I just deleted all log files, then ran
certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/my.domain.tld.conf
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for my.domain.tld
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (my.domain.tld) from /etc/letsencrypt/renewal/my.domain.tld.conf produced an unexpected error: Failed authorization procedure. my.domain.tld (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://my.domain.tld/.well-known/acme-challenge/kv-j88f23JWiAM07N_I1-7ExM8lOVrmvkU7A9_hCe9s: Error getting validation data. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/my.domain.tld/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/my.domain.tld/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: my.domain.tld
Type: connection
Detail: Fetching
http://my.domain.tld/.well-known/acme-challenge/kv-j88f23JWiAM07N_I1-7ExM8lOVrmvkU7A9_hCe9s:
Error getting validation dataTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
with the following result in the error log
/etc/httpd/logs/error_log
[Wed Feb 13 21:49:45.796310 2019] [lbmethod_heartbeat:notice] [pid 19057:tid 140031319456000] AH02282: No slotmem from mod_heartmonitor
[Wed Feb 13 21:49:45.800174 2019] [mpm_event:notice] [pid 19057:tid 140031319456000] AH00489: Apache/2.4.38 (Fedora) OpenSSL/1.1.1a mod_perl/2.0.10 Perl/v5.28.1 configured -- resuming normal operations
[Wed Feb 13 21:49:45.800199 2019] [core:notice] [pid 19057:tid 140031319456000] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Feb 13 21:49:52.307881 2019] [mpm_event:notice] [pid 19057:tid 140031319456000] AH00493: SIGUSR1 received. Doing graceful restart
[Wed Feb 13 21:49:52.392284 2019] [lbmethod_heartbeat:notice] [pid 19057:tid 140031319456000] AH02282: No slotmem from mod_heartmonitor
[Wed Feb 13 21:49:52.396561 2019] [mpm_event:notice] [pid 19057:tid 140031319456000] AH00489: Apache/2.4.38 (Fedora) OpenSSL/1.1.1a mod_perl/2.0.10 Perl/v5.28.1 configured -- resuming normal operations
[Wed Feb 13 21:49:52.396583 2019] [core:notice] [pid 19057:tid 140031319456000] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
(END)
and the following results in
/var/log/letsencrypt/letsencrypt.log
[root@wind letsencrypt]# cat letsencrypt.log
2019-02-13 22:01:36,177:DEBUG:certbot.main:certbot version: 0.30.2
2019-02-13 22:01:36,177:DEBUG:certbot.main:Arguments: ['--dry-run']
2019-02-13 22:01:36,177:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-02-13 22:01:36,202:DEBUG:certbot.log:Root logging level set at 20
2019-02-13 22:01:36,202:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-02-13 22:01:36,256:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7fb95533bf28> and installer <certbot.cli._Default object at 0x7fb95533bf28>
2019-02-13 22:01:36,256:DEBUG:certbot.cli:Var dry_run=True (set by user).
2019-02-13 22:01:36,256:DEBUG:certbot.cli:Var server={'dry_run', 'staging'} (set by user).
2019-02-13 22:01:36,256:DEBUG:certbot.cli:Var dry_run=True (set by user).
2019-02-13 22:01:36,257:DEBUG:certbot.cli:Var server={'dry_run', 'staging'} (set by user).
2019-02-13 22:01:36,257:DEBUG:certbot.cli:Var account={'server'} (set by user).
2019-02-13 22:01:36,292:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2019-02-17 00:10:33 UTC.
2019-02-13 22:01:36,293:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2019-02-13 22:01:36,293:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2019-02-13 22:01:36,445:DEBUG:certbot_apache.configurator:Apache version is 2.4.38
2019-02-13 22:01:36,826:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_centos.CentOSConfigurator object at 0x7fb95533f5f8>
Prep: True
2019-02-13 22:01:36,827:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_centos.CentOSConfigurator object at 0x7fb95533f5f8>
Prep: True
2019-02-13 22:01:36,827:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_centos.CentOSConfigurator object at 0x7fb95533f5f8> and installer <certbot_apache.override_centos.CentOSConfigurator object at 0x7fb95533f5f8>
2019-02-13 22:01:36,827:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2019-02-13 22:01:36,874:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7fb9553ab390>)>), contact=(), agreement='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf', status='valid', terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/5781483', new_authzr_uri=None, terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'), a1b301d8e0e8670600499f3098dbef10, Meta(creation_dt=datetime.datetime(2018, 3, 21, 17, 33, 22, tzinfo=<UTC>), creation_host='wind'))>
2019-02-13 22:01:36,875:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2019-02-13 22:01:36,877:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2019-02-13 22:01:37,099:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 724
2019-02-13 22:01:37,100:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 724
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 13 Feb 2019 21:01:37 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Feb 2019 21:01:37 GMT
Connection: keep-alive
{
"LcT-HT3DNPQ": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org/docs/staging-environment/"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
2019-02-13 22:01:37,100:INFO:certbot.main:Renewing an existing certificate
2019-02-13 22:01:37,169:DEBUG:acme.client:Requesting fresh nonce
2019-02-13 22:01:37,169:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2019-02-13 22:01:37,342:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2019-02-13 22:01:37,343:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Replay-Nonce: SizR-C-h3V6Z34QwI8PnpWH_mkw0KB3DgJLJ6t4Q4-Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Content-Length: 0
Expires: Wed, 13 Feb 2019 21:01:37 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Feb 2019 21:01:37 GMT
Connection: keep-alive
2019-02-13 22:01:37,344:DEBUG:acme.client:Storing nonce: SizR-C-h3V6Z34QwI8PnpWH_mkw0KB3DgJLJ6t4Q4-Y
2019-02-13 22:01:37,344:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "my.domain.tld"\n }\n ]\n}'
2019-02-13 22:01:37,346:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81NzgxNDgzIiwgIm5vbmNlIjogIlNpelItQy1oM1Y2WjM0UXdJOFBucFdIX21rdzBLQjNEZ0pMSjZ0NFE0LVkiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
"signature": "IQrHL6xohNHfrb0daRSxWWaeyGmbfZF8JN1e-_38QGfu7vkGFLKAxY0ReLToPsFVKseammI0zbn4jdDF8rhhntvJ2rrl49JL7Nf860I10INpfJGAoXGhdIrP6xLQD4Z7DwOLhOskCzE9_B_lId0zqV4chtoDoHlHhk1SczuZ93H0aAm6khRHBWo68DSjIgtIldzOv0NHm_tR5VhmSWTePnkl9uyE1MJwJbEcK0jwys8jmz7QwWqB2NSr_bZAs69hgkOgMNSQvSl4VwP6FTMNUV96hJE48HM7c7l2gwjcp_OKnP_Vk-5KUvh6O8ZonK8VyH911EEschmYNf1qsMxjIQ",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1haWVyLmR5bi5jYyIKICAgIH0KICBdCn0"
}
2019-02-13 22:01:37,550:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 383
2019-02-13 22:01:37,552:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 383
Boulder-Requester: 5781483
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/5781483/23407653
Replay-Nonce: vQOBS_cgG2ZQ8ESeRtnaXPx_eMJCy835uWkWHZmfJaI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 13 Feb 2019 21:01:37 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Feb 2019 21:01:37 GMT
Connection: keep-alive
{
"status": "pending",
"expires": "2019-02-20T21:01:37.4354776Z",
"identifiers": [
{
"type": "dns",
"value": "my.domain.tld"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/5781483/23407653"
}
2019-02-13 22:01:37,552:DEBUG:acme.client:Storing nonce: vQOBS_cgG2ZQ8ESeRtnaXPx_eMJCy835uWkWHZmfJaI
2019-02-13 22:01:37,553:DEBUG:acme.client:JWS payload:
b''
2019-02-13 22:01:37,559:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81NzgxNDgzIiwgIm5vbmNlIjogInZRT0JTX2NnRzJaUThFU2VSdG5hWFB4X2VNSkN5ODM1dVdrV0habWZKYUkiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovcWlWZG9GZnRnNlh3d3lUX2lZUEhnbFhwZmlXVUxvM04zMjR1MkhFZ0ZjZyJ9",
"signature": "Bb4qaSZ-aNl4q9kairT5hg6DxvZ1oNDhuaff5aplszCruhM6TVMtJR3FdP5GerVQrMQtz3qFYGPpEq-DfGcDSil74Hc4QT4QQrqv_9Liv_-MEEnsVCJyVbLt7CM5Dj3cnI60uy5wwzC3ENuZo0Cdjm44ZW-zWP0Lef8zxxQvW9i1KakryHvZNj5e4pLn3XYKyrl4ZL0QsHiqtlTShGjNq5ADNIaaIzksXfqR_iMmvwNeQc0U2_DVu8MfTaZzsBRCZlovOpwchk8eDRswDf83M4pC0YlO9PE6mkaGlAdnaZGj5B5cWcaVdUIzQwEwMJhvdo64bkZld0m6vixE4BPYZg",
"payload": ""
}
2019-02-13 22:01:37,748:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg HTTP/1.1" 200 925
2019-02-13 22:01:37,748:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 925
Boulder-Requester: 5781483
Replay-Nonce: Rz4Qxlh6VtSIgSGLIzNeFek4_w2n4-iBv9fDbj04dos
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 13 Feb 2019 21:01:37 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Feb 2019 21:01:37 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "my.domain.tld"
},
"status": "pending",
"expires": "2019-02-20T21:01:37Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg/245543471",
"token": "okOOTvJoxY_KRrJgl3ibZUoaDrAKUbFodjvaEk0PUmQ"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg/245543472",
"token": "SB8EO5Hw3FYeB38nWWu4nt62Y9gjM5HvoqfJGDwdW1U"
},
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg/245543473",
"token": "vc6QMUT_oHywzJ4rKlSJb3cfP00yWjwUswBksa9fsp0"
}
]
}
2019-02-13 22:01:37,749:DEBUG:acme.client:Storing nonce: Rz4Qxlh6VtSIgSGLIzNeFek4_w2n4-iBv9fDbj04dos
2019-02-13 22:01:37,749:INFO:certbot.auth_handler:Performing the following challenges:
2019-02-13 22:01:37,749:INFO:certbot.auth_handler:http-01 challenge for my.domain.tld
2019-02-13 22:01:37,795:DEBUG:certbot_apache.http_01:Adding a temporary challenge validation Include for name: None in: /etc/httpd/conf.d/http_my.conf
2019-02-13 22:01:37,796:DEBUG:certbot_apache.http_01:writing a pre config file with text:
RewriteEngine on
RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
2019-02-13 22:01:37,796:DEBUG:certbot_apache.http_01:writing a post config file with text:
<Directory /var/lib/letsencrypt/http_challenges>
Require all granted
</Directory>
<Location /.well-known/acme-challenge>
Require all granted
</Location>
2019-02-13 22:01:37,806:DEBUG:certbot.reverter:Creating backup of /etc/httpd/conf.d/http_my.conf
2019-02-13 22:01:40,995:INFO:certbot.auth_handler:Waiting for verification...
2019-02-13 22:01:40,996:DEBUG:acme.client:JWS payload:
b'{\n "resource": "challenge",\n "keyAuthorization": "vc6QMUT_oHywzJ4rKlSJb3cfP00yWjwUswBksa9fsp0.zrqieU9qr0gYnCMun8hMyKi4jlGEBdb6XML5Pj8Cy4E",\n "type": "http-01"\n}'
2019-02-13 22:01:40,998:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/challenge/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg/245543473:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81NzgxNDgzIiwgIm5vbmNlIjogIlJ6NFF4bGg2VnRTSWdTR0xJek5lRmVrNF93Mm40LWlCdjlmRGJqMDRkb3MiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL3FpVmRvRmZ0ZzZYd3d5VF9pWVBIZ2xYcGZpV1VMbzNOMzI0dTJIRWdGY2cvMjQ1NTQzNDczIn0",
"signature": "QJlBA3hFYOb0aatmCywW-w2D-8Mg13KGjCkKwav7NK18_gzuOnUbHV_h_EqkO9gUS2JdzouM4JnqxKpXY2rFGBZ8z4a6Jld_pdJL7LwmSzR-UZSuhKyuUp7x1sB-626dm_lqIN00My4r3DjRf7hl9n83zUHzdI8dsZvYbUHvzzRqfJ0PN8lE-kFzkaFAHtG1G1Lbe8xhE2ja3Nc5Sw_NfEAbUo0LNwpnA_ye9T-WNwnI4PgTD2fiAnk1ENNH97eXiZyyU3l2Fkv7w1r0PUg7befhWxuie4ucItxAAAXlK9Mu2ZHrw1zAFdMHpbzfKVcqfnoqgW4_HIgtbAtKLB3UBg",
"payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJrZXlBdXRob3JpemF0aW9uIjogInZjNlFNVVRfb0h5d3pKNHJLbFNKYjNjZlAwMHlXandVc3dCa3NhOWZzcDAuenJxaWVVOXFyMGdZbkNNdW44aE15S2k0amxHRUJkYjZYTUw1UGo4Q3k0RSIsCiAgInR5cGUiOiAiaHR0cC0wMSIKfQ"
}
2019-02-13 22:01:41,189:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/challenge/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg/245543473 HTTP/1.1" 200 230
2019-02-13 22:01:41,190:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 230
Boulder-Requester: 5781483
Link: <https://acme-staging-v02.api.letsencrypt.org/acme/authz/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/challenge/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg/245543473
Replay-Nonce: CNM-Bf1gWE3y53fWUMfkAM5H5rKYHf2rm_1t_TZEe3c
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 13 Feb 2019 21:01:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Feb 2019 21:01:41 GMT
Connection: keep-alive
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg/245543473",
"token": "vc6QMUT_oHywzJ4rKlSJb3cfP00yWjwUswBksa9fsp0"
}
2019-02-13 22:01:41,190:DEBUG:acme.client:Storing nonce: CNM-Bf1gWE3y53fWUMfkAM5H5rKYHf2rm_1t_TZEe3c
2019-02-13 22:01:44,194:DEBUG:acme.client:JWS payload:
b''
2019-02-13 22:01:44,196:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81NzgxNDgzIiwgIm5vbmNlIjogIkNOTS1CZjFnV0UzeTUzZldVTWZrQU01SDVyS1lIZjJybV8xdF9UWkVlM2MiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovcWlWZG9GZnRnNlh3d3lUX2lZUEhnbFhwZmlXVUxvM04zMjR1MkhFZ0ZjZyJ9",
"signature": "IiuwYEyXmt7IQ_QSnbxXGF125hXtbAQz4UGOsnvjomZA9Q4v113bLzs4oBt-9fSNbvBi1JkJ0gw_eEKtqfGtiFmOmgLyZ46Czl8uFfUUWLorMli6Px5_KuxTu7I6tszK3o6jQmiz_Pm9UkOvHdfDcEltAhqtetEuunnUABk5m83gb0njKjDJj6nUzwJQvil-npllZ_bg3JMmImXQPhAxfRsT376Lvuci70VS_hIXBWBWLMfJiqRkSJ18QcxirSUjxi-wCaK_XCzWXSLkOdIHSaNlFGxN303wJ-P0Goa6WoTyr_9OP_6vwTpcuWKFS6Ay6yUi64TdoM2m_scBwmQZiw",
"payload": ""
}
2019-02-13 22:01:44,391:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg HTTP/1.1" 200 925
2019-02-13 22:01:44,392:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 925
Boulder-Requester: 5781483
Replay-Nonce: F9hfj2hnqJyVOqV2z4xjh7_w4w0A7noQML_sQ8-nx94
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 13 Feb 2019 21:01:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Feb 2019 21:01:44 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "my.domain.tld"
},
"status": "pending",
"expires": "2019-02-20T21:01:37Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg/245543471",
"token": "okOOTvJoxY_KRrJgl3ibZUoaDrAKUbFodjvaEk0PUmQ"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg/245543472",
"token": "SB8EO5Hw3FYeB38nWWu4nt62Y9gjM5HvoqfJGDwdW1U"
},
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg/245543473",
"token": "vc6QMUT_oHywzJ4rKlSJb3cfP00yWjwUswBksa9fsp0"
}
]
}
2019-02-13 22:01:44,392:DEBUG:acme.client:Storing nonce: F9hfj2hnqJyVOqV2z4xjh7_w4w0A7noQML_sQ8-nx94
2019-02-13 22:01:47,395:DEBUG:acme.client:JWS payload:
b''
2019-02-13 22:01:47,396:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81NzgxNDgzIiwgIm5vbmNlIjogIkY5aGZqMmhucUp5Vk9xVjJ6NHhqaDdfdzR3MEE3bm9RTUxfc1E4LW54OTQiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovcWlWZG9GZnRnNlh3d3lUX2lZUEhnbFhwZmlXVUxvM04zMjR1MkhFZ0ZjZyJ9",
"signature": "GrMTwoVl9x2euCAzec3jtdI8rpaNL7naB2VzWWi1i7k7CnKeh5r47KAO2seBMEjMPJJCdZnDGXTcwWnXRzmVGbOo7qEOJ8eV2pL0__Si68QXMsVKJGmMXa8qoHQc3ENTRw7h0CVhBZ_Hdj5tB8n0hMzziwY3MCL_hvNC6CSaUbbDHJ7-u3xiYJ2TfrhS23nMkJ0eiQQyBCSlydIXIHGA_xFdh54pmXCx2AAM_If4Qxet5-wANmXg4cllR0hPQ2DF4mKfZgw3EhlwMWxBP8lXGOjJw3wwTiPuE0CHLbZZq3qhETvew0UkPOSK32oNVUSV-8rhHtAP8bMO9a6smK5C5w",
"payload": ""
}
2019-02-13 22:01:47,593:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg HTTP/1.1" 200 1527
2019-02-13 22:01:47,594:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1527
Boulder-Requester: 5781483
Replay-Nonce: _iA3lzqcpVmd2fpBYl7Fo3nowmf4jQQivNwlYI_-C_k
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 13 Feb 2019 21:01:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Feb 2019 21:01:47 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "my.domain.tld"
},
"status": "invalid",
"expires": "2019-02-20T21:01:37Z",
"challenges": [
{
"type": "dns-01",
"status": "invalid",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg/245543471",
"token": "okOOTvJoxY_KRrJgl3ibZUoaDrAKUbFodjvaEk0PUmQ"
},
{
"type": "tls-alpn-01",
"status": "invalid",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg/245543472",
"token": "SB8EO5Hw3FYeB38nWWu4nt62Y9gjM5HvoqfJGDwdW1U"
},
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "Fetching http://my.domain.tld/.well-known/acme-challenge/vc6QMUT_oHywzJ4rKlSJb3cfP00yWjwUswBksa9fsp0: Error getting validation data",
"status": 400
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/qiVdoFftg6XwwyT_iYPHglXpfiWULo3N324u2HEgFcg/245543473",
"token": "vc6QMUT_oHywzJ4rKlSJb3cfP00yWjwUswBksa9fsp0",
"validationRecord": [
{
"url": "http://my.domain.tld/.well-known/acme-challenge/vc6QMUT_oHywzJ4rKlSJb3cfP00yWjwUswBksa9fsp0",
"hostname": "my.domain.tld",
"port": "80",
"addressesResolved": [
"87.181.165.82"
],
"addressUsed": "87.181.165.82"
}
]
}
]
}
2019-02-13 22:01:47,594:DEBUG:acme.client:Storing nonce: _iA3lzqcpVmd2fpBYl7Fo3nowmf4jQQivNwlYI_-C_k
2019-02-13 22:01:47,595:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: my.domain.tld
Type: connection
Detail: Fetching http://my.domain.tld/.well-known/acme-challenge/vc6QMUT_oHywzJ4rKlSJb3cfP00yWjwUswBksa9fsp0: Error getting validation data
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2019-02-13 22:01:47,596:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3.7/site-packages/certbot/auth_handler.py", line 161, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3.7/site-packages/certbot/auth_handler.py", line 232, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. my.domain.tld (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://my.domain.tld/.well-known/acme-challenge/vc6QMUT_oHywzJ4rKlSJb3cfP00yWjwUswBksa9fsp0: Error getting validation data
2019-02-13 22:01:47,596:DEBUG:certbot.error_handler:Calling registered functions
2019-02-13 22:01:47,596:INFO:certbot.auth_handler:Cleaning up challenges
2019-02-13 22:01:47,925:WARNING:certbot.renewal:Attempting to renew cert (my.domain.tld) from /etc/letsencrypt/renewal/my.domain.tld.conf produced an unexpected error: Failed authorization procedure. my.domain.tld (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://my.domain.tld/.well-known/acme-challenge/vc6QMUT_oHywzJ4rKlSJb3cfP00yWjwUswBksa9fsp0: Error getting validation data. Skipping.
2019-02-13 22:01:47,926:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/certbot/renewal.py", line 452, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3.7/site-packages/certbot/main.py", line 1192, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python3.7/site-packages/certbot/main.py", line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3.7/site-packages/certbot/renewal.py", line 310, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3.7/site-packages/certbot/client.py", line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3.7/site-packages/certbot/client.py", line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3.7/site-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3.7/site-packages/certbot/auth_handler.py", line 161, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3.7/site-packages/certbot/auth_handler.py", line 232, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. my.domain.tld (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://my.domain.tld/.well-known/acme-challenge/vc6QMUT_oHywzJ4rKlSJb3cfP00yWjwUswBksa9fsp0: Error getting validation data
2019-02-13 22:01:47,927:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2019-02-13 22:01:47,927:ERROR:certbot.renewal: /etc/letsencrypt/live/my.domain.tld/fullchain.pem (failure)
2019-02-13 22:01:47,927:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.30.2', 'console_scripts', 'certbot')()
File "/usr/lib/python3.7/site-packages/certbot/main.py", line 1364, in main
return config.func(config, plugins)
File "/usr/lib/python3.7/site-packages/certbot/main.py", line 1271, in renew
renewal.handle_renewal_request(config)
File "/usr/lib/python3.7/site-packages/certbot/renewal.py", line 477, in handle_renewal_request
len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
[root@wind letsencrypt]#