2023-05-21 18:16:50,927:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97 2023-05-21 18:16:51,080:DEBUG:certbot._internal.main:certbot version: 2.6.0 2023-05-21 18:16:51,080:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3024/bin/certbot 2023-05-21 18:16:51,080:DEBUG:certbot._internal.main:Arguments: ['--nginx', '--preconfigured-renewal'] 2023-05-21 18:16:51,080:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2023-05-21 18:16:51,087:DEBUG:certbot._internal.log:Root logging level set at 30 2023-05-21 18:16:51,088:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx 2023-05-21 18:16:51,252:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx Description: Nginx Web Server plugin Interfaces: Authenticator, Installer, Plugin Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator Initialized: Prep: True 2023-05-21 18:16:51,253:DEBUG:certbot._internal.plugins.selection:Selected authenticator and installer 2023-05-21 18:16:51,253:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx 2023-05-21 18:16:51,286:DEBUG:certbot._internal.main:Picked account: ), creation_host='plexserver.cara.kj', register_to_eff='keith@jonescc.co.uk'))> 2023-05-21 18:16:51,286:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. 2023-05-21 18:16:51,287:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443 2023-05-21 18:16:51,759:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752 2023-05-21 18:16:51,760:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sun, 21 May 2023 17:16:51 GMT Content-Type: application/json Content-Length: 752 Connection: keep-alive Cache-Control: public, max-age=0, no-cache X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "96cNgOR8eSs": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" } 2023-05-21 18:16:51,770:DEBUG:certbot.util:Not suggesting name "localhost" Traceback (most recent call last): File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/util.py", line 315, in get_filtered_names filtered_names.add(enforce_le_validity(name)) File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/util.py", line 507, in enforce_le_validity raise errors.ConfigurationError( certbot.errors.ConfigurationError: localhost needs at least two labels 2023-05-21 18:16:51,771:DEBUG:certbot.util:Not suggesting name "_" Traceback (most recent call last): File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/util.py", line 315, in get_filtered_names filtered_names.add(enforce_le_validity(name)) File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/util.py", line 501, in enforce_le_validity raise errors.ConfigurationError( certbot.errors.ConfigurationError: _ contains an invalid character. Valid characters are A-Z, a-z, 0-9, ., and -. 2023-05-21 18:16:51,771:DEBUG:certbot.util:Not suggesting name "192.168.1.110" Traceback (most recent call last): File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/util.py", line 315, in get_filtered_names filtered_names.add(enforce_le_validity(name)) File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/util.py", line 499, in enforce_le_validity domain = enforce_domain_sanity(domain) File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/util.py", line 559, in enforce_domain_sanity raise errors.ConfigurationError( certbot.errors.ConfigurationError: Requested name 192.168.1.110 is an IP address. The Let's Encrypt certificate authority will not issue certificates for a bare IP address. 2023-05-21 18:16:53,859:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for predictions.hopto.org 2023-05-21 18:16:53,867:DEBUG:acme.client:Requesting fresh nonce 2023-05-21 18:16:53,867:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce. 2023-05-21 18:16:54,000:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0 2023-05-21 18:16:54,001:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sun, 21 May 2023 17:16:53 GMT Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: ;rel="index" Replay-Nonce: 1AADQJh0B1E_JiemakNB48J533u7Arsj0DD0yUKSDof3-_E X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 2023-05-21 18:16:54,002:DEBUG:acme.client:Storing nonce: 1AADQJh0B1E_JiemakNB48J533u7Arsj0DD0yUKSDof3-_E 2023-05-21 18:16:54,002:DEBUG:acme.client:JWS payload: b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "predictions.hopto.org"\n }\n ]\n}' 2023-05-21 18:16:54,011:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTEyMDY4NzAxNyIsICJub25jZSI6ICIxQUFEUUpoMEIxRV9KaWVtYWtOQjQ4SjUzM3U3QXJzajBERDB5VUtTRG9mMy1fRSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0", "signature": "J5AK2MABE5nvAKGjjB92R_SuJGrHk91BcZtZGZ_B8OugnqfZetnhmbaryhwl-Vj3pOiBQ8XdZZtUOL6nlsdmO9uZQ51zvKwVMpbewn4ekXftBtFTCYGNJGFepHFLTbryfb-9XMnwcnHDVGqAgeyc50V4SVbpRGloPNIwhCAwbFLjf463mZmcHiHRHgWFCfke8TDfuazw3mFB0yllQAce1FpaiMMq70Fii-zbVddU9xtWmQVy9Vy89tzyjapTlTWuOJxc8bTskzs9hyez4CYL-2h0BI81p-TDB5vX5OCXSbCmV7yNErKIVMHI2x_haU4jNUsVftXGiUSqeqHOYp7ZUg", "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInByZWRpY3Rpb25zLmhvcHRvLm9yZyIKICAgIH0KICBdCn0" } 2023-05-21 18:16:54,388:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 347 2023-05-21 18:16:54,389:DEBUG:acme.client:Received response: HTTP 201 Server: nginx Date: Sun, 21 May 2023 17:16:54 GMT Content-Type: application/json Content-Length: 347 Connection: keep-alive Boulder-Requester: 1120687017 Cache-Control: public, max-age=0, no-cache Link: ;rel="index" Location: https://acme-v02.api.letsencrypt.org/acme/order/1120687017/183633246387 Replay-Nonce: 1AADiBsBYwZ5Lckurmx27s_DgKpis5SqhJI8grWiBTsrpXg X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "status": "pending", "expires": "2023-05-28T17:16:54Z", "identifiers": [ { "type": "dns", "value": "predictions.hopto.org" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz-v3/229830216947" ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1120687017/183633246387" } 2023-05-21 18:16:54,390:DEBUG:acme.client:Storing nonce: 1AADiBsBYwZ5Lckurmx27s_DgKpis5SqhJI8grWiBTsrpXg 2023-05-21 18:16:54,390:DEBUG:acme.client:JWS payload: b'' 2023-05-21 18:16:54,394:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/229830216947: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTEyMDY4NzAxNyIsICJub25jZSI6ICIxQUFEaUJzQll3WjVMY2t1cm14MjdzX0RnS3BpczVTcWhKSThncldpQlRzcnBYZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjI5ODMwMjE2OTQ3In0", "signature": "Siek9hO0AY9sml_Ee1JQLk4B1FXsW1RblyXz6ryFXbd-yTvCDLISc_gBgf1qxl-iP7FH5KEpBY1ZS9N5Mzqd1zlVvJ0nSd_qB1CkFOHCbTzupzWcvpYQWcY_tiFhOh1YKc9Q2SOo1PIflfFw0EMxl8qNUE_JFk1RxWMOoUn0muoY4bMMJGME_l9pFPi7Lr440rJDQHdxsMbPmcT9iTYajHbatJVyvbMrt6k8zPpOd8ELtm9Qcr2Qpnlp2D6wc7bWbW2dhI8I_aogccCxmJ-UUYbEGO4B2fLCH8kgxIFXzWHutIr0XWH9BDngfo95qrjf_sU5H0AuW_fmd9PJflHrEg", "payload": "" } 2023-05-21 18:16:54,531:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/229830216947 HTTP/1.1" 200 805 2023-05-21 18:16:54,532:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sun, 21 May 2023 17:16:54 GMT Content-Type: application/json Content-Length: 805 Connection: keep-alive Boulder-Requester: 1120687017 Cache-Control: public, max-age=0, no-cache Link: ;rel="index" Replay-Nonce: 1AADEJMw2AR0S9quATH4m-X0eFIcN2d6n0yQNwMQZcnlHoI X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "predictions.hopto.org" }, "status": "pending", "expires": "2023-05-28T17:16:54Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/229830216947/Tu3j4A", "token": "0gS1tWKXo6k4hNpm0wcMHMWhRz_FkxsJ9WHkWXDxjOQ" }, { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/229830216947/38J5VQ", "token": "0gS1tWKXo6k4hNpm0wcMHMWhRz_FkxsJ9WHkWXDxjOQ" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/229830216947/suN4Jw", "token": "0gS1tWKXo6k4hNpm0wcMHMWhRz_FkxsJ9WHkWXDxjOQ" } ] } 2023-05-21 18:16:54,533:DEBUG:acme.client:Storing nonce: 1AADEJMw2AR0S9quATH4m-X0eFIcN2d6n0yQNwMQZcnlHoI 2023-05-21 18:16:54,534:INFO:certbot._internal.auth_handler:Performing the following challenges: 2023-05-21 18:16:54,534:INFO:certbot._internal.auth_handler:http-01 challenge for predictions.hopto.org 2023-05-21 18:16:54,643:DEBUG:certbot_nginx._internal.http_01:Generated server block: [] 2023-05-21 18:16:54,643:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/newznab 2023-05-21 18:16:54,643:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/business-strategy-dev 2023-05-21 18:16:54,643:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/socket 2023-05-21 18:16:54,644:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/plexserver.kj 2023-05-21 18:16:54,644:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/predictions.production 2023-05-21 18:16:54,644:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/pbembid.com.production 2023-05-21 18:16:54,644:DEBUG:certbot.reverter:Creating backup of /etc/nginx/fcgiwrap.conf 2023-05-21 18:16:54,644:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/default 2023-05-21 18:16:54,644:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types 2023-05-21 18:16:54,645:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/business-strategy-prd 2023-05-21 18:16:54,645:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/predictions.development 2023-05-21 18:16:54,645:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/fote.scot.development 2023-05-21 18:16:54,645:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf 2023-05-21 18:16:54,646:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/nginx.conf: user www-data; worker_processes 4; worker_rlimit_nofile 200000; pid /var/run/nginx.pid; events { #worker_connections 768; worker_connections 2048; multi_accept on; use epoll; } http { server_names_hash_bucket_size 128; include /etc/letsencrypt/le_http_01_cert_challenge.conf; ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; client_header_timeout 20; client_body_timeout 20; reset_timedout_connection on; send_timeout 20; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; #default_type application/octet-stream; default_type text/html; charset UTF-8; ## # Logging Settings ## access_log off; error_log /var/log/nginx/error.log crit; ## # Gzip Settings ## gzip on; gzip_disable "msie6"; # gzip_vary on; gzip_proxied any; gzip_comp_level 4; gzip_min_length 256; # gzip_buffers 16 8k; # gzip_http_version 1.1; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; ## # nginx-naxsi config ## # Uncomment it if you installed nginx-naxsi ## #include /etc/nginx/naxsi_core.rules; ## # nginx-passenger config ## # Uncomment it if you installed nginx-passenger ## #passenger_root /usr; #passenger_ruby /usr/bin/ruby; open_file_cache max=65000 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 2; open_file_cache_errors on; ##### # Get rid of 502 error #### proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } #mail { # # See sample authentication script at: # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # # auth_http localhost/auth.php; # # pop3_capabilities "TOP" "USER"; # # imap_capabilities "IMAP4rev1" "UIDPLUS"; # # server { # listen localhost:110; # protocol pop3; # proxy on; # } # # server { # listen localhost:143; # protocol imap; # proxy on; # } #} 2023-05-21 18:16:54,647:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/sites-enabled/default: ## # You should look at the following URL's in order to grasp a solid understanding # of Nginx configuration files in order to fully unleash the power of Nginx. # https://www.nginx.com/resources/wiki/start/ # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ # https://wiki.debian.org/Nginx/DirectoryStructure # # In most cases, administrators will remove this file from sites-enabled/ and # leave it as reference inside of sites-available where it will continue to be # updated by the nginx packaging team. # # This file will automatically load configuration files provided by other # applications, such as Drupal or Wordpress. These applications will be made # available underneath a path with that package name, such as /drupal8. # # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. ## # Default server configuration # server { listen 80 default_server; listen [::]:80 default_server; # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; #root /var/www/html; root /usr/share/doc/bacula-doc/html/main/; error_log /var/log/nginx/default-error.log warn; # Add index.php to the list if you are using PHP index index.html index.htm; server_name _; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } location ~*\.(png|jpg|jpeg)$ { root /usr/share/doc/bacula-doc/html; } # pass PHP scripts to FastCGI server # #location ~ \.php$ { # include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): # fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # Virtual Host configuration for example.com # # You can move that to a different file under sites-available/ and symlink that # to sites-enabled/ to enable it. # #server { # listen 80; # listen [::]:80; # # server_name example.com; # # root /var/www/example.com; # index index.html; # # location / { # try_files $uri $uri/ =404; # } #} server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot listen 80 ; listen [::]:80 ; # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; #root /var/www/html; root /usr/share/doc/bacula-doc/html/main/; error_log /var/log/nginx/default-error.log warn; # Add index.php to the list if you are using PHP index index.html index.htm; server_name predictions.hopto.org; # managed by Certbot location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } location ~*\.(png|jpg|jpeg)$ { root /usr/share/doc/bacula-doc/html; } # pass PHP scripts to FastCGI server # #location ~ \.php$ { # include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): # fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} location = /.well-known/acme-challenge/0gS1tWKXo6k4hNpm0wcMHMWhRz_FkxsJ9WHkWXDxjOQ{default_type text/plain;return 200 0gS1tWKXo6k4hNpm0wcMHMWhRz_FkxsJ9WHkWXDxjOQ.e1zVKXtv_4g6Nw6WrSzjt22CNYOZ0TnBPXjAyMgyPCE;} # managed by Certbot } 2023-05-21 18:16:55,657:DEBUG:acme.client:JWS payload: b'{}' 2023-05-21 18:16:55,659:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/229830216947/Tu3j4A: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTEyMDY4NzAxNyIsICJub25jZSI6ICIxQUFERUpNdzJBUjBTOXF1QVRING0tWDBlRkljTjJkNm4weVFOd01RWmNubEhvSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMjI5ODMwMjE2OTQ3L1R1M2o0QSJ9", "signature": "gTIKoAEeJ6DzH4Mw1SA0K-3AIsHIpbiFPOsME7eKN9k1lJbwAYRc3StJmWBVekdV4iGMz6_6xvIRhy_v8pDY-F3zF74OIyDIK3nRm1D1nMHRit1Lx5KMcO3RULQnaVtO42rIcj5TPAiwCpdWXiqH4ytNhlzJZ3EYpzIEUW7m93Kgq_09a9oXNGSJl8uA6BLza0deJONK-WrNzyx8iEXZN3pJ5YFOUcfO_aOCwsknHvZ1D3-ZT4FyIeJDcqOuoQK7lownTc7xoZ2OWxSXoDz15fuiv9KGIYOYvypQY1oaJBzmwMXP9c-sPYL8iAhLyizKDR6G9gUsWOm81bP9pAqzAg", "payload": "e30" } 2023-05-21 18:16:55,810:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/229830216947/Tu3j4A HTTP/1.1" 200 187 2023-05-21 18:16:55,811:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sun, 21 May 2023 17:16:55 GMT Content-Type: application/json Content-Length: 187 Connection: keep-alive Boulder-Requester: 1120687017 Cache-Control: public, max-age=0, no-cache Link: ;rel="index", ;rel="up" Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/229830216947/Tu3j4A Replay-Nonce: 1AADW-KIMdygcr1Qyj3LTd0g8PUNQoiaYEa96WNeu54D-tY X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/229830216947/Tu3j4A", "token": "0gS1tWKXo6k4hNpm0wcMHMWhRz_FkxsJ9WHkWXDxjOQ" } 2023-05-21 18:16:55,811:DEBUG:acme.client:Storing nonce: 1AADW-KIMdygcr1Qyj3LTd0g8PUNQoiaYEa96WNeu54D-tY 2023-05-21 18:16:55,812:INFO:certbot._internal.auth_handler:Waiting for verification... 2023-05-21 18:16:56,814:DEBUG:acme.client:JWS payload: b'' 2023-05-21 18:16:56,817:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/229830216947: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTEyMDY4NzAxNyIsICJub25jZSI6ICIxQUFEVy1LSU1keWdjcjFReWozTFRkMGc4UFVOUW9pYVlFYTk2V05ldTU0RC10WSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjI5ODMwMjE2OTQ3In0", "signature": "jg4KA063eOj4E5he6-cr-fMDeWDmU2q1xaXileYlU_TVQd0bEwFSlgYxrkv7FGCLt60--IGCjEjlvw6b0iXr1HR_i7cFdMxsuGwU0CiR2ShF1NIKxHNc1yIPWFEnqCjPtX-QJm7wyiysyE83u7YMPmZ5gA9dV8hKHlxfcA9eSiVI-3DDBwGr1TlttPL4V1_jQLhEUmyk9I7Ceikg2mY7GPjAWTO8pWBdPNMN1idUUglEpBwXWiAMEoyd0eP04SFIwxw0jTtfAXo52STH-vfeTUdWoPSpCpi34xYNTLwTsNMaQP3SRuQJcll6_wPw3U_ZyeUfHiNTvYDkgGLuuxqehw", "payload": "" } 2023-05-21 18:16:56,955:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/229830216947 HTTP/1.1" 200 1052 2023-05-21 18:16:56,956:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sun, 21 May 2023 17:16:56 GMT Content-Type: application/json Content-Length: 1052 Connection: keep-alive Boulder-Requester: 1120687017 Cache-Control: public, max-age=0, no-cache Link: ;rel="index" Replay-Nonce: 5CA2xHl6HZBg3qElcHnDpzhBsH8fCkwZFhW2FKB-FGdg4bQ X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "predictions.hopto.org" }, "status": "invalid", "expires": "2023-05-28T17:16:54Z", "challenges": [ { "type": "http-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "81.154.53.221: Invalid response from http://predictions.hopto.org/.well-known/acme-challenge/0gS1tWKXo6k4hNpm0wcMHMWhRz_FkxsJ9WHkWXDxjOQ: 404", "status": 403 }, "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/229830216947/Tu3j4A", "token": "0gS1tWKXo6k4hNpm0wcMHMWhRz_FkxsJ9WHkWXDxjOQ", "validationRecord": [ { "url": "http://predictions.hopto.org/.well-known/acme-challenge/0gS1tWKXo6k4hNpm0wcMHMWhRz_FkxsJ9WHkWXDxjOQ", "hostname": "predictions.hopto.org", "port": "80", "addressesResolved": [ "81.154.53.221" ], "addressUsed": "81.154.53.221" } ], "validated": "2023-05-21T17:16:55Z" } ] } 2023-05-21 18:16:56,956:DEBUG:acme.client:Storing nonce: 5CA2xHl6HZBg3qElcHnDpzhBsH8fCkwZFhW2FKB-FGdg4bQ 2023-05-21 18:16:56,957:INFO:certbot._internal.auth_handler:Challenge failed for domain predictions.hopto.org 2023-05-21 18:16:56,957:INFO:certbot._internal.auth_handler:http-01 challenge for predictions.hopto.org 2023-05-21 18:16:56,958:DEBUG:certbot._internal.display.obj:Notifying user: Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems: Domain: predictions.hopto.org Type: unauthorized Detail: 81.154.53.221: Invalid response from http://predictions.hopto.org/.well-known/acme-challenge/0gS1tWKXo6k4hNpm0wcMHMWhRz_FkxsJ9WHkWXDxjOQ: 404 Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet. 2023-05-21 18:16:56,959:DEBUG:certbot._internal.error_handler:Encountered exception: Traceback (most recent call last): File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort) File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2023-05-21 18:16:56,959:DEBUG:certbot._internal.error_handler:Calling registered functions 2023-05-21 18:16:56,959:INFO:certbot._internal.auth_handler:Cleaning up challenges 2023-05-21 18:16:58,196:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/snap/certbot/3024/bin/certbot", line 8, in sys.exit(main()) File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/main.py", line 19, in main return internal_main.main(cli_args) File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/main.py", line 1864, in main return config.func(config, plugins) File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/main.py", line 1447, in run new_lineage = _get_and_save_cert(le_client, config, domains, File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort) File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort) File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2023-05-21 18:16:58,197:ERROR:certbot._internal.log:Some challenges have failed.