Unauthorized response on Certbot


#1

I’m getting this error on a trying to run certbot:

certbot certonly -d collabora.ariquemes.ifro.edu.br

How would you like to authenticate with the ACME CA?

1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Plugins selected: Authenticator standalone, Installer None

Obtaining a new certificate

Performing the following challenges:
http-01 challenge for collabora.ariquemes.ifro.edu.br
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. collabora.ariquemes.ifro.edu.br (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://collabora.ariquemes.ifro.edu.br/.well-known/acme-challenge/D1qo4ywfn_7PwHFT0Y_0G5DCTqJ5XH4fJMLEkaf_m3M [186.219.240.80]: "<html>\r\n<head>\r\n\t<meta http-equiv=“Content-Type” content=“text/html;charset=windows-1251”>\r\n\t<title>“http://collabora.ariquemes.”

IMPORTANT NOTES:

Additional infos
certbot 0.23.0
Ubuntu Server 18.04 LTS
My Own Vmware Virtual Server
Domain and IP: collabora.ariquemes.ifro.edu.br 186.219.240.80


#2

Hi @habeascorpse

it’s hard to debug standalone. Normally, that should always work. Because it creates an own webserver.

But checking your domain there are only timeouts.

Is there a running webserver you can use?

Is port 80 open?

Letsencrypt has seen an answer, but the answer is wrong.

But

your certbot is very old. Perhaps update.


#3

i update certbot to 0.31 version… but continues the same.

here the verbose logging:

Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator None and installer None
Multiple candidate plugins: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0x7f2ac9de55c0>
Prep: True

  • webroot
    Description: Place files in webroot directory
    Interfaces: IAuthenticator, IPlugin
    Entry point: webroot = certbot.plugins.webroot:Authenticator
    Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f2acdf56080>
    Prep: True

How would you like to authenticate with the ACME CA?


1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Selected authenticator <certbot.plugins.standalone.Authenticator object at 0x7f2ac9de55c0> and installer None
Plugins selected: Authenticator standalone, Installer None
Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f2ac9dfb4e0>)>), contact=(‘mailto:cgti.ariquemes@ifro.edu.br’,), agreement=‘s://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf’, status=‘valid’, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri=‘s://acme-v01.api.letsencrypt.org/acme/reg/55277072’, new_authzr_uri=‘s://acme-v01.api.letsencrypt.org/acme/new-authz’, terms_of_service=‘s://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf’), 4fa8c62324d2999b012ebd5ddb7be7e8, Meta(creation_dt=datetime.datetime(2019, 4, 15, 19, 30, 58, tzinfo=), creation_host=‘storage-01’))>
Sending GET request to s://acme-v02.api.letsencrypt.org/directory.
Starting new S connection (1): acme-v02.api.letsencrypt.org
s://acme-v02.api.letsencrypt.org:443 “GET /directory /1.1” 200 658
Received response:
200
Server: nginx
Content-Type: application/json
Content-Length: 658
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 Apr 2019 16:44:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Apr 2019 16:44:12 GMT
Connection: keep-alive

{
“7aJRPvMNOp8”: “s://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417”,
“keyChange”: “s://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
letsencrypt.org
],
“termsOfService”: “s://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “s://letsencrypt.org”
},
“newAccount”: “s://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “s://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “s://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “s://acme-v02.api.letsencrypt.org/acme/revoke-cert”
}
Obtaining a new certificate
Generating key (2048 bits): /etc/letsencrypt/keys/0009_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0009_csr-certbot.pem
Requesting fresh nonce
Sending HEAD request to s://acme-v02.api.letsencrypt.org/acme/new-nonce.
s://acme-v02.api.letsencrypt.org:443 “HEAD /acme/new-nonce /1.1” 200 0
Received response:
200
Server: nginx
Link: <s://acme-v02.api.letsencrypt.org/directory>;rel=“index”
Replay-Nonce: oGX39TPKoXkT1ogrozd-S2xPRI1ngtSpF8gHVAaX13g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Content-Length: 0
Expires: Tue, 16 Apr 2019 16:44:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Apr 2019 16:44:12 GMT
Connection: keep-alive

Storing nonce: oGX39TPKoXkT1ogrozd-S2xPRI1ngtSpF8gHVAaX13g
JWS payload:
b’{\n “identifiers”: [\n {\n “type”: “dns”,\n “value”: “collabora.ariquemes.ifro.edu.br”\n }\n ]\n}’
Sending POST request to s://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81NTI3NzA3MiIsICJub25jZSI6ICJvR1gzOVRQS29Ya1Qxb2dyb3pkLVMyeFBSSTFuZ3RTcEY4Z0hWQWFYMTNnIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ”,
“signature”: “jmQ_2yAtiPOS79JEX9RyZGneTwM3jWFk-dnzt2W2B7-35XtCg_–0ITrLWiW7ul2yo9eqNviqHyGyZO8tjWQWL22k6feXp-Qbz_w8WuwAP81jne8Mb3fV4CoH8-lwm3OXS643hHjmA6zWBy4AOf0eyFeTUljfmMc2DMrzN8PVrmktMZSg97wBtdyq2_LFdNX4_KKkjLVYP0rho5q4n5tGLFPssI7StemZKLwwA03lQVmyDIi6m4deiV6MxSFZBFxoLRiWr-OQaUIbRkeh0j_snzotBCtUpbVsQ6WWMirO1WpoQukNPCGUxN2J_IUI5XbryXWKbvxpzM3mNYWGpugeA”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImNvbGxhYm9yYS5hcmlxdWVtZXMuaWZyby5lZHUuYnIiCiAgICB9CiAgXQp9”
}
s://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order /1.1” 201 390
Received response:
201
Server: nginx
Content-Type: application/json
Content-Length: 390
Boulder-Requester: 55277072
Link: <s://acme-v02.api.letsencrypt.org/directory>;rel=“index”
Location: s://acme-v02.api.letsencrypt.org/acme/order/55277072/402298313
Replay-Nonce: oIkSoH5tWHBzqvimbwYb-uGFkwh6oO3bFxNdjTnF0ms
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 Apr 2019 16:44:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Apr 2019 16:44:12 GMT
Connection: keep-alive

{
“status”: “pending”,
“expires”: “2019-04-23T16:44:12.781770577Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “collabora.ariquemes.ifro.edu.br”
}
],
“authorizations”: [
“s://acme-v02.api.letsencrypt.org/acme/authz/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ”
],
“finalize”: “s://acme-v02.api.letsencrypt.org/acme/finalize/55277072/402298313”
}
Storing nonce: oIkSoH5tWHBzqvimbwYb-uGFkwh6oO3bFxNdjTnF0ms
JWS payload:
b’’
Sending POST request to s://acme-v02.api.letsencrypt.org/acme/authz/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81NTI3NzA3MiIsICJub25jZSI6ICJvSWtTb0g1dFdIQnpxdmltYndZYi11R0Zrd2g2b08zYkZ4TmRqVG5GMG1zIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei9PNjRJNWhYcXZLNkQxMHNTUTFTal9xNWVYZURTLUpzUEZnbjRrcEZ3UHlRIn0”,
“signature”: “l_vab13KPGt6YJcm_YP_6MFaQSoIT8fhQkCd6Cq90ypX9ymLYL8zCC3_FYkWxb4rU-yqMstIO5g3bE2t8jnxf-ZZjpBpu8zr3hPLb0a_p3o3o656yJsr609MNRev5_oEzeF6YN3_o57v3L5RzMBSPANlA_dVwu3NMQcLB_9boVrO8d3QyVAXgOIIW0PW1UBhgX_nuJzquySHq4cnjKcd01oR-FATDahq67yP45DeC__eON4fFItuNKAR-za67SQZkP7HyaIGxq-TN6wIwr8tZ-zaU-JgyqIjj485WXMJ7t2T1YBNuMPGVVAveep5iH32xVen8X6bkjg5F29ABpKGjw”,
“payload”: “”
}
s://acme-v02.api.letsencrypt.org:443 “POST /acme/authz/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ /1.1” 200 926
Received response:
200
Server: nginx
Content-Type: application/json
Content-Length: 926
Boulder-Requester: 55277072
Link: <s://acme-v02.api.letsencrypt.org/directory>;rel=“index”
Replay-Nonce: qgvOfRQxBO52V1R0DMAuyfiWAkKV0JQrQ8UsSP9-mSw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 Apr 2019 16:44:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Apr 2019 16:44:13 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “collabora.ariquemes.ifro.edu.br”
},
“status”: “pending”,
“expires”: “2019-04-23T16:44:12Z”,
“challenges”: [
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “s://acme-v02.api.letsencrypt.org/acme/challenge/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ/14839678263”,
“token”: “wB7Vlyl0TP489ELVTsjYrE9-FMXyd0sG5rfLCXTg2go”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “s://acme-v02.api.letsencrypt.org/acme/challenge/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ/14839678266”,
“token”: “YX3eaWRNY2QWbZ-I0IzUsxMf0BMEVgBo4aVAQwwC4Ko”
},
{
“type”: “-01”,
“status”: “pending”,
“url”: “s://acme-v02.api.letsencrypt.org/acme/challenge/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ/14839678267”,
“token”: “9yRFUkTyNaSBt596ethSeTD87PoUrK48BFWb9HrMzBg”
}
]
}
Storing nonce: qgvOfRQxBO52V1R0DMAuyfiWAkKV0JQrQ8UsSP9-mSw
Performing the following challenges:
-01 challenge for collabora.ariquemes.ifro.edu.br
Successfully bound to :80 using IPv6
Certbot wasn’t able to bind to :80 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
Waiting for verification…


Challenges loaded. Press continue to submit to CA. Pass “-v” for more info about
challenges.


Press Enter to Continue
JWS payload:
b’{\n “resource”: “challenge”,\n “keyAuthorization”: “9yRFUkTyNaSBt596ethSeTD87PoUrK48BFWb9HrMzBg.FeSimbkkjzvzKi9Fni7Mfvg9Gk8d6jLWB6HyDm5p_IM”,\n “type”: “-01”\n}’
Sending POST request to s://acme-v02.api.letsencrypt.org/acme/challenge/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ/14839678267:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81NTI3NzA3MiIsICJub25jZSI6ICJxZ3ZPZlJReEJPNTJWMVIwRE1BdXlmaVdBa0tWMEpRclE4VXNTUDktbVN3IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvTzY0STVoWHF2SzZEMTBzU1ExU2pfcTVlWGVEUy1Kc1BGZ240a3BGd1B5US8xNDgzOTY3ODI2NyJ9”,
“signature”: “OeXCWTMe9-3K6246XqiaMyiqww7E3vQFFLC3duBQjqHNLkAMazLiPMs_9IQhFy4WwrNRDj_Xwy1hzwn5qDV7H17tUq1jP-jqh4COQYbWw2YDVh7ET_GI02YA98P9U7uXvAF_fUTdtlH1iMYB8FLqQrLOtwmEI5EFF-mDJeNiIhKe1EygukRJn5Lzug9C8ApMEACRFIEkuJQCA8Sf70L9mxZ1oz9_Cl9LAEPWEIWI99FyeZM-2L4mYPZ4tOp_fEGY5jpCViRTKGO0jTP5OYXPcnCz2jtAj9BvYJerdTlX_M4a1aSnBK1TBCjqXHr7sGDs-t1kOlXzuv0FKTGImhFiYA”,
“payload”: “ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJrZXlBdXRob3JpemF0aW9uIjogIjl5UkZVa1R5TmFTQnQ1OTZldGhTZVREODdQb1VySzQ4QkZXYjlIck16QmcuRmVTaW1ia2tqenZ6S2k5Rm5pN01mdmc5R2s4ZDZqTFdCNkh5RG01cF9JTSIsCiAgInR5cGUiOiAiaHR0cC0wMSIKfQ”
}
s://acme-v02.api.letsencrypt.org:443 “POST /acme/challenge/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ/14839678267 /1.1” 200 224
Received response:
200
Server: nginx
Content-Type: application/json
Content-Length: 224
Boulder-Requester: 55277072
Link: <s://acme-v02.api.letsencrypt.org/directory>;rel=“index”, <s://acme-v02.api.letsencrypt.org/acme/authz/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ>;rel=“up”
Location: s://acme-v02.api.letsencrypt.org/acme/challenge/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ/14839678267
Replay-Nonce: wo6pwwYHgpXTghN4IR9TWX2DrWl8GZ0pQeRvovna2NI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 Apr 2019 16:44:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Apr 2019 16:44:16 GMT
Connection: keep-alive

{
“type”: “-01”,
“status”: “pending”,
“url”: “s://acme-v02.api.letsencrypt.org/acme/challenge/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ/14839678267”,
“token”: “9yRFUkTyNaSBt596ethSeTD87PoUrK48BFWb9HrMzBg”
}
Storing nonce: wo6pwwYHgpXTghN4IR9TWX2DrWl8GZ0pQeRvovna2NI
JWS payload:
b’’
Sending POST request to s://acme-v02.api.letsencrypt.org/acme/authz/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81NTI3NzA3MiIsICJub25jZSI6ICJ3bzZwd3dZSGdwWFRnaE40SVI5VFdYMkRyV2w4R1owcFFlUnZvdm5hMk5JIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei9PNjRJNWhYcXZLNkQxMHNTUTFTal9xNWVYZURTLUpzUEZnbjRrcEZ3UHlRIn0”,
“signature”: “B6Txxu0nQqg7oEPYhQUX7_3OzYWl-nMTbT5meIiPmO4Pm4TocnFNeznmej_pUWuB24ckV2kNJfgHzvi2u2Pu341YcXuTeXg6ky_nqKzPx3RAgf1QEnBAyV17_-s-y1BYIHphShTULq7bBxFzECoSnWBBgWntjYJi2ZOzCpDYxOjwnaj_IfCpniH1PCd2t2gOCEKu28-guMYPOIEFSJxlMYbIcY35ekVYk5ECuhTBXTDQ8kwrmbzhvK8QsOWBRygTfjeuoirR1oeIS_eO6wk2qz644wlH0YCv0fDkENzXkKmwxbV6XHFSM7qYY8V-dOBxgr0MOo9WsoU1BTckGy9j8w”,
“payload”: “”
}
s://acme-v02.api.letsencrypt.org:443 “POST /acme/authz/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ /1.1” 200 926
Received response:
200
Server: nginx
Content-Type: application/json
Content-Length: 926
Boulder-Requester: 55277072
Link: <s://acme-v02.api.letsencrypt.org/directory>;rel=“index”
Replay-Nonce: fqtLDIXV5fkvypUtwMA8fr7ugwkf0dsRD2xf_CL3Q6w
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 Apr 2019 16:44:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Apr 2019 16:44:19 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “collabora.ariquemes.ifro.edu.br”
},
“status”: “pending”,
“expires”: “2019-04-23T16:44:12Z”,
“challenges”: [
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “s://acme-v02.api.letsencrypt.org/acme/challenge/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ/14839678263”,
“token”: “wB7Vlyl0TP489ELVTsjYrE9-FMXyd0sG5rfLCXTg2go”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “s://acme-v02.api.letsencrypt.org/acme/challenge/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ/14839678266”,
“token”: “YX3eaWRNY2QWbZ-I0IzUsxMf0BMEVgBo4aVAQwwC4Ko”
},
{
“type”: “-01”,
“status”: “pending”,
“url”: “s://acme-v02.api.letsencrypt.org/acme/challenge/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ/14839678267”,
“token”: “9yRFUkTyNaSBt596ethSeTD87PoUrK48BFWb9HrMzBg”
}
]
}
Storing nonce: fqtLDIXV5fkvypUtwMA8fr7ugwkf0dsRD2xf_CL3Q6w
JWS payload:
b’’
Sending POST request to s://acme-v02.api.letsencrypt.org/acme/authz/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81NTI3NzA3MiIsICJub25jZSI6ICJmcXRMRElYVjVma3Z5cFV0d01BOGZyN3Vnd2tmMGRzUkQyeGZfQ0wzUTZ3IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei9PNjRJNWhYcXZLNkQxMHNTUTFTal9xNWVYZURTLUpzUEZnbjRrcEZ3UHlRIn0”,
“signature”: “SPMwJ7rBL2o06cgQkrSQ070axDgsEoYu6SLh2pg9lCTEiv6KgKOVqpRm9ZpFR9x19oRBGaP7DQZrDAJUdVMKFP26dpN9McWH7R5INPX_DmNrXq9ZnGQ2Gkrnt2u0kWRJ6rajg7qfaogyP4R0QC6REN87q3E-JrPxkndXy0PNJawcn2REdqms1UqBFuTGdyq82ePUTZkVMiGGxgk_xCGe2OyxKCZH9wmzVAFfvZlD73h2ZZcmNJv7rbvJZJmdze2BbeRaJbgzJpBNVE_10_qkYRvTEY4eJmyE9-P4OZd1bf8aNeq7uvMGHaPQvkxRQ27590q21Qu9wE_2rw3P5G836w”,
“payload”: “”
}
s://acme-v02.api.letsencrypt.org:443 “POST /acme/authz/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ /1.1” 200 926
Received response:
200
Server: nginx
Content-Type: application/json
Content-Length: 926
Boulder-Requester: 55277072
Link: <s://acme-v02.api.letsencrypt.org/directory>;rel=“index”
Replay-Nonce: 2jjV2ZXvBT1T2Ta4FpSW5FZFzNvtqYzWZWFJRvZ7BAE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 Apr 2019 16:44:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Apr 2019 16:44:22 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “collabora.ariquemes.ifro.edu.br”
},
“status”: “pending”,
“expires”: “2019-04-23T16:44:12Z”,
“challenges”: [
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “s://acme-v02.api.letsencrypt.org/acme/challenge/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ/14839678263”,
“token”: “wB7Vlyl0TP489ELVTsjYrE9-FMXyd0sG5rfLCXTg2go”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “s://acme-v02.api.letsencrypt.org/acme/challenge/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ/14839678266”,
“token”: “YX3eaWRNY2QWbZ-I0IzUsxMf0BMEVgBo4aVAQwwC4Ko”
},
{
“type”: “-01”,
“status”: “pending”,
“url”: “s://acme-v02.api.letsencrypt.org/acme/challenge/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ/14839678267”,
“token”: “9yRFUkTyNaSBt596ethSeTD87PoUrK48BFWb9HrMzBg”
}
]
}
Storing nonce: 2jjV2ZXvBT1T2Ta4FpSW5FZFzNvtqYzWZWFJRvZ7BAE
JWS payload:
b’’
Sending POST request to s://acme-v02.api.letsencrypt.org/acme/authz/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81NTI3NzA3MiIsICJub25jZSI6ICIyampWMlpYdkJUMVQyVGE0RnBTVzVGWkZ6TnZ0cVl6V1pXRkpSdlo3QkFFIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei9PNjRJNWhYcXZLNkQxMHNTUTFTal9xNWVYZURTLUpzUEZnbjRrcEZ3UHlRIn0”,
“signature”: “WueSLlq7cPWdyZMz7Gqfz1I7CDBMWBc1V9AYMyAl2OlGh1MD8oK7vZsZLCanGlTLh_pxUCfVI-eUU4lqYABKIFNjlotGmSSHatdELMESvm07N4N59vT1VjpQ1x8eq5EWiusc-FaBQz8aKhq_Ni5edyKDuXHBnY6J-i6yWVGWNR7gKwzJ9mZIoVOo9Ojjm10Oe9EuAHWeE_rPfsBhQYlX2rb9JIzvr6hnse10jJsFc29xWoKptQoYAbgrb6Fh35cnPJOjWRspJwKZDvf16ny-ZvTQgVOZ7-3TOxYYCIvZXCEph8ZsK3yAdLI52HHAQIkMDxRHe0yMQNlGpb5pp0BbbQ”,
“payload”: “”
}
s://acme-v02.api.letsencrypt.org:443 “POST /acme/authz/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ /1.1” 200 926
Received response:
200
Server: nginx
Content-Type: application/json
Content-Length: 926
Boulder-Requester: 55277072
Link: <s://acme-v02.api.letsencrypt.org/directory>;rel=“index”
Replay-Nonce: 3xBHc3DZ6gKODG9o0ONDCoGmnEtgYFg_bDO9UF99kTs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 Apr 2019 16:44:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Apr 2019 16:44:26 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “collabora.ariquemes.ifro.edu.br”
},
“status”: “pending”,
“expires”: “2019-04-23T16:44:12Z”,
“challenges”: [
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “s://acme-v02.api.letsencrypt.org/acme/challenge/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ/14839678263”,
“token”: “wB7Vlyl0TP489ELVTsjYrE9-FMXyd0sG5rfLCXTg2go”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “s://acme-v02.api.letsencrypt.org/acme/challenge/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ/14839678266”,
“token”: “YX3eaWRNY2QWbZ-I0IzUsxMf0BMEVgBo4aVAQwwC4Ko”
},
{
“type”: “-01”,
“status”: “pending”,
“url”: “s://acme-v02.api.letsencrypt.org/acme/challenge/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ/14839678267”,
“token”: “9yRFUkTyNaSBt596ethSeTD87PoUrK48BFWb9HrMzBg”
}
]
}
Storing nonce: 3xBHc3DZ6gKODG9o0ONDCoGmnEtgYFg_bDO9UF99kTs
JWS payload:
b’’
Sending POST request to s://acme-v02.api.letsencrypt.org/acme/authz/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81NTI3NzA3MiIsICJub25jZSI6ICIzeEJIYzNEWjZnS09ERzlvME9ORENvR21uRXRnWUZnX2JETzlVRjk5a1RzIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei9PNjRJNWhYcXZLNkQxMHNTUTFTal9xNWVYZURTLUpzUEZnbjRrcEZ3UHlRIn0”,
“signature”: “Ul2v0ckCxUQbF5rtW16ry1W-eidiEMR8Gm1ELlujCSzfWg0G7Hs8RY2mpmc7HOLeB4AEL_BlWaH5hnIEXrVhz4GFHLheGnRQoF_I3P7Ghe15YiUMrwzwGqEtMIDecbPBQucvKAHLwmj0R-lucVYoW5ln5tGRZvj1P8sISFcvFa5Sg77vZ_emDFl7wx3QhCRgqLj-UdH0K_Kh6YpVunmCapPDJrVoRQD_fwaajnWXZxvJW8aRJ0pjIRMEpLkkQycoHdx3RjUSpP_kASeRtYBy_Et5W_flbCop4i-k0MFcjTqMyvOvPyOt0uYXAJqJaCgjOmV1XZbjbj_uoyvR-7SKFA”,
“payload”: “”
}
s://acme-v02.api.letsencrypt.org:443 “POST /acme/authz/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ /1.1” 200 1793
Received response:
200
Server: nginx
Content-Type: application/json
Content-Length: 1793
Boulder-Requester: 55277072
Link: <s://acme-v02.api.letsencrypt.org/directory>;rel=“index”
Replay-Nonce: zF219z6svySCzmtnjHhp0V0L_koo5rxS85mN3Xm0F-8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 Apr 2019 16:44:29 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Apr 2019 16:44:29 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “collabora.ariquemes.ifro.edu.br”
},
“status”: “invalid”,
“expires”: “2019-04-23T16:44:12Z”,
“challenges”: [
{
“type”: “tls-alpn-01”,
“status”: “invalid”,
“url”: “s://acme-v02.api.letsencrypt.org/acme/challenge/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ/14839678263”,
“token”: “wB7Vlyl0TP489ELVTsjYrE9-FMXyd0sG5rfLCXTg2go”
},
{
“type”: “dns-01”,
“status”: “invalid”,
“url”: “s://acme-v02.api.letsencrypt.org/acme/challenge/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ/14839678266”,
“token”: “YX3eaWRNY2QWbZ-I0IzUsxMf0BMEVgBo4aVAQwwC4Ko”
},
{
“type”: “-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from ://collabora.ariquemes.ifro.edu.br/.well-known/acme-challenge/9yRFUkTyNaSBt596ethSeTD87PoUrK48BFWb9HrMzBg [186.219.240.80]: “\u003chtml\u003e\r\n\u003chead\u003e\r\n\t\u003cmeta -equiv=\“Content-Type\” content=\“text/html;charset=windows-1251\”\u003e\r\n\t\u003ctitle\u003e\”://collabora.ariquemes.”",
“status”: 403
},
“url”: “s://acme-v02.api.letsencrypt.org/acme/challenge/O64I5hXqvK6D10sSQ1Sj_q5eXeDS-JsPFgn4kpFwPyQ/14839678267”,
“token”: “9yRFUkTyNaSBt596ethSeTD87PoUrK48BFWb9HrMzBg”,
“validationRecord”: [
{
“url”: “://collabora.ariquemes.ifro.edu.br/.well-known/acme-challenge/9yRFUkTyNaSBt596ethSeTD87PoUrK48BFWb9HrMzBg”,
“hostname”: “collabora.ariquemes.ifro.edu.br”,
“port”: “80”,
“addressesResolved”: [
“186.219.240.80”
],
“addressUsed”: “186.219.240.80”
}
]
}
]
}
Storing nonce: zF219z6svySCzmtnjHhp0V0L_koo5rxS85mN3Xm0F-8
Reporting to user: The following errors were reported by the server:

Domain: collabora.ariquemes.ifro.edu.br
Type: unauthorized
Detail: Invalid response from ://collabora.ariquemes.ifro.edu.br/.well-known/acme-challenge/9yRFUkTyNaSBt596ethSeTD87PoUrK48BFWb9HrMzBg [186.219.240.80]: “\r\n\r\n\t<meta -equiv=“Content-Type” content=“text/html;charset=windows-1251”>\r\n\t”://collabora.ariquemes."

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. collabora.ariquemes.ifro.edu.br (-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from ://collabora.ariquemes.ifro.edu.br/.well-known/acme-challenge/9yRFUkTyNaSBt596ethSeTD87PoUrK48BFWb9HrMzBg [186.219.240.80]: “\r\n\r\n\t<meta -equiv=“Content-Type” content=“text/html;charset=windows-1251”>\r\n\t”://collabora.ariquemes."

Calling registered functions
Cleaning up challenges
Stopping server at :::80…
Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.31.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1365, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1250, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 410, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. collabora.ariquemes.ifro.edu.br (-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from ://collabora.ariquemes.ifro.edu.br/.well-known/acme-challenge/9yRFUkTyNaSBt596ethSeTD87PoUrK48BFWb9HrMzBg [186.219.240.80]: “\r\n\r\n\t<meta -equiv=“Content-Type” content=“text/html;charset=windows-1251”>\r\n\t”://collabora.ariquemes."
Failed authorization procedure. collabora.ariquemes.ifro.edu.br (-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from ://collabora.ariquemes.ifro.edu.br/.well-known/acme-challenge/9yRFUkTyNaSBt596ethSeTD87PoUrK48BFWb9HrMzBg [186.219.240.80]: “\r\n\r\n\t<meta -equiv=“Content-Type” content=“text/html;charset=windows-1251”>\r\n\t”://collabora.ariquemes."

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: collabora.ariquemes.ifro.edu.br
    Type: unauthorized
    Detail: Invalid response from
    ://collabora.ariquemes.ifro.edu.br/.well-known/acme-challenge/9yRFUkTyNaSBt596ethSeTD87PoUrK48BFWb9HrMzBg
    [186.219.240.80]: “\r\n\r\n\t<meta
    -equiv=“Content-Type”
    content=“text/html;charset=windows-1251”>\r\n\t”://collabora.ariquemes."

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.


#4

I run a nginx reverse proxy, but when i tried certbot, i stopped first

Yes, i can access from others networks from anothers locations


#5

First check: Only timeouts.

Now it’s different ( https://check-your-website.server-daten.de/?q=collabora.ariquemes.ifro.edu.br ):

Domainname Http-Status redirect Sec. G
http://collabora.ariquemes.ifro.edu.br/
186.219.240.80 -14 10.027 T
Timeout - The operation has timed out
https://collabora.ariquemes.ifro.edu.br/
186.219.240.80 -2 1.824 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 186.219.240.80:443
http://collabora.ariquemes.ifro.edu.br/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
186.219.240.80 -2 3.667 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 186.219.240.80:80
Visible Content:

http + / has a timeout, http + /.well-known/acme-challenge/unknown-file looks like a blocking firewall or something else.

The problem is simple: Standalone should always work, it’s a new instance.

If Standalone doesn’t work, it isn’t used - another server answers and sends the wrong content, so Letsencrypt can’t validate the domain.


#6

sorry, but it was not responding because the nginx server was stopped. I stopped to run certbot as standalone option.