Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Certificate creation with out dns challenge fails #1595

Closed
chicungunya opened this issue Nov 18, 2021 · 3 comments
Closed

Certificate creation with out dns challenge fails #1595

chicungunya opened this issue Nov 18, 2021 · 3 comments
Labels

Comments

@chicungunya
Copy link

chicungunya commented Nov 18, 2021

Hi guys,
It is impossible for me to add a new certificate, it was working before I changed of router.
I think my config is correct and I disabled firewall router.
I can renew my other certificates
All the informations below.
Thanks a lot !

Checklist

  • Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
    • Yes
  • Are you sure you're not using someone else's docker image?
    • Yes
  • Have you searched for similar issues (both open and closed)?
    • Yes

Describe the bug

[11/18/2021] [3:50:47 PM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #46: jo.xxxx.com,
[11/18/2021] [3:50:47 PM] [SSL      ] › ℹ  info      Command: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-46" --agree-tos --authenticator webroot --email "[email protected]" --preferred-challenges "dns,http" --domains "jo.xxxx.com" ,
[11/18/2021] [3:50:51 PM] [Nginx    ] › ℹ  info      Reloading Nginx,
[11/18/2021] [3:50:51 PM] [Express  ] › ⚠  warning   Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-46" --agree-tos --authenticator webroot --email "jo.xxxx.com" --preferred-challenges "dns,http" --domains "jo.xxxx.com" ,
Saving debug log to /var/log/letsencrypt/letsencrypt.log,
Some challenges have failed.,
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Nginx Proxy Manager Version
2.9.12

Screenshots

Operating System
Rapsberry pi 4 with docker and portainer

@chaptergy
Copy link
Collaborator

See #1271 (comment)

@chicungunya
Copy link
Author

chicungunya commented Nov 18, 2021

@chaptergy below my full log. Hope it can helps. Thanks!

LetsEncrypt log
2021-11-18 17:20:39,193:DEBUG:certbot._internal.main:certbot version: 1.21.0
2021-11-18 17:20:39,194:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2021-11-18 17:20:39,194:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-47', '--agree-tos', '--authenticator', 'webroot', '--email', '[email protected]', '--preferred-challenges', 'dns,http', '--domains', 'joal.x.com']
2021-11-18 17:20:39,195:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-11-18 17:20:39,239:DEBUG:certbot._internal.log:Root logging level set at 30
2021-11-18 17:20:39,243:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2021-11-18 17:20:39,251:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0xb5aef910>
Prep: True
2021-11-18 17:20:39,252:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0xb5aef910> and installer None
2021-11-18 17:20:39,252:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-11-18 17:20:39,297:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/111670034', new_authzr_uri=None, terms_of_service=None), 0c49b1222009bdd04d48c25efc0031a9, Meta(creation_dt=datetime.datetime(2021, 2, 4, 13, 30, 43, tzinfo=<UTC>), creation_host='198b028756e2', register_to_eff=None))>
2021-11-18 17:20:39,299:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-11-18 17:20:39,304:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-11-18 17:20:39,566:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-11-18 17:20:39,568:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 18 Nov 2021 17:20:39 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "ZYDJPT_SXMI": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-11-18 17:20:39,572:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for joal.x.com
2021-11-18 17:20:39,805:DEBUG:certbot.crypto_util:Generating ECDSA key (2048 bits): /etc/letsencrypt/keys/6548_key-certbot.pem
2021-11-18 17:20:40,043:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/6548_csr-certbot.pem
2021-11-18 17:20:40,045:DEBUG:acme.client:Requesting fresh nonce
2021-11-18 17:20:40,045:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-11-18 17:20:40,117:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-11-18 17:20:40,119:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 18 Nov 2021 17:20:40 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001LOX4ySI7z3u2l_aBKvKgSWaZe045BHrBkgUH9Cy2DsI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-11-18 17:20:40,119:DEBUG:acme.client:Storing nonce: 0001LOX4ySI7z3u2l_aBKvKgSWaZe045BHrBkgUH9Cy2DsI
2021-11-18 17:20:40,122:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "joal.x.com"\n    }\n  ]\n}'
2021-11-18 17:20:40,136:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTExNjcwMDM0IiwgIm5vbmNlIjogIjAwMDFMT1g0eVNJN3ozdTJsX2FCS3ZLZ1NXYVplMDQ1QkhyQmtnVUg5Q3kyRHNJIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "H6nfdPicSL08Eu_oXQRzyWAibcEidL0Mrmce3dqSwGnJxa5bqUFmelA7MgnvJ91_XgTpvVViccCMHwkjEAXoMyg2Zp9n7K3cw2OnjTT_G4teldvi-Ipa_peBywwkz-0PEVHc09lKAuDS5ZHmBtHCb_TrWnZCI3TFqWGHoGVytYghQlzinEUozF4IvqsJaUbiIDcfI39y12GnrNo8Q8R8qJWh1ndlU8CnErV34xUQjKnp7Gtsgnuu1niL1LBaGwps2CzDdVleDAA65xneHqpGqZGS9h93ooU8WX5Yp2ALbSMqyutb_0YVd45mss8k4RSUjqYs7oTUW8W3Yi10pDc3Og",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImpvYWwuZGFybmFnYS5jb20iCiAgICB9CiAgXQp9"
}
2021-11-18 17:20:40,251:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 339
2021-11-18 17:20:40,253:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 18 Nov 2021 17:20:40 GMT
Content-Type: application/json
Content-Length: 339
Connection: keep-alive
Boulder-Requester: 111670034
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/111670034/40674316720
Replay-Nonce: 0002avRwTZbQdbXQ9_6Ld6npTXwjWF-8lZLb2X8HuNBQbQI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-11-25T17:20:40Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "joal.x.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/50535202260"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/111670034/40674316720"
}
2021-11-18 17:20:40,253:DEBUG:acme.client:Storing nonce: 0002avRwTZbQdbXQ9_6Ld6npTXwjWF-8lZLb2X8HuNBQbQI
2021-11-18 17:20:40,254:DEBUG:acme.client:JWS payload:
b''
2021-11-18 17:20:40,270:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/50535202260:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTExNjcwMDM0IiwgIm5vbmNlIjogIjAwMDJhdlJ3VFpiUWRiWFE5XzZMZDZucFRYd2pXRi04bFpMYjJYOEh1TkJRYlFJIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My81MDUzNTIwMjI2MCJ9",
  "signature": "FiluYjtFdKIxH8jnnqM4OLOg0ZsrslhDe1RLaelkqVMObq3B1NGdKbuNM5BB5ycJeqW-gaiAf2a6qZj9Zp6CJXUpekaJiVkaYOv07HpFmIjuBzBP6SCO4-WSsQ2CgVcdN4cwh6Tn9pvW0xatymGVU5axYJ0gWlG2O45uTwI8G8nweUi2ZzBxWezf8_JDzWpCWGAsw-xMqKWXX4GBVCx025UTfsCpKwNCEEN93x-v0fg7cMk3Sz3D5XJ5A1Pwfh6O-UxlaTqb5pmHzIGyr5r9WGbE8rczM1rzQmQhuFmPU5QPailjVQiMaQsQ2OWiHxJtyM4aqN0PHOEdAwkUo6yqHw",
  "payload": ""
}
2021-11-18 17:20:40,357:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/50535202260 HTTP/1.1" 200 797
2021-11-18 17:20:40,358:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 18 Nov 2021 17:20:40 GMT
Content-Type: application/json
Content-Length: 797
Connection: keep-alive
Boulder-Requester: 111670034
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001bD640NwdZqMOiWIB263TWbIPCw7SqFpDPtyiD-kvt-E
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "joal.x.com"
  },
  "status": "pending",
  "expires": "2021-11-25T17:20:40Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/50535202260/Z5oA4A",
      "token": "TeG5uB2w1crPbxcMJQaxcjjRvNLSvLlR5QEVhytVrMo"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/50535202260/KV0qjQ",
      "token": "TeG5uB2w1crPbxcMJQaxcjjRvNLSvLlR5QEVhytVrMo"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/50535202260/5-N2bQ",
      "token": "TeG5uB2w1crPbxcMJQaxcjjRvNLSvLlR5QEVhytVrMo"
    }
  ]
}
2021-11-18 17:20:40,359:DEBUG:acme.client:Storing nonce: 0001bD640NwdZqMOiWIB263TWbIPCw7SqFpDPtyiD-kvt-E
2021-11-18 17:20:40,361:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-11-18 17:20:40,361:INFO:certbot._internal.auth_handler:http-01 challenge for joal.x.com
2021-11-18 17:20:40,362:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2021-11-18 17:20:40,362:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2021-11-18 17:20:40,367:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/TeG5uB2w1crPbxcMJQaxcjjRvNLSvLlR5QEVhytVrMo
2021-11-18 17:20:40,369:DEBUG:acme.client:JWS payload:
b'{}'
2021-11-18 17:20:40,384:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/50535202260/Z5oA4A:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTExNjcwMDM0IiwgIm5vbmNlIjogIjAwMDFiRDY0ME53ZFpxTU9pV0lCMjYzVFdiSVBDdzdTcUZwRFB0eWlELWt2dC1FIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My81MDUzNTIwMjI2MC9aNW9BNEEifQ",
  "signature": "kOJjdCgoC1iNBx430PxQtnql7MgCqj8kocxks3xJGUZtbWc-l9dADhWhZUPmhOwnpFhecp3twirIe-KgWdaGHUJAmS212o9vsyLW7pIUG7WfHU4VjKjW9F6cs96A_U3F6IC1cEF_AZiqSErRK8kQw0EW6GYpjGtuhoNWAowB9qDnxF_fDidFsUrQl8pZiKfSjVY5kYQXVEUuE4DQWWmAv8d2iICzBeKX9dWVHheENLy_WtE5Zuy3_3rd5Jg8VgQq4keDYZPIk0kUxtGSg6eOOroU_Ys4YiKWd6mm_fcI31dQatW4cl7F_UgTlOBPWrQ3f-9aGlOTsoUYBKkdJ5sjkg",
  "payload": "e30"
}
2021-11-18 17:20:40,486:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/50535202260/Z5oA4A HTTP/1.1" 200 186
2021-11-18 17:20:40,488:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 18 Nov 2021 17:20:40 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 111670034
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/50535202260>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/50535202260/Z5oA4A
Replay-Nonce: 00011pMJPxVwluzfi8g301GdIsCnoADi7DCkvePYdsrvULs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/50535202260/Z5oA4A",
  "token": "TeG5uB2w1crPbxcMJQaxcjjRvNLSvLlR5QEVhytVrMo"
}
2021-11-18 17:20:40,488:DEBUG:acme.client:Storing nonce: 00011pMJPxVwluzfi8g301GdIsCnoADi7DCkvePYdsrvULs
2021-11-18 17:20:40,490:INFO:certbot._internal.auth_handler:Waiting for verification...
2021-11-18 17:20:41,492:DEBUG:acme.client:JWS payload:
b''
2021-11-18 17:20:41,520:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/50535202260:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTExNjcwMDM0IiwgIm5vbmNlIjogIjAwMDExcE1KUHhWd2x1emZpOGczMDFHZElzQ25vQURpN0RDa3ZlUFlkc3J2VUxzIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My81MDUzNTIwMjI2MCJ9",
  "signature": "OPNXCwSOvV9zM-6lrcJfgrbzufhu_HnHnSeVZeZVS_Ma3ZdbrMq8IPznZa1kRRTW3VTi3HIKr7Bn8lYX4Gh55dzjybHvNWPZk058SU39pLKu3BPN0w3108VJhezG4mf2Mrqvn36Fu0C_pDp4Du1Mw3GKbek4P2vCEpkiuFDsqhmVuOMilJ__gCblGFPX_RlzpXPfkD1wS-4z1a7zXifhwVIBzz7kqi6m7M6SpvIJUjjowA_4fpGmlG8w-CLMN2TxZds0DKXw2L_URJaxiZqISDgy1eIjFZn70e6UGM7nJIhZBp50zF3DFDP4nua_pgjJHGCGwnZzTRlZ7tWFLYSoeg",
  "payload": ""
}
2021-11-18 17:20:41,617:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/50535202260 HTTP/1.1" 200 1813
2021-11-18 17:20:41,618:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 18 Nov 2021 17:20:41 GMT
Content-Type: application/json
Content-Length: 1813
Connection: keep-alive
Boulder-Requester: 111670034
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002K3t6PsOEjL1bO6Lxd1-xw77HjhAhIHBTB4lvT0xctgY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "joal.x.com"
  },
  "status": "invalid",
  "expires": "2021-11-25T17:20:40Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "Invalid response from https://joal.x.com/.well-known/acme-challenge/TeG5uB2w1crPbxcMJQaxcjjRvNLSvLlR5QEVhytVrMo [2606:4700:3030::ac43:ac18]: \"\u003c!DOCTYPE html\u003e\\n\u003c!--[if lt IE 7]\u003e \u003chtml class=\\\"no-js ie6 oldie\\\" lang=\\\"en-US\\\"\u003e \u003c![endif]--\u003e\\n\u003c!--[if IE 7]\u003e    \u003chtml class=\\\"no-js \"",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/50535202260/Z5oA4A",
      "token": "TeG5uB2w1crPbxcMJQaxcjjRvNLSvLlR5QEVhytVrMo",
      "validationRecord": [
        {
          "url": "http://joal.x.com/.well-known/acme-challenge/TeG5uB2w1crPbxcMJQaxcjjRvNLSvLlR5QEVhytVrMo",
          "hostname": "joal.x.com",
          "port": "80",
          "addressesResolved": [
            "104.21.71.237",
            "172.67.172.24",
            "2606:4700:3030::ac43:ac18",
            "2606:4700:3030::6815:47ed"
          ],
          "addressUsed": "2606:4700:3030::ac43:ac18"
        },
        {
          "url": "https://joal.x.com/.well-known/acme-challenge/TeG5uB2w1crPbxcMJQaxcjjRvNLSvLlR5QEVhytVrMo",
          "hostname": "joal.x.com",
          "port": "443",
          "addressesResolved": [
            "104.21.71.237",
            "172.67.172.24",
            "2606:4700:3030::ac43:ac18",
            "2606:4700:3030::6815:47ed"
          ],
          "addressUsed": "2606:4700:3030::ac43:ac18"
        }
      ],
      "validated": "2021-11-18T17:20:40Z"
    }
  ]
}
2021-11-18 17:20:41,619:DEBUG:acme.client:Storing nonce: 0002K3t6PsOEjL1bO6Lxd1-xw77HjhAhIHBTB4lvT0xctgY
2021-11-18 17:20:41,620:INFO:certbot._internal.auth_handler:Challenge failed for domain joal.x.com
2021-11-18 17:20:41,620:INFO:certbot._internal.auth_handler:http-01 challenge for joal.x.com
2021-11-18 17:20:41,621:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: joal.x.com
  Type:   unauthorized
  Detail: Invalid response from https://joal.x.com/.well-known/acme-challenge/TeG5uB2w1crPbxcMJQaxcjjRvNLSvLlR5QEVhytVrMo [2606:4700:3030::ac43:ac18]: "<!DOCTYPE html>\n<!--[if lt IE 7]> <html class=\"no-js ie6 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 7]>    <html class=\"no-js "

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2021-11-18 17:20:41,622:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2021-11-18 17:20:41,623:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-11-18 17:20:41,623:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-11-18 17:20:41,623:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/TeG5uB2w1crPbxcMJQaxcjjRvNLSvLlR5QEVhytVrMo
2021-11-18 17:20:41,624:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2021-11-18 17:20:41,625:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1574, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1434, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 459, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 389, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 439, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-11-18 17:20:41,628:ERROR:certbot._internal.log:Some challenges have failed.

@chicungunya chicungunya changed the title Impossible to add a new certificate Impossible to add a new certificate (solved) Nov 18, 2021
@chicungunya
Copy link
Author

Disabled cloudflare proxy and it worked!

@chaptergy chaptergy changed the title Impossible to add a new certificate (solved) Certificate creation with out dns challenge fails Nov 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants