Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: staging.tite.rdc.nie.edu.sg
I ran this command: sudo certbot --nginx -d staging.tite.rdc.nie.edu.sg
It produced this output:
2020-09-02 13:07:43,341:DEBUG:certbot._internal.main:certbot version: 1.6.0
2020-09-02 13:07:43,342:DEBUG:certbot._internal.main:Arguments: [’–nginx’, ‘-d’, ‘staging.tite.rdc.nie.edu.sg’]
2020-09-02 13:07:43,342:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-09-02 13:07:43,358:DEBUG:certbot._internal.log:Root logging level set at 20
2020-09-02 13:07:43,358:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-09-02 13:07:43,359:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2020-09-02 13:07:43,504:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f730e9b3e50>
Prep: True
2020-09-02 13:07:43,504:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f730e9b3e50> and installer <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f730e9b3e50>
2020-09-02 13:07:43,504:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2020-09-02 13:07:43,528:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None, external_account_binding=None), uri=u’https://acme-v02.api.letsencrypt.org/acme/acct/91480453’, new_authzr_uri=None, terms_of_service=None), a9a8505f67992bde962a05c239b325ee, Meta(creation_host=u’RDCtite’, register_to_eff=None, creation_dt=datetime.datetime(2020, 7, 16, 7, 16, 24, tzinfo=)))>
2020-09-02 13:07:43,530:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2020-09-02 13:07:43,538:INFO:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2020-09-02 13:07:45,098:DEBUG:urllib3.connectionpool:“GET /directory HTTP/1.1” 200 658
2020-09-02 13:07:45,100:DEBUG:acme.client:Received response:
HTTP 200
content-length: 658
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
cache-control: public, max-age=0, no-cache
date: Wed, 02 Sep 2020 05:08:39 GMT
x-frame-options: DENY
content-type: application/json
{
“5ZmrU-tatX8”: “Adding random entries to the directory”,
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
“letsencrypt.org”
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org”
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert”
}
2020-09-02 13:07:45,101:INFO:certbot._internal.main:Obtaining a new certificate
2020-09-02 13:07:45,146:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0036_key-certbot.pem
2020-09-02 13:07:45,148:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0036_csr-certbot.pem
2020-09-02 13:07:45,149:DEBUG:acme.client:Requesting fresh nonce
2020-09-02 13:07:45,149:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2020-09-02 13:07:45,518:DEBUG:urllib3.connectionpool:“HEAD /acme/new-nonce HTTP/1.1” 200 0
2020-09-02 13:07:45,519:DEBUG:acme.client:Received response:
HTTP 200
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
cache-control: public, max-age=0, no-cache
date: Wed, 02 Sep 2020 05:08:39 GMT
x-frame-options: DENY
replay-nonce: 0001nMmWeJAWIdzIWPY186RyMiAfKK0qlGwuJhz3m0wPUHU
2020-09-02 13:07:45,519:DEBUG:acme.client:Storing nonce: 0001nMmWeJAWIdzIWPY186RyMiAfKK0qlGwuJhz3m0wPUHU
2020-09-02 13:07:45,520:DEBUG:acme.client:JWS payload:
{
“identifiers”: [
{
“type”: “dns”,
“value”: “staging.tite.rdc.nie.edu.sg”
}
]
}
2020-09-02 13:07:45,521:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJub25jZSI6ICIwMDAxbk1tV2VKQVdJZHpJV1BZMTg2UnlNaUFmS0swcWxHd3VKaHozbTB3UFVIVSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzkxNDgwNDUzIiwgImFsZyI6ICJSUzI1NiJ9”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICJzdGFnaW5nLnRpdGUucmRjLm5pZS5lZHUuc2ciCiAgICB9CiAgXQp9”,
“signature”: “hpU57O8R6BSlkMwkHSzatBnjlJkYvTXcZIdoppd2nPRxQRkK2SJ0iSTi3zHiWcXpCzNmC05yMcqIp7lHD8qLHFNcsuVgC7DxWBZTtBJcDZicT5RjgWhx8pMMO9Ch1VbJy1j1Wb8LENKTx7Rq-81xm7mYcei-A9ALztBHRZv3cRHC5QdJzKbTKQRwny8n9RVaPfEaXsqmtF4jMmGtlLBqMkdn7FvagpymgU8AAXB_jsgBNeJbQJQTyxj45R1TQwkRSB0-4c9PWnTkKA_f97iX0M96HAtBVjrbE5kkY2r0YDKcW5AYCaHgrUxX0yb2N9vQm4BojpLpVkIunG40xXsZdw”
}
2020-09-02 13:07:46,686:DEBUG:urllib3.connectionpool:“POST /acme/new-order HTTP/1.1” 201 357
2020-09-02 13:07:46,687:DEBUG:acme.client:Received response:
HTTP 201
content-length: 357
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
location: https://acme-v02.api.letsencrypt.org/acme/order/91480453/4979823992
boulder-requester: 91480453
date: Wed, 02 Sep 2020 05:08:40 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0002gmJ7X3k9SIWuLQ7ebLUfmV1tkPzH1oUB_1excUFqlGM
{
“status”: “pending”,
“expires”: “2020-09-09T05:08:40.481269952Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “staging.tite.rdc.nie.edu.sg”
}
],
“authorizations”: [
“https://acme-v02.api.letsencrypt.org/acme/authz-v3/6930250035”
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/91480453/4979823992”
}
2020-09-02 13:07:46,687:DEBUG:acme.client:Storing nonce: 0002gmJ7X3k9SIWuLQ7ebLUfmV1tkPzH1oUB_1excUFqlGM
2020-09-02 13:07:46,688:DEBUG:acme.client:JWS payload:
2020-09-02 13:07:46,689:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/6930250035:
{
“protected”: “eyJub25jZSI6ICIwMDAyZ21KN1gzazlTSVd1TFE3ZWJMVWZtVjF0a1B6SDFvVUJfMWV4Y1VGcWxHTSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNjkzMDI1MDAzNSIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85MTQ4MDQ1MyIsICJhbGciOiAiUlMyNTYifQ”,
“payload”: “”,
“signature”: “LKvPvYpxcPR7gYHv8EXtzzvcJc_0vj0Wb3CdQT0EIyEgCPUMcb_qG6qm8CoSCmPTSX5QZaYYd2mOtwuXlIN4J5nVFeHh9x3rCDoYuwbMXqPzRBZ9b98wmuV-aybrizneKCzQ64hskcENP6y3fVgepruvmvmNzSXgPF_b87ScHFTqvv3lPdypUOy60Gbyw4aqvRg5_jDc2aP-9R8QzA4ONHPH9Nmag0AbUE56jOgsZeDUMBllK1p78Yq8YcFZEAgDiXEKtpP1ADZy1u7VW92_GTyvum-eBzvDCtMgRFjjnwuUHQtdiL59-Wgt3_qeiNh0VnMSWXEdpVzPm3akeAaa-A”
}
2020-09-02 13:07:47,074:DEBUG:urllib3.connectionpool:“POST /acme/authz-v3/6930250035 HTTP/1.1” 200 805
2020-09-02 13:07:47,075:DEBUG:acme.client:Received response:
HTTP 200
content-length: 805
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
boulder-requester: 91480453
date: Wed, 02 Sep 2020 05:08:41 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0001iJYQh8rNebGLJumXapaPm5a6IO-4bAQVwY_SsuLiaek
{
“identifier”: {
“type”: “dns”,
“value”: “staging.tite.rdc.nie.edu.sg”
},
“status”: “pending”,
“expires”: “2020-09-09T05:08:40Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6930250035/dHzBGw”,
“token”: “dIPGeOi1LcnXS_woj22RoqmjIvowmxN-LLtV1AKSJCY”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6930250035/Bueq4Q”,
“token”: “dIPGeOi1LcnXS_woj22RoqmjIvowmxN-LLtV1AKSJCY”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6930250035/wC8_0A”,
“token”: “dIPGeOi1LcnXS_woj22RoqmjIvowmxN-LLtV1AKSJCY”
}
]
}
2020-09-02 13:07:47,075:DEBUG:acme.client:Storing nonce: 0001iJYQh8rNebGLJumXapaPm5a6IO-4bAQVwY_SsuLiaek
2020-09-02 13:07:47,076:INFO:certbot._internal.auth_handler:Performing the following challenges:
2020-09-02 13:07:47,076:INFO:certbot._internal.auth_handler:http-01 challenge for staging.tite.rdc.nie.edu.sg
2020-09-02 13:07:47,096:DEBUG:certbot_nginx._internal.http_01:Generated server block:
2020-09-02 13:07:47,097:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
2020-09-02 13:07:47,098:DEBUG:certbot.reverter:Creating backup of /etc/nginx/conf.d/default.conf
2020-09-02 13:07:47,098:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
2020-09-02 13:07:47,099:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/nginx.conf:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/letsencrypt/le_http_01_cert_challenge.conf;
server_names_hash_bucket_size 128;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
2020-09-02 13:07:47,100:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/conf.d/default.conf:
server
{
#makes sures all URL access are https
listen 80;
listen [::]:80 default_server ipv6only=on;
return 302 https://$host$request_uri;
}
server
{
listen 443;
server_name tite.rdc.nie.edu.sg;
location /
{
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
#For Each mgb instance config file, the port set to listen is used for the following line
proxy_pass http://localhost:8080/;
# proxy_pass http://116.14.46.38:8080/;
proxy_ssl_session_reuse off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
server
{
listen 443;
server_name staging.tite.rdc.nie.edu.sg;
location /
{
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8082/;
# proxy_pass http://116.14.46.38:8080/;
proxy_ssl_session_reuse off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
server
{rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
#makes sures all URL access are https
listen 80;
listen [::]:80 ;
return 302 https://$host$request_uri;
server_name staging.tite.rdc.nie.edu.sg; # managed by Certbot
location = /.well-known/acme-challenge/dIPGeOi1LcnXS_woj22RoqmjIvowmxN-LLtV1AKSJCY{default_type text/plain;return 200 dIPGeOi1LcnXS_woj22RoqmjIvowmxN-LLtV1AKSJCY.bJ9qdvBkA9JJc5yV3wkrkkz529BjRKYTK_5Th8z4lsk;} # managed by Certbot
}
2020-09-02 13:07:48,115:INFO:certbot._internal.auth_handler:Waiting for verification…
2020-09-02 13:07:48,116:DEBUG:acme.client:JWS payload:
{}
2020-09-02 13:07:48,118:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/6930250035/dHzBGw:
{
“protected”: “eyJub25jZSI6ICIwMDAxaUpZUWg4ck5lYkdMSnVtWGFwYVBtNWE2SU8tNGJBUVZ3WV9Tc3VMaWFlayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvNjkzMDI1MDAzNS9kSHpCR3ciLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTE0ODA0NTMiLCAiYWxnIjogIlJTMjU2In0”,
“payload”: “e30”,
“signature”: “Kug88TWCrUyllkiojFZIpA5g00zd4W2nmHSezo35f-xX66KmqYyubewOhlmIVMdrQ9t_pTEn2AS_0qdfDpVW_gI3MdaSBNtbv3Ox9nfLIMf0owuSQorHRkybKbAAKykcvQVRYv5uaR8W5aT5LunHUIQJNaKwVuug4obZJZSYo0qxYB7kHzLKtlecYaTrCv6kKQX8IZ5S7YArfvWNGC5leOwA2H_ygv5lWDlV8Vty8grKNku8lYpcxGWhCpQTJq-2U5QlHJDNkgxHYY-Ukm75-pVJjE4NIMLZZW9l-xPaMza7JPRlefUXEPPEbljE8I-oyyT9Rm0O9d-vfuQGbQB77g”
}
2020-09-02 13:07:48,613:DEBUG:urllib3.connectionpool:“POST /acme/chall-v3/6930250035/dHzBGw HTTP/1.1” 200 185
2020-09-02 13:07:48,614:DEBUG:acme.client:Received response:
HTTP 200
content-length: 185
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”, https://acme-v02.api.letsencrypt.org/acme/authz-v3/6930250035;rel=“up”
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/6930250035/dHzBGw
boulder-requester: 91480453
date: Wed, 02 Sep 2020 05:08:42 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0002aW1dkjOHkzla-iIcK8DUjanbsuWr7SewySHe3yD-cyQ
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6930250035/dHzBGw”,
“token”: “dIPGeOi1LcnXS_woj22RoqmjIvowmxN-LLtV1AKSJCY”
}
2020-09-02 13:07:48,614:DEBUG:acme.client:Storing nonce: 0002aW1dkjOHkzla-iIcK8DUjanbsuWr7SewySHe3yD-cyQ
2020-09-02 13:07:49,616:DEBUG:acme.client:JWS payload:
2020-09-02 13:07:49,618:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/6930250035:
{
“protected”: “eyJub25jZSI6ICIwMDAyYVcxZGtqT0hremxhLWlJY0s4RFVqYW5ic3VXcjdTZXd5U0hlM3lELWN5USIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNjkzMDI1MDAzNSIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85MTQ4MDQ1MyIsICJhbGciOiAiUlMyNTYifQ”,
“payload”: “”,
“signature”: “ZQpFUnikv0HoP0PHSoSbwnIjwDSMJLvr8iGK3z_Bsk5Uh8UOHPynbkKe1WZBo51AVxwI9Xv6S61j-uRInohR3bhmgFHrF4t-TCY1cAtn7m9yp0dqlvxfHmBwdF4R1nscdF2iCUcp0inlv1Yn1BQY4f4yzJu8I8MBZ6G0nnhILvWhSTEtz_iX_wbMZaqDau-CWW5VKPiDEyr1yVwq2Hi5vI05xSUBktWQJt_yq0AN4sO2wWp7Y0wSHcD1sVtzHNGgUtDHkyoaf4lpc4zcAgIM9IkeZvM1ptkhnhpjHYAt2wLkm1T7p04oMDuDxmOEX_nlZJ5tPRNuGRTm55hyBv4KCQ”
}
2020-09-02 13:07:50,004:DEBUG:urllib3.connectionpool:“POST /acme/authz-v3/6930250035 HTTP/1.1” 200 805
2020-09-02 13:07:50,005:DEBUG:acme.client:Received response:
HTTP 200
content-length: 805
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
boulder-requester: 91480453
date: Wed, 02 Sep 2020 05:08:43 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0001KoVX1P9L1pQD973KsuJckZMTPz8blGO2bSCUe-3Nj6Q
{
“identifier”: {
“type”: “dns”,
“value”: “staging.tite.rdc.nie.edu.sg”
},
“status”: “pending”,
“expires”: “2020-09-09T05:08:40Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6930250035/dHzBGw”,
“token”: “dIPGeOi1LcnXS_woj22RoqmjIvowmxN-LLtV1AKSJCY”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6930250035/Bueq4Q”,
“token”: “dIPGeOi1LcnXS_woj22RoqmjIvowmxN-LLtV1AKSJCY”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6930250035/wC8_0A”,
“token”: “dIPGeOi1LcnXS_woj22RoqmjIvowmxN-LLtV1AKSJCY”
}
]
}
2020-09-02 13:07:50,005:DEBUG:acme.client:Storing nonce: 0001KoVX1P9L1pQD973KsuJckZMTPz8blGO2bSCUe-3Nj6Q
2020-09-02 13:07:53,009:DEBUG:acme.client:JWS payload:
2020-09-02 13:07:53,011:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/6930250035:
{
“protected”: “eyJub25jZSI6ICIwMDAxS29WWDFQOUwxcFFEOTczS3N1SmNrWk1UUHo4YmxHTzJiU0NVZS0zTmo2USIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNjkzMDI1MDAzNSIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85MTQ4MDQ1MyIsICJhbGciOiAiUlMyNTYifQ”,
“payload”: “”,
“signature”: “QK6-nvdvoxSM9fwJVjNv3qVJJYg26A9PvWO8Icbl-B2_fFamwDkAu-dgZWJNGR2c2jnNr0IhVCzUYtMi4QESW4hy4hbejLyT2c6B2ZF4Zl0xpQN28WrWGGi3dvjVZw9pTiudml0O9rRX2Q4kl1ZgDE5KtIXw-ODMBEf7VlsWpd1_4sWw-6Cpma71kypLqlBDxA8BNGcU_xrU27ViVqf6bhuoycNGRRc9UcZxQNsJU23tbcwJOXv4ODW8kX58ZdEofXR2TAlmysIGmUmizKddvAaoo4or0zkWoqnMaW6u4nMKNyYn0TsPnxk0Jsr2_-RhoTH9AJxaAFaWFI4DJR_WLg”
}
2020-09-02 13:07:53,475:DEBUG:urllib3.connectionpool:“POST /acme/authz-v3/6930250035 HTTP/1.1” 200 805
2020-09-02 13:07:53,476:DEBUG:acme.client:Received response:
HTTP 200
content-length: 805
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
boulder-requester: 91480453
date: Wed, 02 Sep 2020 05:08:47 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0001UgnriIVG-ztTvnr88rMlfhW9A67xLi7eYwIB6UEl3mE
{
“identifier”: {
“type”: “dns”,
“value”: “staging.tite.rdc.nie.edu.sg”
},
“status”: “pending”,
“expires”: “2020-09-09T05:08:40Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6930250035/dHzBGw”,
“token”: “dIPGeOi1LcnXS_woj22RoqmjIvowmxN-LLtV1AKSJCY”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6930250035/Bueq4Q”,
“token”: “dIPGeOi1LcnXS_woj22RoqmjIvowmxN-LLtV1AKSJCY”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6930250035/wC8_0A”,
“token”: “dIPGeOi1LcnXS_woj22RoqmjIvowmxN-LLtV1AKSJCY”
}
]
}
2020-09-02 13:07:53,476:DEBUG:acme.client:Storing nonce: 0001UgnriIVG-ztTvnr88rMlfhW9A67xLi7eYwIB6UEl3mE
2020-09-02 13:07:56,480:DEBUG:acme.client:JWS payload:
2020-09-02 13:07:56,482:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/6930250035:
{
“protected”: “eyJub25jZSI6ICIwMDAxVWducmlJVkctenRUdm5yODhyTWxmaFc5QTY3eExpN2VZd0lCNlVFbDNtRSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNjkzMDI1MDAzNSIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85MTQ4MDQ1MyIsICJhbGciOiAiUlMyNTYifQ”,
“payload”: “”,
“signature”: “cwtgOro1C3eoiRvjE9-NwStc-a1jNkKTahvUfJbN8xlOQO9nH4wWAUZAdXjqaWpGpRs_VpLv4hkXK16X1BRCFe2V4QouBvYCm9G58_knECOoPS8j32afZholkK4r0RiFVzPcLaoAvaEyOIpJwC-q27JTpCZb5aT6LtwinqiNkgTWnXyKUKFCYJQ4koH-osqq0loGGr3JcbgDk0joRkGOH1WTS9RlPWVs3yqTGuCIc1A7P2IDBrogzH4zqLWdKROjd5xU6dRa2FotlyQUhNeiRer3B26PkZH_T-9vNgF6LW6z2rmmg6pLP9NeRTYiBOaGboRB52XvaeQxewX9eWvk1Q”
}
2020-09-02 13:07:56,864:DEBUG:urllib3.connectionpool:“POST /acme/authz-v3/6930250035 HTTP/1.1” 200 1379
2020-09-02 13:07:56,865:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1379
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
boulder-requester: 91480453
date: Wed, 02 Sep 2020 05:08:50 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0002mz6-CRLhSxf293hgna2H6sJvV_2IRYL9BpzXzpWxOQ4
{
“identifier”: {
“type”: “dns”,
“value”: “staging.tite.rdc.nie.edu.sg”
},
“status”: “invalid”,
“expires”: “2020-09-09T05:08:40Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from https://staging.tite.rdc.nie.edu.sg/.well-known/acme-challenge/dIPGeOi1LcnXS_woj22RoqmjIvowmxN-LLtV1AKSJCY [118.201.204.72]: 503”,
“status”: 403
},
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6930250035/dHzBGw”,
“token”: “dIPGeOi1LcnXS_woj22RoqmjIvowmxN-LLtV1AKSJCY”,
“validationRecord”: [
{
“url”: “http://staging.tite.rdc.nie.edu.sg/.well-known/acme-challenge/dIPGeOi1LcnXS_woj22RoqmjIvowmxN-LLtV1AKSJCY”,
“hostname”: “staging.tite.rdc.nie.edu.sg”,
“port”: “80”,
“addressesResolved”: [
“118.201.204.72”
],
“addressUsed”: “118.201.204.72”
},
{
“url”: “https://staging.tite.rdc.nie.edu.sg/.well-known/acme-challenge/dIPGeOi1LcnXS_woj22RoqmjIvowmxN-LLtV1AKSJCY”,
“hostname”: “staging.tite.rdc.nie.edu.sg”,
“port”: “443”,
“addressesResolved”: [
“118.201.204.72”
],
“addressUsed”: “118.201.204.72”
}
]
}
]
}
2020-09-02 13:07:56,865:DEBUG:acme.client:Storing nonce: 0002mz6-CRLhSxf293hgna2H6sJvV_2IRYL9BpzXzpWxOQ4
2020-09-02 13:07:56,866:WARNING:certbot._internal.auth_handler:Challenge failed for domain staging.tite.rdc.nie.edu.sg
2020-09-02 13:07:56,866:INFO:certbot._internal.auth_handler:http-01 challenge for staging.tite.rdc.nie.edu.sg
2020-09-02 13:07:56,866:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:
Domain: staging.tite.rdc.nie.edu.sg
Type: unauthorized
Detail: Invalid response from https://staging.tite.rdc.nie.edu.sg/.well-known/acme-challenge/dIPGeOi1LcnXS_woj22RoqmjIvowmxN-LLtV1AKSJCY [118.201.204.72]: 503
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2020-09-02 13:07:56,867:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.
2020-09-02 13:07:56,867:DEBUG:certbot._internal.error_handler:Calling registered functions
2020-09-02 13:07:56,867:INFO:certbot._internal.auth_handler:Cleaning up challenges
2020-09-02 13:07:57,998:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File “/bin/certbot”, line 9, in
load_entry_point(‘certbot==1.6.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 15, in main
return internal_main.main(cli_args)
File “/usr/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1353, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1102, in run
certname, lineage)
File “/usr/lib/python2.7/site-packages/certbot/_internal/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python2.7/site-packages/certbot/_internal/client.py”, line 418, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python2.7/site-packages/certbot/_internal/client.py”, line 351, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python2.7/site-packages/certbot/_internal/client.py”, line 398, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.
2020-09-02 13:07:57,999:ERROR:certbot._internal.log:Some challenges have failed.
My web server is (include version): nginx/1.16.1
The operating system my web server runs on is (include version): Oracle Linux 7 (64-bit)
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot 1.6.0
Not sure if useful but heres my nginx default.conf:
server
{
#makes sures all URL access are https
listen 80;
listen [::]:80 default_server ipv6only=on;
return 302 https://$host$request_uri;
}
server
{
listen 443;
server_name tite.rdc.nie.edu.sg;
location /
{
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
#For Each mgb instance config file, the port set to listen is used for the following line
proxy_pass http://localhost:8080/;
#proxy_pass http://118.201.204.72:8080/;
proxy_ssl_session_reuse off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
server
{
listen 443;
server_name staging.tite.rdc.nie.edu.sg;
location /
{
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8080/;
#proxy_pass http://118.201.204.72:8080/;
proxy_ssl_session_reuse off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}