Unable to generate a ssl certificate using certbot

YannickVachon · October 18, 2020, 8:32pm

Here is my first time at trying to do SSL since we forgot to renew the previous certificate in time (not a Let's encrypt certificate). And because the config from the previous team was messed up, I decided to uninstall completely the Apache and Nginx servers and strop from scratch with a new Nginx instance.

I've never done SSL, never used certbot and even my ubuntu knowledge is thin (don't laugh at the fact I am normally a dev who use Microsoft tech).

Now, as for the questions asked, here are the answers.

My domain is: reseautage.com

I ran this command: sudo certbot --nginx -d reseautage.com -d www.reseautage.com

It produced this output: See below for the full log

My web server is (include version): nginx/1.10.3 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: DigitalOcean (the app is inside a droplet, if it is important to know)
Domain registration was made from another enterprise (Funio) and was working perfectly before.

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.31.0

Here is the content of the log after running the previous instruction.

2020-10-18 20:14:16,670:DEBUG:certbot.main:certbot version: 0.31.0
2020-10-18 20:14:16,671:DEBUG:certbot.main:Arguments: ['--nginx', '-d', 'reseautage.com', '-d', 'www.reseautage.com']
2020-10-18 20:14:16,672:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-10-18 20:14:16,679:DEBUG:certbot.log:Root logging level set at 20
2020-10-18 20:14:16,679:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-10-18 20:14:16,681:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2020-10-18 20:14:16,779:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f196f9ada90>
Prep: True
2020-10-18 20:14:16,781:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7f196f9ada90> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7f196f9ada90>
2020-10-18 20:14:16,781:INFO:certbot.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2020-10-18 20:14:16,785:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(terms_of_service=None, body=Registration(only_return_existing=None, external_account_binding=None, terms_of_service_agreed=None, agreement=None, contact=(), key=None, status=None), new_authzr_uri=None, uri='https://acme-v02.api.letsencrypt.org/acme/acct/69485234'), 63ff8271ab82b259b7eb73481bdf1a35, Meta(creation_dt=datetime.datetime(2019, 10, 15, 18, 16, 44, tzinfo=), creation_host='reseautage'))>
2020-10-18 20:14:16,787:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2020-10-18 20:14:16,789:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2020-10-18 20:14:16,989:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2020-10-18 20:14:16,990:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 18 Oct 2020 20:14:16 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"5iBn0_UTU08": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2020-10-18 20:14:16,991:INFO:certbot.main:Obtaining a new certificate
2020-10-18 20:14:17,023:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0012_key-certbot.pem
2020-10-18 20:14:17,025:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0012_csr-certbot.pem
2020-10-18 20:14:17,025:DEBUG:acme.client:Requesting fresh nonce
2020-10-18 20:14:17,025:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2020-10-18 20:14:17,075:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2020-10-18 20:14:17,076:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 18 Oct 2020 20:14:17 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0004cfrLn7p4U0Ot_kt8Y4pt8YLvcBnbOwSF6RWwvFInKNI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2020-10-18 20:14:17,077:DEBUG:acme.client:Storing nonce: 0004cfrLn7p4U0Ot_kt8Y4pt8YLvcBnbOwSF6RWwvFInKNI
2020-10-18 20:14:17,077:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "value": "reseautage.com",\n "type": "dns"\n },\n {\n "value": "www.reseautage.com",\n "type": "dns"\n }\n ]\n}'
2020-10-18 20:14:17,081:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInZhbHVlIjogInJlc2VhdXRhZ2UuY29tIiwKICAgICAgInR5cGUiOiAiZG5zIgogICAgfSwKICAgIHsKICAgICAgInZhbHVlIjogInd3dy5yZXNlYXV0YWdlLmNvbSIsCiAgICAgICJ0eXBlIjogImRucyIKICAgIH0KICBdCn0",
"signature": "nb7zbwSFkY6dqA6f-k9WtB2SzvE3K3J3a4ReEJU2b6ZUrSkKYvQwo4pZ5S21KKl6p0L9FiZ5tUe4H8Xj7RkfKuuYsq47GL6P1_ej6mfgCe37AAUQEs6jCLGBe7sHd-NB6pfBqtjVclM9fhlTpk8B4MhLUszrLiTQzP7Rzwi9pbpTFjm_ZaBGo-ns8oYvcPJ9Y_LbHRoR4P-E_DjzFhQNSciRfmYLTu-vUbMncLnLKQK4XIlKxjhgMc-qRycIfIfGZ1C_-pAv3VoB8NYlbOm-qA2QIRTJHYAjxp0JURZpS9n8OddyLgL_b5UrF3UGu95wb-VcLBxz4Vsg-bGxL3sZPA",
"protected": "eyJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAiMDAwNGNmckxuN3A0VTBPdF9rdDhZNHB0OFlMdmNCbmJPd1NGNlJXd3ZGSW5LTkkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82OTQ4NTIzNCJ9"
}
2020-10-18 20:14:17,170:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 483
2020-10-18 20:14:17,170:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sun, 18 Oct 2020 20:14:17 GMT
Content-Type: application/json
Content-Length: 483
Connection: keep-alive
Boulder-Requester: 69485234
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/69485234/5755233454
Replay-Nonce: 0003ng7GBD7jCQjtpQ1CkVu2djH08MOAztnFJsVZi1WOHoQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2020-10-25T20:14:17.128392479Z",
"identifiers": [
{
"type": "dns",
"value": "reseautage.com"
},
{
"type": "dns",
"value": "www.reseautage.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/7983928864",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/7983928866"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/69485234/5755233454"
}
2020-10-18 20:14:17,171:DEBUG:acme.client:Storing nonce: 0003ng7GBD7jCQjtpQ1CkVu2djH08MOAztnFJsVZi1WOHoQ
2020-10-18 20:14:17,171:DEBUG:acme.client:JWS payload:
b''
2020-10-18 20:14:17,172:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/7983928864:
{
"payload": "",
"signature": "QGCHY8Q-FCYs8lppO5Y3C_lEWYTwB-YC41CKj8u9NB6IBgMSJ0EH4zXgRhWSxt6a_XBs-cDyRvReQKQu2ui1LAXQhP2k6C2SrGihqOvh6WEawTKEcPNoIT3SBSxzSMcqjKVIGCIS_-mKHPKt3RM8-iVZWvrHgr7O0lWtkBdkZWTPIV8noVdlmesOQ4QSdEjsEzxWheCVpSJv0-QyVBwNk-wDdHVOirQKNvgkigAxxAfKt2thQqxm4PeeGFEnsMh9cQMq9GUo8wp-Mj_N0dZTqkm2czvDi9h4rMdXCEUjbesVnY4wREzRPQ3LVP0UvfbJQnbxTH6olyNL2B9S6HLrHQ",
"protected": "eyJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAiMDAwM25nN0dCRDdqQ1FqdHBRMUNrVnUyZGpIMDhNT0F6dG5GSnNWWmkxV09Ib1EiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzc5ODM5Mjg4NjQiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjk0ODUyMzQifQ"
}
2020-10-18 20:14:17,226:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/7983928864 HTTP/1.1" 200 792
2020-10-18 20:14:17,227:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 18 Oct 2020 20:14:17 GMT
Content-Type: application/json
Content-Length: 792
Connection: keep-alive
Boulder-Requester: 69485234
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0004UapEZo9hSvDAv67fX2lq5j0hUznmbua6bo1ORGVO5-w
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "reseautage.com"
},
"status": "pending",
"expires": "2020-10-25T20:14:17Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7983928864/YQWvqA",
"token": "esrcYogxSpSCo0d8EC_rIqBePyTXuyKrUkOmeq8KXUc"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7983928864/hEf3Cw",
"token": "esrcYogxSpSCo0d8EC_rIqBePyTXuyKrUkOmeq8KXUc"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7983928864/JL0enw",
"token": "esrcYogxSpSCo0d8EC_rIqBePyTXuyKrUkOmeq8KXUc"
}
]
}
2020-10-18 20:14:17,227:DEBUG:acme.client:Storing nonce: 0004UapEZo9hSvDAv67fX2lq5j0hUznmbua6bo1ORGVO5-w
2020-10-18 20:14:17,227:DEBUG:acme.client:JWS payload:
b''
2020-10-18 20:14:17,229:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/7983928866:
{
"payload": "",
"signature": "qWYoY7x5oBN_eZaTkfzEdq85HXw02nPsaY-cL0Zv30W5mxd07fhQ34H7bjPJBOlJ3XwBdcTQL8VbnN2VLqBm7qe_Qaeb7GGY1ahA7MW8Hh8ULlkrCwF7dx3cGQV0FAiv3zuRMb_uXnQFa_rDfOP26Y6YaaahckEUgJgtH2ILjzrg42pKySAirHlQLOh2stjAcgULlQTJAVOGlyYWfmTbF8eAEradc65Ada5AN2DWoYA8dD8UPB0pgt1lPxiWkrRfWWNu0a9nF99Fo3xnoD9EgY5EoZ7bcjNXhWuPoBKBSNGIUqVtGuh59rsUxqxBiNupzxr-Ri-c7LqunA6BOzqY4g",
"protected": "eyJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAiMDAwNFVhcEVabzloU3ZEQXY2N2ZYMmxxNWowaFV6bm1idWE2Ym8xT1JHVk81LXciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzc5ODM5Mjg4NjYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjk0ODUyMzQifQ"
}
2020-10-18 20:14:17,283:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/7983928866 HTTP/1.1" 200 796
2020-10-18 20:14:17,283:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 18 Oct 2020 20:14:17 GMT
Content-Type: application/json
Content-Length: 796
Connection: keep-alive
Boulder-Requester: 69485234
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0001VgbWJ_stRzDcINYQgIT8a6MVTealfLofwvvpQwqw-mc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "www.reseautage.com"
},
"status": "pending",
"expires": "2020-10-25T20:14:17Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7983928866/y4jlqA",
"token": "3ZghPmJg1O7FoW85dCBxPjDrBwRnrcAR99_oSLHMeIs"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7983928866/AbMNUA",
"token": "3ZghPmJg1O7FoW85dCBxPjDrBwRnrcAR99_oSLHMeIs"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7983928866/H-0P_w",
"token": "3ZghPmJg1O7FoW85dCBxPjDrBwRnrcAR99_oSLHMeIs"
}
]
}
2020-10-18 20:14:17,284:DEBUG:acme.client:Storing nonce: 0001VgbWJ_stRzDcINYQgIT8a6MVTealfLofwvvpQwqw-mc
2020-10-18 20:14:17,284:INFO:certbot.auth_handler:Performing the following challenges:
2020-10-18 20:14:17,285:INFO:certbot.auth_handler:http-01 challenge for reseautage.com
2020-10-18 20:14:17,286:INFO:certbot.auth_handler:http-01 challenge for www.reseautage.com
2020-10-18 20:14:17,306:DEBUG:certbot_nginx.http_01:Generated server block:

2020-10-18 20:14:17,306:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
2020-10-18 20:14:17,306:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/reseautage.com
2020-10-18 20:14:17,307:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/default
2020-10-18 20:14:17,307:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
2020-10-18 20:14:17,307:DEBUG:certbot_nginx.parser:Writing nginx conf tree to /etc/nginx/sites-enabled/reseautage.com:
server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot

rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot

    listen 80;
    listen [::]:80;

    root /var/www/reseautage.com/html;
    index index.html index.htm index.nginx-debian.html;

    server_name reseautage.com www.reseautage.com;

    location / {
            try_files $uri $uri/ =404;
    }

location = /.well-known/acme-challenge/esrcYogxSpSCo0d8EC_rIqBePyTXuyKrUkOmeq8KXUc{default_type text/plain;return 200 esrcYogxSpSCo0d8EC_rIqBePyTXuyKrUkOmeq8KXUc.ulZ63PjhLaUVfpFl6pkNXPpCJXffN4z2n7NtrZ2IXN0;} # managed by Certbot

location = /.well-known/acme-challenge/3ZghPmJg1O7FoW85dCBxPjDrBwRnrcAR99_oSLHMeIs{default_type text/plain;return 200 3ZghPmJg1O7FoW85dCBxPjDrBwRnrcAR99_oSLHMeIs.ulZ63PjhLaUVfpFl6pkNXPpCJXffN4z2n7NtrZ2IXN0;} # managed by Certbot

}
2020-10-18 20:14:17,308:DEBUG:certbot_nginx.parser:Writing nginx conf tree to /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
worker_connections 768;
# multi_accept on;
}

http {
include /etc/letsencrypt/le_http_01_cert_challenge.conf;

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

server_names_hash_bucket_size 128;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;
gzip_disable "msie6";

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

}

#mail {

# See sample authentication script at:

# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript

# auth_http localhost/auth.php;

# pop3_capabilities "TOP" "USER";

# imap_capabilities "IMAP4rev1" "UIDPLUS";

server {

listen localhost:110;

protocol pop3;

proxy on;

}

server {

listen localhost:143;

protocol imap;

proxy on;

}

#}

2020-10-18 20:14:18,324:INFO:certbot.auth_handler:Waiting for verification...
2020-10-18 20:14:18,325:DEBUG:acme.client:JWS payload:
b'{\n "keyAuthorization": "esrcYogxSpSCo0d8EC_rIqBePyTXuyKrUkOmeq8KXUc.ulZ63PjhLaUVfpFl6pkNXPpCJXffN4z2n7NtrZ2IXN0",\n "type": "http-01",\n "resource": "challenge"\n}'
2020-10-18 20:14:18,327:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/7983928864/YQWvqA:
{
"payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogImVzcmNZb2d4U3BTQ28wZDhFQ19ySXFCZVB5VFh1eUtyVWtPbWVxOEtYVWMudWxaNjNQamhMYVVWZnBGbDZwa05YUHBDSlhmZk40ejJuN050cloySVhOMCIsCiAgInR5cGUiOiAiaHR0cC0wMSIsCiAgInJlc291cmNlIjogImNoYWxsZW5nZSIKfQ",
"signature": "CO5Sd7_rghV8twzbKpGqLEkXBgIGEe9nkpKQ6d5Jq_c31c3xncAWXXR3gjKMGqNWxEAMrC2QcDWW2I_fwiKCTajrLoIkRoaosUmW7IJ6tLih80e_hL-_vh-wL70a3usQA6l_M_mvPzSSGO0DaIMWE2XWfqHh9RVFA7jCVf0HVOYCeIXKkqhloPeYwarEK7Ddk5Y0xLIOnNIVnSiPFZToGsUeoq3SGo6POgdLpChSvnpdQziYt-lwoD8I-y5U8pIOVDRDRw26wk95Ey71FqebEILNpbqfegOF4qjZnvlAIrSt2Qlmu_Bx1S83DDgN3zNKC24_3DfmP2WI-AjK72JdNw",
"protected": "eyJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAiMDAwMVZnYldKX3N0UnpEY0lOWVFnSVQ4YTZNVlRlYWxmTG9md3Z2cFF3cXctbWMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzc5ODM5Mjg4NjQvWVFXdnFBIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzY5NDg1MjM0In0"
}
2020-10-18 20:14:18,393:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/7983928864/YQWvqA HTTP/1.1" 200 185
2020-10-18 20:14:18,394:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 18 Oct 2020 20:14:18 GMT
Content-Type: application/json
Content-Length: 185
Connection: keep-alive
Boulder-Requester: 69485234
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz-v3/7983928864;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/7983928864/YQWvqA
Replay-Nonce: 0003Lxc0agqX6kDFDmp_l_yPWfm7KI0ypz_Ur35pvIqeLH8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7983928864/YQWvqA",
"token": "esrcYogxSpSCo0d8EC_rIqBePyTXuyKrUkOmeq8KXUc"
}
2020-10-18 20:14:18,394:DEBUG:acme.client:Storing nonce: 0003Lxc0agqX6kDFDmp_l_yPWfm7KI0ypz_Ur35pvIqeLH8
2020-10-18 20:14:18,394:DEBUG:acme.client:JWS payload:
b'{\n "keyAuthorization": "3ZghPmJg1O7FoW85dCBxPjDrBwRnrcAR99_oSLHMeIs.ulZ63PjhLaUVfpFl6pkNXPpCJXffN4z2n7NtrZ2IXN0",\n "type": "http-01",\n "resource": "challenge"\n}'
2020-10-18 20:14:18,396:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/7983928866/y4jlqA:
{
"payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIjNaZ2hQbUpnMU83Rm9XODVkQ0J4UGpEckJ3Um5yY0FSOTlfb1NMSE1lSXMudWxaNjNQamhMYVVWZnBGbDZwa05YUHBDSlhmZk40ejJuN050cloySVhOMCIsCiAgInR5cGUiOiAiaHR0cC0wMSIsCiAgInJlc291cmNlIjogImNoYWxsZW5nZSIKfQ",
"signature": "jyrYZhqOJNghTnAhuhbUBB9kq_LA9PRjNa084m7Md78lA1tSHZnvy5uT0mog99m3t99U9uqMOErtnvnKA80zD828BOAffd1Mo88xbl6yB37wTlO4tjZJDRxYOxdSChhEQS5F5Ojlz79QmMLzejhjHnwgKD2QSpN73wxQQaZ8kMLWALs1ENxFQDK1A9eui_U8hMmu6yKHRR_wblyAXS16GLcK1k4-As8yGHzsAGAnjpr5-V32Fz0H2IxMOJwK5xhRcjQSEu-uUpwfxSyPI_wSvNWR8TL0oTLnux0MHnzgUEc2BhQuAFfkJCaLFJH7n8liO_RaijnlDLd9Q8o7FkCZgw",
"protected": "eyJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAiMDAwM0x4YzBhZ3FYNmtERkRtcF9sX3lQV2ZtN0tJMHlwel9VcjM1cHZJcWVMSDgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzc5ODM5Mjg4NjYveTRqbHFBIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzY5NDg1MjM0In0"
}
2020-10-18 20:14:18,454:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/7983928866/y4jlqA HTTP/1.1" 200 185
2020-10-18 20:14:18,455:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 18 Oct 2020 20:14:18 GMT
Content-Type: application/json
Content-Length: 185
Connection: keep-alive
Boulder-Requester: 69485234
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz-v3/7983928866;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/7983928866/y4jlqA
Replay-Nonce: 0002Nk8zviY_meBNdm-dqKjHh8N2mQxCg-8DPROYAjWJaqg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7983928866/y4jlqA",
"token": "3ZghPmJg1O7FoW85dCBxPjDrBwRnrcAR99_oSLHMeIs"
}
2020-10-18 20:14:18,455:DEBUG:acme.client:Storing nonce: 0002Nk8zviY_meBNdm-dqKjHh8N2mQxCg-8DPROYAjWJaqg
2020-10-18 20:14:21,458:DEBUG:acme.client:JWS payload:
b''
2020-10-18 20:14:21,460:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/7983928864:
{
"payload": "",
"signature": "CzmujLkPHAt_aVFDBFnImDuT48L3Z3QoXltmOfSi-ZaMb0bfL0QpF4h6yZJPEyIbHG9PPBSfreG0rPyqBZx84qnIUsl22taiJHhW6Bspzg_ObU6DfuABfuKBQ513arpzVr3algSNSQlIrGYUavDHEkOl2Q2bHbgnL3HWbUt459Az2JdtKc6hJ5_G65HBeXeXMkedmH8900acAEgh5wBknxAJdHmpeY25mLTd7yoyVrSMKhp6G5hzRd7ilML1mpHCg7I6EzoV83n-WEW6Uizm-oE6b1P_FUducjKDifVXn2F8KyylzTpt7vcISkNj_7UHlEVHS5mcQ1aisfXAC2JNpA",
"protected": "eyJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAiMDAwMk5rOHp2aVlfbWVCTmRtLWRxS2pIaDhOMm1ReENnLThEUFJPWUFqV0phcWciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzc5ODM5Mjg4NjQiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjk0ODUyMzQifQ"
}
2020-10-18 20:14:21,523:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/7983928864 HTTP/1.1" 200 1304
2020-10-18 20:14:21,524:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 18 Oct 2020 20:14:21 GMT
Content-Type: application/json
Content-Length: 1304
Connection: keep-alive
Boulder-Requester: 69485234
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0002VHcUUG7RELdIcJ3awPjMk7wosIsc-SkCrm0St5kPNlI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "reseautage.com"
},
"status": "invalid",
"expires": "2020-10-25T20:14:17Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://reseautage.com/.well-known/acme-challenge/esrcYogxSpSCo0d8EC_rIqBePyTXuyKrUkOmeq8KXUc [2607:f748:1301:0:184:107:112:55]: "\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e404 Not Found\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eNot Found\u003c/h1\u003e\n\u003cp"",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7983928864/YQWvqA",
"token": "esrcYogxSpSCo0d8EC_rIqBePyTXuyKrUkOmeq8KXUc",
"validationRecord": [
{
"url": "http://reseautage.com/.well-known/acme-challenge/esrcYogxSpSCo0d8EC_rIqBePyTXuyKrUkOmeq8KXUc",
"hostname": "reseautage.com",
"port": "80",
"addressesResolved": [
"165.227.33.173",
"2607:f748:1301:0:184:107:112:55"
],
"addressUsed": "2607:f748:1301:0:184:107:112:55"
}
]
}
]
}
2020-10-18 20:14:21,524:DEBUG:acme.client:Storing nonce: 0002VHcUUG7RELdIcJ3awPjMk7wosIsc-SkCrm0St5kPNlI
2020-10-18 20:14:21,526:DEBUG:acme.client:JWS payload:
b''
2020-10-18 20:14:21,528:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/7983928866:
{
"payload": "",
"signature": "HLaUBg1Vv9FXDtGsDMVhtEy8JyqTeljMXHyk8EevLT2lkGi1jjLuIXejulKP56SzdE6rvx56A3zeHLsc8vgewcv9qQfKe_UqiMWG7DtbMrJB_XGL0i3gBAt8yQPRICnOJQjUCnNkoHDzWQk_gMhDQzOJQ900VL70N5GafR226ZitA6rQVxckzPdBQ0-NUqxnjg-QMZnBMcBRdWjPblDRrEKuUPOPFUwCov4M6PgyD9YIDROdJwFq7aNTlbudzmyWXI3FoCho_WaZtYSTgA1WQzP7bdLXcbVegALmoMKAmE3SusuYdH2XmyVAfeO4uRT4FGRNbDLf_PQPOj9s4ueoew",
"protected": "eyJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAiMDAwMlZIY1VVRzdSRUxkSWNKM2F3UGpNazd3b3NJc2MtU2tDcm0wU3Q1a1BObEkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzc5ODM5Mjg4NjYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjk0ODUyMzQifQ"
}
2020-10-18 20:14:21,581:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/7983928866 HTTP/1.1" 200 1320
2020-10-18 20:14:21,582:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 18 Oct 2020 20:14:21 GMT
Content-Type: application/json
Content-Length: 1320
Connection: keep-alive
Boulder-Requester: 69485234
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0003YmBmD1hmpJAytAWjbV1PJqdM_MXMmdIs8HcnZA2iqes
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "www.reseautage.com"
},
"status": "invalid",
"expires": "2020-10-25T20:14:17Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://www.reseautage.com/.well-known/acme-challenge/3ZghPmJg1O7FoW85dCBxPjDrBwRnrcAR99_oSLHMeIs [2607:f748:1301:0:184:107:112:55]: "\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e404 Not Found\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eNot Found\u003c/h1\u003e\n\u003cp"",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7983928866/y4jlqA",
"token": "3ZghPmJg1O7FoW85dCBxPjDrBwRnrcAR99_oSLHMeIs",
"validationRecord": [
{
"url": "http://www.reseautage.com/.well-known/acme-challenge/3ZghPmJg1O7FoW85dCBxPjDrBwRnrcAR99_oSLHMeIs",
"hostname": "www.reseautage.com",
"port": "80",
"addressesResolved": [
"165.227.33.173",
"2607:f748:1301:0:184:107:112:55"
],
"addressUsed": "2607:f748:1301:0:184:107:112:55"
}
]
}
]
}
2020-10-18 20:14:21,582:DEBUG:acme.client:Storing nonce: 0003YmBmD1hmpJAytAWjbV1PJqdM_MXMmdIs8HcnZA2iqes
2020-10-18 20:14:21,583:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: www.reseautage.com
Type: unauthorized
Detail: Invalid response from http://www.reseautage.com/.well-known/acme-challenge/3ZghPmJg1O7FoW85dCBxPjDrBwRnrcAR99_oSLHMeIs [2607:f748:1301:0:184:107:112:55]: "\n\n404 Not Found\n\n

Not Found

\n<p"

Domain: reseautage.com
Type: unauthorized
Detail: Invalid response from http://reseautage.com/.well-known/acme-challenge/esrcYogxSpSCo0d8EC_rIqBePyTXuyKrUkOmeq8KXUc [2607:f748:1301:0:184:107:112:55]: "\n\n404 Not Found\n\n

Not Found

\n<p"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2020-10-18 20:14:21,584:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.reseautage.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.reseautage.com/.well-known/acme-challenge/3ZghPmJg1O7FoW85dCBxPjDrBwRnrcAR99_oSLHMeIs [2607:f748:1301:0:184:107:112:55]: "\n\n404 Not Found\n\n

Not Found

\n<p", reseautage.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://reseautage.com/.well-known/acme-challenge/esrcYogxSpSCo0d8EC_rIqBePyTXuyKrUkOmeq8KXUc [2607:f748:1301:0:184:107:112:55]: "\n\n404 Not Found\n\n

Not Found

\n<p"

2020-10-18 20:14:21,584:DEBUG:certbot.error_handler:Calling registered functions
2020-10-18 20:14:21,584:INFO:certbot.auth_handler:Cleaning up challenges
2020-10-18 20:14:22,679:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1119, in run
certname, lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 410, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.reseautage.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.reseautage.com/.well-known/acme-challenge/3ZghPmJg1O7FoW85dCBxPjDrBwRnrcAR99_oSLHMeIs [2607:f748:1301:0:184:107:112:55]: "\n\n404 Not Found\n\n

Not Found

\n<p", reseautage.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://reseautage.com/.well-known/acme-challenge/esrcYogxSpSCo0d8EC_rIqBePyTXuyKrUkOmeq8KXUc [2607:f748:1301:0:184:107:112:55]: "\n\n404 Not Found\n\n

Not Found

\n<p"

rg305 · October 18, 2020, 8:46pm

Your IPv6 redirects are... tangled.

curl -Iki6 http://www.reseautage.com
HTTP/1.1 301 Moved Permanently
Date: Sun, 18 Oct 2020 20:44:31 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Upgrade: h2,h2c
Connection: Upgrade
Location: http://reseautage.com/
Content-Type: text/html; charset=UTF-8

curl -Iki6 http://reseautage.com
HTTP/1.1 301 Moved Permanently
Date: Sun, 18 Oct 2020 20:43:50 GMT
Server: Apache
Location: https://www.reseautage.com/
Content-Type: text/html; charset=iso-8859-1

curl -Iki6 https://www.reseautage.com
HTTP/2 301
date: Sun, 18 Oct 2020 20:45:21 GMT
server: Apache
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
location: https://reseautage.com/
content-type: text/html; charset=UTF-8

curl -Iki6 https://reseautage.com
HTTP/2 301
date: Sun, 18 Oct 2020 20:45:43 GMT
server: Apache
location: https://www.reseautage.com/
content-type: text/html; charset=iso-8859-1

curl -Iki6 https://www.reseautage.com
HTTP/2 301
date: Sun, 18 Oct 2020 20:45:57 GMT
server: Apache
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
location: https://reseautage.com/
content-type: text/html; charset=UTF-8

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it ]

_az · October 18, 2020, 8:48pm

There's a handful of different issues:

On port 443, you have an Apache server running
On port 80:
- On your IPv4 address, you have nginx running
- On your IPv6 address, you have an Apache server running
You have a redirect loop, as @rg305 already pointed out

Your Certbot failure is mainly related to (2), but every issue is going to cause you trouble.

I think you need to first figure out what webserver you want to run, and make sure that only it is running, and that it is running and bound to both IPv4 and IPv6.

YannickVachon · October 18, 2020, 8:53pm

Honestly, I though I had removed everything related to Apache already. I really wonder why some entries are still left out sure.

Even after running "apt-get purge apache2" and "apt-get autoremove", I get Apache answers. DAMN

Will look into that and see if it solve my issues.

rg305 · October 18, 2020, 8:54pm

Are both IPs on the same system?:

Name:    www.reseautage.com
Addresses:  2607:f748:1301:0:184:107:112:55
          165.227.33.173

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it ]

_az · October 18, 2020, 8:55pm

On Debian (and Ubuntu) systems, there's this annoying thing where you can uninstall a webserver, but if it's still running at the time of uninstallation, the process image will remain in memory and keep running.

I think this might help:

sudo killall -9 apache2
sudo service nginx restart

rg305 · October 18, 2020, 8:57pm

And then restart/reload nginx so that is can bind to IPv6:443

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it ]

YannickVachon · October 18, 2020, 9:05pm

Running "sudo killall -9 apache2" gave me a "apache2: no process found".

Yet, you made me think of something there. The fact that the site where we bought the domain is not the place where we host the site, I checked there and there is a permanent redirection done on their side. Most of them are unrelated since we own more than one domain but they all redirect to the main one.

Yet, there is one line that bother me where "reseautage.com" gets redirected to "https://www.reseautage.com/".. And on that site they use Apache as their server.

Is there a way for me to test if that redirect is actually preventing me from running certbot? i mean, I could remove it, use certbot and put it back once I am done, if it works.

_az · October 18, 2020, 9:08pm

Looks like you were right after all - they're different systems.

rg305 · October 18, 2020, 9:11pm

I would start with:
Are both IPs reaching your server?
Show:
curl -4 ifconfig.co
curl -6 ifconfig.co
If so, then you control the whole thing.
If not, then you have problems.

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it ]

YannickVachon · October 18, 2020, 9:11pm

I will remove those redirects, at least for now, to see if it fix my problem. If yes, it may help someone else to not lose their week-end over this!

YannickVachon · October 18, 2020, 9:37pm

So, after removing the redirect, it is not working. But the error at the end of the log file have changed.

Here is the new log.

2020-10-18 21:21:39,094:DEBUG:certbot.main:certbot version: 0.31.0
2020-10-18 21:21:39,095:DEBUG:certbot.main:Arguments: ['--nginx', '-d', 'reseautage.com', '-d', 'www.reseautage.com']
2020-10-18 21:21:39,095:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-10-18 21:21:39,103:DEBUG:certbot.log:Root logging level set at 20
2020-10-18 21:21:39,104:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-10-18 21:21:39,105:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2020-10-18 21:21:39,206:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f7c7b4cd208>
Prep: True
2020-10-18 21:21:39,207:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7f7c7b4cd208> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7f7c7b4cd208>
2020-10-18 21:21:39,207:INFO:certbot.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2020-10-18 21:21:39,211:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(terms_of_service=None, new_authzr_uri=None, uri='https://acme-v02.api.letsencrypt.org/acme/acct/69485234', body=Registration(agreement=None, status=None, terms_of_service_agreed=None, external_account_binding=None, only_return_existing=None, key=None, contact=())), 63ff8271ab82b259b7eb73481bdf1a35, Meta(creation_dt=datetime.datetime(2019, 10, 15, 18, 16, 44, tzinfo=), creation_host='reseautage'))>
2020-10-18 21:21:39,212:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2020-10-18 21:21:39,214:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2020-10-18 21:21:39,357:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2020-10-18 21:21:39,357:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 18 Oct 2020 21:21:39 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"PfAE_lDcMck": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2020-10-18 21:21:39,358:INFO:certbot.main:Obtaining a new certificate
2020-10-18 21:21:39,450:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0014_key-certbot.pem
2020-10-18 21:21:39,452:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0014_csr-certbot.pem
2020-10-18 21:21:39,452:DEBUG:acme.client:Requesting fresh nonce
2020-10-18 21:21:39,452:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2020-10-18 21:21:39,487:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2020-10-18 21:21:39,488:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 18 Oct 2020 21:21:39 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0102L7ZEO9W1R740uFLL0QuVjTvDefmki5wTsMAHQKrJOXg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2020-10-18 21:21:39,488:DEBUG:acme.client:Storing nonce: 0102L7ZEO9W1R740uFLL0QuVjTvDefmki5wTsMAHQKrJOXg
2020-10-18 21:21:39,489:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "reseautage.com"\n },\n {\n "type": "dns",\n "value": "www.reseautage.com"\n }\n ]\n}'
2020-10-18 21:21:39,491:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIjAxMDJMN1pFTzlXMVI3NDB1RkxMMFF1VmpUdkRlZm1raTV3VHNNQUhRS3JKT1hnIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82OTQ4NTIzNCJ9",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInJlc2VhdXRhZ2UuY29tIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5yZXNlYXV0YWdlLmNvbSIKICAgIH0KICBdCn0",
"signature": "TQU2EulE5aocHqr5myWVWka2dPrOUqrV0X0g-TXLVyojtHzpejdgMcVnFbW4ZcDgWvevUt-atWRm-1LDcujsL4Z_O2Y2r3rEK5m7ZN56GtI5siAt6-NJyw2JhSBhc33CC-zK0ABV7G7GyUwByX3LC3ZwArwtj1PPzZbITft541pPh94ZFvmwlOH3zoC9Wy1oDTuRkczTg_hBZ8XpfduVAP5b8b05f2Wu-XiMjl-kyJ1MI-7d5aBr6S50RQi12B0iZ8KnoE5HAPLvN105lKS-ZtYIQXbrWLNSOAV26YPVohQKygv_0CDbHHaDNDNoEtyhPvxcLeyT9b4P8iU1BlpfCw"
}
2020-10-18 21:21:39,686:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 482
2020-10-18 21:21:39,687:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sun, 18 Oct 2020 21:21:39 GMT
Content-Type: application/json
Content-Length: 482
Connection: keep-alive
Boulder-Requester: 69485234
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/69485234/5755979156
Replay-Nonce: 0102bw1FJxg41CiSRxR7jrvng7L895tK2jYO1Z_pbeb_CZI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2020-10-25T21:21:39.63211117Z",
"identifiers": [
{
"type": "dns",
"value": "reseautage.com"
},
{
"type": "dns",
"value": "www.reseautage.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/7984940985",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/7984940986"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/69485234/5755979156"
}
2020-10-18 21:21:39,687:DEBUG:acme.client:Storing nonce: 0102bw1FJxg41CiSRxR7jrvng7L895tK2jYO1Z_pbeb_CZI
2020-10-18 21:21:39,687:DEBUG:acme.client:JWS payload:
b''
2020-10-18 21:21:39,689:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/7984940985:
{
"protected": "eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNzk4NDk0MDk4NSIsICJub25jZSI6ICIwMTAyYncxRkp4ZzQxQ2lTUnhSN2pydm5nN0w4OTV0SzJqWU8xWl9wYmViX0NaSSIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjk0ODUyMzQifQ",
"payload": "",
"signature": "G679cQoTVNT7DeW-INE6FBLKgEf5FDhQuY0-868Gm9Gdz64W4APxVYZc5AnOt8LnYDDgLByeyQ_cIzTVO-OQdyn2gYErq2KfrQnkSrNhspO3y-qp4t1DlmZfLSh5857ojewPCxQI4WobNLsJtr1pKjmssDUcskjW4ydMeM8cwlLrEQt3mCbwTq9JnzbmDjb9Yuoxs3WnFIlZYE9QlYBwsxN024G2dPh2PRv20MHxYtKV-2qyRfAk5NZ9JzL3qCsqnSor9tg7HxQbA-Ts0vEYSxf6l219igzUD9qeVC55iZSmrXrNwKDiLhBcMk2TmMmdkJFJwHIuEu9_ptjgVXx6hw"
}
2020-10-18 21:21:39,752:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/7984940985 HTTP/1.1" 200 792
2020-10-18 21:21:39,753:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 18 Oct 2020 21:21:39 GMT
Content-Type: application/json
Content-Length: 792
Connection: keep-alive
Boulder-Requester: 69485234
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0103g000ME_8UMJw_GC2Y7Pj407FCOOBcq8-LZVaFzNvVds
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "reseautage.com"
},
"status": "pending",
"expires": "2020-10-25T21:21:39Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7984940985/GyH64w",
"token": "P_yV38bY2f30ysVHigsI04X-g8y-XKGBhTUeg0WZByM"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7984940985/AHZ9Uw",
"token": "P_yV38bY2f30ysVHigsI04X-g8y-XKGBhTUeg0WZByM"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7984940985/GgJquw",
"token": "P_yV38bY2f30ysVHigsI04X-g8y-XKGBhTUeg0WZByM"
}
]
}
2020-10-18 21:21:39,753:DEBUG:acme.client:Storing nonce: 0103g000ME_8UMJw_GC2Y7Pj407FCOOBcq8-LZVaFzNvVds
2020-10-18 21:21:39,753:DEBUG:acme.client:JWS payload:
b''
2020-10-18 21:21:39,755:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/7984940986:
{
"protected": "eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNzk4NDk0MDk4NiIsICJub25jZSI6ICIwMTAzZzAwME1FXzhVTUp3X0dDMlk3UGo0MDdGQ09PQmNxOC1MWlZhRnpOdlZkcyIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjk0ODUyMzQifQ",
"payload": "",
"signature": "UfQS_gnDSiRRnCvaFFudqD40QWdV78qAOo2e4tOL6tiRi4efOl9r50KUx-QwpzkTkKZvkLw1lsGkK1ne7I9FfSzuaie-rrPDZQaCQH8_kIXHCnwcg8jUJrNjyaxuVq4jz5-MeW4lLlil72SiUxX7M3rcoMiGZW7hQ7XwOLSz0hA90ItLXsuRV8p6AKblJE46AvC4tTV0bPUeMq4QdjYTPrnYu_c6JDjtMHmdjv9QKtnr9Cc10KvbSqMqqhVgwPK-6vDbeOit0XaTgjDP2KIH9FMrMisoiT-9R7MUmpR0aWIcN35tkDxIO8whArNRtwdHW8N1Juu3DATAPTenEYVyUQ"
}
2020-10-18 21:21:39,824:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/7984940986 HTTP/1.1" 200 796
2020-10-18 21:21:39,825:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 18 Oct 2020 21:21:39 GMT
Content-Type: application/json
Content-Length: 796
Connection: keep-alive
Boulder-Requester: 69485234
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0102v_CGUOE1yB7wp9TLviCjOwtGQj9lvPd8NQc_KU8Hz48
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "www.reseautage.com"
},
"status": "pending",
"expires": "2020-10-25T21:21:39Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7984940986/c1k_VA",
"token": "HqhesJ9qRzo4t-VILOI09ZXd7Fil22P8lmuEaQmLxxc"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7984940986/FNf0YQ",
"token": "HqhesJ9qRzo4t-VILOI09ZXd7Fil22P8lmuEaQmLxxc"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7984940986/KXEXgw",
"token": "HqhesJ9qRzo4t-VILOI09ZXd7Fil22P8lmuEaQmLxxc"
}
]
}
2020-10-18 21:21:39,825:DEBUG:acme.client:Storing nonce: 0102v_CGUOE1yB7wp9TLviCjOwtGQj9lvPd8NQc_KU8Hz48
2020-10-18 21:21:39,825:INFO:certbot.auth_handler:Performing the following challenges:
2020-10-18 21:21:39,826:INFO:certbot.auth_handler:http-01 challenge for reseautage.com
2020-10-18 21:21:39,827:INFO:certbot.auth_handler:http-01 challenge for www.reseautage.com
2020-10-18 21:21:39,847:DEBUG:certbot_nginx.http_01:Generated server block:

2020-10-18 21:21:39,848:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
2020-10-18 21:21:39,848:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/default
2020-10-18 21:21:39,848:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
2020-10-18 21:21:39,848:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/reseautage.com
2020-10-18 21:21:39,849:DEBUG:certbot_nginx.parser:Writing nginx conf tree to /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
worker_connections 768;
# multi_accept on;
}

http {
include /etc/letsencrypt/le_http_01_cert_challenge.conf;

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

server_names_hash_bucket_size 128;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;
gzip_disable "msie6";

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

}

#mail {

# See sample authentication script at:

# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript

# auth_http localhost/auth.php;

# pop3_capabilities "TOP" "USER";

# imap_capabilities "IMAP4rev1" "UIDPLUS";

server {

listen localhost:110;

protocol pop3;

proxy on;

}

server {

listen localhost:143;

protocol imap;

proxy on;

}

#}

2020-10-18 21:21:39,850:DEBUG:certbot_nginx.parser:Writing nginx conf tree to /etc/nginx/sites-enabled/reseautage.com:
server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot

rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot

    listen 80;
    listen [::]:80;

    root /var/www/reseautage.com/html;
    index index.html index.htm index.nginx-debian.html;

    server_name reseautage.com www.reseautage.com;

    location / {
            try_files $uri $uri/ =404;
    }

location = /.well-known/acme-challenge/P_yV38bY2f30ysVHigsI04X-g8y-XKGBhTUeg0WZByM{default_type text/plain;return 200 P_yV38bY2f30ysVHigsI04X-g8y-XKGBhTUeg0WZByM.ulZ63PjhLaUVfpFl6pkNXPpCJXffN4z2n7NtrZ2IXN0;} # managed by Certbot

location = /.well-known/acme-challenge/HqhesJ9qRzo4t-VILOI09ZXd7Fil22P8lmuEaQmLxxc{default_type text/plain;return 200 HqhesJ9qRzo4t-VILOI09ZXd7Fil22P8lmuEaQmLxxc.ulZ63PjhLaUVfpFl6pkNXPpCJXffN4z2n7NtrZ2IXN0;} # managed by Certbot

}
2020-10-18 21:21:40,865:INFO:certbot.auth_handler:Waiting for verification...
2020-10-18 21:21:40,866:DEBUG:acme.client:JWS payload:
b'{\n "resource": "challenge",\n "type": "http-01",\n "keyAuthorization": "P_yV38bY2f30ysVHigsI04X-g8y-XKGBhTUeg0WZByM.ulZ63PjhLaUVfpFl6pkNXPpCJXffN4z2n7NtrZ2IXN0"\n}'
2020-10-18 21:21:40,868:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/7984940985/GyH64w:
{
"protected": "eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvNzk4NDk0MDk4NS9HeUg2NHciLCAibm9uY2UiOiAiMDEwMnZfQ0dVT0UxeUI3d3A5VEx2aUNqT3d0R1FqOWx2UGQ4TlFjX0tVOEh6NDgiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzY5NDg1MjM0In0",
"payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiLAogICJrZXlBdXRob3JpemF0aW9uIjogIlBfeVYzOGJZMmYzMHlzVkhpZ3NJMDRYLWc4eS1YS0dCaFRVZWcwV1pCeU0udWxaNjNQamhMYVVWZnBGbDZwa05YUHBDSlhmZk40ejJuN050cloySVhOMCIKfQ",
"signature": "FfC92GAoBFBhdxJmJj4ntjo51Zme-THud3XLayg2fSRIT0gQzT-QbJAniR4HSEmPDpM4Dp6lY9VWN1CizTpG7-fIqs7UKjAtQM3FwZC7aZJ_h3Ist523lPrKRQc58MF1xBcrOHrp-Y94RuRWvI0um8eyU8msmLzKm_lgt0_ejNBk6mgTmz1WTVSDY4gkOpLsLRUfS-R2f9Pa8GMD2NrGe8CRYGc8Pn6NXHvDU2zkrE1znYsv34EFpxUN2gabu24UVyWzM7_wWLkAFbtnUiXLtgcW-0Dx8zUCMfwWN1fhnFprcWEgBUOMfdOw1y2Ew0r0fkC5kVtYx-WX0ctvMZAbAQ"
}
2020-10-18 21:21:40,951:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/7984940985/GyH64w HTTP/1.1" 200 185
2020-10-18 21:21:40,952:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 18 Oct 2020 21:21:40 GMT
Content-Type: application/json
Content-Length: 185
Connection: keep-alive
Boulder-Requester: 69485234
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz-v3/7984940985;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/7984940985/GyH64w
Replay-Nonce: 0102VluLVEKazUHq1kkk8fGsPgALCwVobecEbRAx7g6WFv8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7984940985/GyH64w",
"token": "P_yV38bY2f30ysVHigsI04X-g8y-XKGBhTUeg0WZByM"
}
2020-10-18 21:21:40,952:DEBUG:acme.client:Storing nonce: 0102VluLVEKazUHq1kkk8fGsPgALCwVobecEbRAx7g6WFv8
2020-10-18 21:21:40,953:DEBUG:acme.client:JWS payload:
b'{\n "resource": "challenge",\n "type": "http-01",\n "keyAuthorization": "HqhesJ9qRzo4t-VILOI09ZXd7Fil22P8lmuEaQmLxxc.ulZ63PjhLaUVfpFl6pkNXPpCJXffN4z2n7NtrZ2IXN0"\n}'
2020-10-18 21:21:40,954:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/7984940986/c1k_VA:
{
"protected": "eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvNzk4NDk0MDk4Ni9jMWtfVkEiLCAibm9uY2UiOiAiMDEwMlZsdUxWRUthelVIcTFra2s4ZkdzUGdBTEN3Vm9iZWNFYlJBeDdnNldGdjgiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzY5NDg1MjM0In0",
"payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiLAogICJrZXlBdXRob3JpemF0aW9uIjogIkhxaGVzSjlxUnpvNHQtVklMT0kwOVpYZDdGaWwyMlA4bG11RWFRbUx4eGMudWxaNjNQamhMYVVWZnBGbDZwa05YUHBDSlhmZk40ejJuN050cloySVhOMCIKfQ",
"signature": "IEWdVd5BqlzUpcmj9u4gmuYTTs3avck74MsEP-oYu0ca3uwedxkzi0QeplIB1wXmNrHwFD9VPqlBYUc3VRzAVexlXpf6DkP4dNN9DzGCiq0EUEdXj6IGg1IFqBKEXbgDQ37pNoU4SLyErCbrVR27_LOmGLh2VKhP8ZA_0Kf7JOVGDZLQmWqsGnENtoxTNZ4l3aQWYIKlXjPYGdgiZjplj4OvJH73spAuMFtWvx00piHeS8d83Hl5td9AVvpAo9sQS3618sYzbZaLMcHTJ5bf007PrZQWDATkmZSYRPqvl0GXCkH9r3LEcORqpC84ubd2jFzfgC6dLTJUFrCvIJ75dQ"
}
2020-10-18 21:21:41,033:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/7984940986/c1k_VA HTTP/1.1" 200 185
2020-10-18 21:21:41,034:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 18 Oct 2020 21:21:41 GMT
Content-Type: application/json
Content-Length: 185
Connection: keep-alive
Boulder-Requester: 69485234
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz-v3/7984940986;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/7984940986/c1k_VA
Replay-Nonce: 0102d7qVkxxLiaIFBs23w26-lK9kX8AtgSAOrnxG6_ofvs0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7984940986/c1k_VA",
"token": "HqhesJ9qRzo4t-VILOI09ZXd7Fil22P8lmuEaQmLxxc"
}
2020-10-18 21:21:41,034:DEBUG:acme.client:Storing nonce: 0102d7qVkxxLiaIFBs23w26-lK9kX8AtgSAOrnxG6_ofvs0
2020-10-18 21:21:44,038:DEBUG:acme.client:JWS payload:
b''
2020-10-18 21:21:44,039:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/7984940985:
{
"protected": "eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNzk4NDk0MDk4NSIsICJub25jZSI6ICIwMTAyZDdxVmt4eExpYUlGQnMyM3cyNi1sSzlrWDhBdGdTQU9ybnhHNl9vZnZzMCIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjk0ODUyMzQifQ",
"payload": "",
"signature": "IZAkgOb5yMhjNOST9RlrEZblaSd85NKGp-zKYXm2RNkqjMwChbCq_7XAMFyst3FsH_plEwbq7HLElZ01eYa-AO_1yBVBDprNOkeblE-OGnlnu5PY4Rnj_yKgBRG9v9MuqjLYYWMFfBYy4-5pIyt-4Em-eMw9xvExDURauscD7Tl3W2YpiY1bhvZwPcTv9lNXvxUUht7hzpiVl3nm4hT4p6mTz3om0p5zG1T2tRQ5ctpRWaKaBEgpqT8eqJq3Pbtg3srMrdXwfFYEczUSq4cRBYbAy-OCw_eibzu9wISjIDlKucKZYN0xo_s8Pikj4ZX9XrnNX_iC3wutIE-c1c3xgw"
}
2020-10-18 21:21:44,109:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/7984940985 HTTP/1.1" 200 1304
2020-10-18 21:21:44,110:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 18 Oct 2020 21:21:44 GMT
Content-Type: application/json
Content-Length: 1304
Connection: keep-alive
Boulder-Requester: 69485234
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 01048i-aQGJJNhOwu_refKeP7maFFskOiWfWH0NPX1TOx4w
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "reseautage.com"
},
"status": "invalid",
"expires": "2020-10-25T21:21:39Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://reseautage.com/.well-known/acme-challenge/P_yV38bY2f30ysVHigsI04X-g8y-XKGBhTUeg0WZByM [2607:f748:1301:0:184:107:112:55]: "\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e404 Not Found\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eNot Found\u003c/h1\u003e\n\u003cp"",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7984940985/GyH64w",
"token": "P_yV38bY2f30ysVHigsI04X-g8y-XKGBhTUeg0WZByM",
"validationRecord": [
{
"url": "http://reseautage.com/.well-known/acme-challenge/P_yV38bY2f30ysVHigsI04X-g8y-XKGBhTUeg0WZByM",
"hostname": "reseautage.com",
"port": "80",
"addressesResolved": [
"165.227.33.173",
"2607:f748:1301:0:184:107:112:55"
],
"addressUsed": "2607:f748:1301:0:184:107:112:55"
}
]
}
]
}
2020-10-18 21:21:44,110:DEBUG:acme.client:Storing nonce: 01048i-aQGJJNhOwu_refKeP7maFFskOiWfWH0NPX1TOx4w
2020-10-18 21:21:44,110:DEBUG:acme.client:JWS payload:
b''
2020-10-18 21:21:44,112:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/7984940986:
{
"protected": "eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNzk4NDk0MDk4NiIsICJub25jZSI6ICIwMTA0OGktYVFHSkpOaE93dV9yZWZLZVA3bWFGRnNrT2lXZldIME5QWDFUT3g0dyIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjk0ODUyMzQifQ",
"payload": "",
"signature": "oliQBW4Ab1h5GQOBli4yPJZDeViXqRSXlxqBD5jTZLRvzdO8ja5j4lwOhZGvq0iBtqTA7JDQsFa_pmVvxIrkKjIOaES_qFdCuCtNI0pnF-yuNxWGXczvGPI0uDpD84HpwMtXzBBXUiYTV_3CcMLwmE0k7VFsQS8_Plz7wuDmbBgTWwagO6FRRgR4jwFxujJF3HGvKZEQvYZn__reXWADZJc6GfnBqcPVE8-8lgSBszwDTSMRduhykSY2zzpQL5Tg6s690sI5ADr-lZaTKDOKAvOHjhWkKIS365JOmgcGgkvoAInojaDI0PI-5NHpkigMEoke0ScTZogMGWWXSfidnw"
}
2020-10-18 21:21:44,176:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/7984940986 HTTP/1.1" 200 1320
2020-10-18 21:21:44,177:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 18 Oct 2020 21:21:44 GMT
Content-Type: application/json
Content-Length: 1320
Connection: keep-alive
Boulder-Requester: 69485234
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0103yAbOgyvpVwbgd9LrO0xKNHRQI3KCWvD4rXkhhmMLLFo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "www.reseautage.com"
},
"status": "invalid",
"expires": "2020-10-25T21:21:39Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://www.reseautage.com/.well-known/acme-challenge/HqhesJ9qRzo4t-VILOI09ZXd7Fil22P8lmuEaQmLxxc [2607:f748:1301:0:184:107:112:55]: "\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e404 Not Found\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eNot Found\u003c/h1\u003e\n\u003cp"",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7984940986/c1k_VA",
"token": "HqhesJ9qRzo4t-VILOI09ZXd7Fil22P8lmuEaQmLxxc",
"validationRecord": [
{
"url": "http://www.reseautage.com/.well-known/acme-challenge/HqhesJ9qRzo4t-VILOI09ZXd7Fil22P8lmuEaQmLxxc",
"hostname": "www.reseautage.com",
"port": "80",
"addressesResolved": [
"165.227.33.173",
"2607:f748:1301:0:184:107:112:55"
],
"addressUsed": "2607:f748:1301:0:184:107:112:55"
}
]
}
]
}
2020-10-18 21:21:44,177:DEBUG:acme.client:Storing nonce: 0103yAbOgyvpVwbgd9LrO0xKNHRQI3KCWvD4rXkhhmMLLFo
2020-10-18 21:21:44,178:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: reseautage.com
Type: unauthorized
Detail: Invalid response from http://reseautage.com/.well-known/acme-challenge/P_yV38bY2f30ysVHigsI04X-g8y-XKGBhTUeg0WZByM [2607:f748:1301:0:184:107:112:55]: "\n\n404 Not Found\n\n

Not Found

\n<p"

Domain: www.reseautage.com
Type: unauthorized
Detail: Invalid response from http://www.reseautage.com/.well-known/acme-challenge/HqhesJ9qRzo4t-VILOI09ZXd7Fil22P8lmuEaQmLxxc [2607:f748:1301:0:184:107:112:55]: "\n\n404 Not Found\n\n

Not Found

\n<p"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2020-10-18 21:21:44,179:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. reseautage.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://reseautage.com/.well-known/acme-challenge/P_yV38bY2f30ysVHigsI04X-g8y-XKGBhTUeg0WZByM [2607:f748:1301:0:184:107:112:55]: "\n\n404 Not Found\n\n

Not Found

\n<p", www.reseautage.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.reseautage.com/.well-known/acme-challenge/HqhesJ9qRzo4t-VILOI09ZXd7Fil22P8lmuEaQmLxxc [2607:f748:1301:0:184:107:112:55]: "\n\n404 Not Found\n\n

Not Found

\n<p"

2020-10-18 21:21:44,179:DEBUG:certbot.error_handler:Calling registered functions
2020-10-18 21:21:44,179:INFO:certbot.auth_handler:Cleaning up challenges
2020-10-18 21:21:45,280:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1119, in run
certname, lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 410, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. reseautage.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://reseautage.com/.well-known/acme-challenge/P_yV38bY2f30ysVHigsI04X-g8y-XKGBhTUeg0WZByM [2607:f748:1301:0:184:107:112:55]: "\n\n404 Not Found\n\n

Not Found

\n<p", www.reseautage.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.reseautage.com/.well-known/acme-challenge/HqhesJ9qRzo4t-VILOI09ZXd7Fil22P8lmuEaQmLxxc [2607:f748:1301:0:184:107:112:55]: "\n\n404 Not Found\n\n

Not Found

\n<p"

_az · October 18, 2020, 10:33pm

As @rg305 suggested, the problem is not with your redirect, but your DNS setup.

You need to login to your DNS host (Funio.com?) and make sure that your domain's A and AAAA records point to the same server.

At the moment, they point to different servers. The AAAA (IPv6) record points to your old Apache server server, and Let's Encrypt is connecting to it.

You can either remove the AAA record or update it so that it points to your nginx server.

YannickVachon · October 18, 2020, 11:24pm

TLDR: The problem here was a redirect done from the domain provider in which the IPV6 address was incorrect. And since they used apache while the site ran on Nginx, it caused confusion on my side.

Indeed, you were right. From Funio where we got our domain, they were pointing at an old server for the IPV6 part of it. Once I changed that, certbot was able to succeed and Https works!

Still, it crash during the auto-renewal dry run but honestly, on a sunday night, it can wait

More imporrtantly is to hook our NodeJs app now so we can get our customer online.

Anyway, thanks a lot for your help all there. I wish I could get you a beer for that

system · November 17, 2020, 11:24pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.