--------------------------------------------------------------------------------Terminal: -------------------------------------------------------------------------------- zefra@CFMJ-D3400-B1:~$ sudo certbot renew --dry-run [sudo] Passwort für zefra: Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/XXXXX.ddns.net.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator apache, Installer apache Renewing an existing certificate Performing the following challenges: http-01 challenge for XXXXX.ddns.net Waiting for verification... Cleaning up challenges Attempting to renew cert (XXXXX.ddns.net) from /etc/letsencrypt/renewal/XXXXX.ddns.net.conf produced an unexpected error: Failed authorization procedure. XXXXX.ddns.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://XXXXX.ddns.net/.well-known/acme-challenge/sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY: Timeout during connect (likely firewall problem). Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/XXXXX.ddns.net/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates below have not been saved.) All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/XXXXX.ddns.net/fullchain.pem (failure) ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates above have not been saved.) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 renew failure(s), 0 parse failure(s) IMPORTANT NOTES: - The following errors were reported by the server: Domain: XXXXX.ddns.net Type: connection Detail: Fetching http://XXXXX.ddns.net/.well-known/acme-challenge/sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY: Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. zefra@CFMJ-D3400-B1:~$ -------------------------------------------------------------------------------- /var/log/letsencrypt/letsencrypt.log ------------------------------------------------------------------------------- 2022-01-18 14:23:33,992:DEBUG:certbot.main:certbot version: 0.31.0 2022-01-18 14:23:33,992:DEBUG:certbot.main:Arguments: ['--dry-run'] 2022-01-18 14:23:33,993:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2022-01-18 14:23:34,001:DEBUG:certbot.log:Root logging level set at 20 2022-01-18 14:23:34,002:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2022-01-18 14:23:34,010:DEBUG:certbot.plugins.selection:Requested authenticator and installer 2022-01-18 14:23:34,010:DEBUG:certbot.cli:Var dry_run=True (set by user). 2022-01-18 14:23:34,010:DEBUG:certbot.cli:Var server={'staging', 'dry_run'} (set by user). 2022-01-18 14:23:34,010:DEBUG:certbot.cli:Var dry_run=True (set by user). 2022-01-18 14:23:34,010:DEBUG:certbot.cli:Var server={'staging', 'dry_run'} (set by user). 2022-01-18 14:23:34,010:DEBUG:certbot.cli:Var account={'server'} (set by user). 2022-01-18 14:23:34,019:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2022-01-10 23:22:11 UTC. 2022-01-18 14:23:34,020:INFO:certbot.renewal:Cert is due for renewal, auto-renewing... 2022-01-18 14:23:34,020:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache 2022-01-18 14:23:34,110:DEBUG:certbot_apache.configurator:Apache version is 2.4.18 2022-01-18 14:23:34,480:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache Description: Apache Web Server plugin Interfaces: IAuthenticator, IInstaller, IPlugin Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT Initialized: Prep: True 2022-01-18 14:23:34,481:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache Description: Apache Web Server plugin Interfaces: IAuthenticator, IInstaller, IPlugin Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT Initialized: Prep: True 2022-01-18 14:23:34,482:DEBUG:certbot.plugins.selection:Selected authenticator and installer 2022-01-18 14:23:34,482:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache 2022-01-18 14:23:34,490:DEBUG:certbot.main:Picked account: )>), only_return_existing=None, terms_of_service_agreed=None), uri='https://acme-staging.api.letsencrypt.org/acme/reg/5695478'), 8184fa491ac12acca2f26b61edcd24fa, Meta(creation_dt=datetime.datetime(2018, 3, 6, 8, 48, 18, tzinfo=), creation_host='CFMJ-D3400-B1'))> 2022-01-18 14:23:34,492:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory. 2022-01-18 14:23:34,494:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org 2022-01-18 14:23:35,359:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 822 2022-01-18 14:23:35,361:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Tue, 18 Jan 2022 13:23:35 GMT Content-Type: application/json Content-Length: 822 Connection: keep-alive Cache-Control: public, max-age=0, no-cache X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "fETIqZep3nE": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org/docs/staging-environment/" }, "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order", "renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/get/draft-aaron-ari/renewalInfo/", "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert" } 2022-01-18 14:23:35,362:INFO:certbot.main:Renewing an existing certificate 2022-01-18 14:23:35,410:DEBUG:acme.client:Requesting fresh nonce 2022-01-18 14:23:35,410:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce. 2022-01-18 14:23:35,589:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0 2022-01-18 14:23:35,591:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Tue, 18 Jan 2022 13:23:35 GMT Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: ;rel="index" Replay-Nonce: 0002lEon5RcEnSBLlNPXEs3J3JoavROhXKQ70r2LNAVVTwE X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 2022-01-18 14:23:35,591:DEBUG:acme.client:Storing nonce: 0002lEon5RcEnSBLlNPXEs3J3JoavROhXKQ70r2LNAVVTwE 2022-01-18 14:23:35,592:DEBUG:acme.client:JWS payload: b'{\n "identifiers": [\n {\n "value": "XXXXX.ddns.net",\n "type": "dns"\n }\n ]\n}' 2022-01-18 14:23:35,599:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order: { "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInZhbHVlIjogIm51YmVzLWxlcG9ydW0uZGRucy5uZXQiLAogICAgICAidHlwZSI6ICJkbnMiCiAgICB9CiAgXQp9", "protected": "eyJub25jZSI6ICIwMDAybEVvbjVSY0VuU0JMbE5QWEVzM0ozSm9hdlJPaFhLUTcwcjJMTkFWVlR3RSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvcmVnLzU2OTU0NzgifQ", "signature": "EBNdITOP7eMwhuDeP6T-DABuGUzQkqXQpKIv0gnbYxF_lxZNdxkKlRN3Tr7og7MvbyMCCfozl9zWGmSuG8SocUC0-9bmgqchlGhn1AO6I4hJh-bhA5YMKZ2wDUiVsz1VxpdDFPIMAt4vVpkBSRfoza-6blxPultTbVxpxDTKhYtJINfV4s16vJUT-D83kt1EEuvzFXrYsNQNrSAK2fZncOxLxJlwcX_A_uQ4lhHACVpERkC8zAEjmE0XBJHOTMCVoQaFin-L3Vtxt65as4I4Ph-mLZlkh4UtCXD8InHaT9Yz3RiY4dPNUu5nn3TEbJW_Zy_8mhjrbuufJoXYaPUsgw" } 2022-01-18 14:23:35,815:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 357 2022-01-18 14:23:35,816:DEBUG:acme.client:Received response: HTTP 201 Server: nginx Date: Tue, 18 Jan 2022 13:23:35 GMT Content-Type: application/json Content-Length: 357 Connection: keep-alive Boulder-Requester: 5695478 Cache-Control: public, max-age=0, no-cache Link: ;rel="index" Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/5695478/1565639978 Replay-Nonce: 00014mmWhvi3F4VDMFmmqjcpdqGEMex6aQgu2yPVQpsB_34 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "status": "pending", "expires": "2022-01-25T13:23:35Z", "identifiers": [ { "type": "dns", "value": "XXXXX.ddns.net" } ], "authorizations": [ "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1461588758" ], "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/5695478/1565639978" } 2022-01-18 14:23:35,816:DEBUG:acme.client:Storing nonce: 00014mmWhvi3F4VDMFmmqjcpdqGEMex6aQgu2yPVQpsB_34 2022-01-18 14:23:35,817:DEBUG:acme.client:JWS payload: b'' 2022-01-18 14:23:35,822:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1461588758: { "payload": "", "protected": "eyJub25jZSI6ICIwMDAxNG1tV2h2aTNGNFZETUZtbXFqY3BkcUdFTWV4NmFRZ3UyeVBWUXBzQl8zNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNDYxNTg4NzU4IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmcuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81Njk1NDc4In0", "signature": "ejtHjMlkjG7yRIC2Ejsxx9x8UN9cjWr5WTlfhZK8Pworfz4o7vjYg1RSmy4zAvcESSjy5AfBoUBYSKdZBP7IwtGVTt_T-DUzJvvnMI4YTAjRBv6AdhEzGkg_g4ZBzuSFsnWoRHhgQUJTok5f6jTCFbG5JDjaoQ63qcBMSUdyVSbwVo6w-VNfbJJfzHwezA7zyyJdOg71g1wqfRA1pgGEmP1IhRFSPpa73A82P2hjKCMIlgoWHqZHPkpuj64gpy7aF2-hXqLPnWPjDlbN9yom6Z6bI1UUxln7X9jGSI5PYrDNTc9RML2JfD1DaSMwIGHEsYxj-RBrU05hE1sZvrKcyA" } 2022-01-18 14:23:36,023:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/1461588758 HTTP/1.1" 200 824 2022-01-18 14:23:36,024:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Tue, 18 Jan 2022 13:23:35 GMT Content-Type: application/json Content-Length: 824 Connection: keep-alive Boulder-Requester: 5695478 Cache-Control: public, max-age=0, no-cache Link: ;rel="index" Replay-Nonce: 0001EN8LWU52ujhMf7tw3O-U6A4KzspliZdF7BnyShMUSSw X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "XXXXX.ddns.net" }, "status": "pending", "expires": "2022-01-25T13:23:35Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1461588758/1sskng", "token": "sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY" }, { "type": "dns-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1461588758/tLoYRg", "token": "sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1461588758/6p6TyQ", "token": "sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY" } ] } 2022-01-18 14:23:36,025:DEBUG:acme.client:Storing nonce: 0001EN8LWU52ujhMf7tw3O-U6A4KzspliZdF7BnyShMUSSw 2022-01-18 14:23:36,026:INFO:certbot.auth_handler:Performing the following challenges: 2022-01-18 14:23:36,027:INFO:certbot.auth_handler:http-01 challenge for XXXXX.ddns.net 2022-01-18 14:23:36,097:DEBUG:certbot_apache.http_01:Adding a temporary challenge validation Include for name: XXXXX.ddns.net in: /etc/apache2/sites-enabled/003-owncloud-le-ssl.conf 2022-01-18 14:23:36,097:DEBUG:certbot_apache.http_01:Adding a temporary challenge validation Include for name: XXXXX.ddns.net in: /etc/apache2/sites-enabled/003-owncloud.conf 2022-01-18 14:23:36,097:DEBUG:certbot_apache.http_01:writing a pre config file with text: RewriteEngine on RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END] 2022-01-18 14:23:36,098:DEBUG:certbot_apache.http_01:writing a post config file with text: Require all granted Require all granted 2022-01-18 14:23:36,123:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/003-owncloud-le-ssl.conf 2022-01-18 14:23:36,123:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/003-owncloud.conf 2022-01-18 14:23:39,306:INFO:certbot.auth_handler:Waiting for verification... 2022-01-18 14:23:39,309:DEBUG:acme.client:JWS payload: b'{\n "type": "http-01",\n "resource": "challenge"\n}' 2022-01-18 14:23:39,316:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1461588758/1sskng: { "payload": "ewogICJ0eXBlIjogImh0dHAtMDEiLAogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiCn0", "protected": "eyJub25jZSI6ICIwMDAxRU44TFdVNTJ1amhNZjd0dzNPLVU2QTRLenNwbGlaZEY3Qm55U2hNVVNTdyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xNDYxNTg4NzU4LzFzc2tuZyIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9yZWcvNTY5NTQ3OCJ9", "signature": "PvWggmY9GBomUFQ0xPVdrmaFcXMabA8VnE2-vOMN2wupWdPVDyNys3OYtX223dNbE1oWskuuOxL28Q6ChEl_GEyO9Wjc5djMjXBhzaOyVQeA2BYKb_zH4rjSgCzVxFP-Nd3j3fuqNNH_fvQXxjA9cAnCN15DkpkCuIwSe5rgC5lBlXC8Ke6xvfsQXnE-Lgjh9b6sNH9q_Si_Qu6NQF_uX4M8C-DpcpAAXw4uaUdp7KyHOI_m2oSn1uxXovpkycN-XzOG_UhdF2xL5fG1ehYC7AxVZK-fQSdvSMoQiRAbG1VMuStb0ARkumhyGHobx4Fa0cZQtyRyRT1ONHVXbWrZZw" } 2022-01-18 14:23:39,508:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/1461588758/1sskng HTTP/1.1" 200 193 2022-01-18 14:23:39,508:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Tue, 18 Jan 2022 13:23:39 GMT Content-Type: application/json Content-Length: 193 Connection: keep-alive Boulder-Requester: 5695478 Cache-Control: public, max-age=0, no-cache Link: ;rel="index", ;rel="up" Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1461588758/1sskng Replay-Nonce: 0002p7MSuP3D8ZcxnonTvRPAN8Hitxh6QUlGLt2rRw-IECQ X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "type": "http-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1461588758/1sskng", "token": "sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY" } 2022-01-18 14:23:39,509:DEBUG:acme.client:Storing nonce: 0002p7MSuP3D8ZcxnonTvRPAN8Hitxh6QUlGLt2rRw-IECQ 2022-01-18 14:23:42,512:DEBUG:acme.client:JWS payload: b'' 2022-01-18 14:23:42,518:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1461588758: { "payload": "", "protected": "eyJub25jZSI6ICIwMDAycDdNU3VQM0Q4WmN4bm9uVHZSUEFOOEhpdHhoNlFVbEdMdDJyUnctSUVDUSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNDYxNTg4NzU4IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmcuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81Njk1NDc4In0", "signature": "FakbgzXPUF8WueNfFonQhgPl4iCisanDT2HGfbS5KfVKO6PdH05NctFJCAX-S2RRCJshmlKLpZkQJnUtGase6x5_0b7csfWMEKPauCQ_49DQ_GVIM2Sz-ImeJRkB24xB3zZND8c6sRz9X96xKTKRa5-rDWnaB4qa-kNsvGrydcBQBADep-ttbZmpVU2p7WCZoLG5XWeLHspUGZUczpuqN8JbSnJhca71PEWcfqSKZCpZ7Jeel8XzUKYxdoFF7ipjrUur-59WBoBaWbgOklQ-2s5TWFqek0bzNSVzOkONuF28YgDnixx5eAX37oRRiK5BSk8FzsEUwMoTTsuWYyIhwQ" } 2022-01-18 14:23:42,710:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/1461588758 HTTP/1.1" 200 824 2022-01-18 14:23:42,712:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Tue, 18 Jan 2022 13:23:42 GMT Content-Type: application/json Content-Length: 824 Connection: keep-alive Boulder-Requester: 5695478 Cache-Control: public, max-age=0, no-cache Link: ;rel="index" Replay-Nonce: 0002MK5TRezt2vIVGbT2bpn1pT9NXSUAT9Ea6F_5YGk0N4s X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "XXXXX.ddns.net" }, "status": "pending", "expires": "2022-01-25T13:23:35Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1461588758/1sskng", "token": "sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY" }, { "type": "dns-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1461588758/tLoYRg", "token": "sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1461588758/6p6TyQ", "token": "sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY" } ] } 2022-01-18 14:23:42,712:DEBUG:acme.client:Storing nonce: 0002MK5TRezt2vIVGbT2bpn1pT9NXSUAT9Ea6F_5YGk0N4s 2022-01-18 14:23:45,717:DEBUG:acme.client:JWS payload: b'' 2022-01-18 14:23:45,723:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1461588758: { "payload": "", "protected": "eyJub25jZSI6ICIwMDAyTUs1VFJlenQydklWR2JUMmJwbjFwVDlOWFNVQVQ5RWE2Rl81WUdrME40cyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNDYxNTg4NzU4IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmcuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81Njk1NDc4In0", "signature": "LpmJNfdv1roFZLlJD9PMrY6o_GkqANYEwZGXL5owMXfUtD1XtvT2lnCJvXg2_7G_zx7mlKBecIcwunQxK1dEH-DU8aOElQ5eD8xLx6YbcHnz5BrXRP3A65fRWY7ULpKMR0TrQKNR7BgB5hv5M4zClMy6xzG1nc8xXhtXaXfnduV9XazwmOhNeQXm9ZzWcrmXpfsYyF1S_va6ZaJS5lq0HIDJ0xW9Gw06ax6fPVfq9PiR-P7MCPEve3ZKyyq3kkv9T3DHlTEM5ccKZpKkf_j0UBMwR8UYZyzlVXy-Kh7vmEIA1X53sqELu7WCy6hoSAuXlYlIXzmu1bjdcT8w7wKTIg" } 2022-01-18 14:23:45,915:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/1461588758 HTTP/1.1" 200 824 2022-01-18 14:23:45,916:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Tue, 18 Jan 2022 13:23:45 GMT Content-Type: application/json Content-Length: 824 Connection: keep-alive Boulder-Requester: 5695478 Cache-Control: public, max-age=0, no-cache Link: ;rel="index" Replay-Nonce: 0002nJGI2-Sza6KwLCF0zUH2SMA5Fm7XdWL70HjBnrm72DQ X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "XXXXX.ddns.net" }, "status": "pending", "expires": "2022-01-25T13:23:35Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1461588758/1sskng", "token": "sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY" }, { "type": "dns-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1461588758/tLoYRg", "token": "sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1461588758/6p6TyQ", "token": "sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY" } ] } 2022-01-18 14:23:45,917:DEBUG:acme.client:Storing nonce: 0002nJGI2-Sza6KwLCF0zUH2SMA5Fm7XdWL70HjBnrm72DQ 2022-01-18 14:23:48,919:DEBUG:acme.client:JWS payload: b'' 2022-01-18 14:23:48,924:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1461588758: { "payload": "", "protected": "eyJub25jZSI6ICIwMDAybkpHSTItU3phNkt3TENGMHpVSDJTTUE1Rm03WGRXTDcwSGpCbnJtNzJEUSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNDYxNTg4NzU4IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmcuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81Njk1NDc4In0", "signature": "DCBUzjmUtUg7qbqnpyCl0ZQvHPOTi8F6isueEgH7xpQATnnvmiqRtAks63rw8p0KGNFOm1gYoKofWra24SasPS0UTuxKK-JydbLgf0xltvU4PVROZ87xDV1shR0cmKGGbJxq6wPDvujvRGRSb8PmladxbtBa7L_mKLaup8yuy-JMFzokGNstnYNlStvUG9xn3b_Q0g7fuK99-17Bnn6Mw09ctaLP1NI8rYk6_6NSW-YsrQd4VYJWi7qd2-o-BMOG2bzT39l217-Nu42K8xv5-coCud0OouvCCJ5MsJCjbqH63XPMOvJIjrNwvCqvmed-H582X3VeZfGVUNZcwOmQpw" } 2022-01-18 14:23:49,130:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/1461588758 HTTP/1.1" 200 824 2022-01-18 14:23:49,132:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Tue, 18 Jan 2022 13:23:49 GMT Content-Type: application/json Content-Length: 824 Connection: keep-alive Boulder-Requester: 5695478 Cache-Control: public, max-age=0, no-cache Link: ;rel="index" Replay-Nonce: 00027nZXgsMTO22X2Qxm_Y_pq09H9TLrEw8Zq_6bPzDNcKo X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "XXXXX.ddns.net" }, "status": "pending", "expires": "2022-01-25T13:23:35Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1461588758/1sskng", "token": "sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY" }, { "type": "dns-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1461588758/tLoYRg", "token": "sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1461588758/6p6TyQ", "token": "sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY" } ] } 2022-01-18 14:23:49,133:DEBUG:acme.client:Storing nonce: 00027nZXgsMTO22X2Qxm_Y_pq09H9TLrEw8Zq_6bPzDNcKo 2022-01-18 14:23:52,135:DEBUG:acme.client:JWS payload: b'' 2022-01-18 14:23:52,140:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1461588758: { "payload": "", "protected": "eyJub25jZSI6ICIwMDAyN25aWGdzTVRPMjJYMlF4bV9ZX3BxMDlIOVRMckV3OFpxXzZiUHpETmNLbyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNDYxNTg4NzU4IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmcuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81Njk1NDc4In0", "signature": "H7cZHbU4cMHpT0vIXGk3W9wiun_Ri5SiJKwMQdemCN5iN5sXrY0zjc9dD_4DtpIabZDvMcjUkwSQm94aueeNNjMn-oVfoQcFevSawHwXenY8HNFf3f9VYmZQxljewL9RzJ0aNp96WlIEpG2ph7fZhHoyyByryEdF-Ch9v0D8rmY6SjSD8FSqCPGMd5IqTafy3ejKlnS-R1e9_Nj1N90j-fq7rb_rPnyPZbZrVNO9j-OqdvR9rWGsabU-Ldpc7b8VfTg3ljo8RJy4yncGGaw0xzSDrsx6hPCgbFuJUViy67NjC_HGnHgE-N-Ugg_4rlDiKKn0qvwbU7hIN1cgJ4AJhg" } 2022-01-18 14:23:52,334:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/1461588758 HTTP/1.1" 200 1081 2022-01-18 14:23:52,336:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Tue, 18 Jan 2022 13:23:52 GMT Content-Type: application/json Content-Length: 1081 Connection: keep-alive Boulder-Requester: 5695478 Cache-Control: public, max-age=0, no-cache Link: ;rel="index" Replay-Nonce: 0001Mtfdz0xdcLwdVCJ0zFSSVUL3E9mmknPDyG-nFpKNgjg X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "XXXXX.ddns.net" }, "status": "invalid", "expires": "2022-01-25T13:23:35Z", "challenges": [ { "type": "http-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:connection", "detail": "Fetching http://XXXXX.ddns.net/.well-known/acme-challenge/sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY: Timeout during connect (likely firewall problem)", "status": 400 }, "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1461588758/1sskng", "token": "sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY", "validationRecord": [ { "url": "http://XXXXX.ddns.net/.well-known/acme-challenge/sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY", "hostname": "XXXXX.ddns.net", "port": "80", "addressesResolved": [ "178.165.176.169" ], "addressUsed": "178.165.176.169" } ], "validated": "2022-01-18T13:23:39Z" } ] } 2022-01-18 14:23:52,337:DEBUG:acme.client:Storing nonce: 0001Mtfdz0xdcLwdVCJ0zFSSVUL3E9mmknPDyG-nFpKNgjg 2022-01-18 14:23:52,339:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server: Domain: XXXXX.ddns.net Type: connection Detail: Fetching http://XXXXX.ddns.net/.well-known/acme-challenge/sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY: Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. 2022-01-18 14:23:52,340:DEBUG:certbot.error_handler:Encountered exception: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations self._respond(aauthzrs, resp, best_effort) File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond self._poll_challenges(aauthzrs, chall_update, best_effort) File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges raise errors.FailedChallenges(all_failed_achalls) certbot.errors.FailedChallenges: Failed authorization procedure. XXXXX.ddns.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://XXXXX.ddns.net/.well-known/acme-challenge/sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY: Timeout during connect (likely firewall problem) 2022-01-18 14:23:52,341:DEBUG:certbot.error_handler:Calling registered functions 2022-01-18 14:23:52,341:INFO:certbot.auth_handler:Cleaning up challenges 2022-01-18 14:23:52,632:WARNING:certbot.renewal:Attempting to renew cert (XXXXX.ddns.net) from /etc/letsencrypt/renewal/XXXXX.ddns.net.conf produced an unexpected error: Failed authorization procedure. XXXXX.ddns.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://XXXXX.ddns.net/.well-known/acme-challenge/sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY: Timeout during connect (likely firewall problem). Skipping. 2022-01-18 14:23:52,633:DEBUG:certbot.renewal:Traceback was: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 465, in handle_renewal_request main.renew_cert(lineage_config, plugins, renewal_candidate) File "/usr/lib/python3/dist-packages/certbot/main.py", line 1193, in renew_cert renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage) File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert renewal.renew_cert(config, domains, le_client, lineage) File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 323, in renew_cert new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key) File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, best_effort) File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations self._respond(aauthzrs, resp, best_effort) File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond self._poll_challenges(aauthzrs, chall_update, best_effort) File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges raise errors.FailedChallenges(all_failed_achalls) certbot.errors.FailedChallenges: Failed authorization procedure. XXXXX.ddns.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://XXXXX.ddns.net/.well-known/acme-challenge/sM2HABVq0Oqe4JOyO4RzuMSjHrOAdyZP6YPxyUvu1VY: Timeout during connect (likely firewall problem) 2022-01-18 14:23:52,635:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed: 2022-01-18 14:23:52,636:ERROR:certbot.renewal: /etc/letsencrypt/live/XXXXX.ddns.net/fullchain.pem (failure) 2022-01-18 14:23:52,636:DEBUG:certbot.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 11, in load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')() File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main return config.func(config, plugins) File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew renewal.handle_renewal_request(config) File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 490, in handle_renewal_request len(renew_failures), len(parse_failures))) certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)