Hello, thanks for this awesome project.
I'm the founder of a startup where we offer a custom domain feature. The customer creates a CNAME form their subdomain to custom.plausible.io.. On custom.plausible.io. server we manage the ssl cert with certbot and proxy_pass the traffic to our backend servers with nginx.
We have over 800 certificates already issued, but this time I got a weird error I haven't seen before.
My domain is:
stats.elixir-lang.org CNAME -> custom.plausible.io.
I ran this command:
sudo certbot certonly --nginx -n -d stats.elixir-lang.org
It produced this output:
2020-10-09 09:01:14,061:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/7770321146 HTTP/1.1" 200 1032
2020-10-09 09:01:14,063:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 09 Oct 2020 09:01:13 GMT
Content-Type: application/json
Content-Length: 1032
Connection: keep-alive
Boulder-Requester: 78463456
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103_DqV7eizlb1HYeTIrgyPibwdjg9IuYfFGqepqoEa5vs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "stats.elixir-lang.org"
},
"status": "invalid",
"expires": "2020-10-16T09:01:07Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:tls",
"detail": "During secondary validation: Fetching https://stats.elixir-lang.org/.well-known/acme-challenge/Hj-nIHKHENtSC3nyVrqpKSa4ceE_5d81etZ1TxcpV1I: remote error: tls: internal error",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7770321146/s3Dh5A",
"token": "Hj-nIHKHENtSC3nyVrqpKSa4ceE_5d81etZ1TxcpV1I",
"validationRecord": [
{
"url": "http://stats.elixir-lang.org/.well-known/acme-challenge/Hj-nIHKHENtSC3nyVrqpKSa4ceE_5d81etZ1TxcpV1I",
"hostname": "stats.elixir-lang.org",
"port": "80",
"addressesResolved": [
"46.101.161.209"
],
"addressUsed": "46.101.161.209"
}
]
}
]
}
2020-10-09 09:01:14,064:DEBUG:acme.client:Storing nonce: 0103_DqV7eizlb1HYeTIrgyPibwdjg9IuYfFGqepqoEa5vs
2020-10-09 09:01:14,067:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: stats.elixir-lang.org
Type: tls
Detail: During secondary validation: Fetching https://stats.elixir-lang.org/.well-known/acme-challenge/Hj-nIHKHENtSC3nyVrqpKSa4ceE_5d81etZ1TxcpV1I: remote error: tls: internal error
My web server is (include version):
nginx version: nginx/1.19.0
The operating system my web server runs on is (include version):
Ubuntu 18.04.3 (LTS) x64
My hosting provider, if applicable, is:
Digital Ocean
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
certbot 0.31.0