Unable to validate my domain since the last couple of days due to signature algorithm not supported (it was working fine before)

chrissp · September 19, 2022, 3:42pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.collectionsbab.com

I ran this command:
certbot --config production.config.ini --domains www.collectionsbab.com,collectionsbab.com --csr collectionsbab.com-csr.pem --cert-path cert-09-19-2022-07:57:18.pem --chain-path chain-09-19-2022-07:57:18.pem --fullchain-path fullchain-09-19-2022-07:57:18.pem --key-path privkey-09-19-2022-07:57:18.pem

It produced this output:

2022-09-19 07:57:18,565:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-09-19 07:57:18,592:DEBUG:certbot._internal.log:Root logging level set at 20
2022-09-19 07:57:18,592:INFO:certbot._internal.log:Saving debug log to /letsencrypt/logs/letsencrypt.log
2022-09-19 07:57:18,593:DEBUG:certbot._internal.plugins.selection:Requested authenticator manual and installer None
2022-09-19 07:57:18,597:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: IAuthenticator, IPlugin
Entry point: manual = certbot._internal.plugins.manual:Authenticator
Initialized: <certbot._internal.plugins.manual.Authenticator object at 0x7f941be5af50>
Prep: True
2022-09-19 07:57:18,598:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.manual.Authenticator object at 0x7f941be5af50> and installer None
2022-09-19 07:57:18,598:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator manual, Installer None
2022-09-19 07:57:18,603:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None, external_account_binding=None), uri=u'https://acme-v02.api.letsencrypt.org/acme/acct/87475406', new_authzr_uri=None, terms_of_service=None), 451ebf34977e996a1b68ee281326e46c, Meta(creation_host=u'ip-172-31-10-30.us-west-2.compute.internal', register_to_eff=None, creation_dt=datetime.datetime(2020, 5, 30, 2, 8, 19, tzinfo=<UTC>)))>
2022-09-19 07:57:18,604:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-09-19 07:57:18,605:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-09-19 07:57:18,766:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 672
2022-09-19 07:57:18,767:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 19 Sep 2022 14:57:18 GMT
Content-Type: application/json
Content-Length: 672
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017-w-v1.3-notice.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "oYBwBixKpEA": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2022-09-19 07:57:18,767:DEBUG:certbot._internal.client:CSR: CSR(file='/tmp/collectionsbab.com-csr.pem', data='-----BEGIN CERTIFICATE REQUEST-----\nMIIC7DCCAdQCAQAwXzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRAwDgYDVQQH\nEwdGcmVtb250MRAwDgYDVQQKEwdUZWVDaGlwMR8wHQYDVQQDExZ3d3cuY29sbGVj\ndGlvbnNiYWIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsdY\n/9eMg1mA0qhc7hE7SH78rsl+fknEdxv1+hi7Fcbl0KLoLrPuOyA0HmLFqu5onnF+\njI7yQLcZp+BpB0i3FlX64lNo+K9JawhocsWTiwZzD0nf94J0gaErUjTdKtYdgmId\n+DI1WwyBTJF9+HY3+OmSt60mmsu211rk3ZECKd79F8Kj/4Y6y2SYRCNBLIi3M8P+\nq5e5fGNly66Pdl22RLIZcrDn5tNXaUc8V2f+5OTPQSlRnCSIrpQ1mGaW70PEpvqf\nM57obs2+S4bPGO/BwCVlQ3kYtsWjA3+kRVcBW16g+pdysKVm2YxeIpGQJCmN5eGp\nVJcpzBSvyM8DnWBCawIDAQABoEgwRgYJKoZIhvcNAQkOMTkwNzA1BgNVHREELjAs\nghZ3d3cuY29sbGVjdGlvbnNiYWIuY29tghJjb2xsZWN0aW9uc2JhYi5jb20wDQYJ\nKoZIhvcNAQEFBQADggEBACsD5QalncJR+dqBSGkU97F0ZrhITujwaFMwcXvdSakE\nbyt5B0/PhhO0VkHHzxVc/jqDr9yR3t6L//TeJimT8vHPC25NGEhpiwo35UOpIF6y\nLdFGRDro7ava4vxzIkqfP05BoZhpu1hZK07Nlj5aY8RnTyBBNmlfuBuUFvlICw6P\n10I/ojWqjaFaNN1HCLxGZ/zpvGuhSVTkWkdyWXT516KCH5/uNfIREMqprMzvgR/k\nQXLr+0CFCj7WyFkuk/v2n4vrw24Ix2Gc+V2pLqzIDAM/eLJkjQQTiPl0fjTb6qoc\nGTXlk2T+/jf3Pm1uYbiK/Si/bvE/ZSFN3aqXh70Q9Pw=\n-----END CERTIFICATE REQUEST-----\n', form='pem')
2022-09-19 07:57:18,768:DEBUG:acme.client:Requesting fresh nonce
2022-09-19 07:57:18,768:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2022-09-19 07:57:18,811:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-09-19 07:57:18,811:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 19 Sep 2022 14:57:18 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001hAPNT7Jt8Ezh8DnbON_WIGtqVmWauUiDO4AUurqtjlI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2022-09-19 07:57:18,811:DEBUG:acme.client:Storing nonce: 0001hAPNT7Jt8Ezh8DnbON_WIGtqVmWauUiDO4AUurqtjlI
2022-09-19 07:57:18,811:DEBUG:acme.client:JWS payload:
{
  "identifiers": [
    {
      "type": "dns",
      "value": "www.collectionsbab.com"
    },
    {
      "type": "dns",
      "value": "collectionsbab.com"
    }
  ]
}
2022-09-19 07:57:18,819:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJub25jZSI6ICIwMDAxaEFQTlQ3SnQ4RXpoOERuYk9OX1dJR3RxVm1XYXVVaURPNEFVdXJxdGpsSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzg3NDc1NDA2IiwgImFsZyI6ICJSUzI1NiJ9",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICJ3d3cuY29sbGVjdGlvbnNiYWIuY29tIgogICAgfSwgCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsIAogICAgICAidmFsdWUiOiAiY29sbGVjdGlvbnNiYWIuY29tIgogICAgfQogIF0KfQ",
  "signature": "lGTDAmQq-3cNMcjpWDX2NURZ1yo-Z1NYY_bdTQ3qRmNk6AT8xg38zs8LvKxEL874ocQT4VjZxaeRr_7-s_5YiXDAIMsNDvcpvW4feEW4QPZhDzABMN8NYpAjOP5WBHWPO4K4kim2kd6rgzxdOIMqRqQiNIVp8EkepVl7_h1tGAe1EYmNLjZrQ8aqHPtpB_0NBprvJjBuiV8WxIC6yTM15fE0j9oYKj5uD9GSxq35HCoZAetVVd_UQsuhO3NqGsVg8y46-7cfoRTA8m0GVlcciTHk5jLh4qPf0ZZPVcvy0-q7euJOBK6w0h8TrcidhK6VwmDO9IsuIBzG7eVxQ_w2_ukcrvogmVVOnczNavQAoVQ3pgqDJ-TWaDToIQcKlSqRSOtzGF1_UQ8omaOA703A0HDHLpS7y22atyWNqmaFAQkcZVYhG94zt969s60vpInvCUJ9iL1B35gWlugVXWeMsDYnJSMEoHVPkQt8jQPlbxRBWJG8eA4hvwAgFAZHrkukKT6GosPXS0_kSoGP1k0m5kGdfDqZm_KQ1qAFITkQb0e_FVWzICE479937g50N8aNgR9cc1s60aUQEW-rRmc33yVBhhe87wYAZd00zqgP9hV8oO4zflD9arUuKQm_w5Jqcyy4M8V9xKTpX49HwX4w9hA_KsGb9apcOY6N1_XwMoE"
}
2022-09-19 07:57:19,055:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 487
2022-09-19 07:57:19,056:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Mon, 19 Sep 2022 14:57:19 GMT
Content-Type: application/json
Content-Length: 487
Connection: keep-alive
Boulder-Requester: 87475406
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/87475406/126956833561
Replay-Nonce: 00016-w-2rhBAvLw6LRr6zY74_RZ0ldqBYWRIrA3_6k4-ao
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2022-09-26T14:57:18Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "collectionsbab.com"
    },
    {
      "type": "dns",
      "value": "www.collectionsbab.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/155206210171",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/155206210181"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/87475406/126956833561"
}
2022-09-19 07:57:19,056:DEBUG:acme.client:Storing nonce: 00016-w-2rhBAvLw6LRr6zY74_RZ0ldqBYWRIrA3_6k4-ao
2022-09-19 07:57:19,056:DEBUG:acme.client:JWS payload:

2022-09-19 07:57:19,064:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/155206210171:
{
  "protected": "eyJub25jZSI6ICIwMDAxNi13LTJyaEJBdkx3NkxScjZ6WTc0X1JaMGxkcUJZV1JJckEzXzZrNC1hbyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTU1MjA2MjEwMTcxIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzg3NDc1NDA2IiwgImFsZyI6ICJSUzI1NiJ9",
  "payload": "",
  "signature": "gU06GVee0_r7kMQ6k8jHBMqmBNGtLuLUFIQSJSqRgmUQeIMwded1qErVp4OhnmDhSjanzK1ko2pNDSxc_c5GheUekWyWNLLBHKlb-XzZdXoJVCCKnyvebxrnM8RiF16seCKqZNQqh0eygXKU-1pfeGvA4AqlxP_csy4twEYJj1Hcam-7l52kS0QijsGh6EDYdtAA5S2_vdZrCVBg1r7fThZRJGDYZCHSTcGffvSf7wYX-L3lss-sst8R1_xmuC7dCH9fumNP4QJOHhWhGqMsHhqFPX2oGw-0n-AoFH6O9qodV9usweIxGW0vW5f-_Y1fYEmTRrGq2gBPDwij87_jHH5inYdiDibJYKDn26wNvOv2hmCllTch9J07vuy9vKX_SVNOIBjqS19EgFxIMa4_rq_K7_Kj3qLQ_Py2_gNKVStn3BGnsAxGZzQK5uu5DqSLdqDc9pK4dw7xz8wTUpcdGNeW79P5qYHYEAGIUVu7hOriGTOYaG0SXhNE5lLta22_wfTntX7hAXHAcLmkabtUuuhdKh2WtmCl13NVN2XpAo6PuOK8iCKAFNu6VCGT76xkUlh1c3mnmIUmJN7Ato4aeu13b3lrn4VZFxzQCGcv7Ozk_ueLjVz1B721q6cJrt4Sl5Aot83TXfyVmSL8PHjJlv6RF7j2T9urEs_6iPndt00"
}
2022-09-19 07:57:19,122:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/155206210171 HTTP/1.1" 200 802
2022-09-19 07:57:19,122:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 19 Sep 2022 14:57:19 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 87475406
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001GbkbEJDft3H2nRT78xJUuHNjHuaWzUw1rKIZpeVZSz8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "collectionsbab.com"
  },
  "status": "pending",
  "expires": "2022-09-26T14:57:18Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/155206210171/yKwisQ",
      "token": "3PMx9mYVzA1QGZrpnIZ9qvgeg5daSVy3J1BiJu-Re0k"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/155206210171/quMGuw",
      "token": "3PMx9mYVzA1QGZrpnIZ9qvgeg5daSVy3J1BiJu-Re0k"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/155206210171/L0pmQA",
      "token": "3PMx9mYVzA1QGZrpnIZ9qvgeg5daSVy3J1BiJu-Re0k"
    }
  ]
}
2022-09-19 07:57:19,122:DEBUG:acme.client:Storing nonce: 0001GbkbEJDft3H2nRT78xJUuHNjHuaWzUw1rKIZpeVZSz8
2022-09-19 07:57:19,122:DEBUG:acme.client:JWS payload:

2022-09-19 07:57:19,130:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/155206210181:
{
  "protected": "eyJub25jZSI6ICIwMDAxR2JrYkVKRGZ0M0gyblJUNzh4SlV1SE5qSHVhV3pVdzFyS0lacGVWWlN6OCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTU1MjA2MjEwMTgxIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzg3NDc1NDA2IiwgImFsZyI6ICJSUzI1NiJ9",
  "payload": "",
  "signature": "pS7474CwJyqWzQeD22o0PuKrB8JdEGd21GCtX7C8z5UQNjcGzVZdqxKb9QTUR5cyrnvHWDUC35M-iXrZ88RL0Q44WmWQnYy91Q3vhQ47C5aLZac2mwPtIaqaP-Y-zIBx4Z285Er1oOlL46_PrOCQJoAxi7qdpEPkQTZFICuDi6SC9xRPgRQNIbzjqnH6b6CaVouAN5MR_I6BaHG9d-mBbfkPbhYP7PLfP4OU4a8xHIGcQHwwuLqoahSSfK6PWbPeJNCo2IjKCcBnO-7L9L4-zWljgi3gi-O-Oj6qEC8bTyWvfUoWkvuVRqSosfrR26BqfIWNxLULbjG1eThiMPfjGnOIxWsZ_bdUjaRnvOpWi8EnKuCoHYEZmPxulkXxkaSBkUc4cuJ4LrOD5mTQcrwTbB-iQWd47Q1-YrWHsSHEwoUh_s3zev_RkmPQ4gPSCzbVT-3FRPsykr5UCrNDlrnxJ9yJl4txSXodeRwELQg8rZ9CNV00mIOhzOifUr1XAxCeSfgw5MwticDb_GLmuY2lYmF2qHFXALbLRRFFsOQDwtyTX4mfM-_QG0Vncp6XOEcbsNugTM12mJOdVHW7qAEQKXkalF9SGjBcmBM5k3mBN6SlzSEmu6KWwU8NmYlOBUULmLJHj2Jgun1CTmuzruEdS7KVBU7iskvdBYdXd06ZX7A"
}
2022-09-19 07:57:19,201:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/155206210181 HTTP/1.1" 200 806
2022-09-19 07:57:19,202:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 19 Sep 2022 14:57:19 GMT
Content-Type: application/json
Content-Length: 806
Connection: keep-alive
Boulder-Requester: 87475406
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001FK_6Z8jBQ0LIZos5g7g-NAam3XNRiPwE7m8SVNN9Oj4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.collectionsbab.com"
  },
  "status": "pending",
  "expires": "2022-09-26T14:57:18Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/155206210181/QrDQrA",
      "token": "CjfG2odFnbAoGpAyJvCFbr-NUx8a_GaFdEtF-Ofl2Gc"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/155206210181/2YzmRg",
      "token": "CjfG2odFnbAoGpAyJvCFbr-NUx8a_GaFdEtF-Ofl2Gc"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/155206210181/96vEAg",
      "token": "CjfG2odFnbAoGpAyJvCFbr-NUx8a_GaFdEtF-Ofl2Gc"
    }
  ]
}
2022-09-19 07:57:19,202:DEBUG:acme.client:Storing nonce: 0001FK_6Z8jBQ0LIZos5g7g-NAam3XNRiPwE7m8SVNN9Oj4
2022-09-19 07:57:19,202:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-09-19 07:57:19,202:INFO:certbot._internal.auth_handler:http-01 challenge for collectionsbab.com
2022-09-19 07:57:19,202:INFO:certbot._internal.auth_handler:http-01 challenge for www.collectionsbab.com
2022-09-19 07:57:19,205:INFO:certbot.compat.misc:Running manual-auth-hook command: /letsencrypt/auth-hook.sh
2022-09-19 07:57:20,140:INFO:certbot.compat.misc:Output from manual-auth-hook command auth-hook.sh:
Found '/.nvmrc' with version <v8.17.0>
Now using node v8.17.0
Found '/.nvmrc' with version <v8.17.0>
Now using node v8.17.0
domain: collectionsbab.com
validation: 3PMx9mYVzA1QGZrpnIZ9qvgeg5daSVy3J1BiJu-Re0k.pBUIRjEbDdUYJx-jaxzebBQdgboRqDPwLZ8YYG8ew1g
token: 3PMx9mYVzA1QGZrpnIZ9qvgeg5daSVy3J1BiJu-Re0k
Found '/.nvmrc' with version <v8.17.0>
Now using node v8.17.0
===== updateSSL =====
DOMAIN  collectionsbab.com
VALIDATION_NAME  3PMx9mYVzA1QGZrpnIZ9qvgeg5daSVy3J1BiJu-Re0k
VALIDATION_CONTENT  3PMx9mYVzA1QGZrpnIZ9qvgeg5daSVy3J1BiJu-Re0k.pBUIRjEbDdUYJx-jaxzebBQdgboRqDPwLZ8YYG8ew1g
Querying domain collectionsbab.com
Done!

2022-09-19 07:57:20,145:INFO:certbot.compat.misc:Running manual-auth-hook command: /letsencrypt/auth-hook.sh
2022-09-19 07:57:21,093:INFO:certbot.compat.misc:Output from manual-auth-hook command auth-hook.sh:
Found '/.nvmrc' with version <v8.17.0>
Now using node v8.17.0
Found '/.nvmrc' with version <v8.17.0>
Now using node v8.17.0
domain: www.collectionsbab.com
validation: CjfG2odFnbAoGpAyJvCFbr-NUx8a_GaFdEtF-Ofl2Gc.pBUIRjEbDdUYJx-jaxzebBQdgboRqDPwLZ8YYG8ew1g
token: CjfG2odFnbAoGpAyJvCFbr-NUx8a_GaFdEtF-Ofl2Gc
Found '/.nvmrc' with version <v8.17.0>
Now using node v8.17.0
===== updateSSL =====
DOMAIN  www.collectionsbab.com
VALIDATION_NAME  CjfG2odFnbAoGpAyJvCFbr-NUx8a_GaFdEtF-Ofl2Gc
VALIDATION_CONTENT  CjfG2odFnbAoGpAyJvCFbr-NUx8a_GaFdEtF-Ofl2Gc.pBUIRjEbDdUYJx-jaxzebBQdgboRqDPwLZ8YYG8ew1g
Querying domain collectionsbab.com
Done!

2022-09-19 07:57:21,096:INFO:certbot._internal.auth_handler:Waiting for verification...
2022-09-19 07:57:21,096:DEBUG:acme.client:JWS payload:
{}
2022-09-19 07:57:21,103:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/155206210171/yKwisQ:
{
  "protected": "eyJub25jZSI6ICIwMDAxRktfNlo4akJRMExJWm9zNWc3Zy1OQWFtM1hOUmlQd0U3bThTVk5OOU9qNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTU1MjA2MjEwMTcxL3lLd2lzUSIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC84NzQ3NTQwNiIsICJhbGciOiAiUlMyNTYifQ",
  "payload": "e30",
  "signature": "q3p2fg_5PK80zmxLeB6M6m19uo4iuAelBYVESriL6RBSruLDAK0R2WjIBVhtcn_7F74LMxdVjluEm8Krq2s2QN3Bz6wS2zO2m8plAOP3f_8ixao_UI0LkBzuMN6PQZsGptmHXOaJrDCumn7Tqw-0W1j_XIS4GTc01_tl8GttSlawnYrI8ONdNRpNJmomhicZHUiz0HNmXE5dIRFzQfQHPlNDjFoUvgOCkVw_l_o0jjcW4oucGoTdWvMiZP5KOz9kWiTpzCttDUV_oMmj083rxyFu6usl2zzTiPcmRkgijASuDLw3AxY9tg0LdNjsFEvatUFEDmZOHp2jYHTuqcrPSbqVFGNsKV6ydNitg1PODiwewzlJF1i8-JSUEYwq0KibPfurdHn6de9Hu0VCNplAsEOk8CrSIfRGMglrk2esVbOscBnC03KfibE7NY66RcrcfJSJsHDhkgjmS6UI34eELu9qSE9Tr2EVkruvGHkcPoJ5l0L-IPKwTyuXPghQLszZCO67_EVqIKo_luwKdDiB5ltXzqzx-yFXEJH2o0p0vFCAD--tNA88Cp5fBKxnGgM9MpGWgDJT11VUEwRnEtbNlArbKH0mo0Cwww46pcQzN-4pt4g0yqUsP_YYGXeahSYxhgOz0i3DQ47gTTORRLqV66D-5t4MxLz6BtfB-N7ornQ"
}
2022-09-19 07:57:21,175:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/155206210171/yKwisQ HTTP/1.1" 200 187
2022-09-19 07:57:21,176:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 19 Sep 2022 14:57:21 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 87475406
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/155206210171>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/155206210171/yKwisQ
Replay-Nonce: 00013jvrLyQvfqEguYWZ91I2fRjep9SOHF9KwuNlt8_r4t8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/155206210171/yKwisQ",
  "token": "3PMx9mYVzA1QGZrpnIZ9qvgeg5daSVy3J1BiJu-Re0k"
}
2022-09-19 07:57:21,176:DEBUG:acme.client:Storing nonce: 00013jvrLyQvfqEguYWZ91I2fRjep9SOHF9KwuNlt8_r4t8
2022-09-19 07:57:21,176:DEBUG:acme.client:JWS payload:
{}
2022-09-19 07:57:21,184:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/155206210181/QrDQrA:
{
  "protected": "eyJub25jZSI6ICIwMDAxM2p2ckx5UXZmcUVndVlXWjkxSTJmUmplcDlTT0hGOUt3dU5sdDhfcjR0OCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTU1MjA2MjEwMTgxL1FyRFFyQSIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC84NzQ3NTQwNiIsICJhbGciOiAiUlMyNTYifQ",
  "payload": "e30",
  "signature": "e6M0JxEJ4QhBr9K6WYY6EHKpTl8WO-VWrs9rTEqAcaXR8Ve3mKBy2-IP_OnnYWPEZ1jUkwX0YERzkXFjzU6P_eipUO2qgwyNxfTtUr1Zxs0SWB1-9XXYOvRH2JjwgfMZ5pLtT3RSWn7RqFRy251TERHXzKLmeGp4MIqVH3-0-0CqY8kvYOYpnXfqkAMU-rT6Aqzs-84j78Wa7ctpQHkHhJNPGmJXRBH7xj4TXAEMPBJbppgko27lYiZobZlJU6yoU0c8FxLPcNXU2HsHdAdyi4ofJtJvSX1XbitMwP--fl1F2quMQR_zzFN2Zz5eq6w6Bz14eIfGn5ujjS_M4MM-3TaBI6bWpbFQv8GHAkjhwdIqkt9hOj9HQw9aH3yaxUUK9FMxHRsfW4JxLIEeFzfTkEYHGfvKeyG7n6Lo6oWbq31SZxx_r2Yk4en8j4hVoitidzRc_2DospasOFC9aHMBzeXeAs0GY1cc66NzxwaGLMDaZaiQ89hNBeK6LsT21vJF_rrgYtBW5tOeyoEHlI8zO4pZWqCMNfktWndsoFGTehT-NiZYmamfwa_jE2SLgElyprnbK1EvJ_KdhfDweKVKvF2gaHqx_wKNG9afVNJKQNB55uo6UP5_ANGbw35HKdtMxUfEbdpX5pw_FYKQK4oOuNRuXDdCr-PuH6VavdWLmyQ"
}
2022-09-19 07:57:21,269:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/155206210181/QrDQrA HTTP/1.1" 200 187
2022-09-19 07:57:21,270:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 19 Sep 2022 14:57:21 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 87475406
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/155206210181>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/155206210181/QrDQrA
Replay-Nonce: 0001KI7lVrw-zx9vklYJ6BKiJfW1FWxXb5vL7kQCKVwD8ls
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/155206210181/QrDQrA",
  "token": "CjfG2odFnbAoGpAyJvCFbr-NUx8a_GaFdEtF-Ofl2Gc"
}
2022-09-19 07:57:21,270:DEBUG:acme.client:Storing nonce: 0001KI7lVrw-zx9vklYJ6BKiJfW1FWxXb5vL7kQCKVwD8ls
2022-09-19 07:57:22,271:DEBUG:acme.client:JWS payload:

2022-09-19 07:57:22,279:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/155206210171:
{
  "protected": "eyJub25jZSI6ICIwMDAxS0k3bFZydy16eDl2a2xZSjZCS2lKZlcxRld4WGI1dkw3a1FDS1Z3RDhscyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTU1MjA2MjEwMTcxIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzg3NDc1NDA2IiwgImFsZyI6ICJSUzI1NiJ9",
  "payload": "",
  "signature": "PWpvpzY3Z0j8jADaZeSWpWBNwUlcPpEqGruQqS8b3kDpv2PCjzjtLaBlsqvJtIww55cPK_2rJhMJ621ryirddx8M-i5m23Gw9OMh8vYePPccan7-g221asRlN-Y_2DzzP7freebdtDRPD7ydfd7IDY7Ear5aC1gNkzZHcT4YqkV-veQTCBR-7G5SDkneb2qV5thx8R_vYtJfVkGeZzgCWdfSd7T4MoAvc-CJfnOMBe65BwBEhe6oR_sEGCFWZdqeDPh-nMSdXfLrSsO2mgHMnCxctrzEVuAWqRaGX4lRAU06DDdRc7kSyLQDlUCaNH0LLOTIkyQYKWiIMpc7R_BaKrdyCM3heJbyDj5mGJmMLI2FWz6yWVYwJXp5SYAzP5nMJ7ZHXacjAzBnQUxz_-qUZS0A_F81y37-jXPTSMPnfEKBWqir80vCU0EPPgrb0UjZNt8VzAc3826us-IqiQTCZM5lKOTSEGME1aiPt7HtvEqU3TW375iPqdVnQGMut-Hcu6zd-Qk88uXkGFaDtGk_owlMWY9gACpGAkZPAh7GAjQCJrrIx00_UJ2os9sTB3vcgqacbemG4uVgbKARrak45BbYWiVdC19uRdPVLxOFFIYOdQqtpChsrWy6DgZRKvMzKRcoTMbzPukr-CGRa5hx-SqW6hH5DVjz2xRp4I9-aW0"
}
2022-09-19 07:57:22,337:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/155206210171 HTTP/1.1" 200 802
2022-09-19 07:57:22,337:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 19 Sep 2022 14:57:22 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 87475406
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002XaUy3XvMbfRNb3zNPEdEQJWgzf9WssNE0fAL1SH9ynM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "collectionsbab.com"
  },
  "status": "pending",
  "expires": "2022-09-26T14:57:18Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/155206210171/yKwisQ",
      "token": "3PMx9mYVzA1QGZrpnIZ9qvgeg5daSVy3J1BiJu-Re0k"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/155206210171/quMGuw",
      "token": "3PMx9mYVzA1QGZrpnIZ9qvgeg5daSVy3J1BiJu-Re0k"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/155206210171/L0pmQA",
      "token": "3PMx9mYVzA1QGZrpnIZ9qvgeg5daSVy3J1BiJu-Re0k"
    }
  ]
}
2022-09-19 07:57:22,337:DEBUG:acme.client:Storing nonce: 0002XaUy3XvMbfRNb3zNPEdEQJWgzf9WssNE0fAL1SH9ynM
2022-09-19 07:57:22,338:DEBUG:acme.client:JWS payload:

2022-09-19 07:57:22,345:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/155206210181:
{
  "protected": "eyJub25jZSI6ICIwMDAyWGFVeTNYdk1iZlJOYjN6TlBFZEVRSldnemY5V3NzTkUwZkFMMVNIOXluTSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTU1MjA2MjEwMTgxIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzg3NDc1NDA2IiwgImFsZyI6ICJSUzI1NiJ9",
  "payload": "",
  "signature": "n53yoECt36o9FVOfz2GoaQs3sKRL_Y-96lgbMI2mtwEbcHpTtioqpjqtvt9-QBqWBxBqd2a-cA1_URaYYrG7AQjIoNgIi7OP1cqqIKx36yTpKWAn7P_Kxet6dplKMXRxTb2Ja7UqsNl0Y4415TNNU3DDk0EIOch_uQmcJo_JD2ZxpdHccslAae2nCYroa8n6oopPsu-8nTucUUGQn8SVl9Rxtti4oUUY4Cddvc0bJ25_q3dIWXyPnnSHpH24Ltauz411G7W2VMPFryqKfbAdf8a79d43IcHlbOfsgNQhqDPlLgq4Gpoa-Q1LUPzQ4BLGaC0MSIaTcB0srI26nseuvLWrJmskwlnv8BW6xduFHTmjZe156RE2Cbcymjzk89SEnkdp7MiQ-TXnEZixzPzy72faGUy4OyUTHClFu7tXBlllb3R_Cuqn4mXSXCNaCSPLiiL3gb_5ChO1mQrP3PmQnhxlbZIvbfnFAqd5dZWXjBL-SVb7Ef7h-KLtI1ZFk0Tno91uTPKU7Uj6XI0N1mHFhzReMcDN0KS7TuJD_8Fi-XNaC3pgs_VeSbPDvjrM_T70PYyr-DULnYQEY87uU8YhN2W_1kMG3VrulMSfCO04-ogHoykqkjsG5mBQjyZg8hp7I6J4rPEVqIbZW9BomcV87k8SuorfPAixnk3wEDiIW3g"
}
2022-09-19 07:57:22,402:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/155206210181 HTTP/1.1" 200 806
2022-09-19 07:57:22,403:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 19 Sep 2022 14:57:22 GMT
Content-Type: application/json
Content-Length: 806
Connection: keep-alive
Boulder-Requester: 87475406
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002BvbZku5Ccvxe0OwCuWDHwfLRDML6gEwKEYLN_Nsimq8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.collectionsbab.com"
  },
  "status": "pending",
  "expires": "2022-09-26T14:57:18Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/155206210181/QrDQrA",
      "token": "CjfG2odFnbAoGpAyJvCFbr-NUx8a_GaFdEtF-Ofl2Gc"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/155206210181/2YzmRg",
      "token": "CjfG2odFnbAoGpAyJvCFbr-NUx8a_GaFdEtF-Ofl2Gc"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/155206210181/96vEAg",
      "token": "CjfG2odFnbAoGpAyJvCFbr-NUx8a_GaFdEtF-Ofl2Gc"
    }
  ]
}
2022-09-19 07:57:22,403:DEBUG:acme.client:Storing nonce: 0002BvbZku5Ccvxe0OwCuWDHwfLRDML6gEwKEYLN_Nsimq8
2022-09-19 07:57:25,406:DEBUG:acme.client:JWS payload:

2022-09-19 07:57:25,414:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/155206210171:
{
  "protected": "eyJub25jZSI6ICIwMDAyQnZiWmt1NUNjdnhlME93Q3VXREh3ZkxSRE1MNmdFd0tFWUxOX05zaW1xOCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTU1MjA2MjEwMTcxIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzg3NDc1NDA2IiwgImFsZyI6ICJSUzI1NiJ9",
  "payload": "",
  "signature": "kIUXsF36x0nKFyNWvLIJuICcEg2pVI9xg68Qw9tZJ6cZs7QD-_wWCDmAj07t1aXRN3iDyAOlgXtUZngVXl243a8UhaaFzw7qyyTVC02_idtk-Rp40z_-AlXp4r3fuG24QJLoDcPClmafOriumTzsUA1JHPaCOYnZbBQ-CAtlfYpu9JgQ3YLGbSc-9oNOsR9zp0D5dbmrDpTHP_WUvNUojua4Jqywo2nu6f6meG2eIBwz5oGMQJrjyyYeWIGFTasuvj47OtnrSKKkupIrPmXekWXVtqlVybTpFLbku1JzoAt5DvVIwXOzjEZ7tucKgeEAkzKSDA3gQQ-tKD5fLb51bLZmXnVAl4MuWV-ZB5MZuy2O45dGi8jfwcq49eljwlH2kJfINAGvop3G3h5EPMfMib4txrxMwlEPHJEl0EczMG-7bQ5Lt3u_Ilhw9JvmCRttHiULRehTYi1bAgExoX3aIaf7b0a8pRXSJNcYG9ty49y1KlP5Onf2ZZIrsblPzxE2m6yn1TV7dR5I56KF5a_7vxia9cuChuB77mNxNa8U7n7udf5mcQnbLzmlUB0JWsMnCZ8whwpOwJKmpcITkin-4-exkWTsD9kVzlDkoz6zjJsePQrRho8uwztNzCgfejdfdhnVuxmYT9zk1aot6jrarL-19TWPHJS18iyefxAdWRc"
}
2022-09-19 07:57:25,472:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/155206210171 HTTP/1.1" 200 1423
2022-09-19 07:57:25,473:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 19 Sep 2022 14:57:25 GMT
Content-Type: application/json
Content-Length: 1423
Connection: keep-alive
Boulder-Requester: 87475406
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001GKJ87ogROJ826mYdTTNox33IgwqcFSAF1m9hFiFKza8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "collectionsbab.com"
  },
  "status": "valid",
  "expires": "2022-10-19T14:57:22Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "valid",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/155206210171/yKwisQ",
      "token": "3PMx9mYVzA1QGZrpnIZ9qvgeg5daSVy3J1BiJu-Re0k",
      "validationRecord": [
        {
          "url": "http://collectionsbab.com/.well-known/acme-challenge/3PMx9mYVzA1QGZrpnIZ9qvgeg5daSVy3J1BiJu-Re0k",
          "hostname": "collectionsbab.com",
          "port": "80",
          "addressesResolved": [
            "34.213.124.12"
          ],
          "addressUsed": "34.213.124.12"
        },
        {
          "url": "https://collectionsbab.com/.well-known/acme-challenge/3PMx9mYVzA1QGZrpnIZ9qvgeg5daSVy3J1BiJu-Re0k",
          "hostname": "collectionsbab.com",
          "port": "443",
          "addressesResolved": [
            "34.213.124.12"
          ],
          "addressUsed": "34.213.124.12"
        },
        {
          "url": "https://www.collectionsbab.com/.well-known/acme-challenge/3PMx9mYVzA1QGZrpnIZ9qvgeg5daSVy3J1BiJu-Re0k",
          "hostname": "www.collectionsbab.com",
          "port": "443",
          "addressesResolved": [
            "34.213.124.12"
          ],
          "addressUsed": "34.213.124.12"
        }
      ],
      "validated": "2022-09-19T14:57:21Z"
    }
  ]
}
2022-09-19 07:57:25,473:DEBUG:acme.client:Storing nonce: 0001GKJ87ogROJ826mYdTTNox33IgwqcFSAF1m9hFiFKza8
2022-09-19 07:57:25,473:DEBUG:acme.client:JWS payload:

2022-09-19 07:57:25,481:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/155206210181:
{
  "protected": "eyJub25jZSI6ICIwMDAxR0tKODdvZ1JPSjgyNm1ZZFRUTm94MzNJZ3dxY0ZTQUYxbTloRmlGS3phOCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTU1MjA2MjEwMTgxIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzg3NDc1NDA2IiwgImFsZyI6ICJSUzI1NiJ9",
  "payload": "",
  "signature": "ho7-Msk7D_Z2Fco3b6JI9qkhpI79mJFai33wBX3O6eHANeV_LbfYbL05hMArlud9su63zzPRrbDOC1EUoUm55b-X2hVxmEcEEaWBS4uGXpGZkhelauVKMpzPFXaEj6z3guEKSroF2HpubxlJq_yuNLBpVX2Yv8MWBmT17OnXH6QmIbiKLivWqoC66K0S7rOcMNAMEhrTF6n06_iJ3Bjv6b25lgJZBe6w4RC81Lcdhsdp2kTB3N7pEHU9ZuBegV-8JBIyqE6cJy1olgK8jIiBd4QwYY89ZucNlb-7AAILnwOU38Ep1dSXI9aY7PMyPD8LVTwghtvFhu0A0JxGB3hn_MFPrWNTfAQPiQM2IGUxDohADiWxEt9iQYfnGTkFe1OBeUuxVu38uksy3t342Zz47VHOlweDHFiYhBjmivgpbarO70x0orW_UEG4cnAPjgXjPMoju0HN6F-9D7FrPhJlpcVf4BGjm2iLiA8xlZ48SEp_B3ynCfEI3ngNRr6ywNpr_ZcHcOmIFgjZ5tqpSuMD_mirvDmwY2uItKJhdRoVvlf9xSlNX0DS46NUIk1cyN8paCTv5phfqnv6i9vX1qSCLLoww7T72Nket6siOwjxxt9DXcZTUn1gTkfJM-5CbvF6GeA_xyG7DLQm3n8q4HAkoDWDm5rDqWYEm0BtFVIFkSw"
}
2022-09-19 07:57:25,552:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/155206210181 HTTP/1.1" 200 1112
2022-09-19 07:57:25,552:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 19 Sep 2022 14:57:25 GMT
Content-Type: application/json
Content-Length: 1112
Connection: keep-alive
Boulder-Requester: 87475406
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00026dsI-aBTzXCaoXzsEHCgkK-hzFHQ3wwPxdOUCPZVlO0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.collectionsbab.com"
  },
  "status": "valid",
  "expires": "2022-10-19T14:57:22Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "valid",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/155206210181/QrDQrA",
      "token": "CjfG2odFnbAoGpAyJvCFbr-NUx8a_GaFdEtF-Ofl2Gc",
      "validationRecord": [
        {
          "url": "http://www.collectionsbab.com/.well-known/acme-challenge/CjfG2odFnbAoGpAyJvCFbr-NUx8a_GaFdEtF-Ofl2Gc",
          "hostname": "www.collectionsbab.com",
          "port": "80",
          "addressesResolved": [
            "34.213.124.12"
          ],
          "addressUsed": "34.213.124.12"
        },
        {
          "url": "https://www.collectionsbab.com/.well-known/acme-challenge/CjfG2odFnbAoGpAyJvCFbr-NUx8a_GaFdEtF-Ofl2Gc",
          "hostname": "www.collectionsbab.com",
          "port": "443",
          "addressesResolved": [
            "34.213.124.12"
          ],
          "addressUsed": "34.213.124.12"
        }
      ],
      "validated": "2022-09-19T14:57:21Z"
    }
  ]
}
2022-09-19 07:57:25,553:DEBUG:acme.client:Storing nonce: 00026dsI-aBTzXCaoXzsEHCgkK-hzFHQ3wwPxdOUCPZVlO0
2022-09-19 07:57:25,553:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-09-19 07:57:25,553:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-09-19 07:57:25,553:INFO:certbot.compat.misc:Running manual-cleanup-hook command: /letsencrypt/cleanup-hook.sh
2022-09-19 07:57:26,451:INFO:certbot.compat.misc:Output from manual-cleanup-hook command cleanup-hook.sh:
Found '/.nvmrc' with version <v8.17.0>
Now using node v8.17.0
Found '/.nvmrc' with version <v8.17.0>
Now using node v8.17.0
domain: collectionsbab.com
validation: 3PMx9mYVzA1QGZrpnIZ9qvgeg5daSVy3J1BiJu-Re0k.pBUIRjEbDdUYJx-jaxzebBQdgboRqDPwLZ8YYG8ew1g
token: 3PMx9mYVzA1QGZrpnIZ9qvgeg5daSVy3J1BiJu-Re0k
Found '/.nvmrc' with version <v8.17.0>
Now using node v8.17.0
===== updateSSL =====
DOMAIN  collectionsbab.com
VALIDATION_NAME  false
VALIDATION_CONTENT  false
Querying domain collectionsbab.com
Done!

2022-09-19 07:57:26,452:INFO:certbot.compat.misc:Running manual-cleanup-hook command: /letsencrypt/cleanup-hook.sh
2022-09-19 07:57:27,365:INFO:certbot.compat.misc:Output from manual-cleanup-hook command cleanup-hook.sh:
Found '/.nvmrc' with version <v8.17.0>
Now using node v8.17.0
Found '/.nvmrc' with version <v8.17.0>
Now using node v8.17.0
domain: www.collectionsbab.com
validation: CjfG2odFnbAoGpAyJvCFbr-NUx8a_GaFdEtF-Ofl2Gc.pBUIRjEbDdUYJx-jaxzebBQdgboRqDPwLZ8YYG8ew1g
token: CjfG2odFnbAoGpAyJvCFbr-NUx8a_GaFdEtF-Ofl2Gc
Found '/.nvmrc' with version <v8.17.0>
Now using node v8.17.0
===== updateSSL =====
DOMAIN  www.collectionsbab.com
VALIDATION_NAME  false
VALIDATION_CONTENT  false
Querying domain collectionsbab.com
Done!

2022-09-19 07:57:27,365:DEBUG:acme.client:JWS payload:
{
  "csr": "MIIC7DCCAdQCAQAwXzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRAwDgYDVQQHEwdGcmVtb250MRAwDgYDVQQKEwdUZWVDaGlwMR8wHQYDVQQDExZ3d3cuY29sbGVjdGlvbnNiYWIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsdY_9eMg1mA0qhc7hE7SH78rsl-fknEdxv1-hi7Fcbl0KLoLrPuOyA0HmLFqu5onnF-jI7yQLcZp-BpB0i3FlX64lNo-K9JawhocsWTiwZzD0nf94J0gaErUjTdKtYdgmId-DI1WwyBTJF9-HY3-OmSt60mmsu211rk3ZECKd79F8Kj_4Y6y2SYRCNBLIi3M8P-q5e5fGNly66Pdl22RLIZcrDn5tNXaUc8V2f-5OTPQSlRnCSIrpQ1mGaW70PEpvqfM57obs2-S4bPGO_BwCVlQ3kYtsWjA3-kRVcBW16g-pdysKVm2YxeIpGQJCmN5eGpVJcpzBSvyM8DnWBCawIDAQABoEgwRgYJKoZIhvcNAQkOMTkwNzA1BgNVHREELjAsghZ3d3cuY29sbGVjdGlvbnNiYWIuY29tghJjb2xsZWN0aW9uc2JhYi5jb20wDQYJKoZIhvcNAQEFBQADggEBACsD5QalncJR-dqBSGkU97F0ZrhITujwaFMwcXvdSakEbyt5B0_PhhO0VkHHzxVc_jqDr9yR3t6L__TeJimT8vHPC25NGEhpiwo35UOpIF6yLdFGRDro7ava4vxzIkqfP05BoZhpu1hZK07Nlj5aY8RnTyBBNmlfuBuUFvlICw6P10I_ojWqjaFaNN1HCLxGZ_zpvGuhSVTkWkdyWXT516KCH5_uNfIREMqprMzvgR_kQXLr-0CFCj7WyFkuk_v2n4vrw24Ix2Gc-V2pLqzIDAM_eLJkjQQTiPl0fjTb6qocGTXlk2T-_jf3Pm1uYbiK_Si_bvE_ZSFN3aqXh70Q9Pw"
}
2022-09-19 07:57:27,373:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/finalize/87475406/126956833561:
{
  "protected": "eyJub25jZSI6ICIwMDAyNmRzSS1hQlR6WENhb1h6c0VIQ2drSy1oekZIUTN3d1B4ZE9VQ1BaVmxPMCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvZmluYWxpemUvODc0NzU0MDYvMTI2OTU2ODMzNTYxIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzg3NDc1NDA2IiwgImFsZyI6ICJSUzI1NiJ9",
  "payload": "ewogICJjc3IiOiAiTUlJQzdEQ0NBZFFDQVFBd1h6RUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdUQWtOQk1SQXdEZ1lEVlFRSEV3ZEdjbVZ0YjI1ME1SQXdEZ1lEVlFRS0V3ZFVaV1ZEYUdsd01SOHdIUVlEVlFRREV4WjNkM2N1WTI5c2JHVmpkR2x2Ym5OaVlXSXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFtc2RZXzllTWcxbUEwcWhjN2hFN1NINzhyc2wtZmtuRWR4djEtaGk3RmNibDBLTG9MclB1T3lBMEhtTEZxdTVvbm5GLWpJN3lRTGNacC1CcEIwaTNGbFg2NGxOby1LOUphd2hvY3NXVGl3WnpEMG5mOTRKMGdhRXJValRkS3RZZGdtSWQtREkxV3d5QlRKRjktSFkzLU9tU3Q2MG1tc3UyMTFyazNaRUNLZDc5RjhLal80WTZ5MlNZUkNOQkxJaTNNOFAtcTVlNWZHTmx5NjZQZGwyMlJMSVpjckRuNXROWGFVYzhWMmYtNU9UUFFTbFJuQ1NJcnBRMW1HYVc3MFBFcHZxZk01N29iczItUzRiUEdPX0J3Q1ZsUTNrWXRzV2pBMy1rUlZjQlcxNmctcGR5c0tWbTJZeGVJcEdRSkNtTjVlR3BWSmNwekJTdnlNOERuV0JDYXdJREFRQUJvRWd3UmdZSktvWklodmNOQVFrT01Ua3dOekExQmdOVkhSRUVMakFzZ2haM2QzY3VZMjlzYkdWamRHbHZibk5pWVdJdVkyOXRnaEpqYjJ4c1pXTjBhVzl1YzJKaFlpNWpiMjB3RFFZSktvWklodmNOQVFFRkJRQURnZ0VCQUNzRDVRYWxuY0pSLWRxQlNHa1U5N0YwWnJoSVR1andhRk13Y1h2ZFNha0VieXQ1QjBfUGhoTzBWa0hIenhWY19qcURyOXlSM3Q2TF9fVGVKaW1UOHZIUEMyNU5HRWhwaXdvMzVVT3BJRjZ5TGRGR1JEcm83YXZhNHZ4eklrcWZQMDVCb1pocHUxaFpLMDdObGo1YVk4Um5UeUJCTm1sZnVCdVVGdmxJQ3c2UDEwSV9valdxamFGYU5OMUhDTHhHWl96cHZHdWhTVlRrV2tkeVdYVDUxNktDSDVfdU5mSVJFTXFwck16dmdSX2tRWExyLTBDRkNqN1d5Rmt1a192Mm40dnJ3MjRJeDJHYy1WMnBMcXpJREFNX2VMSmtqUVFUaVBsMGZqVGI2cW9jR1RYbGsyVC1famYzUG0xdVliaUtfU2lfYnZFX1pTRk4zYXFYaDcwUTlQdyIKfQ",
  "signature": "SK9UKZ4E7dVgbkPQ07C-uzLqV3Le41_s7q80SD1xiri12IJejxMOO6AvX2VRccvLuf2JnMR8UKR7VoNrFSxIasEOFynMQ3I23Gn43irkQpG1LKm9toEd82dsJ4rZQsTLWT6oeV82A7SPriBbxN2sSjobTjT0VKjwNitt-ApjdcrG6pEDSfSX4Gnxr3Xo4e9kWF6Gr9ig4Y5HXNtY7mH84LBvy_SvD1IR9MYVMAZDOJzX9Gb9buH4KoxXGsRoovAT7bpL-43NS50xnTbKsm-m0UPPsPEdLVo1Ei9U8D3tuVzpPtP1u9ZlWUgHIUtT_SgYDd_4OOvI6faw81bdWM5VteZ3fMg8KlKFjR5nsIwj1TKag_UmFGJi9RoOPjhF9GgreH1ZyyFVj-xtjD-N_8ASgoYo2vYuLTwmALeoLCPa301OkPj-6FThVS14CKTX0GIugxnV6B_ha-JjK-DWw0NYlkl5UgWJZ9nDi3z7VVtSA1UlNEvnudpXmL8DplqhHYzgGWImlfQKa5Mg6eTPyv_Tl9bzUNoPYJC92oQ3U_E_p6WsKyYa-_eGrTs4HyXkbjtqLaLdsbGe-lzrYd_Rpdz_YZB9xSeLewijWdSIXSjQhzJDOPGYyoM1cm7oyK3KDjKr_XWBJ3gaIEl9O8b9hGejlJyXB1w27Erv-Zoevvvon1c"
}
2022-09-19 07:57:27,501:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/finalize/87475406/126956833561 HTTP/1.1" 400 141
2022-09-19 07:57:27,502:DEBUG:acme.client:Received response:
HTTP 400
Server: nginx
Date: Mon, 19 Sep 2022 14:57:27 GMT
Content-Type: application/problem+json
Content-Length: 141
Connection: keep-alive
Boulder-Requester: 87475406
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001GO5mfh4KFLa9zXRYmoyDVdzZFxu187Opmvq6lTLq1II

{
  "type": "urn:ietf:params:acme:error:badCSR",
  "detail": "Error finalizing order :: signature algorithm not supported",
  "status": 400
}
2022-09-19 07:57:27,502:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py", line 1362, in main
    return config.func(config, plugins)
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py", line 1229, in certonly
    cert_path, fullchain_path = _csr_get_and_save_cert(config, le_client)
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py", line 1148, in _csr_get_and_save_cert
    cert, chain = le_client.obtain_certificate_from_csr(csr)
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/client.py", line 293, in obtain_certificate_from_csr
    fetch_alternative_chains=get_alt_chains)
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/acme/client.py", line 925, in finalize_order
    return self.client.finalize_order(orderr, deadline, fetch_alternative_chains)
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/acme/client.py", line 752, in finalize_order
    self._post(orderr.body.finalize, wrapped_csr)
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/acme/client.py", line 97, in _post
    return self.net.post(*args, **kwargs)
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/acme/client.py", line 1201, in post
    return self._post_once(*args, **kwargs)
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/acme/client.py", line 1214, in _post_once
    response = self._check_response(response, content_type=content_type)
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/acme/client.py", line 1072, in _check_response
    raise messages.Error.from_json(jobj)
Error: urn:ietf:params:acme:error:badCSR :: The CSR is unacceptable (e.g., due to a short key) :: Error finalizing order :: signature algorithm not supported
2022-09-19 07:57:27,503:ERROR:certbot._internal.log:An unexpected error occurred:
2022-09-19 07:57:27,503:ERROR:certbot._internal.log:The CSR is unacceptable (e.g., due to a short key) :: Error finalizing order :: signature algorithm not supported

My web server is (include version):
Nginx 1.16

The operating system my web server runs on is (include version):
Ubuntu 14.04.1 LTS

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):1.9.0

We actually have several domains that we are using letsencrypt. And our SSL generation process was working fine until Sept 15, it suddenly started to fail (all of our domains fail with the same badCSR error).

Does anyone have any clues on what we can review / debug to unblock this?

rg305 · September 19, 2022, 3:47pm

Hi @chrissp, and welcome to the LE community forum

Please read: Rejecting SHA-1 CSRs and validation using TLS 1.0 / 1.1 URLs

I see:

[which went EOF in April, 2019]

What version of OpenSSL are you using?
What is the process being used to create the CSR file?

chrissp · September 19, 2022, 5:14pm

Hi rg305.

Thanks for the kind welcome,

This is a very old legacy server, OpenSSL 1.0.1f 6 Jan 2014.

We use node-forge to generate the CSR:

function generateCSR(domain, aliasDomains, cb) {
  return forge.pki.rsa.generateKeyPair(2048, function(err, keys) {
    var csr, csrAttributes, csrExtensions, csrPem, keyPem;
    if (err) {
      return cb(err);
    }
    csr = forge.pki.createCertificationRequest();
    csr.publicKey = keys.publicKey;
    csrAttributes = CSR_SUBJECTS.slice();
    csrAttributes.push({
      shortName: 'CN',
      value: `www.${domain}`
    });
    csrExtensions = [
      {
        name: 'subjectAltName',
        altNames: _.flatten([domain].concat(aliasDomains).map(function(domainName) {
          return [
            {
              type: 2,
              value: `www.${domainName}`
            },
            {
              type: 2,
              value: `${domainName}`
            }
          ];
        }))
      }
    ];
    csr.setSubject(csrAttributes);
    csr.setAttributes([
      {
        name: 'extensionRequest',
        extensions: csrExtensions
      }
    ]);
    csr.sign(keys.privateKey);
    csrPem = forge.pki.certificationRequestToPem(csr);
    keyPem = forge.pki.privateKeyToPem(keys.privateKey);
    return cb(null, {csrPem, keyPem});
  });
};

rg305 · September 19, 2022, 5:17pm

Can you upgrade OpenSSL?

chrissp · September 19, 2022, 5:24pm

Yeah, we can try with a newer OpenSSL version, actually we will try to run our process in a newer OS and see if that fixes it.

petercooperjr · September 19, 2022, 5:41pm

Actually, if the CSR is being made by node-forge, then you probably either need to configure it to use SHA-256 or you need to update it or something. I don't know as OpenSSL is actually involved.

It looks like they know their default of SHA-1 is bad:

But I don't see in a quick glance through how to configure it to use a different hash type. But it may be in there somewhere.

rg305 · September 19, 2022, 5:47pm

To upgrade OpenSSL on ubuntu 14, try:

openssl version
 [OpenSSL 1.0.1f 6 Jan 2014]
cd /usr/local/src/
wget https://www.openssl.org/source/openssl-1.1.1q.tar.gz --no-check-certificate
tar -xf openssl-1.1.1q.tar.gz
cd  openssl-1.1.1q
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
make
make test
make install
cd /etc/ld.so.conf.d/
vi openssl-1.1.1q.conf
 [add: /usr/local/ssl/lib]
sudo ldconfig -v
mv /usr/bin/c_rehash /usr/bin/c_rehash.BCKUP
mv /usr/bin/openssl /usr/bin/openssl.BCKUP
vi /etc/environment
 [update: PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/ssl/bin"]
source /etc/environment
echo $PATH
which openssl
 [/usr/local/ssl/bin/openssl]
openssl version
 [OpenSSL 1.1.1q  5 Jul 2022]

chrissp · September 19, 2022, 6:51pm

Looks like this was it!

We had to update the last parameter of the sign() function to use SHA-256. Thanks for the help!!

csr.sign(keys.privateKey, forge.md.sha256.create());

Bruce5051 · September 19, 2022, 10:13pm

And along with what @petercooperjr has said, need TLS v1.2 or greater presently.