我读了一些类似错误的问题,但看不到我的问题的解决方案。
我使用域名在远程服务器上,并且可以向浏览器提供http://example.com/hi.txt文件,因此我认为DNS配置是可以的。
浏览器中的http://example.com/.well-known/acme-challenge/hi.txt请求显示Hi!
使用certbot/certbot容器时,我面临着ACME挑战性挑战性挑战。
docker run --entrypoint="/bin/sh" -it -v "/home/stephane/dev/docker/projects/common/volumes/letsencrypt/certbot/conf:/etc/letsencrypt" -v "/home/stephane/dev/docker/projects/common/volumes/letsencrypt/certbot/www:/var/www/certbot" -v "/home/stephane/dev/docker/projects/common/volumes/logs:/var/log/letsencrypt" --name certbot certbot/certbot:latest
然后我登录到运行中的容器并输入命令!
certbot certonly --webroot -w /var/www/certbot --staging --email example@domain.se -d example.com --rsa-key-size 4096 --agree-tos --force-renewal
但是ACME挑战失败了:
Domain: example.com
Type: unauthorized
Detail: Invalid response from http://example.com/.well-known/acme-challenge/bSmjjPk51aE-ErcMf4rQsHZ19fQI5RixmO8G1g6i3fQ [149.28.60.185]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n"
/var/log/letsencrypt/letsencrypt.log文件说:
2019-09-12 12:14:21,318:DEBUG:certbot.main:certbot version: 0.38.0
2019-09-12 12:14:21,318:DEBUG:certbot.main:Arguments: ['--webroot', '-w', '/var/www/certbot', '--staging', '--email', 'example@yahoo.se', '-d', 'example.com', '--rsa-key-size', '4096', '--agree-tos', '--force-renewal']
2019-09-12 12:14:21,318:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-09-12 12:14:21,337:DEBUG:certbot.log:Root logging level set at 20
2019-09-12 12:14:21,338:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-09-12 12:14:21,340:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2019-09-12 12:14:21,348:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f0ee6b0c350>
Prep: True
2019-09-12 12:14:21,349:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f0ee6b0c350> and installer None
2019-09-12 12:14:21,349:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2019-09-12 12:14:21,359:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/10936624', new_authzr_uri=None, terms_of_service=None), ede86491d25567bd504b4d56cb2a0694, Meta(creation_dt=datetime.datetime(2019, 9, 11, 6, 38, 49, tzinfo=<UTC>), creation_host='ce3fb9f62ad6'))>
2019-09-12 12:14:21,361:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2019-09-12 12:14:21,364:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2019-09-12 12:14:21,474:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 724
2019-09-12 12:14:21,475:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 724
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 12 Sep 2019 12:14:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 Sep 2019 12:14:21 GMT
Connection: keep-alive
{
"fqwuH0SsWfI": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org/docs/staging-environment/"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
2019-09-12 12:14:21,477:INFO:certbot.main:Obtaining a new certificate
2019-09-12 12:14:22,016:DEBUG:certbot.crypto_util:Generating key (4096 bits): /etc/letsencrypt/keys/0072_key-certbot.pem
2019-09-12 12:14:22,032:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0072_csr-certbot.pem
2019-09-12 12:14:22,034:DEBUG:acme.client:Requesting fresh nonce
2019-09-12 12:14:22,034:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2019-09-12 12:14:22,114:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2019-09-12 12:14:22,114:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002bosRvPrlEaRTU8M3L91tRjwymrRs0L--uFELwztKBa4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Content-Length: 0
Expires: Thu, 12 Sep 2019 12:14:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 Sep 2019 12:14:22 GMT
Connection: keep-alive
2019-09-12 12:14:22,115:DEBUG:acme.client:Storing nonce: 0002bosRvPrlEaRTU8M3L91tRjwymrRs0L--uFELwztKBa4
2019-09-12 12:14:22,115:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "example.com"\n }\n ]\n}'
2019-09-12 12:14:22,127:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMDkzNjYyNCIsICJub25jZSI6ICIwMDAyYm9zUnZQcmxFYVJUVThNM0w5MXRSand5bXJSczBMLS11RkVMd3p0S0JhNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "WSWWsiW9brkh29gFtnXa83xTavO4pWhWwTs0rC78pSSZcsjBJrLu75G7JnMAOSByGH9o3N0AzxivCw-OTyM_ntXE5b8QELBihxvs81Z_BMlrjKN4eKaBxl7S_crM1bqSi6uW50KT_DwjlKXS5JJHLNvp4LzwH40OPiGUr1cWpPzpRS93tN4MnNo8o-eLMWkuRPVrinpbc3gG2_cqrIDPIqo_0xUoZwgmRmVXsqdXko9odRKRp4ieXgnnYmg6jzhuu3U4FlTLH5C4k7uAw_vyyuPJTtmMUdZNWOvtCoeTw2tepJp0Xmz0vjAKzXF_dabWW1qctNZcbxZKrwwRZZ97HyELYxJlRJBifuczMwB4Empf576lz4ri3p4OHlyjbj4hQk78do-xjti2MNn9KquRPRYm8ay0qpSdp-zdUlDLZItAUQN0cSdS9oIid0vqEe9fNKa56Ecx_nYpVQmyJnRmeMpDm0tucEd52VAQfCTLaLeZZ0uAp1MFs23dpqV57D6LVVjrfzTB4fu0VAjciZcLVj0aNzvzYtYTSbMtzl1puALfW25FfSt8KjrFeos1PWYRLPK8lX6H3iTiDHJRgpOH5EyXNQij5d0TBePCuDvQpwItSuUpXGs7FZMw4MYWHVsG_vAPiJtgeXfSlUJCvTPngprN0rvlv8LFtiH8Mrah7ms",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInRoYWxhc29mdC5jb20iCiAgICB9CiAgXQp9"
}
2019-09-12 12:14:22,216:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 354
2019-09-12 12:14:22,217:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 354
Boulder-Requester: 10936624
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/10936624/49741194
Replay-Nonce: 0001YBoOezjf2Cv3y_wluYy92i5UEdj8yTvnhJfh9A91kKY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 12 Sep 2019 12:14:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 Sep 2019 12:14:22 GMT
Connection: keep-alive
{
"status": "pending",
"expires": "2019-09-19T12:14:22.190148555Z",
"identifiers": [
{
"type": "dns",
"value": "example.com"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/8045771"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/10936624/49741194"
}
2019-09-12 12:14:22,218:DEBUG:acme.client:Storing nonce: 0001YBoOezjf2Cv3y_wluYy92i5UEdj8yTvnhJfh9A91kKY
2019-09-12 12:14:22,218:DEBUG:acme.client:JWS payload:
b''
2019-09-12 12:14:22,231:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/8045771:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMDkzNjYyNCIsICJub25jZSI6ICIwMDAxWUJvT2V6amYyQ3YzeV93bHVZeTkyaTVVRWRqOHlUdm5oSmZoOUE5MWtLWSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My84MDQ1NzcxIn0",
"signature": "oAI7r55bUIji_fPpYZM0yVPpYyBabHCKyr6rr3yx33nowJTH1-OOElegLC_wqWvCNcXiwwmBEYgebzkqJRsTqJW_hJfOq03HNs52zNFHyvCtPhTcgss1b9Bc5DwR2VXtfVflIsIN1pz6IIDtyswuRFoXOKrbpWXR6pp5b-7223vUrwfHtSOk9Knev92HO3h8GOV-cNB44Tz5MkRZpsIlFwWk38fnXtn7e-Y-T2GHMuf4ZjSXc8Jsb7tEdSAJWoiRx-R_DSgUnFMslh_oxWKaRqG1U8gof7w5pYnCnD2wYYnL5FQDQpL81k-DfB74rtOTZxnHOJ5j49dD7IxqqskZBt7nf3e9peFOgENtOdB_rzoQMuQWBJwKvnZRjmAyrTD61f_fGtFPpf1dXMhykaz7flJLk2K6H-wXV9nUBHi4vHo1lOS_zbrsU10UfsDzKCzQ0v2yefDv7T22lyxCJH9N2l2QzvTRFfMspWXyzc7h31D-kwu-PrKmJTu-69kxBsAqOlD9-cvMjGkC9S1Ad1g9ZKqofarGmUQK2Xw-UWLX6wIWbRoeA-A01F0ELgReWkIOzWm5c1D6sKvhrsKBRzlb32S91VyZxXxXqp-CLyyQCvOn3jZfot2uyen5UMTZ2csv9h8bPD_U-0dST9Ly6OS0W2dG8VZGdLQNmvaXsJdLMpc",
"payload": ""
}
2019-09-12 12:14:22,302:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/8045771 HTTP/1.1" 200 806
2019-09-12 12:14:22,303:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 806
Boulder-Requester: 10936624
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001omZ5I6lGQieRVe-GdjSegNBEhwPz0q0w8v02bJPQ0PM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 12 Sep 2019 12:14:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 Sep 2019 12:14:22 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "example.com"
},
"status": "pending",
"expires": "2019-09-19T12:14:22Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/8045771/r0FtBQ",
"token": "bSmjjPk51aE-ErcMf4rQsHZ19fQI5RixmO8G1g6i3fQ"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/8045771/rwmhQQ",
"token": "bSmjjPk51aE-ErcMf4rQsHZ19fQI5RixmO8G1g6i3fQ"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/8045771/oaK2ow",
"token": "bSmjjPk51aE-ErcMf4rQsHZ19fQI5RixmO8G1g6i3fQ"
}
]
}
2019-09-12 12:14:22,304:DEBUG:acme.client:Storing nonce: 0001omZ5I6lGQieRVe-GdjSegNBEhwPz0q0w8v02bJPQ0PM
2019-09-12 12:14:22,305:INFO:certbot.auth_handler:Performing the following challenges:
2019-09-12 12:14:22,307:INFO:certbot.auth_handler:http-01 challenge for example.com
2019-09-12 12:14:22,309:INFO:certbot.plugins.webroot:Using the webroot path /var/www/certbot for all unmatched domains.
2019-09-12 12:14:22,310:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /var/www/certbot/.well-known/acme-challenge
2019-09-12 12:14:22,321:DEBUG:certbot.plugins.webroot:Attempting to save validation to /var/www/certbot/.well-known/acme-challenge/bSmjjPk51aE-ErcMf4rQsHZ19fQI5RixmO8G1g6i3fQ
2019-09-12 12:14:22,322:INFO:certbot.auth_handler:Waiting for verification...
2019-09-12 12:14:22,324:DEBUG:acme.client:JWS payload:
b'{\n "resource": "challenge",\n "type": "http-01"\n}'
2019-09-12 12:14:22,340:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/8045771/r0FtBQ:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMDkzNjYyNCIsICJub25jZSI6ICIwMDAxb21aNUk2bEdRaWVSVmUtR2RqU2VnTkJFaHdQejBxMHc4djAyYkpQUTBQTSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My84MDQ1NzcxL3IwRnRCUSJ9",
"signature": "gWL1ZpL8Byc6vA6UrjZEVW_Q2aGavRzTjCNThM0grvweQqCBpg73hbgBHNmNS_qJDi69Y7UBWXzwqGPu7f-JZTfCsm2IHQTQV_1EHV1MTYgA7xBrTThL3nVyxtucmJzCZDYlyamOD0hE7fpr0fIxHrMkPqzpoid61SmCSIMuMXCKBhnUAIdKjI3-GdpeRYBKDlvppiTp-VP5lzN4h2y7FMMes7tLNAPb8z7QmgIVGWNoAfhbm9Jp6zGJyue3vDWe3vcY1keGJ8_9j05P59MJi2LCuQoqmkfE0Qp4JAQWeiREgKGwjrVezMab37MLqCSL4l3M4YLXx5jnq1r45ZeHrYdf2_I5__TlpUSyKjuRP2Uq5eprF__E5oypsmnS2XYUyCQrjIXsKeWL2nJtIads_LdyqV5kdvgbCZYSe14DXefIikTJotBV9iRG8HP4SLFfyxa4vDw2t7iYL1Lpt1XfNLbH_Cr_xO5Ygz-HrNRwU3mYaDm_OzExj6xRkJSM6ooWrYH_H8nGfJz8t-njqaYEgsOC9oLmh1Dz4Gvt7hKshUZRNTmluibykqK5rB6aYBML_OK2nt0n0232Neg1WA40UKMy40DFbkd49FizWBVlt2kDLql1gyJjIPDkTKqJFFUVUa5CDPwGicu3IDMtDtYmTkBZY5vgJVhiHS81Q_yJNOY",
"payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
2019-09-12 12:14:22,445:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/8045771/r0FtBQ HTTP/1.1" 200 190
2019-09-12 12:14:22,446:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 190
Boulder-Requester: 10936624
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/8045771>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/8045771/r0FtBQ
Replay-Nonce: 0002bq8erl9HWj-tPYM-P20Mm20uIym6GOQ3rcNCmP8A9uQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 12 Sep 2019 12:14:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 Sep 2019 12:14:22 GMT
Connection: keep-alive
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/8045771/r0FtBQ",
"token": "bSmjjPk51aE-ErcMf4rQsHZ19fQI5RixmO8G1g6i3fQ"
}
2019-09-12 12:14:22,446:DEBUG:acme.client:Storing nonce: 0002bq8erl9HWj-tPYM-P20Mm20uIym6GOQ3rcNCmP8A9uQ
2019-09-12 12:14:23,448:DEBUG:acme.client:JWS payload:
b''
2019-09-12 12:14:23,459:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/8045771:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMDkzNjYyNCIsICJub25jZSI6ICIwMDAyYnE4ZXJsOUhXai10UFlNLVAyME1tMjB1SXltNkdPUTNyY05DbVA4QTl1USIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My84MDQ1NzcxIn0",
"signature": "ubMq1CsWGmkBz84CvbmkWxaxqoIkGivVZHhcz5lHE-8puB04X5y9LeabhL2V7awvmuvZM7GpFypbzLKZL0QA5Tz87in_oPsIf3Q1RjE6Q-1Sui0I5x7xRZ4CN4K_dD304ffLBjGpl5gcklHCsq3ScUP9ynj_tuuRraM3G8dBJAvi-UZCzQkmUD2A3fvGA-JNJ8ZIuzt6O3jiqRmVUcOwiEF9sx8Y_v0hc3bpPsZwGYQF0t3dyNoU61ykb8x_AfiPM5owJnyqWeJCF_-NS8EPad1CZfY6Ms0S3n6uByPFWzYQmyeQEbj0iyy4Mjot49aYYcZFWujb4n-0X0Znvvoq0qhNkwp8XA05r6k_0tG3AEPL1sQ6-v6tfmHYVDHZD9oRP50bsrJqeYEBufVrN5j7upgu9tfCAvb9EbuGjJenGniFkV_sdB2cO-XWGAKjjKaVuLhl7TsI2VTXT-iT3EzYYsU22ai3wR-UOeYi-_oB-USH78W63jsE5fLO2UY6x_m4BOHJG9I2KHcdkd7kXy-qTnPQLbCKEhpE7qc0N8EE26SDpRbXCsLeA4pK8GGV73Znfhh4AdYUjUB5r_0R97H2lodiWJieuee4ZnFvFGK8KiQVqIhyuJswgiYj-MSCRBbko75nG7apRSqzi5GJ4dSJSQq5-73bSuPjBsnV7K-Pwjk",
"payload": ""
}
2019-09-12 12:14:23,528:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/8045771 HTTP/1.1" 200 1695
2019-09-12 12:14:23,529:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1695
Boulder-Requester: 10936624
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002vdVD8W-m2KM6Nx0xg5M9Nw-3QbkQYOnhNWY6_z0l0bM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 12 Sep 2019 12:14:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 Sep 2019 12:14:23 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "example.com"
},
"status": "invalid",
"expires": "2019-09-19T12:14:22Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://example.com/.well-known/acme-challenge/bSmjjPk51aE-ErcMf4rQsHZ19fQI5RixmO8G1g6i3fQ [149.28.60.185]: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003enginx\u003c/center\u003e\\r\\n\"",
"status": 403
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/8045771/r0FtBQ",
"token": "bSmjjPk51aE-ErcMf4rQsHZ19fQI5RixmO8G1g6i3fQ",
"validationRecord": [
{
"url": "http://example.com/.well-known/acme-challenge/bSmjjPk51aE-ErcMf4rQsHZ19fQI5RixmO8G1g6i3fQ",
"hostname": "example.com",
"port": "80",
"addressesResolved": [
"149.28.60.185"
],
"addressUsed": "149.28.60.185"
}
]
},
{
"type": "dns-01",
"status": "invalid",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/8045771/rwmhQQ",
"token": "bSmjjPk51aE-ErcMf4rQsHZ19fQI5RixmO8G1g6i3fQ"
},
{
"type": "tls-alpn-01",
"status": "invalid",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/8045771/oaK2ow",
"token": "bSmjjPk51aE-ErcMf4rQsHZ19fQI5RixmO8G1g6i3fQ"
}
]
}
2019-09-12 12:14:23,529:DEBUG:acme.client:Storing nonce: 0002vdVD8W-m2KM6Nx0xg5M9Nw-3QbkQYOnhNWY6_z0l0bM
2019-09-12 12:14:23,530:WARNING:certbot.auth_handler:Challenge failed for domain example.com
2019-09-12 12:14:23,532:INFO:certbot.auth_handler:http-01 challenge for example.com
2019-09-12 12:14:23,533:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: example.com
Type: unauthorized
Detail: Invalid response from http://example.com/.well-known/acme-challenge/bSmjjPk51aE-ErcMf4rQsHZ19fQI5RixmO8G1g6i3fQ [149.28.60.185]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2019-09-12 12:14:23,534:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/opt/certbot/src/certbot/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/opt/certbot/src/certbot/auth_handler.py", line 154, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2019-09-12 12:14:23,534:DEBUG:certbot.error_handler:Calling registered functions
2019-09-12 12:14:23,534:INFO:certbot.auth_handler:Cleaning up challenges
2019-09-12 12:14:23,536:DEBUG:certbot.plugins.webroot:Removing /var/www/certbot/.well-known/acme-challenge/bSmjjPk51aE-ErcMf4rQsHZ19fQI5RixmO8G1g6i3fQ
2019-09-12 12:14:23,536:DEBUG:certbot.plugins.webroot:All challenges cleaned up
2019-09-12 12:14:23,537:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 11, in <module>
load_entry_point('certbot', 'console_scripts', 'certbot')()
File "/opt/certbot/src/certbot/main.py", line 1378, in main
return config.func(config, plugins)
File "/opt/certbot/src/certbot/main.py", line 1265, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/opt/certbot/src/certbot/main.py", line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/opt/certbot/src/certbot/client.py", line 405, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/opt/certbot/src/certbot/client.py", line 348, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/opt/certbot/src/certbot/client.py", line 384, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/opt/certbot/src/certbot/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/opt/certbot/src/certbot/auth_handler.py", line 154, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.