NethServer release 7.6.1810 (final)
3.10.0-957.27.2.el7.x86_64
Hi,
Letsencrypt authentication expired yesterday. Unable to renew.
Nothing changed.
I’ve already seen everything and don’t understand what?
Can you post the contents of the most recent file in /var/log/letsencrypt?
2019-09-10 19:41:17,917:DEBUG:acme.client:Storing nonce: 0001gfzbUdqXeaUhtSK76wPZbjptxLozSTS7m-sZBLYDmqM
2019-09-10 19:41:17,918:DEBUG:acme.client:JWS payload:
2019-09-10 19:41:17,920:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7828586:
{
"protected": "eyJub25jZSI6ICIwMDAxZ2Z6YlVkcVhlYVVodFNLNzZ3UFpianB0eExvelNUUzdtLXNaQkxZRG1xTSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My83ODI4NTg2IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5Mjk0MDkiLCAiYWxnIjogIlJTMjU2In0",
"payload": "",
"signature": "mksTfK_9bEx4Pmk6G-qgG0YvwEN3vVs2YJa13HPBpHCusxQvXQ5y7BbAmbyvrDk0iV1nHwlCy_TskU6ni8TYbLK_991ptED-S2S62PyNOPBJMBvqjGROaYvhO64RwzvCaNnQEux3H56BjbYcJaUreOH9BHfB4vXu_oTN_g6T7cRTiajEMV2s32zu0lTo_mWv_0obfwJMj2CfdSDrUmkSerBGpoIYYkWRXRrE_FB0W66OGKoe9GFlyVGs9xw4YcT6wN0GnuU46jf8FS8_z20OA2X12l51c3DSN77Sip8O7p5sUZ0-ItsX81x0u-Us6V9v4BIptYjzcwnGjil05HO8Pg"
}
2019-09-10 19:41:18,116:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/authz-v3/7828586 HTTP/1.1" 200 815
2019-09-10 19:41:18,117:DEBUG:acme.client:Received response:
HTTP 200
content-length: 815
expires: Tue, 10 Sep 2019 17:41:18 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
pragma: no-cache
boulder-requester: 10929409
date: Tue, 10 Sep 2019 17:41:18 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0001aaK-0jTNQMyznh7MpLc0qWvvNToKewaCnjvk9yGztV8
{
"identifier": {
"type": "dns",
"value": "server.liftingtrade.hu"
},
"status": "pending",
"expires": "2019-09-17T17:41:17Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7828586/a8HzHg",
"token": "LIIaYOnIHYQENHh8xemNiZBkEvtd8N2LDVbt_yp4jlw"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7828586/iu-K5A",
"token": "LIIaYOnIHYQENHh8xemNiZBkEvtd8N2LDVbt_yp4jlw"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7828586/bI5Ayw",
"token": "LIIaYOnIHYQENHh8xemNiZBkEvtd8N2LDVbt_yp4jlw"
}
]
}
2019-09-10 19:41:18,117:DEBUG:acme.client:Storing nonce: 0001aaK-0jTNQMyznh7MpLc0qWvvNToKewaCnjvk9yGztV8
2019-09-10 19:41:18,118:INFO:certbot.auth_handler:Performing the following challenges:
2019-09-10 19:41:18,118:INFO:certbot.auth_handler:http-01 challenge for mail.liftingtrade.hu
2019-09-10 19:41:18,118:INFO:certbot.auth_handler:http-01 challenge for server.liftingtrade.hu
2019-09-10 19:41:18,118:INFO:certbot.plugins.webroot:Using the webroot path /var/www/html for all unmatched domains.
2019-09-10 19:41:18,118:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
2019-09-10 19:41:18,146:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
2019-09-10 19:41:18,150:DEBUG:certbot.plugins.webroot:Attempting to save validation to /var/www/html/.well-known/acme-challenge/8PFNJDZRED-brQEIlIHepOPriKPfSlLasLrp7wp_MBM
2019-09-10 19:41:18,219:DEBUG:certbot.plugins.webroot:Attempting to save validation to /var/www/html/.well-known/acme-challenge/LIIaYOnIHYQENHh8xemNiZBkEvtd8N2LDVbt_yp4jlw
2019-09-10 19:41:18,279:INFO:certbot.auth_handler:Waiting for verification...
2019-09-10 19:41:18,279:DEBUG:acme.client:JWS payload:
{
"type": "http-01",
"resource": "challenge"
}
2019-09-10 19:41:18,282:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7828585/L0wdXw:
{
"protected": "eyJub25jZSI6ICIwMDAxYWFLLTBqVE5RTXl6bmg3TXBMYzBxV3Z2TlRvS2V3YUNuanZrOXlHenRWOCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My83ODI4NTg1L0wwd2RYdyIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzEwOTI5NDA5IiwgImFsZyI6ICJSUzI1NiJ9",
"payload": "ewogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
"signature": "QgjYKEZ5D0Pe1VaFcSh-VbVl-MHTJVUdXjTkd1C56z-xRZF5rN4Q5b7x6KgonPYBnWkl_n1JC5bpJFyXFLvEU0z9MtPUyOw5Bt2RVkyvhHY5ZbUYhX2ZnEwiN3nZoPqdkhJWzIz8IWUEVgpwqllmIkpjrbN349PKN4FYpmnkRQga_wf5FRM2sczXGTEx54gRaXB8cHp7j2X7C7PosDiqn_hVaOzVBnxgqQ7RLgRbJMkw177xkkfgxDBLAVNJqmcIcmYg5Q_knLCeq_Wq5UbTH3-97CquHff1GSFXPgyTsw9_cJIlComEydHYzRWhxqwL_mtoky8E-QRPf-Aj5tQolw"
}
2019-09-10 19:41:18,482:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/chall-v3/7828585/L0wdXw HTTP/1.1" 200 190
2019-09-10 19:41:18,484:DEBUG:acme.client:Received response:
HTTP 200
content-length: 190
expires: Tue, 10 Sep 2019 17:41:18 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7828585>;rel="up"
location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7828585/L0wdXw
pragma: no-cache
boulder-requester: 10929409
date: Tue, 10 Sep 2019 17:41:18 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0001757hLfY7WczPQ8cTrNxLb-x-GSn1dIpZH4fW7SEYVsw
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7828585/L0wdXw",
"token": "8PFNJDZRED-brQEIlIHepOPriKPfSlLasLrp7wp_MBM"
}
2019-09-10 19:41:18,484:DEBUG:acme.client:Storing nonce: 0001757hLfY7WczPQ8cTrNxLb-x-GSn1dIpZH4fW7SEYVsw
2019-09-10 19:41:18,485:DEBUG:acme.client:JWS payload:
{
"type": "http-01",
"resource": "challenge"
}
2019-09-10 19:41:18,490:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7828586/a8HzHg:
{
"protected": "eyJub25jZSI6ICIwMDAxNzU3aExmWTdXY3pQUThjVHJOeExiLXgtR1NuMWRJcFpINGZXN1NFWVZzdyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My83ODI4NTg2L2E4SHpIZyIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzEwOTI5NDA5IiwgImFsZyI6ICJSUzI1NiJ9",
"payload": "ewogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
"signature": "fJxroNdLQdkjN_7mvy2Ln66OiYeFjy5Xzkd20ptFHjMBXAHXHCZYQHiXZS7aC8h58yLgaPNvT_pKnQmyyCJ0dehUgKYgjgCgoH1qvWusqgovITGOUXZsCFIiTCoDjeI02CWvG-nJCv2pgGS-U7d1p8X1bp5PIZEZCjUFfzpsiR8mTeneBqtNX1nTXPK0oz3O-DfGogRCtc3-i65J3tDsmw54-wIy3M0DDAEgLQdhXfqIjH7mTcET-Y86Fuym6hs2-eqEEOve20Qi-E_plbvfQvyBzPmTcaK-DYFm3fq6IanDU_CvmSAAK48oh-GcP7OcVx_5LmTFux_xSwsu1bwMYA"
}
2019-09-10 19:41:18,679:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/chall-v3/7828586/a8HzHg HTTP/1.1" 200 190
2019-09-10 19:41:18,679:DEBUG:acme.client:Received response:
HTTP 200
content-length: 190
expires: Tue, 10 Sep 2019 17:41:18 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7828586>;rel="up"
location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7828586/a8HzHg
pragma: no-cache
boulder-requester: 10929409
date: Tue, 10 Sep 2019 17:41:18 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0001dyPreSRz3KDl4sGha0kIemcnufLdIZ7JbdPjv2NsOUU
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7828586/a8HzHg",
"token": "LIIaYOnIHYQENHh8xemNiZBkEvtd8N2LDVbt_yp4jlw"
}
2019-09-10 19:41:18,680:DEBUG:acme.client:Storing nonce: 0001dyPreSRz3KDl4sGha0kIemcnufLdIZ7JbdPjv2NsOUU
2019-09-10 19:41:19,681:DEBUG:acme.client:JWS payload:
2019-09-10 19:41:19,684:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7828585:
{
"protected": "eyJub25jZSI6ICIwMDAxZHlQcmVTUnozS0RsNHNHaGEwa0llbWNudWZMZElaN0piZFBqdjJOc09VVSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My83ODI4NTg1IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5Mjk0MDkiLCAiYWxnIjogIlJTMjU2In0",
"payload": "",
"signature": "b1QJOOuyXhwiKDMWors2lsZeU8ryo-U6AroidRRF9StUC4mRv-2ZITvDVOrqAMWLNqVvkch8_TsUSzmAaT5gjIfG0VN78yDymVBTtvL5Qm44alzVIswSTWZXkfGz04xZMQWGGVeocDYgWrq-GvW54Z5wPIYtBroEY90htFcnUjNiNWHA34by3rkQfV-E5BBTVb0Q_j8VdDFvrKh9ZvCSPIn0QA4cb_tonmd4tEDo4pbDvY8ts9tlUmN6SNH-C1-G2AcxH9yugXlvVY3Y5Dn1F4eRxo0VL4XU1r1Ys06Pi_ajYhtJJWC53_uhIJYOCqrjCTDeYStL1bSR9yf-NKeNrg"
}
2019-09-10 19:41:19,883:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/authz-v3/7828585 HTTP/1.1" 200 813
2019-09-10 19:41:19,883:DEBUG:acme.client:Received response:
HTTP 200
content-length: 813
expires: Tue, 10 Sep 2019 17:41:19 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
pragma: no-cache
boulder-requester: 10929409
date: Tue, 10 Sep 2019 17:41:19 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 000139tG8Sx8k-ik-VhuiWaU4JDgGER3lu0REDoRq3QX1Hs
{
"identifier": {
"type": "dns",
"value": "mail.liftingtrade.hu"
},
"status": "pending",
"expires": "2019-09-17T17:41:17Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7828585/L0wdXw",
"token": "8PFNJDZRED-brQEIlIHepOPriKPfSlLasLrp7wp_MBM"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7828585/vF1rmA",
"token": "8PFNJDZRED-brQEIlIHepOPriKPfSlLasLrp7wp_MBM"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7828585/GyuFow",
"token": "8PFNJDZRED-brQEIlIHepOPriKPfSlLasLrp7wp_MBM"
}
]
}
2019-09-10 19:41:19,884:DEBUG:acme.client:Storing nonce: 000139tG8Sx8k-ik-VhuiWaU4JDgGER3lu0REDoRq3QX1Hs
2019-09-10 19:41:19,884:DEBUG:acme.client:JWS payload:
2019-09-10 19:41:19,886:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7828586:
{
"protected": "eyJub25jZSI6ICIwMDAxMzl0RzhTeDhrLWlrLVZodWlXYVU0SkRnR0VSM2x1MFJFRG9ScTNRWDFIcyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My83ODI4NTg2IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5Mjk0MDkiLCAiYWxnIjogIlJTMjU2In0",
"payload": "",
"signature": "k1-Ai-I_yWYoqQmx2tdqIwk3Q3UnxFzi23wrCsWCUrBk7VRe4vyw9JRkyueGjKBulkUXcdPBHIn2GPPnNXlYJPsm_ujndkLRooo7Z2fivJ3TaSrmKWPxlH_q2qxvXyjb0NzQ17BxQ8VPw0g45HCfWvPfEovsAsFgsaTbeEooE02RZHGKHFuwZIQ--wvSpH9SWaev6ldn_Nv17L1TZkl30IKNbWC4hH3-ZZ7Z0E3jt_2PpDd_gzCS8V5lDKmRA76cWZb-Sze64uFMbTV07LMtFUNFJeI04WgzDcJmT5q6d1_RcZTjxuyinEFLlk4wVyqE8PqxZZyYtI1U14O08wD9Ow"
}
2019-09-10 19:41:20,085:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/authz-v3/7828586 HTTP/1.1" 200 1695
2019-09-10 19:41:20,086:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1695
expires: Tue, 10 Sep 2019 17:41:20 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
pragma: no-cache
boulder-requester: 10929409
date: Tue, 10 Sep 2019 17:41:20 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0002HUnz8-PdTLDthOCeuvHBUoPlf51hvVu6Xd-TcwtC5t8
{
"identifier": {
"type": "dns",
"value": "server.liftingtrade.hu"
},
"status": "invalid",
"expires": "2019-09-17T17:41:17Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://server.liftingtrade.hu/.well-known/acme-challenge/LIIaYOnIHYQENHh8xemNiZBkEvtd8N2LDVbt_yp4jlw [185.43.206.156]: \"\u003c!DOCTYPE HTML PUBLIC \\\"-//IETF//DTD HTML 2.0//EN\\\"\u003e\\n\u003chtml\u003e\u003chead\u003e\\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\\n\u003c/head\u003e\u003cbody\u003e\\n\u003ch1\u003eForbidden\u003c/h1\u003e\\n\u003cp\"",
"status": 403
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7828586/a8HzHg",
"token": "LIIaYOnIHYQENHh8xemNiZBkEvtd8N2LDVbt_yp4jlw",
"validationRecord": [
{
"url": "http://server.liftingtrade.hu/.well-known/acme-challenge/LIIaYOnIHYQENHh8xemNiZBkEvtd8N2LDVbt_yp4jlw",
"hostname": "server.liftingtrade.hu",
"port": "80",
"addressesResolved": [
"185.43.206.156"
],
"addressUsed": "185.43.206.156"
}
]
},
{
"type": "dns-01",
"status": "invalid",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7828586/iu-K5A",
"token": "LIIaYOnIHYQENHh8xemNiZBkEvtd8N2LDVbt_yp4jlw"
},
{
"type": "tls-alpn-01",
"status": "invalid",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7828586/bI5Ayw",
"token": "LIIaYOnIHYQENHh8xemNiZBkEvtd8N2LDVbt_yp4jlw"
}
]
}
2019-09-10 19:41:20,086:DEBUG:acme.client:Storing nonce: 0002HUnz8-PdTLDthOCeuvHBUoPlf51hvVu6Xd-TcwtC5t8
2019-09-10 19:41:20,086:WARNING:certbot.auth_handler:Challenge failed for domain server.liftingtrade.hu
2019-09-10 19:41:23,090:DEBUG:acme.client:JWS payload:
2019-09-10 19:41:23,092:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7828585:
{
"protected": "eyJub25jZSI6ICIwMDAySFVuejgtUGRUTER0aE9DZXV2SEJVb1BsZjUxaHZWdTZYZC1UY3d0QzV0OCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My83ODI4NTg1IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5Mjk0MDkiLCAiYWxnIjogIlJTMjU2In0",
"payload": "",
"signature": "OxnznkFNot55mCNYSrAPNl0Giro06eeE8o-DJGTHmG1KRHMB9m1AhKCfdm0cBcxj-3PcIWGiq3IYyIZ3Cho8eO4mSncFdAJhxve4Gfb5bkVaLARLLle6wmSYE8O38rdtA3ug80TE3IxaQHolgsjGynkUERoIgV-OdohFIgUrRIRsXtM1WvPHOMzflJp_CWPG1y9brCldGX5wiPEHDOSdI44_pRA30Y3s95qfhukgebW9HKNaYCJlIuZ87oqNxBeCBJDvu1jXssILq1bboBYZS0s4--Nlj3evvnoTBjqQO_0Ibs2qkl9X7z9M29U9DIWke_v2Jk_aVzbrBKaaNwSPAw"
}
2019-09-10 19:41:23,299:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/authz-v3/7828585 HTTP/1.1" 200 1687
2019-09-10 19:41:23,300:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1687
expires: Tue, 10 Sep 2019 17:41:23 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
pragma: no-cache
boulder-requester: 10929409
date: Tue, 10 Sep 2019 17:41:23 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0002bBaYTZRnHeHLeOaG_WfGGAWkROSbrtRHSkWHB4JrnUE
{
"identifier": {
"type": "dns",
"value": "mail.liftingtrade.hu"
},
"status": "invalid",
"expires": "2019-09-17T17:41:17Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://mail.liftingtrade.hu/.well-known/acme-challenge/8PFNJDZRED-brQEIlIHepOPriKPfSlLasLrp7wp_MBM [185.43.206.156]: \"\u003c!DOCTYPE HTML PUBLIC \\\"-//IETF//DTD HTML 2.0//EN\\\"\u003e\\n\u003chtml\u003e\u003chead\u003e\\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\\n\u003c/head\u003e\u003cbody\u003e\\n\u003ch1\u003eForbidden\u003c/h1\u003e\\n\u003cp\"",
"status": 403
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7828585/L0wdXw",
"token": "8PFNJDZRED-brQEIlIHepOPriKPfSlLasLrp7wp_MBM",
"validationRecord": [
{
"url": "http://mail.liftingtrade.hu/.well-known/acme-challenge/8PFNJDZRED-brQEIlIHepOPriKPfSlLasLrp7wp_MBM",
"hostname": "mail.liftingtrade.hu",
"port": "80",
"addressesResolved": [
"185.43.206.156"
],
"addressUsed": "185.43.206.156"
}
]
},
{
"type": "dns-01",
"status": "invalid",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7828585/vF1rmA",
"token": "8PFNJDZRED-brQEIlIHepOPriKPfSlLasLrp7wp_MBM"
},
{
"type": "tls-alpn-01",
"status": "invalid",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7828585/GyuFow",
"token": "8PFNJDZRED-brQEIlIHepOPriKPfSlLasLrp7wp_MBM"
}
]
}
2019-09-10 19:41:23,300:DEBUG:acme.client:Storing nonce: 0002bBaYTZRnHeHLeOaG_WfGGAWkROSbrtRHSkWHB4JrnUE
2019-09-10 19:41:23,300:WARNING:certbot.auth_handler:Challenge failed for domain mail.liftingtrade.hu
2019-09-10 19:41:23,301:INFO:certbot.auth_handler:http-01 challenge for server.liftingtrade.hu
2019-09-10 19:41:23,301:INFO:certbot.auth_handler:http-01 challenge for mail.liftingtrade.hu
2019-09-10 19:41:23,301:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: server.liftingtrade.hu
Type: unauthorized
Detail: Invalid response from http://server.liftingtrade.hu/.well-known/acme-challenge/LIIaYOnIHYQENHh8xemNiZBkEvtd8N2LDVbt_yp4jlw [185.43.206.156]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p"
Domain: mail.liftingtrade.hu
Type: unauthorized
Detail: Invalid response from http://mail.liftingtrade.hu/.well-known/acme-challenge/8PFNJDZRED-brQEIlIHepOPriKPfSlLasLrp7wp_MBM [185.43.206.156]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2019-09-10 19:41:23,358:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 154, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
AuthorizationError: Some challenges have failed.
2019-09-10 19:41:23,358:DEBUG:certbot.error_handler:Calling registered functions
2019-09-10 19:41:23,358:INFO:certbot.auth_handler:Cleaning up challenges
2019-09-10 19:41:23,359:DEBUG:certbot.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/8PFNJDZRED-brQEIlIHepOPriKPfSlLasLrp7wp_MBM
2019-09-10 19:41:23,359:DEBUG:certbot.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/LIIaYOnIHYQENHh8xemNiZBkEvtd8N2LDVbt_yp4jlw
2019-09-10 19:41:23,359:DEBUG:certbot.plugins.webroot:All challenges cleaned up
2019-09-10 19:41:23,360:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 9, in <module>
load_entry_point('certbot==0.36.0', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1381, in main
return config.func(config, plugins)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1264, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 120, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 406, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 349, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 385, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 154, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
AuthorizationError: Some challenges have failed.
Here’s your problem–your server is responding with a 403 error when the Let’s Encrypt servers try to check the validation token. It’s unclear why it would be doing this, though–have you installed any web applications on the system?
I didn’t install it.
Web application only for nextcloud.
No changes in the last 3 months, only updates.
Does the acme-challenge directory exist?
[root@server2 ~]# ls -l /var/www/html/.well-known/
total 0
drwxr-xr-x 2 root root 6 Jul 28 20:55 acme-challenge
[root@server ~]# ls -l /var/www/html/.well-known/
total 4
drwxr-xr-x 2 root root 4096 Sep 10 19:41 acme-challenge
Let’s check if there is a vhost error:
httpd -S
I’m wondering if there’s a .htaccess file in /var/www/html.
3 Likes
Thanks! 