To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address

Newbie here.
As many people here that I have read are having the same problem i am having, but because i new at this cant solve it. Running nginx on docker under raspi. my dns nextcloud.cosasdejorge.cyou had it working whit https, but now its not i tried to fix it but whit no luck. I understand that it has something to do whit communication or whit i do not know
thank you
here is my log print out from nginx
[9/29/2020] [11:44:37 PM] [Nginx ] › info Reloading Nginx
[9/29/2020] [11:44:37 PM] [SSL ] › info Requesting Let'sEncrypt certificates for Cert #30: nextcloud.cosasdejorge.cyou
[9/29/2020] [11:44:51 PM] [Nginx ] › info Reloading Nginx
[9/29/2020] [11:44:51 PM] [Express ] › warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-30" --agree-tos --email "xxxx73@gmail.com" --preferred-challenges "dns,http" --domains "nextcloud.cosasdejorge.cyou"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nextcloud.cosasdejorge.cyou
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain nextcloud.cosasdejorge.cyou
http-01 challenge for nextcloud.cosasdejorge.cyou
Cleaning up challenges

and the log from ltsencript
2020-09-30 00:57:50,240:DEBUG:certbot._internal.main:certbot version: 1.4.0
2020-09-30 00:57:50,241:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-32', '--agree-tos', '--email', 'jorge.gomez73@gmail.com', '--preferred-challenges', 'dns,http', '--domains', 'nextcloud.cosasdejorge.cyou']
2020-09-30 00:57:50,242:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-cloudflare,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-09-30 00:57:50,343:DEBUG:certbot._internal.log:Root logging level set at 20
2020-09-30 00:57:50,344:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-09-30 00:57:50,346:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2020-09-30 00:57:50,366:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0xb56ec2b0>
Prep: True
2020-09-30 00:57:50,367:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0xb56ec2b0> and installer None
2020-09-30 00:57:50,367:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2020-09-30 00:57:50,379:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/96868467', new_authzr_uri=None, terms_of_service=None), 7dbdfe541e072f858fceef696c48250c, Meta(creation_dt=datetime.datetime(2020, 9, 17, 5, 48, 45, tzinfo=), creation_host='049d6b43a236'))>
2020-09-30 00:57:50,382:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2020-09-30 00:57:50,387:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2020-09-30 00:57:50,663:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2020-09-30 00:57:50,664:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 30 Sep 2020 00:57:50 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
"xr4lTAvWcMo": "Adding random entries to the directory"
}
2020-09-30 00:57:50,665:INFO:certbot._internal.main:Obtaining a new certificate
2020-09-30 00:57:53,395:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0031_key-certbot.pem
2020-09-30 00:57:53,406:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem
2020-09-30 00:57:53,409:DEBUG:acme.client:Requesting fresh nonce
2020-09-30 00:57:53,409:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2020-09-30 00:57:53,474:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2020-09-30 00:57:53,476:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 30 Sep 2020 00:57:53 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0101fLvht2uQNuGJjGw2icOislNQ3Sg0TRWFK2BbzdWXerQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2020-09-30 00:57:53,476:DEBUG:acme.client:Storing nonce: 0101fLvht2uQNuGJjGw2icOislNQ3Sg0TRWFK2BbzdWXerQ
2020-09-30 00:57:53,477:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "nextcloud.cosasdejorge.cyou"\n }\n ]\n}'
2020-09-30 00:57:53,488:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTY4Njg0NjciLCAibm9uY2UiOiAiMDEwMWZMdmh0MnVRTnVHSmpHdzJpY09pc2xOUTNTZzBUUldGSzJCYnpkV1hlclEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "c7ghO6rle-tNJqV_H2qxl3H9qpM4OPNgNKcuG_zFTlQQkuNEsiO8YpjzxbruRHx6YCazNtPRs4m3TVAXt7dhg3nR9XDU-0ShsMTbjC3uPfbZ0K7g8qmxtk5qHRZW9YIGoRFHH8DUtfztMj5_RFKPIRFSsI4lsKjRcPM1vvnrrr2fHPo8Sv4qHUphSm-8NBUblXhB9GBWVLmm5VId0supZGldUL8wfGMwGw5qAkSsZS9KHH3obIiFoBxJXuGC0sEq57RzYVKZURGQUANP4dFuHf5ZQf0bzi3ALNvDuc-xc9yJK_gfRTX0RS9y6YQY78ZGvCrTwo7hL2oxPqrLqM64HQ",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm5leHRjbG91ZC5jb3Nhc2Rlam9yZ2UuY3lvdSIKICAgIH0KICBdCn0"
}
2020-09-30 00:57:53,736:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 357
2020-09-30 00:57:53,737:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 30 Sep 2020 00:57:53 GMT
Content-Type: application/json
Content-Length: 357
Connection: keep-alive
Boulder-Requester: 96868467
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/96868467/5440784794
Replay-Nonce: 01023rm5cJJhcr89L4wFWkUOhoofWvVLwjV_0j8i_bLa7Rw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2020-10-07T00:57:53.667800537Z",
"identifiers": [
{
"type": "dns",
"value": "nextcloud.cosasdejorge.cyou"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/7561182698"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/96868467/5440784794"
}
2020-09-30 00:57:53,738:DEBUG:acme.client:Storing nonce: 01023rm5cJJhcr89L4wFWkUOhoofWvVLwjV_0j8i_bLa7Rw
2020-09-30 00:57:53,739:DEBUG:acme.client:JWS payload:
b''
2020-09-30 00:57:53,748:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/7561182698:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTY4Njg0NjciLCAibm9uY2UiOiAiMDEwMjNybTVjSkpoY3I4OUw0d0ZXa1VPaG9vZld2Vkx3alZfMGo4aV9iTGE3UnciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzc1NjExODI2OTgifQ",
"signature": "bWm-JTamUXZNRLBBYK4a5maaf0iWZiOX8USqEvxFOeP4rs-S5yKMj6GIY9aZEHuZn9JBvwq0Kh2ONagjQ1-OzjCwHaxBkNvVRu3htP-cwPVZMTxUXKBQbST8WOgacMc2f0968gQNeiHk-V_1IRc7Vai0FxA2LVbtl4aHkMb3nCLzrG7LeRB0E3esub1RX2XdheyI1saOMkL_8Ezsmm8xGU4_gqDVzuD7Xv0T2sLoIKveA3YLO_8fjbMRDchm1SG90rpZ5BZKsvqATaQXm8evjkaMTIVBrjFzzuqxTOYNe6Lf2PZyk7gbyP6Vx8hCZSuJgqtPQ8nQiNKUrdSIwz3lQQ",
"payload": ""
}
2020-09-30 00:57:53,849:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/7561182698 HTTP/1.1" 200 805
2020-09-30 00:57:53,851:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 30 Sep 2020 00:57:53 GMT
Content-Type: application/json
Content-Length: 805
Connection: keep-alive
Boulder-Requester: 96868467
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0101TDrThxVxYRopMIz_V7MAS12aJ9nOAHWdR2ky-slJo8Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "nextcloud.cosasdejorge.cyou"
},
"status": "pending",
"expires": "2020-10-07T00:57:53Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7561182698/0J9XbQ",
"token": "NPdX2prOIBMJJwlJo4xcCt0NpfCBeyIFYgzjQ52GGq0"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7561182698/mjFJ0g",
"token": "NPdX2prOIBMJJwlJo4xcCt0NpfCBeyIFYgzjQ52GGq0"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7561182698/It_DiQ",
"token": "NPdX2prOIBMJJwlJo4xcCt0NpfCBeyIFYgzjQ52GGq0"
}
]
}
2020-09-30 00:57:53,852:DEBUG:acme.client:Storing nonce: 0101TDrThxVxYRopMIz_V7MAS12aJ9nOAHWdR2ky-slJo8Y
2020-09-30 00:57:53,853:INFO:certbot._internal.auth_handler:Performing the following challenges:
2020-09-30 00:57:53,854:INFO:certbot._internal.auth_handler:http-01 challenge for nextcloud.cosasdejorge.cyou
2020-09-30 00:57:53,855:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2020-09-30 00:57:53,856:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2020-09-30 00:57:53,865:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/NPdX2prOIBMJJwlJo4xcCt0NpfCBeyIFYgzjQ52GGq0
2020-09-30 00:57:53,866:INFO:certbot._internal.auth_handler:Waiting for verification...
2020-09-30 00:57:53,867:DEBUG:acme.client:JWS payload:
b'{}'
2020-09-30 00:57:53,877:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/7561182698/0J9XbQ:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTY4Njg0NjciLCAibm9uY2UiOiAiMDEwMVREclRoeFZ4WVJvcE1Jel9WN01BUzEyYUo5bk9BSFdkUjJreS1zbEpvOFkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzc1NjExODI2OTgvMEo5WGJRIn0",
"signature": "fTkTda0K7lcE5V76SXHuyYG-HRfNiVN1UaKjbEmVFoIbJGIVEmJo29liekeHn-YLs47nfc9E-XRct_HG1RS6C7ibyQn9Zxby2-rQ8R0HUHqu7oZl0eINk3Eq3Bjiav2RceKgYXL5nbI1jUxo4Q5j_YZw4rMK_pJpAGohnD0t2J4-6x3Q4WeFcR2JoISy2MxGvTxvyNydoQf52554Uqt1AKn-WOdMVkpXBfPDDe58vQioQN607KXWJKF88fy4gKPz3XKFqbIgv8zcWIFbAhR5gGNXhnvK1O4RvpWqRlkvY-qNU-6QWKPCJ1joV3Bcgnz2G9hR2zsImfBgKMDTYe5hLg",
"payload": "e30"
}
2020-09-30 00:57:53,988:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/7561182698/0J9XbQ HTTP/1.1" 200 185
2020-09-30 00:57:53,990:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 30 Sep 2020 00:57:53 GMT
Content-Type: application/json
Content-Length: 185
Connection: keep-alive
Boulder-Requester: 96868467
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz-v3/7561182698;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/7561182698/0J9XbQ
Replay-Nonce: 0101hL9ByMYf_7mDJfvD0lLrNb2rxS_eRhEAalFBL3nrWNY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7561182698/0J9XbQ",
"token": "NPdX2prOIBMJJwlJo4xcCt0NpfCBeyIFYgzjQ52GGq0"
}
2020-09-30 00:57:53,990:DEBUG:acme.client:Storing nonce: 0101hL9ByMYf_7mDJfvD0lLrNb2rxS_eRhEAalFBL3nrWNY
2020-09-30 00:57:54,992:DEBUG:acme.client:JWS payload:
b''
2020-09-30 00:57:55,002:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/7561182698:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTY4Njg0NjciLCAibm9uY2UiOiAiMDEwMWhMOUJ5TVlmXzdtREpmdkQwbExyTmIycnhTX2VSaEVBYWxGQkwzbnJXTlkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzc1NjExODI2OTgifQ",
"signature": "MZttYvRGapG6TOj6FZMRPxBuMr1hWp-Ca4qNpw-H3s1fBacGDp7qTaE_vGyD6m0gKFuRE9MuSkQuFD8uE1ObFfVcF-rpwbQA3Pseib6UqEl_tsEtYkkKki8dPgxdlkmuVvyZTJYOLRQ3ntYgdUdLsxdnpzzJD3otlqH-nA0zDZI-qvFn8-Cc7SMrA6l9vN-nuVcFUIpQuN1wO2saJKsc4Da0GKTioSHzjg1_WI65Sm3V3KUMiwWsZrJzoK53xXRSBmHVBsG_nROQB3VkUnx5WhUVvjEJQ2gL9fax-Qc6jClJSl6LYAYUv5_cLHVbRKQROw50xgpbFGSn71uxb6HJUw",
"payload": ""
}
2020-09-30 00:57:55,098:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/7561182698 HTTP/1.1" 200 805
2020-09-30 00:57:55,100:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 30 Sep 2020 00:57:55 GMT
Content-Type: application/json
Content-Length: 805
Connection: keep-alive
Boulder-Requester: 96868467
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0102GVRwv_IS7lGsSt1RwXt-OiPVZK038KMRyxl2K_ITh14
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "nextcloud.cosasdejorge.cyou"
},
"status": "pending",
"expires": "2020-10-07T00:57:53Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7561182698/0J9XbQ",
"token": "NPdX2prOIBMJJwlJo4xcCt0NpfCBeyIFYgzjQ52GGq0"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7561182698/mjFJ0g",
"token": "NPdX2prOIBMJJwlJo4xcCt0NpfCBeyIFYgzjQ52GGq0"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7561182698/It_DiQ",
"token": "NPdX2prOIBMJJwlJo4xcCt0NpfCBeyIFYgzjQ52GGq0"
}
]
}
2020-09-30 00:57:55,100:DEBUG:acme.client:Storing nonce: 0102GVRwv_IS7lGsSt1RwXt-OiPVZK038KMRyxl2K_ITh14
2020-09-30 00:57:58,104:DEBUG:acme.client:JWS payload:
b''
2020-09-30 00:57:58,128:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/7561182698:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTY4Njg0NjciLCAibm9uY2UiOiAiMDEwMkdWUnd2X0lTN2xHc1N0MVJ3WHQtT2lQVlpLMDM4S01SeXhsMktfSVRoMTQiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzc1NjExODI2OTgifQ",
"signature": "El8bw4UFXiART7vYLG8mJ1sWrBxkxKr4lWtyvDBhuoADSsBhjJsU_p-Du-k_kxGEf_y-cBQcvOgjPBydrKgYdvJBgy2fDjON-3wIIRN5XKLH9ru7rLrYirXx1KjAd8NdTH4o5FivfD173-QCNqU2stOY59XaUCKhIs_flAQvTUdtEQj-g5GGunmhxB1DWwyMDTC_65SALQXViCmPzrvg9C2HW3i2aFvQChNWy1rMhrljBIRLuAlmRTJcHEF9mok5JxSci8mTq7Ri2mFR3_00_aPRDYDJCu3HMqO3U26Ikib8zfPmUcFpBy0W6_CczhdMlnS1nXnKs9RQgeL_hCVwmQ",
"payload": ""
}
2020-09-30 00:57:58,236:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/7561182698 HTTP/1.1" 200 1221
2020-09-30 00:57:58,238:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 30 Sep 2020 00:57:58 GMT
Content-Type: application/json
Content-Length: 1221
Connection: keep-alive
Boulder-Requester: 96868467
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0102xN65a9pahg0lbXg-m1BzHbDYGFD02AzZEwWu9vZNFH8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "nextcloud.cosasdejorge.cyou"
},
"status": "invalid",
"expires": "2020-10-07T00:57:53Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://nextcloud.cosasdejorge.cyou/.well-known/acme-challenge/NPdX2prOIBMJJwlJo4xcCt0NpfCBeyIFYgzjQ52GGq0 [187.250.59.75]: "\u003c!DOCTYPE html\u003e\n\u003chtml class=\"ng-csp\" data-placeholder-focus=\"false\" lang=\"en\" data-locale=\"en\" \u003e\n\t\u003chead\n data-requesttoken=\"pO3F"",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7561182698/0J9XbQ",
"token": "NPdX2prOIBMJJwlJo4xcCt0NpfCBeyIFYgzjQ52GGq0",
"validationRecord": [
{
"url": "http://nextcloud.cosasdejorge.cyou/.well-known/acme-challenge/NPdX2prOIBMJJwlJo4xcCt0NpfCBeyIFYgzjQ52GGq0",
"hostname": "nextcloud.cosasdejorge.cyou",
"port": "80",
"addressesResolved": [
"187.250.59.75"
],
"addressUsed": "187.250.59.75"
}
]
}
]
}
2020-09-30 00:57:58,239:DEBUG:acme.client:Storing nonce: 0102xN65a9pahg0lbXg-m1BzHbDYGFD02AzZEwWu9vZNFH8
2020-09-30 00:57:58,242:WARNING:certbot._internal.auth_handler:Challenge failed for domain nextcloud.cosasdejorge.cyou
2020-09-30 00:57:58,244:INFO:certbot._internal.auth_handler:http-01 challenge for nextcloud.cosasdejorge.cyou
2020-09-30 00:57:58,246:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:

Domain: nextcloud.cosasdejorge.cyou
Type: unauthorized
Detail: Invalid response from http://nextcloud.cosasdejorge.cyou/.well-known/acme-challenge/NPdX2prOIBMJJwlJo4xcCt0NpfCBeyIFYgzjQ52GGq0 [187.250.59.75]: "\n<html class="ng-csp" data-placeholder-focus="false" lang="en" data-locale="en" >\n\t<head\n data-requesttoken="pO3F"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2020-09-30 00:57:58,249:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2020-09-30 00:57:58,249:DEBUG:certbot._internal.error_handler:Calling registered functions
2020-09-30 00:57:58,250:INFO:certbot._internal.auth_handler:Cleaning up challenges
2020-09-30 00:57:58,252:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/NPdX2prOIBMJJwlJo4xcCt0NpfCBeyIFYgzjQ52GGq0
2020-09-30 00:57:58,255:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2020-09-30 00:57:58,257:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==1.4.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3.8/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1347, in main
return config.func(config, plugins)
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1233, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 409, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 343, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 390, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

and this command certbot renew --preferred-challenges http --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/npm-1.conf

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for owncloud.cosasdejorge.cyou
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain owncloud.cosasdejorge.cyou
http-01 challenge for owncloud.cosasdejorge.cyou
Cleaning up challenges
Attempting to renew cert (npm-1) from /etc/letsencrypt/renewal/npm-1.conf produced an unexpected error: Some challenges have failed.. Skipping.

Processing /etc/letsencrypt/renewal/npm-2.conf

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for owncloud.cosasdejorge.cyou
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain owncloud.cosasdejorge.cyou
http-01 challenge for owncloud.cosasdejorge.cyou
Cleaning up challenges
Attempting to renew cert (npm-2) from /etc/letsencrypt/renewal/npm-2.conf produced an unexpected error: Some challenges have failed.. Skipping.

Processing /etc/letsencrypt/renewal/npm-3.conf

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for owncloud.cosasdejorge.cyou
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain owncloud.cosasdejorge.cyou
http-01 challenge for owncloud.cosasdejorge.cyou
Cleaning up challenges
Attempting to renew cert (npm-3) from /etc/letsencrypt/renewal/npm-3.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/npm-1/fullchain.pem (failure)
/etc/letsencrypt/live/npm-2/fullchain.pem (failure)
/etc/letsencrypt/live/npm-3/fullchain.pem (failure)

** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/npm-1/fullchain.pem (failure)
/etc/letsencrypt/live/npm-2/fullchain.pem (failure)
/etc/letsencrypt/live/npm-3/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)

3 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: owncloud.cosasdejorge.cyou
  Type: dns
  Detail: DNS problem: NXDOMAIN looking up A for
  owncloud.cosasdejorge.cyou - check that a DNS record exists for
  this domain

• The following errors were reported by the server:

  Domain: owncloud.cosasdejorge.cyou
  Type: dns
  Detail: DNS problem: NXDOMAIN looking up A for
  owncloud.cosasdejorge.cyou - check that a DNS record exists for
  this domain

• The following errors were reported by the server:

  Domain: owncloud.cosasdejorge.cyou
  Type: dns
  Detail: DNS problem: NXDOMAIN looking up A for
  owncloud.cosasdejorge.cyou - check that a DNS record exists for
  this domain
  [root@docker-049d6b43a236:/app]#

Welcome to the Let's Encrypt Community, Jorge

I ran some tests for you.

It looks like owncloud.cosasdejorge.cyou does not have an A record in your DNS and so has no IP address and is therefore unreachable.

As for nextcloud.cosasdejorge.cyou, it appears that port 80 is closed. Let's Encrypt needs port 80 to be open to validate your domain control via accessing http-01 challenge files. There actually was a timeout trying to reach port 80, so this may be a firewall problem.

Screenshot_20200930-011847_Samsung Internet1439×823 317 KB

Screenshot_20200930-011751_Samsung Internet1080×1788 794 KB

Another question: why do you have three certificates containing the same hostname?

pi.
owncloud
cosasjorge.cyou
those?
Because i do not know to tell you the truth, i am learning i panic. i will like to erase and start all over again.
Where do see what you are asking?
be patient new at this.
thanks

Thank you.
I will look at the port i just change router i thought i open port 80
Where and how do you see or check what you send me i will like to learn.
thanks
Update:
fix the port issue

@jorgeg73

No worries about being new to this. We've all been there. @Osiris tells it like it is. He's an MD who is direct to the point and very astute. I'm quite glad he noticed what he did. It will be one of the first things we address here. Let's get you going.

Let's gather some information about your certificate renewal for owncloud.cosasdejorge.cyou...

Do you see the three certificates being renewed above, all for owncloud.cosasdejorge.cyou?

Let's gather some information about your new certificate for nextcloud.cosasdejorge.cyou...

The tools I used were https://letsdebug.net and Dig (DNS lookup).

Here are the current results:

owncloud.cosasdejorge.cyou still has no A record in the DNS. If you're going to use http-01 challenges to prove your control of that domain, it needs to be reachable via a public IP address. You need to add an A record pointing to a public IP address to the DNS for owncloud.cosasdejorge.cyou.

nextcloud.cosasdejorge.cyou is being served by Cloudflare Content Delivery Network (Cloudflare CDN). This means that the Cloudflare certificate encrypts traffic between your visitor's browser and the Cloudflare network while the Let's Encrypt certificate would encrypt traffic between the Cloudflare network and nextcloud.cosasdejorge.cyou. At present nextcloud.cosasdejorge.cyou is returning a 502 Bad Gateway error.

This will get you started to resolve the communication issue between Cloudflare and nextcloud.cosasdejorge.cyou :

https://support.cloudflare.com/hc/en-us/categories/200276247-SSL-TLS

https://support.cloudflare.com/hc/en-us/articles/115000479507

Screenshot_20200930-200100_Samsung Internet1439×871 479 KB

@griffin

WOW, thanks!!!.

I do not know how, why. I dont know if it is because i tried to get them whit nginx several times that made that. What i can tell you is that i mess whit this too many times that for a moment i got a messages that i had to wait for sometime to try and renew again.

I when to https://www.ssllabs.com and i get B grade.
I will start reading on the links you send me ..
Thanks
Here is how i have my cloudflare set up

Untitled1280×602 60.9 KB

You can use the following to view your certificates:
certbot certificates

Take notice of the Certificate Names.

You can use the following to delete any unneeded certificates:
certbot delete --cert-name name

You can add --cert-name name to your certbot commands to control which certificate you are working with. That will keep you from generating duplicate certificates. When creating a new certificate, if you don't specify a name, certbot will make one up for you.

Use this carefully though, as certbot has no clue at all if the to-be deleted certificate is actually in use by other programs. So deleting an in-use certificate could make a program which is using that certificate inoperable.

With three identical certificates this isn't a real problem though: just use the one cert that's left over and configure all programs to use just that one.

@Osiris @griffin
I have deleted the certificates that are not been use, i fix the 80 port issue.
Now i have the bad gateway i reading what you send me oping i can fix it. I had it working before it was not difficult at that time but i glad this happen now i can learn more. When thinks go well there's no fun on that. i will try to see that A record how to get it.
Thanks.

nextcloud.cosasdejorge.cyou isn't accessible and because it's behind CloudFlare, we can't connect directly to it. So I'm afraid I'm unable to give advice currently.

@griffin
got it working. I deleted all certificates there was a problem whit raspberry pi the sd card filled up did know why i had a backup i restored from there nginx did not work well after that reinstall the container now is working fine. Now i have to know how to change my ip on cloudflare when my ISP provider changes my dinamic IP.
Thanks

I can now see nextcloud.cosasdejorge.cyou perfectly.

owncloud.cosasdejorge.cyou still lacks an A record, which I'm assuming is your next step. You can get owncloud.cosasdejorge.cyou certified using a dns-01 challenge, which verifies a TXT record created in the DNS zone for owncloud.cosasdejorge.cyou. You don't even need an A record (or a working webserver) to do that.

These might help:

https://www.cloudflare.com/learning/dns/glossary/dynamic-dns/
https://support.cloudflare.com/hc/en-us/articles/360020524512-Manage-dynamic-IPs-in-Cloudflare-DNS-programmatically

@griffin. already there, found this one https://hub.docker.com/r/janarj/cloudflare-ddns, reading to see if i can implemented
Thanks for your help

Muy bien, mi amigo.

Let us know how it goes.

Done it.
Docker container

Follow this guide

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.