Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error creating certificate [Solved] #1297

Closed
talesam opened this issue Aug 7, 2021 · 11 comments
Closed

Error creating certificate [Solved] #1297

talesam opened this issue Aug 7, 2021 · 11 comments
Labels
bug

Comments

@talesam
Copy link

talesam commented Aug 7, 2021
edited by chaptergy
Loading

I'm trying to create a certificate but it's giving an error. Ports 80 and 443 are open.

ERROR:

Error: Command failed: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-22" --agree-tos --email "[email protected]" --preferred-challenges "dns,http" --domains "n1.t4l35.site" 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

    at ChildProcess.exithandler (node:child_process:326:12)
    at ChildProcess.emit (node:events:369:20)
    at maybeClose (node:internal/child_process:1067:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)

Captura de tela de 2021-08-07 18-05-30

Letsencrypt Log 
2021-08-07 20:51:48,168:DEBUG:certbot._internal.main:certbot version: 1.17.0
2021-08-07 20:51:48,168:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2021-08-07 20:51:48,168:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-22', '--agree-tos', '--email', '[email protected]', '--preferred-challenges', 'dns,http', '--domains', 'n1.t4l35.site']
2021-08-07 20:51:48,168:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-08-07 20:51:48,183:DEBUG:certbot._internal.log:Root logging level set at 30
2021-08-07 20:51:48,184:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2021-08-07 20:51:48,187:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f0a2b35a978>
Prep: True
2021-08-07 20:51:48,188:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f0a2b35a978> and installer None
2021-08-07 20:51:48,188:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-08-07 20:51:48,199:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/126590777', new_authzr_uri=None, terms_of_service=None), 453e9dfd311338c9f17d679125cf65c9, Meta(creation_dt=datetime.datetime(2021, 6, 10, 2, 59, 20, tzinfo=<UTC>), creation_host='2a6c1c54a134', register_to_eff=None))>
2021-08-07 20:51:48,200:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-08-07 20:51:48,203:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-08-07 20:51:48,392:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-08-07 20:51:48,393:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 07 Aug 2021 21:01:52 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "Yy-2vWokHFk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-08-07 20:51:48,394:DEBUG:certbot.display.util:Notifying user: Requesting a certificate for n1.t4l35.site
2021-08-07 20:51:48,473:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0012_key-certbot.pem
2021-08-07 20:51:48,475:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0012_csr-certbot.pem
2021-08-07 20:51:48,476:DEBUG:acme.client:Requesting fresh nonce
2021-08-07 20:51:48,476:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-08-07 20:51:48,520:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-08-07 20:51:48,521:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 07 Aug 2021 21:01:53 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101cu5exVAVDsY3RFds9sfuAsTcbUduTfP9wwFt54hnW4s
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-08-07 20:51:48,522:DEBUG:acme.client:Storing nonce: 0101cu5exVAVDsY3RFds9sfuAsTcbUduTfP9wwFt54hnW4s
2021-08-07 20:51:48,522:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "n1.t4l35.site"\n    }\n  ]\n}'
2021-08-07 20:51:48,525:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI2NTkwNzc3IiwgIm5vbmNlIjogIjAxMDFjdTVleFZBVkRzWTNSRmRzOXNmdUFzVGNiVWR1VGZQOXd3RnQ1NGhuVzRzIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "ZeL08fLgmZmxRWj0Q4WUp-0GZTttAchJ_WsgPTcDz4vDpdnAXGmE_fOTArfVUbeRavemSnDGIXin3gnGIzOdBCChk0iIanUeMBkuc4zBTiNdb0l5hem6c326gHFnCXEu7psG1w6aljtIFx0ynzw42kTDSTaTXVJJPsZqjZvgnS3T-pt7e-wCF0rTzpeeEgLCYFlIzvnVF9LKB0Lre1ufCwZyKGkHKkjHv9Ljax4NLPJy4F3rvldwLGubLyhv5nBRJcn4wEPCY2b7rfhSzyca5wKYhhkubc0j0afX544_lc-Z3-2FI8l0ewlWwesz543MvdR6bfiiomCJb6F3oiTTag",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm4xLnQ0bDM1LnNpdGUiCiAgICB9CiAgXQp9"
}
2021-08-07 20:51:48,740:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 336
2021-08-07 20:51:48,741:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sat, 07 Aug 2021 21:01:53 GMT
Content-Type: application/json
Content-Length: 336
Connection: keep-alive
Boulder-Requester: 126590777
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/126590777/15258772520
Replay-Nonce: 0101I9UUwEI5UimOUjts7k8jPn6IhdrNagwbOQ05xokvDSU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-08-14T21:01:53Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "n1.t4l35.site"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/19858791360"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/126590777/15258772520"
}
2021-08-07 20:51:48,741:DEBUG:acme.client:Storing nonce: 0101I9UUwEI5UimOUjts7k8jPn6IhdrNagwbOQ05xokvDSU
2021-08-07 20:51:48,741:DEBUG:acme.client:JWS payload:
b''
2021-08-07 20:51:48,743:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/19858791360:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI2NTkwNzc3IiwgIm5vbmNlIjogIjAxMDFJOVVVd0VJNVVpbU9VanRzN2s4alBuNkloZHJOYWd3Yk9RMDV4b2t2RFNVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xOTg1ODc5MTM2MCJ9",
  "signature": "H7kgyZIv0uS-Ag1nZs3it6yx4MU6zTrmAHQmVYmALxv_RhN-YeYxWn9It-5intFc8Ud3LxO5BrdMo-YJ1PibhWsHZ9DquD8DqxSkBdMqDbfls5gL3XtamqGFk1gPqqbqNyRrSfwc4SF-O0KzO7TghLm9DnbYSe2pyLMi_JHgbYTkmlEm8IcDFl7WYOYkUWz5ge-EoXRtskxzJPlnl_c0gWKwqInfW9FVWQxPgG5X_qDH16K5mHyvASKHKqkE6bkb-SaR7AZgEImPEkbOgkI1rWB9ZIM1zv9Sg674PxYCX3Wcab_c1qqpX4E4sew7niKbX1PqJolWBTyxkh9ciSQJAQ",
  "payload": ""
}
2021-08-07 20:51:48,816:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/19858791360 HTTP/1.1" 200 794
2021-08-07 20:51:48,816:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 07 Aug 2021 21:01:53 GMT
Content-Type: application/json
Content-Length: 794
Connection: keep-alive
Boulder-Requester: 126590777
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102PZIo8u2K3MRzirogaz4WRNkaIplFjUD6MKjTFSAAM38
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "n1.t4l35.site"
  },
  "status": "pending",
  "expires": "2021-08-14T21:01:53Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/ZUzLqQ",
      "token": "7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/Zw0u3g",
      "token": "7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/JkvCXQ",
      "token": "7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM"
    }
  ]
}
2021-08-07 20:51:48,817:DEBUG:acme.client:Storing nonce: 0102PZIo8u2K3MRzirogaz4WRNkaIplFjUD6MKjTFSAAM38
2021-08-07 20:51:48,817:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-08-07 20:51:48,817:INFO:certbot._internal.auth_handler:http-01 challenge for n1.t4l35.site
2021-08-07 20:51:48,817:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2021-08-07 20:51:48,817:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2021-08-07 20:51:48,818:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM
2021-08-07 20:51:48,819:DEBUG:acme.client:JWS payload:
b'{}'
2021-08-07 20:51:48,820:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/ZUzLqQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI2NTkwNzc3IiwgIm5vbmNlIjogIjAxMDJQWklvOHUySzNNUnppcm9nYXo0V1JOa2FJcGxGalVENk1LalRGU0FBTTM4IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xOTg1ODc5MTM2MC9aVXpMcVEifQ",
  "signature": "d25jBTD3RAF3zARuxRWxrTcurAX3K3hYDgt51XB0ELTp5NyEMIyrggmxTeNGW73plOm7V5TqikMfdLFap536TRv7Zv0d83qgEgcWzd1VxaNs-ErYs5Y_4ELIZxss5tirJvu7l6h51XY4s36zP75ya7C9bJBAKvwN2rDXkLqMAERPjMXKSOa2PfqXsHpYWK2UWtyatEsVy09j6R60i8xpcPq7uKUMQ1BwoGuMtc5M74TAAh1XZ1FLbtYRQVYrDw8qUhshl2UcH7TOg_3Gr8lRDLlbUk2vVy2lP1OVnrBb6fVwLvxX_MeneDuxEit63bniHVSbWh5nj4Zo56VNtEQwFA",
  "payload": "e30"
}
2021-08-07 20:51:48,932:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/19858791360/ZUzLqQ HTTP/1.1" 200 186
2021-08-07 20:51:48,933:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 07 Aug 2021 21:01:53 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 126590777
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/19858791360>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/ZUzLqQ
Replay-Nonce: 0101zJKg3vdijm3k6MxbC0ksY9NmVRU7wgSYPCfTEOZy0TM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/ZUzLqQ",
  "token": "7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM"
}
2021-08-07 20:51:48,933:DEBUG:acme.client:Storing nonce: 0101zJKg3vdijm3k6MxbC0ksY9NmVRU7wgSYPCfTEOZy0TM
2021-08-07 20:51:48,933:INFO:certbot._internal.auth_handler:Waiting for verification...
2021-08-07 20:51:49,935:DEBUG:acme.client:JWS payload:
b''
2021-08-07 20:51:49,937:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/19858791360:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI2NTkwNzc3IiwgIm5vbmNlIjogIjAxMDF6SktnM3ZkaWptM2s2TXhiQzBrc1k5Tm1WUlU3d2dTWVBDZlRFT1p5MFRNIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xOTg1ODc5MTM2MCJ9",
  "signature": "AehLKcVRLg-Vb2kvj9jSYH9DI12w9N4Vqfcw5adD1EcBkiSQ1pcvFID4Mxa4GbTaYdJYOICVr02ZwmEmtaTn7ewJSuI0Fg3KPuZwrq7UzpxzH6rzG_WXUfjxGzQizBm5Jt09n1-KBKdKE1CohlsNwNPRPnga6ORB47FZqh_lvZsFrkpmOz7LLyKO9wK16A2wCN2Co1p4oGLkV4rbBraC7mNPwjJpuIcAte4iB5t2V7NSaQMuyOO2VRQNa79rDvOCcDcUqgC5VpgNOs75CP1eV85L4QPRPCWKD8OsbRGPwu_mccInWSODJilZUNtAr2Laa9fKQU4a_9GNrQ1LNfw6zA",
  "payload": ""
}
2021-08-07 20:51:50,014:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/19858791360 HTTP/1.1" 200 1321
2021-08-07 20:51:50,015:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 07 Aug 2021 21:01:54 GMT
Content-Type: application/json
Content-Length: 1321
Connection: keep-alive
Boulder-Requester: 126590777
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102IYljwRC_FJ3MkHUjtTyduB1yceYiRiC3z9yi_WnbAVk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "n1.t4l35.site"
  },
  "status": "invalid",
  "expires": "2021-08-14T21:01:53Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "Invalid response from http://n1.t4l35.site/.well-known/acme-challenge/7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM [209.145.50.150]: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003eopenresty\u003c/cente\"",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/ZUzLqQ",
      "token": "7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM",
      "validationRecord": [
        {
          "url": "http://n1.t4l35.site/.well-known/acme-challenge/7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM",
          "hostname": "n1.t4l35.site",
          "port": "80",
          "addressesResolved": [
            "209.145.50.150",
            "198.98.60.69"
          ],
          "addressUsed": "209.145.50.150"
        }
      ],
      "validated": "2021-08-07T21:01:53Z"
    }
  ]
}
2021-08-07 20:51:50,015:DEBUG:acme.client:Storing nonce: 0102IYljwRC_FJ3MkHUjtTyduB1yceYiRiC3z9yi_WnbAVk
2021-08-07 20:51:50,016:INFO:certbot._internal.auth_handler:Challenge failed for domain n1.t4l35.site
2021-08-07 20:51:50,016:INFO:certbot._internal.auth_handler:http-01 challenge for n1.t4l35.site
2021-08-07 20:51:50,016:DEBUG:certbot.display.util:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: n1.t4l35.site
  Type:   unauthorized
  Detail: Invalid response from http://n1.t4l35.site/.well-known/acme-challenge/7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM [209.145.50.150]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>openresty</cente"

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2021-08-07 20:51:50,017:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 93, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 181, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2021-08-07 20:51:50,017:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-08-07 20:51:50,017:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-08-07 20:51:50,017:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM
2021-08-07 20:51:50,018:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2021-08-07 20:51:50,019:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1574, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1435, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 128, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 445, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 375, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 425, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 93, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 181, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-08-07 20:51:50,021:ERROR:certbot._internal.log:Some challenges have failed.
@talesam talesam added the bug label Aug 7, 2021
@chaptergy
Copy link
Collaborator

Are you sure the domain is set up to point to the correct server? Could you try updating to v2.9.7 and see if the issue persists?

@talesam
Copy link
Author

talesam commented Aug 8, 2021

Yes, domain is for the correct IP. If I access IP:81 from NPM, it works better, with the domain it's giving an error, but before that it wasn't possible. I will update and test.

@chaptergy
Copy link
Collaborator

Have you enabled the Use DNS Challenge toggle?

If your issue still persists even after the update, please post the contents of the file /var/log/letsencrypt/letsencrypt.log in the npm container directly after the error occurs.

@ririko5834
Copy link

I get same error, when I want to create SSL

@nahuedev
Copy link

nahuedev commented Sep 5, 2021

I get same error, when I want to create SSL.I have done tests with several versions, the versions, 2.8.0, 2.9.7 and latest. In no case could I generate certificates.

@talesam
Copy link
Author

talesam commented Oct 11, 2021
edited by chaptergy
Loading

New oracle server, posts 80 and 443 open, I can't create certificate, internal error appears.

It's a clean install!

NPM version: 2.9.9

Docker log 
Generating a RSA private key
[10/11/2021] [11:42:50 PM] [Global   ] › ℹ  info      Generating MySQL db configuration from environment variables
[10/11/2021] [11:42:50 PM] [Global   ] › ℹ  info      Wrote db configuration to config file: ./config/production.json
...........................................................................+++++
..........................+++++
writing new private key to '/data/nginx/dummykey.pem'
-----
Complete
❯ Enabling IPV6 in hosts: /etc/nginx/conf.d
  ❯ /etc/nginx/conf.d/include/force-ssl.conf
  ❯ /etc/nginx/conf.d/include/block-exploits.conf
  ❯ /etc/nginx/conf.d/include/ssl-ciphers.conf
  ❯ /etc/nginx/conf.d/include/ip_ranges.conf
  ❯ /etc/nginx/conf.d/include/proxy.conf
  ❯ /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
  ❯ /etc/nginx/conf.d/include/assets.conf
  ❯ /etc/nginx/conf.d/include/resolvers.conf
  ❯ /etc/nginx/conf.d/production.conf
  ❯ /etc/nginx/conf.d/default.conf
❯ Enabling IPV6 in hosts: /data/nginx
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      Current database version: none
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] Migrating Up...
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] auth Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] user Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] user_permission Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] proxy_host Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] redirection_host Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] dead_host Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] stream Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] access_list Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] certificate Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] access_list_auth Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] audit_log Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [websockets] Migrating Up...
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [websockets] proxy_host Table altered
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [forward_host] Migrating Up...
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [forward_host] proxy_host Table altered
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [http2_support] Migrating Up...
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [http2_support] proxy_host Table altered
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [http2_support] redirection_host Table altered
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [http2_support] dead_host Table altered
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [forward_scheme] Migrating Up...
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [forward_scheme] proxy_host Table altered
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [disabled] Migrating Up...
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [disabled] proxy_host Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [disabled] redirection_host Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [disabled] dead_host Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [disabled] stream Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [custom_locations] Migrating Up...
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [custom_locations] proxy_host Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [hsts] Migrating Up...
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [hsts] proxy_host Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [hsts] redirection_host Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [hsts] dead_host Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [settings] Migrating Up...
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [settings] setting Table created
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [access_list_client] Migrating Up...
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [access_list_client] access_list_client Table created
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [access_list_client] access_list Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [access_list_client_fix] Migrating Up...
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [access_list_client_fix] access_list Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [pass_auth] Migrating Up...
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [pass_auth] access_list Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [redirection_scheme] Migrating Up...
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [redirection_scheme] redirection_host Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [redirection_status_code] Migrating Up...
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [redirection_status_code] redirection_host Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [stream_domain] Migrating Up...
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [stream_domain] stream Table altered
[10/11/2021] [11:42:52 PM] [Setup    ] › ℹ  info      Creating a new JWT key pair...
[10/11/2021] [11:42:59 PM] [Setup    ] › ℹ  info      Wrote JWT key pair to config file: /app/config/production.json
[10/11/2021] [11:42:59 PM] [Setup    ] › ℹ  info      Creating a new user: [email protected] with password: changeme
[10/11/2021] [11:42:59 PM] [Setup    ] › ℹ  info      Initial admin setup completed
[10/11/2021] [11:42:59 PM] [Setup    ] › ℹ  info      Logrotate Timer initialized
[10/11/2021] [11:42:59 PM] [Setup    ] › ℹ  info      Default settings added
[10/11/2021] [11:42:59 PM] [Setup    ] › ℹ  info      Logrotate completed.
[10/11/2021] [11:42:59 PM] [IP Ranges] › ℹ  info      Fetching IP Ranges from online services...
[10/11/2021] [11:42:59 PM] [IP Ranges] › ℹ  info      Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[10/11/2021] [11:43:00 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v4
[10/11/2021] [11:43:00 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v6
[10/11/2021] [11:43:00 PM] [SSL      ] › ℹ  info      Let's Encrypt Renewal Timer initialized
[10/11/2021] [11:43:00 PM] [SSL      ] › ℹ  info      Renewing SSL certs close to expiry...
[10/11/2021] [11:43:00 PM] [IP Ranges] › ℹ  info      IP Ranges Renewal Timer initialized
[10/11/2021] [11:43:00 PM] [Global   ] › ℹ  info      Backend PID 241 listening on port 3000 ...
[10/11/2021] [11:43:00 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[10/11/2021] [11:43:00 PM] [SSL      ] › ℹ  info      Renew Complete
[10/11/2021] [11:43:06 PM] [Express  ] › ⚠  warning   invalid signature
`QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0
`QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0
QueryBuilder#omit is deprecated. This method will be removed in version 3.0
[10/11/2021] [11:49:18 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[10/11/2021] [11:49:18 PM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #1: portainer.t4l35.host
[10/11/2021] [11:49:18 PM] [SSL      ] › ℹ  info      Command: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "portainer.t4l35.host" 
[10/11/2021] [11:49:19 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[10/11/2021] [11:49:19 PM] [Express  ] › ⚠  warning   Command failed: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "portainer.t4l35.host" 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
The server experienced an internal error :: The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Letsencrypt log 
cat /var/log/letsencrypt/letsencrypt.log
2021-10-11 23:49:18,809:DEBUG:certbot._internal.main:certbot version: 1.19.0
2021-10-11 23:49:18,810:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2021-10-11 23:49:18,810:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-1', '--agree-tos', '--authenticator', 'webroot', '--email', '[email protected]', '--preferred-challenges', 'dns,http', '--domains', 'portainer.t4l35.host']
2021-10-11 23:49:18,810:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-10-11 23:49:18,823:DEBUG:certbot._internal.log:Root logging level set at 30
2021-10-11 23:49:18,823:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2021-10-11 23:49:18,826:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0xffff8d679b38>
Prep: True
2021-10-11 23:49:18,826:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0xffff8d679b38> and installer None
2021-10-11 23:49:18,826:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-10-11 23:49:18,969:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-10-11 23:49:18,971:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-10-11 23:49:19,745:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 503 178
2021-10-11 23:49:19,746:DEBUG:acme.client:Received response:
HTTP 503
Server: nginx
Date: Mon, 11 Oct 2021 23:49:19 GMT
Content-Type: application/problem+json
Content-Length: 178
Connection: keep-alive
ETag: "611d36fb-b2"

{
  "type": "urn:acme:error:serverInternal",
  "detail": "The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details."
}

2021-10-11 23:49:19,746:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1572, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1414, in certonly
    le_client = _init_le_client(config, auth, installer)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 761, in _init_le_client
    acc, acme = _determine_account(config)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 679, in _determine_account
    config, account_storage, tos_cb=_tos_cb)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 180, in register
    acme = acme_from_config_key(config, key)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 44, in acme_from_config_key
    client = acme_client.BackwardsCompatibleClientV2(net, key, config.server)
  File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 840, in __init__
    directory = messages.Directory.from_json(net.get(server).json())
  File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 1194, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 1087, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:acme:error:serverInternal :: The server experienced an internal error :: The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details.
2021-10-11 23:49:19,747:ERROR:certbot._internal.log:An unexpected error occurred:
2021-10-11 23:49:19,748:ERROR:certbot._internal.log:The server experienced an internal error :: The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details.

@chaptergy
Copy link
Collaborator

chaptergy commented Oct 12, 2021
edited
Loading

@talesam This time your error is different. As it says in the both of the logs:

The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details.

As you can see on the letsencrypt status page the issuance was temporarily unavailable that night. Please retry.

@chaptergy
Copy link
Collaborator

@ririko5834 @nahuedev and to everyone who encounters Some challenges have failed.: The error is extremely generic and could mean anything. It is necessary you provide the letsencrypt log in order to have any chance at finding the issue. Please see #1271 (comment) on how to do that.

@talesam
Copy link
Author

talesam commented Oct 12, 2021
edited
Loading

@talesam Desta vez, seu erro é diferente. Como está escrito em ambos os logs:

The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details.

Como você pode ver na página de status letsencrypt, a emissão estava temporariamente indisponível naquela noite. Por favor tente novamente.

Still with error...

Captura de tela de 2021-10-12 12-51-28

Error: Command failed: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-4" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "portainer.t4l35.host" 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

    at ChildProcess.exithandler (node:child_process:397:12)
    at ChildProcess.emit (node:events:394:28)
    at maybeClose (node:internal/child_process:1064:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)
    ```

@talesam
Copy link
Author

talesam commented Oct 13, 2021

Log error:

[root@docker-2975096e2791:/app]# cat /var/log/letsencrypt/letsencrypt.log
2021-10-13 23:37:54,671:DEBUG:certbot._internal.main:certbot version: 1.19.0
2021-10-13 23:37:54,672:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2021-10-13 23:37:54,672:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-6', '--agree-tos', '--authenticator', 'webroot', '--email', '[email protected]', '--preferred-challenges', 'dns,http', '--domains', 'portainer.t4l35.host']
2021-10-13 23:37:54,672:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-10-13 23:37:54,685:DEBUG:certbot._internal.log:Root logging level set at 30
2021-10-13 23:37:54,686:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2021-10-13 23:37:54,688:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0xffff95077a90>
Prep: True
2021-10-13 23:37:54,688:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0xffff95077a90> and installer None
2021-10-13 23:37:54,688:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-10-13 23:37:54,705:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/236307560', new_authzr_uri=None, terms_of_service=None), 9c551d352acbefa090bc2138f79d75f1, Meta(creation_dt=datetime.datetime(2021, 10, 12, 15, 49, 35, tzinfo=<UTC>), creation_host='2975096e2791', register_to_eff=None))>
2021-10-13 23:37:54,706:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-10-13 23:37:54,708:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-10-13 23:37:55,524:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-10-13 23:37:55,525:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 13 Oct 2021 23:37:55 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "rDAdBkYkans": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-10-13 23:37:55,526:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for portainer.t4l35.host
2021-10-13 23:37:55,532:DEBUG:certbot.crypto_util:Generating ECDSA key (2048 bits): /etc/letsencrypt/keys/0004_key-certbot.pem
2021-10-13 23:37:55,535:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0004_csr-certbot.pem
2021-10-13 23:37:55,535:DEBUG:acme.client:Requesting fresh nonce
2021-10-13 23:37:55,536:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-10-13 23:37:55,740:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-10-13 23:37:55,740:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 13 Oct 2021 23:37:55 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002HhH05d6D6bIGxkO1vbnLfnV-jiRU7lXuKm2yDuJ-E4k
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-10-13 23:37:55,740:DEBUG:acme.client:Storing nonce: 0002HhH05d6D6bIGxkO1vbnLfnV-jiRU7lXuKm2yDuJ-E4k
2021-10-13 23:37:55,741:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "portainer.t4l35.host"\n    }\n  ]\n}'
2021-10-13 23:37:55,744:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDJIaEgwNWQ2RDZiSUd4a08xdmJuTGZuVi1qaVJVN2xYdUttMnlEdUotRTRrIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "tgHA1KhKrQkm1rl9EH2QKaq_f8MxikT_Y32PXnw3C0cm6JVqJc6PkJRHAxba_H9N4ucM_FbJ9V0tUp_hU1muTRBW8UIz--coooBTV5I8kLXw3dXB8tm9MNGmI28KksacrSbpXBZXg2an8YhxEitr4QmRMedwJZnsWYvCg9TdbXfhbJZIy5X4Hp5Xd0qQV28KU68IaJioYPkDYd9M2JZb7FfQ3zGmit03L-QPQPgcWsVZH0c0yKMjV9bs41xdeQ6YZoAzVOAZHG3wD7YOMiDS1eiEDyl5tgOsWCvmi9gypaBHX8ez9gsqefLFGnVS7h2uS4RsNU1QFT8HKEaWs3wmFw",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInBvcnRhaW5lci50NGwzNS5ob3N0IgogICAgfQogIF0KfQ"
}
2021-10-13 23:37:55,972:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 343
2021-10-13 23:37:55,973:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 13 Oct 2021 23:37:55 GMT
Content-Type: application/json
Content-Length: 343
Connection: keep-alive
Boulder-Requester: 236307560
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/236307560/31678208840
Replay-Nonce: 0002BFm1adluJbpzbonmb8yYM6CXEVB4K0pU6y9bl6UCXDw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-10-20T23:37:55Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "portainer.t4l35.host"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/236307560/31678208840"
}
2021-10-13 23:37:55,973:DEBUG:acme.client:Storing nonce: 0002BFm1adluJbpzbonmb8yYM6CXEVB4K0pU6y9bl6UCXDw
2021-10-13 23:37:55,973:DEBUG:acme.client:JWS payload:
b''
2021-10-13 23:37:55,977:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDJCRm0xYWRsdUpicHpib25tYjh5WU02Q1hFVkI0SzBwVTZ5OWJsNlVDWER3IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zOTY4NjU5MTg1MCJ9",
  "signature": "pebwZwlCcB4ELExNBYyV7ks5kDavyn4fA7Be1t8lnmUQE9bWSxPb8RxIMMY8zB_wezKevjCkRfa3MwW1iz2JPRkNGUxLt9e8WTcnCTSRakCZzCcGWiURBq34Z1veUw6_N6nSxJRyp42NpAV0ELAOLNsAD1bB8aBSO_Ttkgvl-WafX-3oeI10KgY5nqeiW6qF1T8zTw5Kafnm3GGgScEslkmgbKuP9TMIdI899gCQRKL-TcxNJEkNddwB9IW7h-FX7UABVFkaz_Rff8PrkMHCDIlVonwkGNkQuqdcGWZKQ2wX7dyEV7K-imkjpfhHE0Gt9eJ1Q1NrtioMRRogEXPnoA",
  "payload": ""
}
2021-10-13 23:37:56,186:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/39686591850 HTTP/1.1" 200 801
2021-10-13 23:37:56,187:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 13 Oct 2021 23:37:56 GMT
Content-Type: application/json
Content-Length: 801
Connection: keep-alive
Boulder-Requester: 236307560
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00025ivGHY4mwWhTHbglsazSpBzQ8LGeBAl_LJCn6L0l5co
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "portainer.t4l35.host"
  },
  "status": "pending",
  "expires": "2021-10-20T23:37:55Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/3M80GA",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/KodMWw",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    }
  ]
}
2021-10-13 23:37:56,187:DEBUG:acme.client:Storing nonce: 00025ivGHY4mwWhTHbglsazSpBzQ8LGeBAl_LJCn6L0l5co
2021-10-13 23:37:56,187:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-10-13 23:37:56,187:INFO:certbot._internal.auth_handler:http-01 challenge for portainer.t4l35.host
2021-10-13 23:37:56,187:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2021-10-13 23:37:56,188:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2021-10-13 23:37:56,189:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY
2021-10-13 23:37:56,190:DEBUG:acme.client:JWS payload:
b'{}'
2021-10-13 23:37:56,193:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDI1aXZHSFk0bXdXaFRIYmdsc2F6U3BCelE4TEdlQkFsX0xKQ242TDBsNWNvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8zOTY4NjU5MTg1MC84c2lzS2cifQ",
  "signature": "123-jsiSOhzEkQs6Wz-chki0GTSX8LLr-RfJDyWAUZjH64fihSCcM9fXEuMo2Ob7TOVO3WfoM8v6Uod1pWgs66plhBxRFPXm_wz-r54XgYAbLY2J53tlut_8GvgxFp8tg3m4vwqMFcRybNSccuyCojvOc-eVMraaP-V86ou9PgtX-ULDcLF9jj5so-WbzXZIySeag2VPvIfswA2pAhSUg6-_bK_ihNi5rU_EyIiGz2p1wl2fYen39nuUYzzglcKAmLQtEyh6w1mbkf8p1DAIHFlHOeDBELUhjOw5xY7NA_pvsAr3ouSOUUsgzrR9VDHKH6wE-_Q_587Ij434wB7DdA",
  "payload": "e30"
}
2021-10-13 23:37:56,404:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/39686591850/8sisKg HTTP/1.1" 200 186
2021-10-13 23:37:56,405:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 13 Oct 2021 23:37:56 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 236307560
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg
Replay-Nonce: 0001iEGTBOOqjcjRH5ZrqDZLAzNB4Dq1WRuP9INXM0pYi68
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg",
  "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
}
2021-10-13 23:37:56,405:DEBUG:acme.client:Storing nonce: 0001iEGTBOOqjcjRH5ZrqDZLAzNB4Dq1WRuP9INXM0pYi68
2021-10-13 23:37:56,405:INFO:certbot._internal.auth_handler:Waiting for verification...
2021-10-13 23:37:57,407:DEBUG:acme.client:JWS payload:
b''
2021-10-13 23:37:57,410:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDFpRUdUQk9PcWpjalJINVpycURaTEF6TkI0RHExV1J1UDlJTlhNMHBZaTY4IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zOTY4NjU5MTg1MCJ9",
  "signature": "f_qkdZisxNg0cPzPzSPNdMLOA9EZqlpTEgW4Lrph33VbJLX8sXB_ranSatqDWiea90564jyHuJPTUT4vf8rT0vN-9w2VAcvn7r22YDABWteknPLL0bkMOC4g-XTCiDBMAm90mVBy8EqXXSzgF5GHhH9LBgHUIJppX04jKYrqxOJZxC-XdUbFi-j9Bfofksaq407t4o_s24byNbeThGZPCJ5R00BI_KwKDYCG56MKJJIQ5gb40CQbf6MpiwRTscr55Da1DZVJssTRxU3JGGaGs9FpEDsAW_XdSH6LKbzmR7LE5HQtA3GLT-1i_s0GS3UxgtiL_GkMfm9BjGrEcz3aKw",
  "payload": ""
}
2021-10-13 23:37:57,619:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/39686591850 HTTP/1.1" 200 801
2021-10-13 23:37:57,619:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 13 Oct 2021 23:37:57 GMT
Content-Type: application/json
Content-Length: 801
Connection: keep-alive
Boulder-Requester: 236307560
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 000287Nv5Tv2CEzLvD9N7Db14D0mxNHm8ep-OHFKk15qpr0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "portainer.t4l35.host"
  },
  "status": "pending",
  "expires": "2021-10-20T23:37:55Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/3M80GA",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/KodMWw",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    }
  ]
}
2021-10-13 23:37:57,619:DEBUG:acme.client:Storing nonce: 000287Nv5Tv2CEzLvD9N7Db14D0mxNHm8ep-OHFKk15qpr0
2021-10-13 23:38:00,623:DEBUG:acme.client:JWS payload:
b''
2021-10-13 23:38:00,626:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDI4N052NVR2MkNFekx2RDlON0RiMTREMG14TkhtOGVwLU9IRktrMTVxcHIwIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zOTY4NjU5MTg1MCJ9",
  "signature": "wiOeFbg7b6HSaOevVv_sq4Sk8lXWy2BBd9KC-gpOela40ku2swrw-Hh3gJPJCe-Rw26WrApHybdomBMxAbpU8DVVTzWwV-pximVNi-y1zi-flpvCmZV4raoX09t6X1DFmiMCp4wfoq4Liytu-XiORlDHwwBwKAg-bnJb-MhJt4oyqB63-sQeQv7a1JlCJoTq72Mp_uMWoi30nmrfKD91FyrVU-FxxVGURTC4nOau0gNYMKKQzjIRrxKdw4aW80lKSKRn-n7g2guI8oDLI4AUgDBCzs9gxmYXs6hnskgCjnfZ_u5lUsDx5wXxIOWS4dz7xyanCDtsYgce9PCFJfqnMg",
  "payload": ""
}
2021-10-13 23:38:00,849:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/39686591850 HTTP/1.1" 200 801
2021-10-13 23:38:00,849:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 13 Oct 2021 23:38:00 GMT
Content-Type: application/json
Content-Length: 801
Connection: keep-alive
Boulder-Requester: 236307560
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001ep_PM3n9lrFnzNq8aAtO295WKjHpvG3DXklFMmzrm-Q
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "portainer.t4l35.host"
  },
  "status": "pending",
  "expires": "2021-10-20T23:37:55Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/3M80GA",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/KodMWw",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    }
  ]
}
2021-10-13 23:38:00,850:DEBUG:acme.client:Storing nonce: 0001ep_PM3n9lrFnzNq8aAtO295WKjHpvG3DXklFMmzrm-Q
2021-10-13 23:38:03,853:DEBUG:acme.client:JWS payload:
b''
2021-10-13 23:38:03,857:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDFlcF9QTTNuOWxyRm56TnE4YUF0TzI5NVdLakhwdkczRFhrbEZNbXpybS1RIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zOTY4NjU5MTg1MCJ9",
  "signature": "P-YKYi-FLEu5u5oEygG2InDlgnoRLLY0rQrMua4D5z3oGcgdvOqyuB-YRANp7aWjzASLHmUG6cOdEVVieA3m-F5VnW9MSr7PAO-7beMLL9O2LC9KMhpkKHZo2sgkTGDD929ke4RyxtfOhUUvO4NYRFFSvl5ZXpNXbZlA0i7umPNqseIlFJB2soOmTS-C-dbKpfAv7p5tm6tSc8-4ABvqraDxI6G4Gh0SmXZ7WQaYrZj1DGhdSvzW41rRNtgf1ZVypEHceHV7Llr9b-kibec4RbRIGMAoHp3kWSRcQbzehR3XzmtoCNreIgC_Hyvqhy_WMqRTykIJht7TcN5sU27wsw",
  "payload": ""
}
2021-10-13 23:38:04,071:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/39686591850 HTTP/1.1" 200 801
2021-10-13 23:38:04,072:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 13 Oct 2021 23:38:03 GMT
Content-Type: application/json
Content-Length: 801
Connection: keep-alive
Boulder-Requester: 236307560
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002-_tdzSt2TSXCe5VoIdHaylOxYQR-U46ddF9E2LWWRAU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "portainer.t4l35.host"
  },
  "status": "pending",
  "expires": "2021-10-20T23:37:55Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/3M80GA",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/KodMWw",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    }
  ]
}
2021-10-13 23:38:04,072:DEBUG:acme.client:Storing nonce: 0002-_tdzSt2TSXCe5VoIdHaylOxYQR-U46ddF9E2LWWRAU
2021-10-13 23:38:07,075:DEBUG:acme.client:JWS payload:
b''
2021-10-13 23:38:07,079:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDItX3RkelN0MlRTWENlNVZvSWRIYXlsT3hZUVItVTQ2ZGRGOUUyTFdXUkFVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zOTY4NjU5MTg1MCJ9",
  "signature": "hExj6-ls1Q9fVuSQcJr6oFNdtjlAjt2kP9WqmiktLBnYfbn_fOVO2yPrR9vNObNL85HmrJVNyGrAEfI52M5Mikz4WJMd3ium7f9ZJaBU-ZDccxo6eYHcV85_zoGrnPgSHFxOG7FoK0m14Top_iRAY_jeCaCzNpIMNvGsoE8-X-iyisnbxa4noPikYYzC6UpIJfNp12R832jCtBM0obUNc7b5b8idVkp8FBGNe59gWyedDPvzu91q5_Rau5mB-e1pr1UOTsfYVV7VRkYcbuuWQ43Hinwr6Yrko3rlhRlyjf3Ygey2nYWxchVQaIiBl1COh737KuTduj58HD0wUXFJVw",
  "payload": ""
}
2021-10-13 23:38:07,288:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/39686591850 HTTP/1.1" 200 1064
2021-10-13 23:38:07,289:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 13 Oct 2021 23:38:07 GMT
Content-Type: application/json
Content-Length: 1064
Connection: keep-alive
Boulder-Requester: 236307560
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002Aej4uHvLdHzKKAGWCz65X-7Bct1f-ydTuZhQEQKbR5E
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "portainer.t4l35.host"
  },
  "status": "invalid",
  "expires": "2021-10-20T23:37:55Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "Fetching http://portainer.t4l35.host/.well-known/acme-challenge/XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY: Timeout during connect (likely firewall problem)",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY",
      "validationRecord": [
        {
          "url": "http://portainer.t4l35.host/.well-known/acme-challenge/XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY",
          "hostname": "portainer.t4l35.host",
          "port": "80",
          "addressesResolved": [
            "152.70.222.248"
          ],
          "addressUsed": "152.70.222.248"
        }
      ],
      "validated": "2021-10-13T23:37:56Z"
    }
  ]
}
2021-10-13 23:38:07,289:DEBUG:acme.client:Storing nonce: 0002Aej4uHvLdHzKKAGWCz65X-7Bct1f-ydTuZhQEQKbR5E
2021-10-13 23:38:07,290:INFO:certbot._internal.auth_handler:Challenge failed for domain portainer.t4l35.host
2021-10-13 23:38:07,290:INFO:certbot._internal.auth_handler:http-01 challenge for portainer.t4l35.host
2021-10-13 23:38:07,290:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: portainer.t4l35.host
  Type:   connection
  Detail: Fetching http://portainer.t4l35.host/.well-known/acme-challenge/XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2021-10-13 23:38:07,298:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2021-10-13 23:38:07,298:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-10-13 23:38:07,298:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-10-13 23:38:07,298:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY
2021-10-13 23:38:07,298:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2021-10-13 23:38:07,299:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1572, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1432, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 454, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 384, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 434, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-10-13 23:38:07,299:ERROR:certbot._internal.log:Some challenges have failed.

Does anyone know if it's still error from the lestcrypt website?

@talesam talesam changed the title Error creating certificate Error creating certificate [Solved] Oct 14, 2021
@talesam
Copy link
Author

talesam commented Oct 14, 2021

It was something in the oracle firewall, I disabled everything and I'm using ufw.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@talesam @chaptergy @nahuedev @ririko5834