks
2021-03-30 20:08:25,973:DEBUG:acme.client:JWS payload:
b''
2021-03-30 20:08:26,027:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11951386337:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwM01mRV9kZ2hOejgwUGdHMnNfdk9fUlVWZHB1NFRKNFpWel9xZXdld18wa3MiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTUxMzg2MzM3In0",
  "signature": "exLsb-24KzfUY8R_ZDk5SVFy9ccOM9qMqR6tOdefl_s80i-hyrPsLiR8qCRzQM8_ugdsHVJ2rfKJ-S4JwBc-m9uFt1FqUKijqURuelLWgG8zT8kGayQHXvqdZRxw3EMQn8IXG4q302jXWfttxbsIM_bPGnkSXVu5-wUWOPaszMRn65LSUCg2XX-MRhuHoOINPDEYhp5U4waZjJmfhrqdZZdVmq7f7-Oxowx3DmXv86hP7ymjFMj_W-0jSekk4Mzt7KREpSGhOM_DJyws1XRwZTBuL6AtQDyWBtZqRDeCgv-TAKVLMaRBtTdP7y_UbbQmSIf-2N4pAihaMWnViFQLcQ",
  "payload": ""
}
2021-03-30 20:08:26,283:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11951386337 HTTP/1.1" 200 1052
2021-03-30 20:08:26,287:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 09:38:26 GMT
Content-Type: application/json
Content-Length: 1052
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103aNSxVqn8Df_7qqvHLhHNQJFftwEPO33-kYZ01imMtfI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.example.com"
  },
  "status": "invalid",
  "expires": "2021-04-06T09:38:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "Fetching http://www.example.com/.well-known/acme-challenge/PmCfJuruESilEUmqS8U0mADaYj2OfouoONVPJt33wnk: Timeout during connect (likely firewall problem)",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11951386337/44g58w",
      "token": "PmCfJuruESilEUmqS8U0mADaYj2OfouoONVPJt33wnk",
      "validationRecord": [
        {
          "url": "http://www.example.com/.well-known/acme-challenge/PmCfJuruESilEUmqS8U0mADaYj2OfouoONVPJt33wnk",
          "hostname": "www.example.com",
          "port": "80",
          "addressesResolved": [
            "1.2.3.4"
          ],
          "addressUsed": "1.2.3.4"
        }
      ],
      "validated": "2021-03-30T09:38:15Z"
    }
  ]
}
2021-03-30 20:08:26,289:DEBUG:acme.client:Storing nonce: 0103aNSxVqn8Df_7qqvHLhHNQJFftwEPO33-kYZ01imMtfI
2021-03-30 20:08:26,294:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: www.example.com
Type:   connection
Detail: Fetching http://www.example.com/.well-known/acme-challenge/PmCfJuruESilEUmqS8U0mADaYj2OfouoONVPJt33wnk: Timeout during connect (likely firewall problem)

Domain: example.com
Type:   connection
Detail: Fetching http://example.com/.well-known/acme-challenge/8kcHy9adYnM2qCSxB71i6-pYFPv8AB8--KsY_OJVGNE: Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2021-03-30 20:08:26,297:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.example.com/.well-known/acme-challenge/PmCfJuruESilEUmqS8U0mADaYj2OfouoONVPJt33wnk: Timeout during connect (likely firewall problem), example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://example.com/.well-known/acme-challenge/8kcHy9adYnM2qCSxB71i6-pYFPv8AB8--KsY_OJVGNE: Timeout during connect (likely firewall problem)

2021-03-30 20:08:26,297:DEBUG:certbot.error_handler:Calling registered functions
2021-03-30 20:08:26,298:INFO:certbot.auth_handler:Cleaning up challenges
2021-03-30 20:08:26,301:DEBUG:certbot.plugins.standalone:Stopping server at :::80...
2021-03-30 20:08:26,791:WARNING:certbot.renewal:Attempting to renew cert (example.com) from /etc/letsencrypt/renewal/example.com.conf produced an unexpected error: Failed authorization procedure. www.example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.example.com/.well-known/acme-challenge/PmCfJuruESilEUmqS8U0mADaYj2OfouoONVPJt33wnk: Timeout during connect (likely firewall problem), example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://example.com/.well-known/acme-challenge/8kcHy9adYnM2qCSxB71i6-pYFPv8AB8--KsY_OJVGNE: Timeout during connect (likely firewall problem). Skipping.
2021-03-30 20:08:26,802:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 465, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1193, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 323, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.example.com/.well-known/acme-challenge/PmCfJuruESilEUmqS8U0mADaYj2OfouoONVPJt33wnk: Timeout during connect (likely firewall problem), example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://example.com/.well-known/acme-challenge/8kcHy9adYnM2qCSxB71i6-pYFPv8AB8--KsY_OJVGNE: Timeout during connect (likely firewall problem)

2021-03-30 20:08:26,810:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2021-03-30 20:08:26,812:ERROR:certbot.renewal:  /etc/letsencrypt/live/example.com/fullchain.pem (failure)
2021-03-30 20:08:26,814:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 490, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)

Because there is an expected IPv4 error with the standard standalone argument relating to IPv6 (which I don't have), I also tried a standalone variant with the challenge address and port set explicitly to the machine's IPv4 address and port 80:

Using standalone authenticator with explicit address and apache installer
2021-03-31 09:26:53,917:DEBUG:certbot.main:certbot version: 0.31.0
2021-03-31 09:26:53,924:DEBUG:certbot.main:Arguments: ['--standalone', '--agree-tos', '--http-01-address', '192.168.1.146', '--http-01-port', '80']
2021-03-31 09:26:53,928:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-03-31 09:26:53,989:DEBUG:certbot.log:Root logging level set at 20
2021-03-31 09:26:53,995:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-03-31 09:26:54,054:DEBUG:certbot.plugins.selection:Requested authenticator standalone and installer <certbot.cli._Default object at 0xb45d028c>
2021-03-31 09:26:54,055:DEBUG:certbot.cli:Var authenticator=standalone (set by user).
2021-03-31 09:26:54,125:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2021-04-18 04:25:55 UTC.
2021-03-31 09:26:54,126:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2021-03-31 09:26:54,127:DEBUG:certbot.plugins.selection:Requested authenticator standalone and installer apache
2021-03-31 09:26:54,725:DEBUG:certbot_apache.configurator:Apache version is 2.4.29
2021-03-31 09:27:01,782:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0xb456de0c>
Prep: True
2021-03-31 09:27:05,064:DEBUG:certbot.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0xb456d38c>
Prep: True
2021-03-31 09:27:05,066:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.standalone.Authenticator object at 0xb456d38c> and installer <certbot_apache.override_debian.DebianConfigurator object at 0xb456de0c>
2021-03-31 09:27:05,067:INFO:certbot.plugins.selection:Plugins selected: Authenticator standalone, Installer apache
2021-03-31 09:27:05,090:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/71984299', new_authzr_uri=None, terms_of_service=None), 11588215928fdd8186b0af7bb68c03c2, Meta(creation_dt=datetime.datetime(2019, 11, 17, 23, 42, 15, tzinfo=<UTC>), creation_host='samsung'))>
2021-03-31 09:27:05,098:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-03-31 09:27:05,110:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2021-03-31 09:27:06,024:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-03-31 09:27:06,029:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:57:05 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "0hY9yfU1O9g": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-03-31 09:27:06,032:INFO:certbot.main:Renewing an existing certificate
2021-03-31 09:27:08,392:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0056_key-certbot.pem
2021-03-31 09:27:08,459:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0056_csr-certbot.pem
2021-03-31 09:27:08,462:DEBUG:acme.client:Requesting fresh nonce
2021-03-31 09:27:08,463:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-03-31 09:27:08,685:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-03-31 09:27:08,689:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:57:08 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103NAngs9y63uuKGqZrk2emIRmT8ssWIPzxMuRPJV6avas
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-03-31 09:27:08,691:DEBUG:acme.client:Storing nonce: 0103NAngs9y63uuKGqZrk2emIRmT8ssWIPzxMuRPJV6avas
2021-03-31 09:27:08,694:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "example.com"\n    },\n    {\n      "type": "dns",\n      "value": "www.example.com"\n    }\n  ]\n}'
2021-03-31 09:27:08,757:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwM05BbmdzOXk2M3V1S0dxWnJrMmVtSVJtVDhzc1dJUHp4TXVSUEpWNmF2YXMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "PJ1lnt1u84zpz-J5sGMtMWF5TGmB5J-pGU8b7jSnHuSLnMbp0LY_vzNVfTnBtt7uJYCsEOnO_yLHncmbUGcuFVQKR4yvgAuRf90JVCTdZTMPSmVXHAF769T7-zc2e4tbzJqYzFCCWzGE7XPj-YPY7a99FT0EW83Ktz4zqg_JCvq4RLceGb_q_K81btc0NabubU3TuhKU8RGj6krwfaO6-9Mr9nKE7F_Ows1A6m3yXPz4i9gvZXFIVgTnGD_MjEy1H0AavQpQ7-4PQ8Gz1jZv-oWMXJqTh7ClOp-Wy-HlBVXvIcp6OcAIr7fjpN4p-FfZn3l__AD71GGvMLgJuhtGwQ",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNhbmRidXJuZXIubmV0IgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5zYW5kYnVybmVyLm5ldCIKICAgIH0KICBdCn0"
}
2021-03-31 09:27:09,090:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 475
2021-03-31 09:27:09,095:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 30 Mar 2021 22:57:08 GMT
Content-Type: application/json
Content-Length: 475
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/71984299/8768469860
Replay-Nonce: 010418GyNyUAk33oTJZQ8o3bofrIC8xMwnrlvR0JxoIyahU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-04-06T22:53:04Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "example.com"
    },
    {
      "type": "dns",
      "value": "www.example.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/11965482468",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/11965482481"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/71984299/8768469860"
}
2021-03-31 09:27:09,097:DEBUG:acme.client:Storing nonce: 010418GyNyUAk33oTJZQ8o3bofrIC8xMwnrlvR0JxoIyahU
2021-03-31 09:27:09,099:DEBUG:acme.client:JWS payload:
b''
2021-03-31 09:27:09,155:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11965482468:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwNDE4R3lOeVVBazMzb1RKWlE4bzNib2ZySUM4eE13bnJsdlIwSnhvSXlhaFUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTY1NDgyNDY4In0",
  "signature": "bFKs3WDmjzKc8vU21W5PawaVtDyVgHak7E_Vg9ENUSt9DgvDU1KjM1fwVyr3CAj7jog_XGd7RVXvfrDCqZWER_-FargMzgIbKcj-IH5wopVjHLtBwHF0_DyzzVxh7Gqt5_jNb4432gNXA9XjkARmjC2qpNLtNp4pSa5gLA5R_isHZjnBwTfr57RVCAvUyqR4I_EGFqFg2_xca_MXiGXI2IYZcjlfwqDmg8N4Yn9bh7859jQNurb8wR4TlSgx0jsVatUqjYwRUH-pkQfQBLSF-MqPsClQg08UCK1cbPwGbAU79L7jqaKcdwRucbNIT_LLWapJ1Qw_fu7R5cu2dzGMOA",
  "payload": ""
}
2021-03-31 09:27:09,411:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11965482468 HTTP/1.1" 200 795
2021-03-31 09:27:09,416:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:57:09 GMT
Content-Type: application/json
Content-Length: 795
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104e1ewjugNUQoblCjV8GVPzzdWne0y1IX6FTf6AEXdV70
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "example.com"
  },
  "status": "pending",
  "expires": "2021-04-06T22:53:04Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482468/nz2-Mw",
      "token": "VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482468/dYF_ng",
      "token": "VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482468/NXk5Vg",
      "token": "VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0"
    }
  ]
}
2021-03-31 09:27:09,418:DEBUG:acme.client:Storing nonce: 0104e1ewjugNUQoblCjV8GVPzzdWne0y1IX6FTf6AEXdV70
2021-03-31 09:27:09,420:DEBUG:acme.client:JWS payload:
b''
2021-03-31 09:27:09,476:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11965482481:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwNGUxZXdqdWdOVVFvYmxDalY4R1ZQenpkV25lMHkxSVg2RlRmNkFFWGRWNzAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTY1NDgyNDgxIn0",
  "signature": "o6jHEDlJh9JWWnUM8f1s3g5XXC2BSpKKTwrxWEMqHQhapj6pM27nsWIEz0SwSU5j4Ovcx_cSCfB8-F4RgR3GBCxMTMywFimJnRRF7UcaeTi-T1jUMw3mdsPWq0iZZKGhxCFBrGRUP3FPnWtZbtplFIK3J-nUnMQ2ddAjBItonLs5cKIrfyRNewPQtZnaiWvV-CERdUQ8EdGbR8IAtNmJQ4rsVHmIYPaHCx-5nVo4M_1icLgJw4FJVD2jOu6ZbpCVaqMXEbYIslI0BN8AZ64tZKpj9k_aRevftT9dfuowHTVf7cP6Sx0MmEVF50V-ZkBoRcY7axQIsp3PSEuwZa-mvw",
  "payload": ""
}
2021-03-31 09:27:09,735:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11965482481 HTTP/1.1" 200 799
2021-03-31 09:27:09,740:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:57:09 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 01035vdTX8poIj-AYll-RNPVCql0_fLHPw0wIl0oWoPBoGQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.example.com"
  },
  "status": "pending",
  "expires": "2021-04-06T22:53:04Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482481/m413SA",
      "token": "k_l52kvvfScXPbiy2MFe6Cc2kz3qxOupLu107Rv3QPA"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482481/4jj5QA",
      "token": "k_l52kvvfScXPbiy2MFe6Cc2kz3qxOupLu107Rv3QPA"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482481/0mSLmA",
      "token": "k_l52kvvfScXPbiy2MFe6Cc2kz3qxOupLu107Rv3QPA"
    }
  ]
}
2021-03-31 09:27:09,741:DEBUG:acme.client:Storing nonce: 01035vdTX8poIj-AYll-RNPVCql0_fLHPw0wIl0oWoPBoGQ
2021-03-31 09:27:09,746:INFO:certbot.auth_handler:Performing the following challenges:
2021-03-31 09:27:09,747:INFO:certbot.auth_handler:http-01 challenge for example.com
2021-03-31 09:27:09,748:INFO:certbot.auth_handler:http-01 challenge for www.example.com
2021-03-31 09:27:09,751:DEBUG:acme.standalone:Failed to bind to 192.168.1.146:80 using IPv6
2021-03-31 09:27:09,756:DEBUG:acme.standalone:Successfully bound to 192.168.1.146:80 using IPv4
2021-03-31 09:27:09,809:INFO:certbot.auth_handler:Waiting for verification...
2021-03-31 09:27:09,811:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "challenge",\n  "type": "http-01"\n}'
2021-03-31 09:27:09,870:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482468/nz2-Mw:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwMzV2ZFRYOHBvSWotQVlsbC1STlBWQ3FsMF9mTEhQdzB3SWwwb1dvUEJvR1EiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzExOTY1NDgyNDY4L256Mi1NdyJ9",
  "signature": "HlZMnXPahihR0jjScaQhO7KSjGLR72GEKM77Vr4XZDtg6_pgFebcsbG3HQd07twLyV4ZnB5AcGn8cwTtEszSNQFD6vj-ZjlZVAESxCmbHwpXNY_EVsaembZMNXlBQIseKYlwcHNaiIl31nFAJNp2bs_LSauz-ACJ3PbauogDzg4xQlf4eCnU9QHPSgqq3SFSDDYTfuw90Jbjrn36XfykSzDlGqzeFplvEtqp6RCoGw8ecw3xHR6a_CmkWrLKS3lgi_wchNqkOMu0hRxhpvGsKu-6PCZYrSGYhNmrcm1vyqKwzHDHhLpSmyFDcFxTY1AEa_8nrtrZlGAJoDKzbZgDPQ",
  "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
2021-03-31 09:27:10,140:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/11965482468/nz2-Mw HTTP/1.1" 200 186
2021-03-31 09:27:10,145:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:57:10 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/11965482468>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482468/nz2-Mw
Replay-Nonce: 0103QCW4fPCYMyM_JtFqGBYm8_Ekpnt0VK0e47cbPajQHdM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482468/nz2-Mw",
  "token": "VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0"
}
2021-03-31 09:27:10,147:DEBUG:acme.client:Storing nonce: 0103QCW4fPCYMyM_JtFqGBYm8_Ekpnt0VK0e47cbPajQHdM
2021-03-31 09:27:10,151:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "challenge",\n  "type": "http-01"\n}'
2021-03-31 09:27:10,206:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482481/m413SA:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwM1FDVzRmUENZTXlNX0p0RnFHQlltOF9Fa3BudDBWSzBlNDdjYlBhalFIZE0iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzExOTY1NDgyNDgxL200MTNTQSJ9",
  "signature": "YwN88YrQzoPivv6kwxIakJfs-c-RFMDnm3UCxuPrUJUWVS6zmAbgP8A_Bi1jMaZj1e-USRkMBLgo3lIMi97gEiH9jo2UVmnw3TsHIQU4R79zOiAN1-vYYWCFfbXl6qqbFtKCVH8pE3XRgue9UC3nPY-oGtnH08A9fs7CulLjiqU1vvA8ud513zt0zD-zGtLNocx24cx62VK4H39Qm-yzsVeKJA8M_SKZcGjl5iqdY9hO4cCnbeBnBlepfdamo_owBHsarzfHRD_E3pRpChWj-SR3wt2YyTNsSuuOthvKOOa8XOH6m7FCLDZEMB8wOe4EAs_vGfRONCuTt0GRup4JAg",
  "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
2021-03-31 09:27:10,478:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/11965482481/m413SA HTTP/1.1" 200 186
2021-03-31 09:27:10,483:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:57:10 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/11965482481>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482481/m413SA
Replay-Nonce: 0104oD2KhAnA3sSeSas25ojrXJXAZ7u__C7JEK_F-lLBS2o
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482481/m413SA",
  "token": "k_l52kvvfScXPbiy2MFe6Cc2kz3qxOupLu107Rv3QPA"
}
2021-03-31 09:27:10,484:DEBUG:acme.client:Storing nonce: 0104oD2KhAnA3sSeSas25ojrXJXAZ7u__C7JEK_F-lLBS2o
2021-03-31 09:27:10,564:DEBUG:acme.standalone:52.28.236.88 - - Incoming request
2021-03-31 09:27:10,568:DEBUG:acme.standalone:52.28.236.88 - - Serving HTTP01 with token 'VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0'
2021-03-31 09:27:10,569:DEBUG:acme.standalone:52.28.236.88 - - "GET /.well-known/acme-challenge/VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0 HTTP/1.1" 200 -
2021-03-31 09:27:10,879:DEBUG:acme.standalone:3.128.26.105 - - Incoming request
2021-03-31 09:27:10,882:DEBUG:acme.standalone:3.128.26.105 - - Serving HTTP01 with token 'VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0'
2021-03-31 09:27:10,883:DEBUG:acme.standalone:3.128.26.105 - - "GET /.well-known/acme-challenge/VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0 HTTP/1.1" 200 -
2021-03-31 09:27:10,927:DEBUG:acme.standalone:3.22.70.135 - - Incoming request
2021-03-31 09:27:10,930:DEBUG:acme.standalone:3.22.70.135 - - Serving HTTP01 with token 'k_l52kvvfScXPbiy2MFe6Cc2kz3qxOupLu107Rv3QPA'
2021-03-31 09:27:10,931:DEBUG:acme.standalone:3.22.70.135 - - "GET /.well-known/acme-challenge/k_l52kvvfScXPbiy2MFe6Cc2kz3qxOupLu107Rv3QPA HTTP/1.1" 200 -
2021-03-31 09:27:13,490:DEBUG:acme.client:JWS payload:
b''
2021-03-31 09:27:13,552:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11965482468:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwNG9EMktoQW5BM3NTZVNhczI1b2pyWEpYQVo3dV9fQzdKRUtfRi1sTEJTMm8iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTY1NDgyNDY4In0",
  "signature": "NetiKU7ZcdIJA_cC4NCEuqBClL0V_g5GI3etLgeqyhH-w0F0apMb_lnb2fpXkMcgCoOD5bhSZe_R-YNcS4DPGlk4HDjWkf2WmVu8sP1HHu0d_S88IZqO-Te9BEr84B7pdVIJZ6AlJk5ZjSMaZ4xKyqtelkAaW3_AXxzgwMimkSyhxdYx3k1lIJ_wE4XbsBze3E9tJzrUqaU8pMHQKA1C1G6JFtNOs_Xx5l46sdL402KGsMBiriG8G1Q0kG4mtRt4sTIkC5acosizeZHJfShLOkYnQU8oEzKTWzlCbpfcgT1R7vK4Sv6dzAHMdb-s7LnQLxRQO7BbnE5329Dy6lbqiQ",
  "payload": ""
}
2021-03-31 09:27:13,803:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11965482468 HTTP/1.1" 200 795
2021-03-31 09:27:13,807:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:57:13 GMT
Content-Type: application/json
Content-Length: 795
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104__QAeFFSK_OVk1HZu1JP-rPyY75zj6E9FGEpPcP9AnI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "example.com"
  },
  "status": "pending",
  "expires": "2021-04-06T22:53:04Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482468/nz2-Mw",
      "token": "VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482468/dYF_ng",
      "token": "VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482468/NXk5Vg",
      "token": "VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0"
    }
  ]
}
2021-03-31 09:27:13,809:DEBUG:acme.client:Storing nonce: 0104__QAeFFSK_OVk1HZu1JP-rPyY75zj6E9FGEpPcP9AnI
2021-03-31 09:27:13,814:DEBUG:acme.client:JWS payload:
b''
2021-03-31 09:27:13,869:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11965482481:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwNF9fUUFlRkZTS19PVmsxSFp1MUpQLXJQeVk3NXpqNkU5RkdFcFBjUDlBbkkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTY1NDgyNDgxIn0",
  "signature": "D8t2h-Ztcj_Xtb-CAt6gOOYC6HWb-XmPjfX1_m4OWWf1iSIGn0O6akOAZ6iOCCW-SR7j1puCDT_ho26bwVi39GRG_bXgOhgUvPLuMtxJ9dXHHhxuuKSmNBKB2aa5wZ1THB9xKB_dKx8Z8IW-UZREuapA7qtYPyFXA-8ElpZPsKQy2O4vRXS_8PmmtNDRjhIfDROK1IwVDXXEpT3nRD29yopntbsdz8E9xHShdJD0fXcYqhX4jQFTRvar-ZlsEOOqoGLkUs12MOM6YJ6GRjTy1CUH4gTz-9YYgh_-nlqrpwcfCoYJvRln6NTyv5QmW6DkUr7s8OEsi0lhpgzHGadxZQ",
  "payload": ""
}
2021-03-31 09:27:14,122:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11965482481 HTTP/1.1" 200 799
2021-03-31 09:27:14,126:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:57:14 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103p1KBVa4Aa9ZBKrf8_QBuF3NX1XM85vJhudhUv25r0iM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.example.com"
  },
  "status": "pending",
  "expires": "2021-04-06T22:53:04Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482481/m413SA",
      "token": "k_l52kvvfScXPbiy2MFe6Cc2kz3qxOupLu107Rv3QPA"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482481/4jj5QA",
      "token": "k_l52kvvfScXPbiy2MFe6Cc2kz3qxOupLu107Rv3QPA"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482481/0mSLmA",
      "token": "k_l52kvvfScXPbiy2MFe6Cc2kz3qxOupLu107Rv3QPA"
    }
  ]
}
2021-03-31 09:27:14,128:DEBUG:acme.client:Storing nonce: 0103p1KBVa4Aa9ZBKrf8_QBuF3NX1XM85vJhudhUv25r0iM
2021-03-31 09:27:17,136:DEBUG:acme.client:JWS payload:
b''
2021-03-31 09:27:17,198:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11965482468:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwM3AxS0JWYTRBYTlaQktyZjhfUUJ1RjNOWDFYTTg1dkpodWRoVXYyNXIwaU0iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTY1NDgyNDY4In0",
  "signature": "bVy4MdsGuDam5o5eyApcXThJoLPhXVBMB1U_YkfqoMIahSwCmXoZHflF3Oon9c_iUQs63Ivh2Lut2fsbt9ZJTbZCCokMtqiUntThc5iPaqI_ZSc7zxB42_kUhxXi4pZQPcAJveXFQ0Lzqni2XOuaJKRqUCiJClvNjzU_r0E-H9OVgwhGWlof0CdsTkGBmTdgCdustP-RhFxrGVnKVidAk3Yb2KXgM9vrv8MGWAyHFISw8KmKyWUTyzW9Cw4mDQQYmGxWfgjTHJ29w2P2-u90OCRwqm-ND0LAi5UtFWQH_Ykucrh9r0iHOHjM2Q5npnWDmdRTMBDhahzcBNosHaEv9Q",
  "payload": ""
}
2021-03-31 09:27:17,454:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11965482468 HTTP/1.1" 200 795
2021-03-31 09:27:17,457:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:57:17 GMT
Content-Type: application/json
Content-Length: 795
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104vOaZx-Aaf4YVPW9qProqTDEikiWh3wW9seoBMDRkyGo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "example.com"
  },
  "status": "pending",
  "expires": "2021-04-06T22:53:04Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482468/nz2-Mw",
      "token": "VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482468/dYF_ng",
      "token": "VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482468/NXk5Vg",
      "token": "VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0"
    }
  ]
}
2021-03-31 09:27:17,459:DEBUG:acme.client:Storing nonce: 0104vOaZx-Aaf4YVPW9qProqTDEikiWh3wW9seoBMDRkyGo
2021-03-31 09:27:17,462:DEBUG:acme.client:JWS payload:
b''
2021-03-31 09:27:17,519:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11965482481:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwNHZPYVp4LUFhZjRZVlBXOXFQcm9xVERFaWtpV2gzd1c5c2VvQk1EUmt5R28iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTY1NDgyNDgxIn0",
  "signature": "UgJxwIZJGUnU02p7jaUW2Euz-9hx7UgcmHjihr4Gx9tL2KiiwujEw_ItUmSjBqjhKLqN3gbA37Z0SuBZYSo7USIWq-Ixs83Wthw6d32avUdD38LeOdK-L0C41AzjTQpJRpYwU0a3Citr0IsgMUodknN-dy0A2Y6leCDPpmp5xLTefcXFQHG5CqNe30MbTSrq69xz-K_wBlwogcjOI_A2OETTsbLeaAfpoVKTfkeO2o48fCwJmZ3MdqZRUjm2Jw2sPgiviwHrb-slFIOyXYlB9SjogvVHdfqh9GGJJdRMcldruUnWJe-Ni23E1NTXvRlsfTE0mrqsjVocfapSE0KtHQ",
  "payload": ""
}
2021-03-31 09:27:17,777:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11965482481 HTTP/1.1" 200 799
2021-03-31 09:27:17,781:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:57:17 GMT
Content-Type: application/json
Content-Length: 799
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 01048Brama3c7V9sGYwX13w9G11-Z73pCdvHPpYpwRZuBl4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.example.com"
  },
  "status": "pending",
  "expires": "2021-04-06T22:53:04Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482481/m413SA",
      "token": "k_l52kvvfScXPbiy2MFe6Cc2kz3qxOupLu107Rv3QPA"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482481/4jj5QA",
      "token": "k_l52kvvfScXPbiy2MFe6Cc2kz3qxOupLu107Rv3QPA"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482481/0mSLmA",
      "token": "k_l52kvvfScXPbiy2MFe6Cc2kz3qxOupLu107Rv3QPA"
    }
  ]
}
2021-03-31 09:27:17,783:DEBUG:acme.client:Storing nonce: 01048Brama3c7V9sGYwX13w9G11-Z73pCdvHPpYpwRZuBl4
2021-03-31 09:27:20,791:DEBUG:acme.client:JWS payload:
b''
2021-03-31 09:27:20,851:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11965482468:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwNDhCcmFtYTNjN1Y5c0dZd1gxM3c5RzExLVo3M3BDZHZIUHBZcHdSWnVCbDQiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTY1NDgyNDY4In0",
  "signature": "i10isxYMS8R7cgUn3a8QcNm1AvOjNag669oQEc5GmWjPW6-Rl8_b5-mGDrXadTT8szuynvgAQhYQvIbFpkhqbdevEpFGfKO0cEQuR2JcBgPU3zV2Fz-k_pWUEqCINO0PZ8ZMnRSGs518KkuowJQrE7f7A0JKT0gKDKPdeXR1TRF9sXvXcOyM07jHYrqRmNm3kOJVvnhb8p69vuZROxczBQ6Et_vJj65wP8a3wCfO-mMUMSiXSI1XJIa3bJUG0DN3ZFavWLhBeXkFPHi2KFCkxBuDUOVZA9IGhybi6kuIWSiADByLBJjssMU5KqxHUBG6A_emKOgi4DzM_foposy-MA",
  "payload": ""
}
2021-03-31 09:27:21,104:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11965482468 HTTP/1.1" 200 1036
2021-03-31 09:27:21,108:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:57:21 GMT
Content-Type: application/json
Content-Length: 1036
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103WsMBODfJ3TnKFAwfjnit9v9GxXOoG_8O0YN1RcHXdFM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "example.com"
  },
  "status": "invalid",
  "expires": "2021-04-06T22:53:04Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "Fetching http://example.com/.well-known/acme-challenge/VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0: Timeout during connect (likely firewall problem)",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482468/nz2-Mw",
      "token": "VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0",
      "validationRecord": [
        {
          "url": "http://example.com/.well-known/acme-challenge/VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0",
          "hostname": "example.com",
          "port": "80",
          "addressesResolved": [
            "1.2.3.4"
          ],
          "addressUsed": "1.2.3.4"
        }
      ],
      "validated": "2021-03-30T22:57:10Z"
    }
  ]
}
2021-03-31 09:27:21,110:DEBUG:acme.client:Storing nonce: 0103WsMBODfJ3TnKFAwfjnit9v9GxXOoG_8O0YN1RcHXdFM
2021-03-31 09:27:21,115:DEBUG:acme.client:JWS payload:
b''
2021-03-31 09:27:21,170:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11965482481:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzE5ODQyOTkiLCAibm9uY2UiOiAiMDEwM1dzTUJPRGZKM1RuS0ZBd2Zqbml0OXY5R3hYT29HXzhPMFlOMVJjSFhkRk0iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzExOTY1NDgyNDgxIn0",
  "signature": "bjo7KG7SvzEQj0GFDSTMu8LVfF4ZlmF8Okl6_ujwfwuVhtHRrwaTmdxcXGGUdqvhO8Kk7a4Ywb3qa0ydfz1ugf-Nw6Zp9pKmYmgauh0Sa3iMX4rKOBL2Yibh7MlVzM7TNu0_DiROHe0aTh4zlqNl7hIOxZBxhcANqyfiEGzSlH3B8ptLU_tN2C4W7y0SBmxMY0w7LOWb57Jaf1RPRhYfkLerEcpcK3oGMeqIPmEu8nPCcjeg2NsfO7VMo61-5F8_yxDOhkDrT327l5KM8C9hqboieY5Xljx8kaIV58bNDeH7NEkeHm7U6DH3WenX4F3FlmyTW2ohk0A4D_NXdEnbFw",
  "payload": ""
}
2021-03-31 09:27:21,423:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11965482481 HTTP/1.1" 200 1052
2021-03-31 09:27:21,427:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 30 Mar 2021 22:57:21 GMT
Content-Type: application/json
Content-Length: 1052
Connection: keep-alive
Boulder-Requester: 71984299
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104MtSd42Kx81uGruEObH6gB-phzXAzTP2ZbJzod9SnsfY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.example.com"
  },
  "status": "invalid",
  "expires": "2021-04-06T22:53:04Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "Fetching http://www.example.com/.well-known/acme-challenge/k_l52kvvfScXPbiy2MFe6Cc2kz3qxOupLu107Rv3QPA: Timeout during connect (likely firewall problem)",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11965482481/m413SA",
      "token": "k_l52kvvfScXPbiy2MFe6Cc2kz3qxOupLu107Rv3QPA",
      "validationRecord": [
        {
          "url": "http://www.example.com/.well-known/acme-challenge/k_l52kvvfScXPbiy2MFe6Cc2kz3qxOupLu107Rv3QPA",
          "hostname": "www.example.com",
          "port": "80",
          "addressesResolved": [
            "1.2.3.4"
          ],
          "addressUsed": "1.2.3.4"
        }
      ],
      "validated": "2021-03-30T22:57:10Z"
    }
  ]
}
2021-03-31 09:27:21,429:DEBUG:acme.client:Storing nonce: 0104MtSd42Kx81uGruEObH6gB-phzXAzTP2ZbJzod9SnsfY
2021-03-31 09:27:21,433:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: www.example.com
Type:   connection
Detail: Fetching http://www.example.com/.well-known/acme-challenge/k_l52kvvfScXPbiy2MFe6Cc2kz3qxOupLu107Rv3QPA: Timeout during connect (likely firewall problem)

Domain: example.com
Type:   connection
Detail: Fetching http://example.com/.well-known/acme-challenge/VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0: Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2021-03-31 09:27:21,437:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.example.com/.well-known/acme-challenge/k_l52kvvfScXPbiy2MFe6Cc2kz3qxOupLu107Rv3QPA: Timeout during connect (likely firewall problem), example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://example.com/.well-known/acme-challenge/VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0: Timeout during connect (likely firewall problem)

2021-03-31 09:27:21,438:DEBUG:certbot.error_handler:Calling registered functions
2021-03-31 09:27:21,438:INFO:certbot.auth_handler:Cleaning up challenges
2021-03-31 09:27:21,442:DEBUG:certbot.plugins.standalone:Stopping server at 192.168.1.146:80...
2021-03-31 09:27:21,450:WARNING:certbot.renewal:Attempting to renew cert (example.com) from /etc/letsencrypt/renewal/example.com.conf produced an unexpected error: Failed authorization procedure. www.example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.example.com/.well-known/acme-challenge/k_l52kvvfScXPbiy2MFe6Cc2kz3qxOupLu107Rv3QPA: Timeout during connect (likely firewall problem), example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://example.com/.well-known/acme-challenge/VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0: Timeout during connect (likely firewall problem). Skipping.
2021-03-31 09:27:21,460:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 465, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1193, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 323, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.example.com/.well-known/acme-challenge/k_l52kvvfScXPbiy2MFe6Cc2kz3qxOupLu107Rv3QPA: Timeout during connect (likely firewall problem), example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://example.com/.well-known/acme-challenge/VNxl0JwLjTBQZc_WfBOvJnCzpIcGXeTERirFoHiDls0: Timeout during connect (likely firewall problem)

2021-03-31 09:27:21,471:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2021-03-31 09:27:21,474:ERROR:certbot.renewal:  /etc/letsencrypt/live/example.com/fullchain.pem (failure)
2021-03-31 09:27:21,475:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 490, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)

For the standalone tests, I made sure to stop the apache server first via sudo systemctl stop apache2.

Note that renewing my certificate using the default (apache authenticator and apache installer) used to work just fine for years and I haven't changed anything about my setup.

I checked that there's no (local) firewall:

ufw status
Status: inactive

I checked that my website is reachable from outside the local LAN

Some of the anonymised output of check-your-website.server-daten.de
### 1. IP-Addresses

|Host|Type|IP-Address|is auth.|∑ Queries|∑ Timeout|
| --- | --- | --- | --- | --- | --- |
|example.com|A|1.2.3.4 Sydney/New South Wales/Australia (AU) - Harbour ISP Pty LTD No Hostname found|yes|1|0|
||AAAA||yes|||
|www.example.com|A|1.2.3.4 Sydney/New South Wales/Australia (AU) - Harbour ISP Pty LTD No Hostname found|yes|1|0|
||AAAA||yes|||
|*.example.com|A|Name Error|yes|||
||AAAA|Name Error|yes|||
||CNAME|Name Error|yes|||

3. Name Servers
Domain	Nameserver	NS-IP
www.example.com
	•  ns1.world4you.at / reg-amx1_customer2
		•
example.com
	•  ns1.world4you.at / reg-amx1_customer2
	192.174.68.6
Salzburg/Austria (AT) - NICat-anycast	•

	• 
	2001:67c:1bc::6
Salzburg/Austria (AT) - IPCom-NET Anycast	•

	•  ns2.world4you.at / reg-ams1_customer2
	176.97.158.6
Vienna/Austria (AT) - NICat-anycast	•

	• 
	2001:67c:10b8::6
Zurich/Switzerland (CH) - IPCOM-anycast	•
net
	•  a.gtld-servers.net / nnn1-was1
		•

	•  b.gtld-servers.net / nnn1-eltxl2
		•

	•  c.gtld-servers.net / nnn1-was1
		•

	•  d.gtld-servers.net / nnn1-was1
		•

	•  e.gtld-servers.net / nnn1-was1
		•

	•  f.gtld-servers.net / nnn1-ams6
		•

	•  g.gtld-servers.net / nnn1-ams6
		•

	•  h.gtld-servers.net / nnn1-ams6
		•

	•  i.gtld-servers.net / nnn1-ams6
		•

	•  j.gtld-servers.net / nnn1-lon5
		•

	•  k.gtld-servers.net / nnn1-lon5
		•

	•  l.gtld-servers.net / nnn1-lon5
		•

	•  m.gtld-servers.net / nnn1-lon5
		•

6. Url-Checks

show header:
	
Domainname	Http-Status	redirect	Sec.	G
• http://example.com/
1.2.3.4
	301
	https://example.com/
Html is minified: 100.00 %	0.637
	A

• http://www.example.com/
1.2.3.4
	301
	https://www.example.com/
Html is minified: 100.00 %	0.634
	A

• https://example.com/
1.2.3.4 GZip used - 182 / 259 - 29.73 %
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	200
	
Html is minified: 109.28 %	7.267
	B
small visible content (num chars: 43)
Home of example.com Nothing to see here.

• https://www.example.com/
1.2.3.4 GZip used - 182 / 259 - 29.73 %
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	200
	
Html is minified: 109.28 %	6.997
	B
small visible content (num chars: 43)
Home of example.com Nothing to see here.

• http://example.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
1.2.3.4
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	301
	https://example.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 100.00 %	0.640
	A
Visible Content: Moved Permanently The document has moved here .

• http://www.example.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
1.2.3.4
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	301
	https://www.example.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 100.00 %	0.636
	A
Visible Content: Moved Permanently The document has moved here .

• https://example.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	404
	
Html is minified: 100.00 %	5.593
	A
Not Found
Visible Content: Not Found The requested URL was not found on this server.

• https://www.example.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	404
	
Html is minified: 100.00 %	5.543
	A
Not Found
Visible Content: Not Found The requested URL was not found on this server.

• https://1.2.3.4/
1.2.3.4 GZip used - 182 / 259 - 29.73 %
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	200
	
Html is minified: 109.28 %	7.000
	N
Certificate error: RemoteCertificateNameMismatch
small visible content (num chars: 43)
Home of example.com Nothing to see here.

Hi @Mindful

what of

Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

you don't understand?

Your output is completely useless.

Hi @JuergenAuer

Sorry I didn't mean to offend anyone by anonymising my logs. Since this is a small, private server and my main job isn't system administration or IT security, I don't feel confident telling the world about my instance. The link to crt.sh is only useful if you know the domain, so I don't see how that is proof that everyone knows about my domain already.

More to the point:

I have seen numerous cases of "Timeout during connect" threads, all of the ones I've looked at could be solved by fixing

  • connectivity problems
  • incorrect DNS entries,
  • "port is already in use" problems or
  • server configuration issues.

Most of them were solved by simply looking at the output of your check-your-website.server-daten.de site or the Certbot logs, both of which I provided for my domain (although I anonymised it to example.com, maybe I should've been clear about that or used a different domain such as my-domain.tld). So I was hoping that the domain name isn't that important in itself?

It's possible to get a list of all certificates issued by the intermediate used to sign those certificates, so even if I don't know the name, it is publicly known. The only difference is that in that list it's one among millions and if you post it here, we can "link" it to your username, which is also anonymous... So not really any difference.

Without a hostname we can only say what you already know: check your firewall for blocking port 80 or your NAT router for a port 80 portmap, if applicable. Very generic, not useful at all.

With your hostname, we could check it for ourselves, perhaps do a few traceroutes, see where the problem might be.

2 Likes

Thanks for taking the time to respond.

Yes, I do have a NAT router in-between the machine and the wider internet. Since I (and the checking website mentioned above) can access the website via both HTTPS and HTTP (which redirects to HTTPS) and have been able to for years, I doubt it's one of the "ports not forwarded" issues I've seen in some of the threads with the same title, which is why I was hoping the Certbot log output might be instructive for someone who's more familiar with the process.

I understand it is most straight-forward for you (and anyone else who comes across this thread) to check something (anything) they are able to, but in line with the proverb "give a man a fish you feed him for a day. Teach a man to fish and you feed him for a lifetime", I'd rather do those checks myself. This could also help anyone in the future who wants to apply them to their own situation.

Back to my problem at hand, you mentioned traceroute you'd try. I have found some online tools to do that, here are two results obtained by entering one of my domain names, hoping you find them helpful:

Via https://www.ip-toolbox.com/traceroute/
traceroute to example.com (1.2.3.4), 30 hops max, 60 byte packets
 1  10.254.14.39 (10.254.14.39)  0.031 ms  0.011 ms  0.009 ms
 2  DR2.DCL.LEJ.DE.NET.CLOUDPIT.IO (194.145.226.13)  0.379 ms DR1.DCL.LEJ.DE.NET.CLOUDPIT.IO (194.145.226.17)  0.200 ms DR2.DCL.LEJ.DE.NET.CLOUDPIT.IO (194.145.226.13)  0.340 ms
 3  80.243.51.209 (80.243.51.209)  0.782 ms 80.243.51.205 (80.243.51.205)  0.768 ms  0.807 ms
 4  be11-rb2-dcl.envia-tel.net (77.235.191.157)  0.690 ms  0.670 ms be12-rb2-fra7.envia-tel.net (77.235.191.178)  9.689 ms
 5  Hu0-0-1-3-2819.bdr01-ipt-6leongou-mrs.fr.superloop.net.co (80.81.196.217)  25.144 ms  25.138 ms  25.172 ms
 6  hundredgige0-0-1-2-271.bdr01-ipt-26aayerr-sin.sg.superloop.net.co (202.130.207.33)  251.434 ms Hu0-0-1-3-2819.bdr01-ipt-6leongou-mrs.fr.superloop.net.co (80.81.196.217)  25.393 ms  25.363 ms
 7  hundredgige0-0-1-2-271.bdr01-ipt-26aayerr-sin.sg.superloop.net.co (202.130.207.33)  251.690 ms  251.683 ms hundredgige0-0-1-2-131.bdr01-ipt-1william-per.au.superloop.net.co (202.177.40.21)  251.324 ms
 8  WelcomeToIndigoCentral.bdr01-ipt-47bourke-syd.au.superloop.com (103.200.13.188)  251.488 ms  251.477 ms hundredgige0-0-1-2-131.bdr01-ipt-1william-per.au.superloop.net.co (202.177.40.21)  251.237 ms
 9  WelcomeToIndigoCentral.bdr01-ipt-47bourke-syd.au.superloop.com (103.200.13.188)  251.520 ms 203.153.18.136 (203.153.18.136)  251.216 ms WelcomeToIndigoCentral.bdr01-ipt-47bourke-syd.au.superloop.com (103.200.13.188)  251.485 ms
10  175.45.148.138 (175.45.148.138)  251.125 ms  251.085 ms 203.153.18.136 (203.153.18.136)  251.130 ms
11  * * 175.45.148.138 (175.45.148.138)  251.058 ms
12  * * *
13  * * *
14  * * *
15  * * *
Via https://ping.eu/traceroute/
30 hops max, 60 byte packets
1 	  	  	  	*	*	*		
2 	core23.fsn1.hetzner.com 	213.239.245.237 	de 	2.307 ms 	2.304 ms 	 
	  		au 	
3 	core4.fra.hetzner.com 	213.239.203.149 	de 	4.959 ms 	 	 
	core0.fra.hetzner.com 	213.239.252.37 	de 	4.914 ms 	 
	  		au 	
4 	Hu0-0-1-3-2819.bdr01-ipt-6leongou-mrs.fr.superloop.net.co 	80.81.196.217 	de 	36.126 ms 	36.117 ms 	36.100 ms
5 	hundredgige0-0-1-2-271.bdr01-ipt-26aayerr-sin.sg.superloop.net.co 	202.130.207.33 	au 	262.675 ms 	262.679 ms 	262.668 ms
6 	hundredgige0-0-1-2-131.bdr01-ipt-1william-per.au.superloop.net.co 	202.177.40.21 	sg 	263.509 ms 	263.431 ms 	263.413 ms
7 	WelcomeToIndigoCentral.bdr01-ipt-47bourke-syd.au.superloop.com 	103.200.13.188 	au 	262.824 ms 	262.816 ms 	262.796 ms
8 	  	  	  	*	*	*
9 	  	  	  	*	*	*
10 	  	  	  	*	*	*
11 	  	  	  	*	*	*
12 	  	  	  	*	*	*
No reply for 5 hops. Assuming we reached firewall.

I'm wholeheartedly for teaching someone to fish, so I agree with you there. Sometimes it's just easier to confirm the error message presented by the validation server from my endpoint and point the user to some firewall (which is usually true).

Usually I would do the regular traceroute, which uses UDP for the probes, followed by traceroute using TCP probes with destination ports 80 and 443 (and sometimes some other ports which were identified to be open by for example nmap). These TCP probe responses can sometimes learn some details, but often also just time out.

If nothing responds (ping, traceroute) it's likely a generic block, such as regional firewalls blocking all trafic from a certain region (or allowing only specific regions, blocking everything else). If some ports respond, but others do not, it's most likely a user error or service provider issue: port not opened in a user configurable firewall, NAT portmap not added/enabled or perhaps a internet service provider blocking specific ports.

2 Likes

I'm happy we're on the same page on this :slight_smile:

Yes, I know what you mean and I do agree, it's usually easier to "just do it yourself".

Regarding error messages, I was hoping there might be some clue in the three Certbot logs I posted in the beginning. But because I'm just not familiar with how they should look like, it's likely I missed something there.

Good idea, I really appreciate your help. Here are the results (via TCP Traceroute by WebSitePulse):

Port 80:

Test performed from: Munich, Germany
Test performed at: 2021-03-31 22:42:28 (GMT +00:00)

Hop Hostname (IP) Round-trip times
1 91.194.90.1 0.347 ms 0.343 ms 1.059 ms
2 213.248.101.77 1.056 ms 1.050 ms 1.080 ms
3 62.115.120.79 1.026 ms 1.019 ms 1.029 ms
4 62.115.124.46 21.044 ms 21.042 ms 21.033 ms
5 62.115.124.61 21.026 ms 21.018 ms 21.007 ms
6 62.115.125.195 20.997 ms 21.937 ms 21.915 ms
7 62.115.187.89 29.990 ms 29.966 ms 29.942 ms
8 202.130.207.33 247.826 ms 248.926 ms 248.913 ms
9 202.177.40.21 247.728 ms 247.818 ms 247.790 ms
10 103.200.13.188 247.738 ms 247.728 ms 247.702 ms
11 203.153.18.136 247.482 ms 247.462 ms 247.450 ms
12 175.45.148.138 247.426 ms 248.449 ms 248.428 ms
13 1.2.3.4 280.533 ms 280.471 ms 276.972 ms

Port 443:

Test performed from: Munich, Germany
Test performed at: 2021-03-31 22:43:52 (GMT +00:00)

Hop Hostname (IP) Round-trip times
1 91.194.90.1 0.339 ms 0.388 ms 0.416 ms
2 213.248.101.77 0.478 ms 0.513 ms 0.524 ms
3 62.115.120.79 0.902 ms 0.933 ms 0.958 ms
4 62.115.124.46 21.208 ms 21.246 ms 21.274 ms
5 62.115.124.61 21.096 ms 21.112 ms 20.976 ms
6 62.115.125.195 21.007 ms 20.902 ms 20.902 ms
7 62.115.187.89 30.183 ms 30.202 ms 30.220 ms
8 202.130.207.33 248.839 ms 248.446 ms 248.443 ms
9 202.177.40.21 248.458 ms 248.349 ms 248.348 ms
10 103.200.13.188 248.340 ms 248.327 ms 248.285 ms
11 203.153.18.136 248.027 ms 248.016 ms 248.020 ms
12 175.45.148.138 248.003 ms 247.399 ms 247.417 ms
13 * *
14 1.2.3.4 280.674 ms 281.784 ms 279.368 ms

I also did another one on port 555 which is closed (as it should be, checked via Open Port Check Tool - Test Port Forwarding on Your Router), but the result looked the same as the one for port 443. So either the tool doesn't do what it says it does, or I don't understand what it means - I would've expected the traceroute to port 555 to time out.

Doesn't the fact that I and http://check-your-website.server-daten.de/ are able to open my webpage prove that ports 80 and 443 are open and reachable? Keep in mind that I do have a (still) valid Let's Encrypt certificate and I'm only trying to renew it. Or does Certbot or the Let's Encrypt server need other open ports besides 80 and 443 (I don't think they should)?

Edit:

I just realised I could upload a screenshot of the (anonymised) results page from the check-your-website tool here as well - this is probably easier to read than the text version I posted initially:

Hm, sounds like the traceroute & check your server site can connect indeed.. Weird that Let's Encrypt cannot.

Have you had a chance to look at the Certbot logs I posted initially? I would expect some issue being reported there, but I just couldn't find anything more meaningful than "timeout during connect"...

Unfortunately, no. The error is reported by the ACME validation server and except perhaps things like IP addresses used there's not much more to work with.

By the way, I believe the source of the validation attempts are from CDNs. We've seen users in the past with aggressive firewalls which were blocking certain CDNs. Just a tip.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.