Blockquote
Blockquote
2018-01-16 13:40:37,138:DEBUG:certbot.main:Root logging level set at 20
2018-01-16 13:40:37,139:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-01-16 13:40:37,140:DEBUG:certbot.main:certbot version: 0.10.2
2018-01-16 13:40:37,141:DEBUG:certbot.main:Arguments: [‘–webroot’, ‘-w’, '/srv/dev-', ‘-d’, ‘mydomain. net’, ‘–rsa-key-size’, ‘4096’]
2018-01-16 13:40:37,142:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2018-01-16 13:40:37,142:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2018-01-16 13:40:37,147:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f52cff1cd10>
Prep: True
2018-01-16 13:40:37,149:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f52cff1cd10> and installer None
2018-01-16 13:40:37,481:DEBUG:certbot.main:Picked account: <Account(dd101827e0abc836d4dd0489e1324390)>
2018-01-16 13:40:37,484:DEBUG:root:Sending GET request to https:/ /acme-v01.api.letsencrypt.org/directory.
2018-01-16 13:40:37,488:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt. org
2018-01-16 13:40:37,795:DEBUG:requests.packages.urllib3.connectionpool:“GET /directory HTTP/1.1” 200 562
2018-01-16 13:40:37,796:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 562
Replay-Nonce: eaznaa-tzJ1-vGYrm57-7-7Gw0v0gxeDxpo3y_qp0UQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 Jan 2018 13:40:37 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Jan 2018 13:40:37 GMT
Connection: keep-alive
{
“dJ2pbcTtVr8”: “https:/ /community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417”,
“key-change”: “https:/ /acme-v01.api.letsencrypt.org/acme/key-change”,
“meta”: {
“terms-of-service”: “https:/ /letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”
},
“new-authz”: “https:/ /acme-v01.api.letsencrypt.org/acme/new-authz”,
“new-cert”: “https:/ /acme-v01.api.letsencrypt.org/acme/new-cert”,
“new-reg”: “https:/ /acme-v01.api.letsencrypt.org/acme/new-reg”,
“revoke-cert”: “https:/ /acme-v01.api.letsencrypt.org/acme/revoke-cert”
}
2018-01-16 13:40:37,798:INFO:certbot.main:Obtaining a new certificate
2018-01-16 13:40:37,798:DEBUG:root:Requesting fresh nonce
2018-01-16 13:40:37,799:DEBUG:root:Sending HEAD request to https:/ /acme-v01.api.letsencrypt.org/acme/new-authz.
2018-01-16 13:40:38,023:DEBUG:requests.packages.urllib3.connectionpool:“HEAD /acme/new-authz HTTP/1.1” 405 0
2018-01-16 13:40:38,025:DEBUG:acme.client:Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Replay-Nonce: -1HzKrJPdbihIqS9NEgWA93JP3VsJhjm3MSA6hYORvQ
Expires: Tue, 16 Jan 2018 13:40:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Jan 2018 13:40:38 GMT
Connection: keep-alive
2018-01-16 13:40:38,025:DEBUG:acme.client:Storing nonce: -******************
2018-01-16 13:40:38,029:DEBUG:acme.client:JWS payload:
{
“identifier”: {
“type”: “dns”,
“value”: “mydomain. net”
},
“resource”: “new-authz”
}
2018-01-16 13:40:38,037:DEBUG:root:Sending POST request to https:/ /acme-v01.api.letsencrypt.org/acme/new-authz:
{
“header”: {
“alg”: “RS256”,
“jwk”: {
“e”: “AQAB”,
“kty”: “RSA”,
“n”: ""
}
},
“protected”: "",
“payload”: "",
“signature”: ""
}
2018-01-16 13:40:38,353:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-authz HTTP/1.1” 201 733
2018-01-16 13:40:38,355:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 733
Boulder-Requester: 27366729
Link: <https:/ /acme-v01.api.letsencrypt.org/acme/new-cert>;rel=“next”
Location: https:/ /acme-v01.api.letsencrypt.org/acme/authz/
Replay-Nonce: _
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 Jan 2018 13:40:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Jan 2018 13:40:38 GMT
Connection: keep-alive
{
“identifier”: {
“type”: “dns”,
“value”: “mydomain. net”
},
“status”: “pending”,
“expires”: “2018-01-23T13:40:38.225355683Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“uri”: "https:/ /acme-v01.api.letsencrypt.org/acme/challenge//3116082171",
“token”: ""
},
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: "https:/ /acme-v01.api.letsencrypt.org/acme/challenge//3116082172",
“token”: ""
}
],
“combinations”: [
[
0
],
[
1
]
]
}
2018-01-16 13:40:38,356:DEBUG:acme.client:Storing nonce: NDfm4DF2Roqo_eQla6MSwQZDd2ZKxSwUuowKN7YFnyo
2018-01-16 13:40:38,358:INFO:certbot.auth_handler:Performing the following challenges:
2018-01-16 13:40:38,358:INFO:certbot.auth_handler:http-01 challenge for mydomain. net
2018-01-16 13:40:38,359:INFO:certbot.plugins.webroot:Using the webroot path /srv/dev- for all unmatched domains.
2018-01-16 13:40:38,360:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /srv/dev-/.well-known/acme-challenge
2018-01-16 13:40:38,368:DEBUG:certbot.plugins.webroot:Attempting to save validation to /srv/dev-/.well-known/acme-challenge/*****************
2018-01-16 13:40:38,369:INFO:certbot.auth_handler:Waiting for verification…
2018-01-16 13:40:38,370:DEBUG:acme.client:JWS payload:
{
“keyAuthorization”: “",
“type”: “http-01”,
“resource”: “challenge”
}
2018-01-16 13:40:38,375:DEBUG:root:Sending POST request to https:/ /acme-v01.api.letsencrypt.org/acme/challenge//3116082171:
{
“header”: {
“alg”: “RS256”,
“jwk”: {
“e”: “AQAB”,
“kty”: “RSA”,
“n”: ""
}
},
“protected”: "",
“payload”: "",
“signature”: “*************"
}
2018-01-16 13:40:38,654:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge//3116082171 HTTP/1.1” 202 336
2018-01-16 13:40:38,656:DEBUG:acme.client:Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 336
Boulder-Requester: 27366729
Link: <https:/ /acme-v01.api.letsencrypt.org/acme/authz/>;rel=“up”
Location: https:/ /acme-v01.api.letsencrypt.org/acme/challenge//3116082171
Replay-Nonce: OSmSmlMrps-FadCty4uG33_3Jt6LgSAoXGStAf6tUro
Expires: Tue, 16 Jan 2018 13:40:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Jan 2018 13:40:38 GMT
Connection: keep-alive
{
“type”: “http-01”,
“status”: “pending”,
“uri”: "https:/ /acme-v01.api.letsencrypt.org/acme/challenge//3116082171",
“token”: "",
“keyAuthorization”: "lKtH_FM*************************._"
}
2018-01-16 13:40:38,657:DEBUG:acme.client:Storing nonce: OSmSmlMrps-FadCty4uG33_3Jt6LgSAoXGStAf6tUro
2018-01-16 13:40:41,661:DEBUG:root:Sending GET request to https:/ /acme-v01.api.letsencrypt.org/acme/authz/.
2018-01-16 13:40:41,960:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/******************* HTTP/1.1” 200 1988
2018-01-16 13:40:41,962:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1988
Link: <https:/ /acme-v01.api.letsencrypt.org/acme/new-cert>;rel=“next”
Replay-Nonce: VacsOYvp7JR54-
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 Jan 2018 13:40:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 Jan 2018 13:40:41 GMT
Connection: keep-alive
{
“identifier”: {
“type”: “dns”,
“value”: “mydomain. net”
},
“status”: “invalid”,
“expires”: “2018-01-23T13:40:38Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:unauthorized”,
“detail”: "Invalid response from http:/ /mydomain.net.net/.well-known/acme-challenge/: "\u003c!DOCTYPE html\u003e\n\u003chtml class="ng-csp" data-placeholder-focus="false" lang="en" \u003e\n\t\u003chead data-requesttoken=""",
“status”: 403
},
“uri”: "https:/ /acme-v01.api.letsencrypt.org/acme/challenge//3116082171",
“token”: "",
“keyAuthorization”: "",
“validationRecord”: [
{
“url”: "https:/ /mydomain.net.net/.well-known/acme-challenge/",
“hostname”: “mydomain. net”,
“port”: “443”,
“addressesResolved”: [
“62.47.189.143”
],
“addressUsed”: “62.47.189.143”,
“addressesTried”: []
},
{
“url”: "http:/ /mydomain.net.net/.well-known/acme-challenge/",
“hostname”: “mydomain. net”,
“port”: “80”,
“addressesResolved”: [
“62.47.189.143”
],
“addressUsed”: “62.47.189.143”,
“addressesTried”: []
}
]
},
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: "https:/ /acme-v01.api.letsencrypt.org/acme/challenge//3116082172",
“token”: ""
}
],
“combinations”: [
[
0
],
[
1
]
]
}
2018-01-16 13:40:41,966:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: mydomain. net
Type: unauthorized
Detail: Invalid response from http:/ /mydomain.net.net/.well-known/acme-challenge/*: "
<head data-requesttoken="**************************"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
2018-01-16 13:40:41,966:INFO:certbot.auth_handler:Cleaning up challenges
2018-01-16 13:40:41,967:DEBUG:certbot.plugins.webroot:Removing /srv/dev-disk-by-label-hddcloud/www/nextcloud12.0.4/.well-known/acme-challenge/lKtH***************************
2018-01-16 13:40:41,968:DEBUG:certbot.plugins.webroot:All challenges cleaned up, removing /srv/dev-disk-by-label-hddcloud/www/nextcloud12.0.4/.well-known/acme-challenge
2018-01-16 13:40:41,971:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/letsencrypt", line 11, in
load_entry_point('certbot==0.10.2', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 849, in main
return config.func(config, plugins)
File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 626, in obtain_cert
action, _ = _auth_from_available(le_client, config, domains, certname, lineage)
File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 107, in _auth_from_available
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 291, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 262, in obtain_certificate
self.config.allow_subset_of_names)
File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 77, in get_authorizations
self._respond(resp, best_effort)
File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 134, in _respond
self._poll_challenges(chall_update, best_effort)
File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 198, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. mydomain.net.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http:/ /mydomain.net.net/.well-known/acme-challenge/***************************: "
<head data-requesttoken="***************************"