API tools faq
paste
Advertisement
Guest User

/var/log/letsencrypt/letsencrypt.log

a guest
Feb 6th, 2019
130
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 52.92 KB | None | 0 0
raw download clone embed print report
  1. 2019-02-06 12:00:04,594:DEBUG:certbot.main:certbot version: 0.30.2
  2. 2019-02-06 12:00:04,595:DEBUG:certbot.main:Arguments: ['--pre-hook', '/sbin/service nginx stop', '--post-hook', '/sbin/service nginx start']
  3. 2019-02-06 12:00:04,595:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
  4. 2019-02-06 12:00:04,633:DEBUG:certbot.log:Root logging level set at 20
  5. 2019-02-06 12:00:04,634:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
  6. 2019-02-06 12:00:04,693:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7efbec8d4ef0> and installer <certbot.cli._Default object at 0x7efbec8d4ef0>
  7. 2019-02-06 12:00:04,693:DEBUG:certbot.cli:Var pre_hook=/sbin/service nginx stop (set by user).
  8. 2019-02-06 12:00:04,693:DEBUG:certbot.cli:Var post_hook=/sbin/service nginx start (set by user).
  9. 2019-02-06 12:00:04,747:INFO:certbot.renewal:Cert not yet due for renewal
  10. 2019-02-06 12:00:04,749:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
  11. 2019-02-06 12:00:04,758:DEBUG:certbot.plugins.selection:Selecting plugin: * nginx
  12. Description: Nginx Web Server plugin
  13. Interfaces: IAuthenticator, IInstaller, IPlugin
  14. Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
  15. Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7efbec8d7eb8>
  16. 2019-02-06 12:00:04,761:DEBUG:certbot.cli:Var pre_hook=/sbin/service nginx stop (set by user).
  17. 2019-02-06 12:00:04,761:DEBUG:certbot.cli:Var post_hook=/sbin/service nginx start (set by user).
  18. 2019-02-06 12:00:04,805:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2019-01-27 20:32:44 UTC.
  19. 2019-02-06 12:00:04,806:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
  20. 2019-02-06 12:00:04,806:INFO:certbot.renewal:Non-interactive renewal: random delay of 42 seconds
  21. 2019-02-06 12:00:46,849:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
  22. 2019-02-06 12:00:47,256:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
  23. Description: Nginx Web Server plugin
  24. Interfaces: IAuthenticator, IInstaller, IPlugin
  25. Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
  26. Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7efbec8d70b8>
  27. Prep: True
  28. 2019-02-06 12:00:47,257:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
  29. Description: Nginx Web Server plugin
  30. Interfaces: IAuthenticator, IInstaller, IPlugin
  31. Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
  32. Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7efbec8d70b8>
  33. Prep: True
  34. 2019-02-06 12:00:47,257:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7efbec8d70b8> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7efbec8d70b8>
  35. 2019-02-06 12:00:47,257:INFO:certbot.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
  36. 2019-02-06 12:00:47,262:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(uri='https://acme-v02.api.letsencrypt.org/acme/acct/39351473', new_authzr_uri=None, body=Registration(status=None, only_return_existing=None, agreement=None, contact=(), key=None, external_account_binding=None, terms_of_service_agreed=None), terms_of_service=None), b203b3ac934a195cc38ed344b9017ce0, Meta(creation_dt=datetime.datetime(2018, 7, 31, 13, 3, 18, tzinfo=<UTC>), creation_host='example-server'))>
  37. 2019-02-06 12:00:47,265:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
  38. 2019-02-06 12:00:47,269:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
  39. 2019-02-06 12:00:47,626:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
  40. 2019-02-06 12:00:47,627:DEBUG:acme.client:Received response:
  41. HTTP 200
  42. Server: nginx
  43. Content-Type: application/json
  44. Content-Length: 658
  45. X-Frame-Options: DENY
  46. Strict-Transport-Security: max-age=604800
  47. Expires: Wed, 06 Feb 2019 12:00:47 GMT
  48. Cache-Control: max-age=0, no-cache, no-store
  49. Pragma: no-cache
  50. Date: Wed, 06 Feb 2019 12:00:47 GMT
  51. Connection: keep-alive
  52.  
  53. {
  54.   "SKxWWmvCejA": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  55.   "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  56.   "meta": {
  57.     "caaIdentities": [
  58.       "letsencrypt.org"
  59.     ],
  60.     "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
  61.     "website": "https://letsencrypt.org"
  62.   },
  63.   "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  64.   "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  65.   "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  66.   "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
  67. }
  68. 2019-02-06 12:00:47,628:INFO:certbot.hooks:Running pre-hook command: /sbin/service nginx stop
  69. 2019-02-06 12:00:47,788:INFO:certbot.hooks:Output from service:
  70. Stopping nginx: [  OK  ]
  71.  
  72. 2019-02-06 12:00:47,788:INFO:certbot.main:Renewing an existing certificate
  73. 2019-02-06 12:00:47,952:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0063_key-certbot.pem
  74. 2019-02-06 12:00:47,956:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0063_csr-certbot.pem
  75. 2019-02-06 12:00:47,957:DEBUG:acme.client:Requesting fresh nonce
  76. 2019-02-06 12:00:47,957:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
  77. 2019-02-06 12:00:48,218:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
  78. 2019-02-06 12:00:48,220:DEBUG:acme.client:Received response:
  79. HTTP 200
  80. Server: nginx
  81. Replay-Nonce: Ip_oAGdzzxoAUpAe4SGeD-MpBG3F94BkYKGYpwq0nIk
  82. X-Frame-Options: DENY
  83. Strict-Transport-Security: max-age=604800
  84. Content-Length: 0
  85. Expires: Wed, 06 Feb 2019 12:00:48 GMT
  86. Cache-Control: max-age=0, no-cache, no-store
  87. Pragma: no-cache
  88. Date: Wed, 06 Feb 2019 12:00:48 GMT
  89. Connection: keep-alive
  90.  
  91.  
  92. 2019-02-06 12:00:48,220:DEBUG:acme.client:Storing nonce: Ip_oAGdzzxoAUpAe4SGeD-MpBG3F94BkYKGYpwq0nIk
  93. 2019-02-06 12:00:48,221:DEBUG:acme.client:JWS payload:
  94. b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "example.co.uk"\n    }\n  ]\n}'
  95. 2019-02-06 12:00:48,226:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
  96. {
  97.   "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNjaG9sYXJwYWNrMy5jby51ayIKICAgIH0KICBdCn0",
  98.   "signature": "WiV_yKIx-V3kaRZ_tkgR4QJFFFqlcZJ7c05x9jPy2edkUbFy0tsAZeLYU16z4Keb9XhQt5eFlAJDIoKG5wx7TZ2sGlxel7zaxWBvV8UZ7czQkc-RL6NVZXE_GGHgL8lJ74CfjFYM9JIHZXa9HkXny-oBRAxSCpzeug4ePiMwSccP97J0ffnVx8aUjYenr5wo6bo_WRku-JDaIeABRytxKrzaxV4Dnp6QLxgEkOHUjtE0rGwrGkyUAiEQWM3Kq2Tu0f1E37rw5HPqdpGwE8sH5uTbkW2-TQfljHBJLeO5knr74D_pLx421Z1Dp2AtLASQ2aGLBJXfNDaLSTFsS0PQ1w",
  99.   "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzkzNTE0NzMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJub25jZSI6ICJJcF9vQUdkenp4b0FVcEFlNFNHZUQtTXBCRzNGOTRCa1lLR1lwd3EwbklrIn0"
  100. }
  101. 2019-02-06 12:00:48,539:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 376
  102. 2019-02-06 12:00:48,540:DEBUG:acme.client:Received response:
  103. HTTP 201
  104. Server: nginx
  105. Content-Type: application/json
  106. Content-Length: 376
  107. Boulder-Requester: 39351473
  108. Location: https://acme-v02.api.letsencrypt.org/acme/order/39351473/304202627
  109. Replay-Nonce: 88Wwpay3irkEyHeBnnfYN_18cuHUYSoSmtqlACqYEnI
  110. X-Frame-Options: DENY
  111. Strict-Transport-Security: max-age=604800
  112. Expires: Wed, 06 Feb 2019 12:00:48 GMT
  113. Cache-Control: max-age=0, no-cache, no-store
  114. Pragma: no-cache
  115. Date: Wed, 06 Feb 2019 12:00:48 GMT
  116. Connection: keep-alive
  117.  
  118. {
  119.   "status": "pending",
  120.   "expires": "2019-02-13T12:00:48.36880981Z",
  121.   "identifiers": [
  122.     {
  123.       "type": "dns",
  124.       "value": "example.co.uk"
  125.     }
  126.   ],
  127.   "authorizations": [
  128.     "https://acme-v02.api.letsencrypt.org/acme/authz/oVAAnzjC_o1OdaLxngn2BJbFZ3sCOqJ3lL48UtRKqYI"
  129.   ],
  130.   "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/39351473/304202627"
  131. }
  132. 2019-02-06 12:00:48,540:DEBUG:acme.client:Storing nonce: 88Wwpay3irkEyHeBnnfYN_18cuHUYSoSmtqlACqYEnI
  133. 2019-02-06 12:00:48,541:DEBUG:acme.client:JWS payload:
  134. b''
  135. 2019-02-06 12:00:48,543:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/oVAAnzjC_o1OdaLxngn2BJbFZ3sCOqJ3lL48UtRKqYI:
  136. {
  137.   "payload": "",
  138.   "signature": "vwFoKKcsRnyuTq6m3E9XS-hazDHq9hPA0pgBF9Nm8Whwn4S1REOv3zJ87dxyBBWU6I5rrxL3XeO-NILBn09YB75UO1zlO_xgD4WESmPYIlu6wZ8u4ubpnQu-XJeEexRs9TViJx4ZyMYATnDGCAl-sSbm2WwRTidgcJGS2j9dDt2stvCHgJIHmBmWB5I729Yp4dFhewGmbCUhE7IfyrTGc0o1JX3dXYhM-NPHRaFZcWsu3JgoHWu9t3c2I3zVgMsE99riKc5n9A9YvO7Dp2v8Fsti8COPv1QjB2WIuer5_KHIPXUmaG8E9rlvEqiy9r0asrW7_FemF1T3hxMJDUMMTg",
  139.   "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzkzNTE0NzMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6L29WQUFuempDX28xT2RhTHhuZ24yQkpiRlozc0NPcUozbEw0OFV0UktxWUkiLCAibm9uY2UiOiAiODhXd3BheTNpcmtFeUhlQm5uZllOXzE4Y3VIVVlTb1NtdHFsQUNxWUVuSSJ9"
  140. }
  141. 2019-02-06 12:00:48,936:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/oVAAnzjC_o1OdaLxngn2BJbFZ3sCOqJ3lL48UtRKqYI HTTP/1.1" 200 1166
  142. 2019-02-06 12:00:48,938:DEBUG:acme.client:Received response:
  143. HTTP 200
  144. Server: nginx
  145. Content-Type: application/json
  146. Content-Length: 1166
  147. Boulder-Requester: 39351473
  148. Replay-Nonce: 29-MaNxu9pVMc1KvMWWtK2Oo7M137xMlnJ6Ul81SXWM
  149. X-Frame-Options: DENY
  150. Strict-Transport-Security: max-age=604800
  151. Expires: Wed, 06 Feb 2019 12:00:48 GMT
  152. Cache-Control: max-age=0, no-cache, no-store
  153. Pragma: no-cache
  154. Date: Wed, 06 Feb 2019 12:00:48 GMT
  155. Connection: keep-alive
  156.  
  157. {
  158.   "identifier": {
  159.     "type": "dns",
  160.     "value": "example.co.uk"
  161.   },
  162.   "status": "pending",
  163.   "expires": "2019-02-13T12:00:48Z",
  164.   "challenges": [
  165.     {
  166.       "type": "http-01",
  167.       "status": "pending",
  168.       "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/oVAAnzjC_o1OdaLxngn2BJbFZ3sCOqJ3lL48UtRKqYI/12304922324",
  169.       "token": "FK6l0bTOwFcmfbJINs4noVyfRD9PIhE3-_MJyNyCow0"
  170.     },
  171.     {
  172.       "type": "tls-sni-01",
  173.       "status": "pending",
  174.       "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/oVAAnzjC_o1OdaLxngn2BJbFZ3sCOqJ3lL48UtRKqYI/12304922329",
  175.       "token": "BP_5m-CCU5uMJb8jB48Z_D9cH00StroMc4Jv4gY5x7A"
  176.     },
  177.     {
  178.       "type": "dns-01",
  179.       "status": "pending",
  180.       "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/oVAAnzjC_o1OdaLxngn2BJbFZ3sCOqJ3lL48UtRKqYI/12304922331",
  181.       "token": "lyn8yGi4S-30O7Es4sh1d3osKWuYUkqOPd_9RRQTChI"
  182.     },
  183.     {
  184.       "type": "tls-alpn-01",
  185.       "status": "pending",
  186.       "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/oVAAnzjC_o1OdaLxngn2BJbFZ3sCOqJ3lL48UtRKqYI/12304922332",
  187.       "token": "4j93c0v0GbCa23cMh4fapcdY04q-N9aVrsAQtoC_arY"
  188.     }
  189.   ]
  190. }
  191. 2019-02-06 12:00:48,938:DEBUG:acme.client:Storing nonce: 29-MaNxu9pVMc1KvMWWtK2Oo7M137xMlnJ6Ul81SXWM
  192. 2019-02-06 12:00:48,939:INFO:certbot.auth_handler:Performing the following challenges:
  193. 2019-02-06 12:00:48,939:INFO:certbot.auth_handler:http-01 challenge for example.co.uk
  194. 2019-02-06 12:00:48,984:INFO:certbot_nginx.http_01:Using default address 80 for authentication.
  195. 2019-02-06 12:00:48,986:DEBUG:certbot_nginx.http_01:Generated server block:
  196. [[['server'], [['listen', '80'], ['server_name', 'example.co.uk'], ['root', '/var/lib/letsencrypt/http_01_nonexistent'], [['location', '=', '/.well-known/acme-challenge/FK6l0bTOwFcmfbJINs4noVyfRD9PIhE3-_MJyNyCow0'], [['default_type', 'text/plain'], ['return', '200', 'FK6l0bTOwFcmfbJINs4noVyfRD9PIhE3-_MJyNyCow0.lpk35UZHk93QJD25xXO8QY5cp41Zlsnd7-MVW8IITy8']]]]]]
  197. 2019-02-06 12:00:48,988:DEBUG:certbot.reverter:Creating backup of /usr/share/nginx/modules/mod-http-perl.conf
  198. 2019-02-06 12:00:48,991:DEBUG:certbot.reverter:Creating backup of /etc/nginx/conf.d/subdomain.example.conf
  199. 2019-02-06 12:00:48,991:DEBUG:certbot.reverter:Creating backup of /usr/share/nginx/modules/mod-http-image-filter.conf
  200. 2019-02-06 12:00:48,992:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
  201. 2019-02-06 12:00:48,992:DEBUG:certbot.reverter:Creating backup of /etc/nginx/conf.d/ssl.conf
  202. 2019-02-06 12:00:48,993:DEBUG:certbot.reverter:Creating backup of /usr/share/nginx/modules/mod-http-geoip.conf
  203. 2019-02-06 12:00:48,993:DEBUG:certbot.reverter:Creating backup of /etc/nginx/conf.d/subdomain2.example.conf
  204. 2019-02-06 12:00:48,994:DEBUG:certbot.reverter:Creating backup of /usr/share/nginx/modules/mod-http-xslt-filter.conf
  205. 2019-02-06 12:00:48,994:DEBUG:certbot.reverter:Creating backup of /usr/share/nginx/modules/mod-stream.conf
  206. 2019-02-06 12:00:48,995:DEBUG:certbot.reverter:Creating backup of /etc/nginx/conf.d/virtual.conf
  207. 2019-02-06 12:00:48,995:DEBUG:certbot.reverter:Creating backup of /usr/share/nginx/modules/mod-mail.conf
  208. 2019-02-06 12:00:48,996:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
  209. 2019-02-06 12:00:48,998:DEBUG:certbot_nginx.parser:Writing nginx conf tree to /etc/nginx/nginx.conf:
  210. # For more information on configuration, see:
  211. #   * Official English Documentation: http://nginx.org/en/docs/
  212. #   * Official Russian Documentation: http://nginx.org/ru/docs/
  213.  
  214. user nginx;
  215. worker_processes auto;
  216. error_log /var/log/nginx/error.log;
  217. pid /var/run/nginx.pid;
  218.  
  219. # Load dynamic modules. See /usr/share/nginx/README.dynamic.
  220. include /usr/share/nginx/modules/*.conf;
  221.  
  222. events {
  223.     worker_connections  1024;
  224. }
  225.  
  226.  
  227. http {
  228. include /etc/letsencrypt/le_http_01_cert_challenge.conf;
  229. server_names_hash_bucket_size 128;
  230.     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
  231.                       '$status $body_bytes_sent "$http_referer" '
  232.                       '"$http_user_agent" "$http_x_forwarded_for"';
  233.  
  234.     access_log  /var/log/nginx/access.log  main;
  235.  
  236.     sendfile            on;
  237.     tcp_nopush          on;
  238.     tcp_nodelay         on;
  239.     keepalive_timeout   65;
  240.     types_hash_max_size 2048;
  241.  
  242.     include             /etc/nginx/mime.types;
  243.     default_type        application/octet-stream;
  244.  
  245.     # Load modular configuration files from the /etc/nginx/conf.d directory.
  246.     # See http://nginx.org/en/docs/ngx_core_module.html#include
  247.     # for more information.
  248.     include /etc/nginx/conf.d/*.conf;
  249. }
  250.  
  251. 2019-02-06 12:00:50,086:INFO:certbot.auth_handler:Waiting for verification...
  252. 2019-02-06 12:00:50,089:DEBUG:acme.client:JWS payload:
  253. b'{\n  "type": "http-01",\n  "resource": "challenge",\n  "keyAuthorization": "FK6l0bTOwFcmfbJINs4noVyfRD9PIhE3-_MJyNyCow0.lpk35UZHk93QJD25xXO8QY5cp41Zlsnd7-MVW8IITy8"\n}'
  254. 2019-02-06 12:00:50,093:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/challenge/oVAAnzjC_o1OdaLxngn2BJbFZ3sCOqJ3lL48UtRKqYI/12304922324:
  255. {
  256.   "payload": "ewogICJ0eXBlIjogImh0dHAtMDEiLAogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJrZXlBdXRob3JpemF0aW9uIjogIkZLNmwwYlRPd0ZjbWZiSklOczRub1Z5ZlJEOVBJaEUzLV9NSnlOeUNvdzAubHBrMzVVWkhrOTNRSkQyNXhYTzhRWTVjcDQxWmxzbmQ3LU1WVzhJSVR5OCIKfQ",
  257.   "signature": "IwAOM3a8djNNupDiOsOFcmpUhGf9OeO80cbLEnwVRDtHe8FFd0ID_0a-nPYoGNJ9xycx0viy6_vE9N9wmaCfcL44fF7iSBDcsWXakAqMBDuMih7auZ8ejDp7TGUHNhdYkazCnqn9g0qeAYfUJE34i84eqJ0oRo3OB4bMXsbSHc3Hx1KKHbyVpDJamr3Nt-NdpwTleSno_gxv-hU5L48O3GEscS0TV5qDAVRyBUGwFXtk4W4F6Dgj7WBjakvzN6m2DfachclCoY3FEPWKURBqN9_nxuWUPVatzevp7TSGk92jikhE2kmFueRAnoBELizAMJRgAMALKLecUCEdftSL3A",
  258.   "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzkzNTE0NzMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsZW5nZS9vVkFBbnpqQ19vMU9kYUx4bmduMkJKYkZaM3NDT3FKM2xMNDhVdFJLcVlJLzEyMzA0OTIyMzI0IiwgIm5vbmNlIjogIjI5LU1hTnh1OXBWTWMxS3ZNV1d0SzJPbzdNMTM3eE1sbko2VWw4MVNYV00ifQ"
  259. }
  260. 2019-02-06 12:00:50,438:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/challenge/oVAAnzjC_o1OdaLxngn2BJbFZ3sCOqJ3lL48UtRKqYI/12304922324 HTTP/1.1" 200 224
  261. 2019-02-06 12:00:50,439:DEBUG:acme.client:Received response:
  262. HTTP 200
  263. Server: nginx
  264. Content-Type: application/json
  265. Content-Length: 224
  266. Boulder-Requester: 39351473
  267. Link: <https://acme-v02.api.letsencrypt.org/acme/authz/oVAAnzjC_o1OdaLxngn2BJbFZ3sCOqJ3lL48UtRKqYI>;rel="up"
  268. Location: https://acme-v02.api.letsencrypt.org/acme/challenge/oVAAnzjC_o1OdaLxngn2BJbFZ3sCOqJ3lL48UtRKqYI/12304922324
  269. Replay-Nonce: 2UlpY9hz4UXOAkZl5sKDN_ra_C97B-Ghg5Rg-596SDU
  270. X-Frame-Options: DENY
  271. Strict-Transport-Security: max-age=604800
  272. Expires: Wed, 06 Feb 2019 12:00:50 GMT
  273. Cache-Control: max-age=0, no-cache, no-store
  274. Pragma: no-cache
  275. Date: Wed, 06 Feb 2019 12:00:50 GMT
  276. Connection: keep-alive
  277.  
  278. {
  279.   "type": "http-01",
  280.   "status": "pending",
  281.   "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/oVAAnzjC_o1OdaLxngn2BJbFZ3sCOqJ3lL48UtRKqYI/12304922324",
  282.   "token": "FK6l0bTOwFcmfbJINs4noVyfRD9PIhE3-_MJyNyCow0"
  283. }
  284. 2019-02-06 12:00:50,440:DEBUG:acme.client:Storing nonce: 2UlpY9hz4UXOAkZl5sKDN_ra_C97B-Ghg5Rg-596SDU
  285. 2019-02-06 12:00:53,444:DEBUG:acme.client:JWS payload:
  286. b''
  287. 2019-02-06 12:00:53,446:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/oVAAnzjC_o1OdaLxngn2BJbFZ3sCOqJ3lL48UtRKqYI:
  288. {
  289.   "payload": "",
  290.   "signature": "cvvThtP1jpOOHUa9Cv6kQaRBoZGQjDQcfEJi4SZQs97d3ZEUnKzKyzXukLdoYDJj_riY7x7zsM_2mVpOxuBpTiLyiFOHmwVHfi5_hznthchMyMc1VBio0D9TT45G8rq2JS64Vz7DJ0Pz5BXALS2Jv_BSeZVxJJq6yG_MWOIcCAu9BBB_Vqlvy69zwoEnu2gm8PM2_bxmKE6erw24dq0TNSjaoPCoi-7o7lynER6RMKYwpjkTkdauq49c8mE_gI1XROFD09_kv3-8S3AeEVd-dUCzs05mXnZspVg32VMh_8lI4k14eZkk_fbo5u6pe29EQj9Q1K7hcAz2sIk9eCGYYg",
  291.   "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzkzNTE0NzMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6L29WQUFuempDX28xT2RhTHhuZ24yQkpiRlozc0NPcUozbEw0OFV0UktxWUkiLCAibm9uY2UiOiAiMlVscFk5aHo0VVhPQWtabDVzS0ROX3JhX0M5N0ItR2hnNVJnLTU5NlNEVSJ9"
  292. }
  293. 2019-02-06 12:00:53,908:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/oVAAnzjC_o1OdaLxngn2BJbFZ3sCOqJ3lL48UtRKqYI HTTP/1.1" 200 2404
  294. 2019-02-06 12:00:53,909:DEBUG:acme.client:Received response:
  295. HTTP 200
  296. Server: nginx
  297. Content-Type: application/json
  298. Boulder-Requester: 39351473
  299. Replay-Nonce: CIetZX8w1999u8FagRkR_BshzFWr3PEfwf80IOZ9w_g
  300. X-Frame-Options: DENY
  301. Strict-Transport-Security: max-age=604800
  302. Content-Length: 2404
  303. Expires: Wed, 06 Feb 2019 12:00:53 GMT
  304. Cache-Control: max-age=0, no-cache, no-store
  305. Pragma: no-cache
  306. Date: Wed, 06 Feb 2019 12:00:53 GMT
  307. Connection: keep-alive
  308.  
  309. {
  310.   "identifier": {
  311.     "type": "dns",
  312.     "value": "example.co.uk"
  313.   },
  314.   "status": "invalid",
  315.   "expires": "2019-02-13T12:00:48Z",
  316.   "challenges": [
  317.     {
  318.       "type": "http-01",
  319.       "status": "invalid",
  320.       "error": {
  321.         "type": "urn:ietf:params:acme:error:unauthorized",
  322.         "detail": "Invalid response from http://example.co.uk/.well-known/acme-challenge/FK6l0bTOwFcmfbJINs4noVyfRD9PIhE3-_MJyNyCow0: \"  \u003ch2\u003eSite Error\u003c/h2\u003e\\n  \u003cp\u003eAn error was encountered while publishing this resource.\\n  \u003c/p\u003e\\n  \u003cp\u003e\u003cstrong\u003eResource not found\u003c/stro\"",
  323.         "status": 403
  324.       },
  325.       "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/oVAAnzjC_o1OdaLxngn2BJbFZ3sCOqJ3lL48UtRKqYI/12304922324",
  326.       "token": "FK6l0bTOwFcmfbJINs4noVyfRD9PIhE3-_MJyNyCow0",
  327.       "validationRecord": [
  328.         {
  329.           "url": "http://example.co.uk/.well-known/acme-challenge/FK6l0bTOwFcmfbJINs4noVyfRD9PIhE3-_MJyNyCow0",
  330.           "hostname": "example.co.uk",
  331.           "port": "80",
  332.           "addressesResolved": [
  333.             "52.56.249.63",
  334.             "35.176.82.16",
  335.             "3.8.42.65"
  336.           ],
  337.           "addressUsed": "52.56.249.63"
  338.         },
  339.         {
  340.           "url": "https://example.co.uk:443/.well-known/acme-challenge/FK6l0bTOwFcmfbJINs4noVyfRD9PIhE3-_MJyNyCow0",
  341.           "hostname": "example.co.uk",
  342.           "port": "443",
  343.           "addressesResolved": [
  344.             "35.176.82.16",
  345.             "3.8.42.65",
  346.             "52.56.249.63"
  347.           ],
  348.           "addressUsed": "35.176.82.16"
  349.         }
  350.       ]
  351.     },
  352.     {
  353.       "type": "tls-sni-01",
  354.       "status": "invalid",
  355.       "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/oVAAnzjC_o1OdaLxngn2BJbFZ3sCOqJ3lL48UtRKqYI/12304922329",
  356.       "token": "BP_5m-CCU5uMJb8jB48Z_D9cH00StroMc4Jv4gY5x7A"
  357.     },
  358.     {
  359.       "type": "dns-01",
  360.       "status": "invalid",
  361.       "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/oVAAnzjC_o1OdaLxngn2BJbFZ3sCOqJ3lL48UtRKqYI/12304922331",
  362.       "token": "lyn8yGi4S-30O7Es4sh1d3osKWuYUkqOPd_9RRQTChI"
  363.     },
  364.     {
  365.       "type": "tls-alpn-01",
  366.       "status": "invalid",
  367.       "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/oVAAnzjC_o1OdaLxngn2BJbFZ3sCOqJ3lL48UtRKqYI/12304922332",
  368.       "token": "4j93c0v0GbCa23cMh4fapcdY04q-N9aVrsAQtoC_arY"
  369.     }
  370.   ]
  371. }
  372. 2019-02-06 12:00:53,910:DEBUG:acme.client:Storing nonce: CIetZX8w1999u8FagRkR_BshzFWr3PEfwf80IOZ9w_g
  373. 2019-02-06 12:00:53,912:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
  374.  
  375. Domain: example.co.uk
  376. Type:   unauthorized
  377. Detail: Invalid response from http://example.co.uk/.well-known/acme-challenge/FK6l0bTOwFcmfbJINs4noVyfRD9PIhE3-_MJyNyCow0: "  <h2>Site Error</h2>\n  <p>An error was encountered while publishing this resource.\n  </p>\n  <p><strong>Resource not found</stro"
  378.  
  379. To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
  380. 2019-02-06 12:00:53,912:DEBUG:certbot.error_handler:Encountered exception:
  381. Traceback (most recent call last):
  382.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py", line 82, in handle_authorizations
  383.     self._respond(aauthzrs, resp, best_effort)
  384.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py", line 161, in _respond
  385.     self._poll_challenges(aauthzrs, chall_update, best_effort)
  386.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py", line 232, in _poll_challenges
  387.     raise errors.FailedChallenges(all_failed_achalls)
  388. certbot.errors.FailedChallenges: Failed authorization procedure. example.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.co.uk/.well-known/acme-challenge/FK6l0bTOwFcmfbJINs4noVyfRD9PIhE3-_MJyNyCow0: "  <h2>Site Error</h2>\n  <p>An error was encountered while publishing this resource.\n  </p>\n  <p><strong>Resource not found</stro"
  389.  
  390. 2019-02-06 12:00:53,913:DEBUG:certbot.error_handler:Calling registered functions
  391. 2019-02-06 12:00:53,913:INFO:certbot.auth_handler:Cleaning up challenges
  392. 2019-02-06 12:00:55,316:WARNING:certbot.renewal:Attempting to renew cert (example.co.uk) from /etc/letsencrypt/renewal/example.co.uk.conf produced an unexpected error: Failed authorization procedure. example.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.co.uk/.well-known/acme-challenge/FK6l0bTOwFcmfbJINs4noVyfRD9PIhE3-_MJyNyCow0: "  <h2>Site Error</h2>\n  <p>An error was encountered while publishing this resource.\n  </p>\n  <p><strong>Resource not found</stro". Skipping.
  393. 2019-02-06 12:00:55,319:DEBUG:certbot.renewal:Traceback was:
  394. Traceback (most recent call last):
  395.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/renewal.py", line 452, in handle_renewal_request
  396.     main.renew_cert(lineage_config, plugins, renewal_candidate)
  397.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/main.py", line 1192, in renew_cert
  398.     renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  399.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/main.py", line 116, in _get_and_save_cert
  400.     renewal.renew_cert(config, domains, le_client, lineage)
  401.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/renewal.py", line 310, in renew_cert
  402.     new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  403.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/client.py", line 353, in obtain_certificate
  404.     orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  405.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/client.py", line 389, in _get_order_and_authorizations
  406.     authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  407.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py", line 82, in handle_authorizations
  408.     self._respond(aauthzrs, resp, best_effort)
  409.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py", line 161, in _respond
  410.     self._poll_challenges(aauthzrs, chall_update, best_effort)
  411.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py", line 232, in _poll_challenges
  412.     raise errors.FailedChallenges(all_failed_achalls)
  413. certbot.errors.FailedChallenges: Failed authorization procedure. example.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.co.uk/.well-known/acme-challenge/FK6l0bTOwFcmfbJINs4noVyfRD9PIhE3-_MJyNyCow0: "  <h2>Site Error</h2>\n  <p>An error was encountered while publishing this resource.\n  </p>\n  <p><strong>Resource not found</stro"
  414.  
  415. 2019-02-06 12:00:55,369:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2019-03-05 15:24:28 UTC.
  416. 2019-02-06 12:00:55,369:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
  417. 2019-02-06 12:00:55,369:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
  418. 2019-02-06 12:00:55,983:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
  419. Description: Nginx Web Server plugin
  420. Interfaces: IAuthenticator, IInstaller, IPlugin
  421. Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
  422. Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7efbec845d68>
  423. Prep: True
  424. 2019-02-06 12:00:55,985:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
  425. Description: Nginx Web Server plugin
  426. Interfaces: IAuthenticator, IInstaller, IPlugin
  427. Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
  428. Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7efbec845d68>
  429. Prep: True
  430. 2019-02-06 12:00:55,985:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7efbec845d68> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7efbec845d68>
  431. 2019-02-06 12:00:55,985:INFO:certbot.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
  432. 2019-02-06 12:00:55,989:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(uri='https://acme-v02.api.letsencrypt.org/acme/acct/39351473', new_authzr_uri=None, body=Registration(status=None, only_return_existing=None, agreement=None, contact=(), key=None, external_account_binding=None, terms_of_service_agreed=None), terms_of_service=None), b203b3ac934a195cc38ed344b9017ce0, Meta(creation_dt=datetime.datetime(2018, 7, 31, 13, 3, 18, tzinfo=<UTC>), creation_host='example-server'))>
  433. 2019-02-06 12:00:55,991:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
  434. 2019-02-06 12:00:55,993:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
  435. 2019-02-06 12:01:05,026:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
  436. 2019-02-06 12:01:05,027:DEBUG:acme.client:Received response:
  437. HTTP 200
  438. Server: nginx
  439. Content-Type: application/json
  440. Content-Length: 658
  441. X-Frame-Options: DENY
  442. Strict-Transport-Security: max-age=604800
  443. Expires: Wed, 06 Feb 2019 12:01:05 GMT
  444. Cache-Control: max-age=0, no-cache, no-store
  445. Pragma: no-cache
  446. Date: Wed, 06 Feb 2019 12:01:05 GMT
  447. Connection: keep-alive
  448.  
  449. {
  450.   "83WhT9Xdxsg": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  451.   "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  452.   "meta": {
  453.     "caaIdentities": [
  454.       "letsencrypt.org"
  455.     ],
  456.     "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
  457.     "website": "https://letsencrypt.org"
  458.   },
  459.   "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  460.   "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  461.   "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  462.   "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
  463. }
  464. 2019-02-06 12:01:05,028:INFO:certbot.hooks:Pre-hook command already run, skipping: /sbin/service nginx stop
  465. 2019-02-06 12:01:05,029:INFO:certbot.main:Renewing an existing certificate
  466. 2019-02-06 12:01:05,167:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0064_key-certbot.pem
  467. 2019-02-06 12:01:05,171:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0064_csr-certbot.pem
  468. 2019-02-06 12:01:05,172:DEBUG:acme.client:Requesting fresh nonce
  469. 2019-02-06 12:01:05,172:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
  470. 2019-02-06 12:01:05,446:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
  471. 2019-02-06 12:01:05,448:DEBUG:acme.client:Received response:
  472. HTTP 200
  473. Server: nginx
  474. Replay-Nonce: 9surGf7tEZELL68EKEqXz9iBWA_vEDX3o8zcsFT7n1M
  475. X-Frame-Options: DENY
  476. Strict-Transport-Security: max-age=604800
  477. Content-Length: 0
  478. Expires: Wed, 06 Feb 2019 12:01:05 GMT
  479. Cache-Control: max-age=0, no-cache, no-store
  480. Pragma: no-cache
  481. Date: Wed, 06 Feb 2019 12:01:05 GMT
  482. Connection: keep-alive
  483.  
  484.  
  485. 2019-02-06 12:01:05,448:DEBUG:acme.client:Storing nonce: 9surGf7tEZELL68EKEqXz9iBWA_vEDX3o8zcsFT7n1M
  486. 2019-02-06 12:01:05,449:DEBUG:acme.client:JWS payload:
  487. b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "subdomain.example.co.uk"\n    }\n  ]\n}'
  488. 2019-02-06 12:01:05,451:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
  489. {
  490.   "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIndyYXBwZWQuc2Nob2xhcnBhY2szLmNvLnVrIgogICAgfQogIF0KfQ",
  491.   "signature": "I7m29xHjZD53E4pQsnzXt_ZkMDzD0IwJgm-V0qjbsErv6cdeCb_qGb5BnhtxBpo7CR_6n-SfJrjKRBJfCblNRGUbJaYoxBVb3gH2GV71JQB2fCoriQopYhGDSvm0B8N0d8coYob_Uo-FAgd1P7kxbe-atEPJG1onrCtN_5Trg-mciuL7ftsbLvUoVfRGrU5MkFgcKntRl5ddn86fvnjTqGodGG2gZP502t7oCqms3A6hlk7K13mNX_oBmKbH189rNOz-LoxZW6rss0MXr1vNzAYbs7m3U4ypsvXT_P6zdBJQ3gVlTYZyAIZAKdqI0Qz20nORcoNsgi1x8HhVSjSaZA",
  492.   "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzkzNTE0NzMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJub25jZSI6ICI5c3VyR2Y3dEVaRUxMNjhFS0VxWHo5aUJXQV92RURYM284emNzRlQ3bjFNIn0"
  493. }
  494. 2019-02-06 12:01:06,694:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 385
  495. 2019-02-06 12:01:06,696:DEBUG:acme.client:Received response:
  496. HTTP 201
  497. Server: nginx
  498. Content-Type: application/json
  499. Content-Length: 385
  500. Boulder-Requester: 39351473
  501. Location: https://acme-v02.api.letsencrypt.org/acme/order/39351473/304203055
  502. Replay-Nonce: gjXmXWREoOY1D5p9Eb9Z-gR0S9VY4zf8w4qLpWqXEuI
  503. X-Frame-Options: DENY
  504. Strict-Transport-Security: max-age=604800
  505. Expires: Wed, 06 Feb 2019 12:01:06 GMT
  506. Cache-Control: max-age=0, no-cache, no-store
  507. Pragma: no-cache
  508. Date: Wed, 06 Feb 2019 12:01:06 GMT
  509. Connection: keep-alive
  510.  
  511. {
  512.   "status": "pending",
  513.   "expires": "2019-02-13T12:01:06.522846052Z",
  514.   "identifiers": [
  515.     {
  516.       "type": "dns",
  517.       "value": "subdomain.example.co.uk"
  518.     }
  519.   ],
  520.   "authorizations": [
  521.     "https://acme-v02.api.letsencrypt.org/acme/authz/53STkvooHiUYqdo0_1cFUZgK74RYvv2Rj1C7N-y2_LQ"
  522.   ],
  523.   "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/39351473/304203055"
  524. }
  525. 2019-02-06 12:01:06,696:DEBUG:acme.client:Storing nonce: gjXmXWREoOY1D5p9Eb9Z-gR0S9VY4zf8w4qLpWqXEuI
  526. 2019-02-06 12:01:06,696:DEBUG:acme.client:JWS payload:
  527. b''
  528. 2019-02-06 12:01:06,699:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/53STkvooHiUYqdo0_1cFUZgK74RYvv2Rj1C7N-y2_LQ:
  529. {
  530.   "payload": "",
  531.   "signature": "RWIfQ1JRAWSHFvz_ootkaMzAicb9fPSv6A_RKo_M2alxKS2fHDF2r-OexGZv80Q73zVgUnW0yIigDuApJnYbDB99CeR4rY4lb9uwpyUafO8ONjq8bKl6UpQMcp1KcOFDv9O_6J6qqnclqFrM8P9YgJyGsCKclHiia9H7k-U52OF2g2KQSyPqVhfaA52G5XfQOqtW14iZtpNzWlY6SX5RB-s226uTpCX55YrFJEPnpHHg4Z8BtBsdEd794KQi7jgLxlkLxw72w6HMHou03K5Pj-6B0lj7fF3uKyVXaGNe3cGug8lIUAUu-vsR9x5h_5UR7Wnf17NWGCf7pA0Oh1bGOg",
  532.   "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzkzNTE0NzMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzUzU1Rrdm9vSGlVWXFkbzBfMWNGVVpnSzc0Ull2djJSajFDN04teTJfTFEiLCAibm9uY2UiOiAiZ2pYbVhXUkVvT1kxRDVwOUViOVotZ1IwUzlWWTR6Zjh3NHFMcFdxWEV1SSJ9"
  533. }
  534. 2019-02-06 12:01:07,172:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/53STkvooHiUYqdo0_1cFUZgK74RYvv2Rj1C7N-y2_LQ HTTP/1.1" 200 1174
  535. 2019-02-06 12:01:07,173:DEBUG:acme.client:Received response:
  536. HTTP 200
  537. Server: nginx
  538. Content-Type: application/json
  539. Content-Length: 1174
  540. Boulder-Requester: 39351473
  541. Replay-Nonce: hInGRhCBjqdZuM4mGH16zkUxXvc0aC9J1bvMSiAxRfY
  542. X-Frame-Options: DENY
  543. Strict-Transport-Security: max-age=604800
  544. Expires: Wed, 06 Feb 2019 12:01:07 GMT
  545. Cache-Control: max-age=0, no-cache, no-store
  546. Pragma: no-cache
  547. Date: Wed, 06 Feb 2019 12:01:07 GMT
  548. Connection: keep-alive
  549.  
  550. {
  551.   "identifier": {
  552.     "type": "dns",
  553.     "value": "subdomain.example.co.uk"
  554.   },
  555.   "status": "pending",
  556.   "expires": "2019-02-13T12:01:06Z",
  557.   "challenges": [
  558.     {
  559.       "type": "dns-01",
  560.       "status": "pending",
  561.       "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/53STkvooHiUYqdo0_1cFUZgK74RYvv2Rj1C7N-y2_LQ/12304932546",
  562.       "token": "c-ShWqBZPXzmIZQTuuliYBkPsH7pyMvKFeBorcfkhxk"
  563.     },
  564.     {
  565.       "type": "tls-sni-01",
  566.       "status": "pending",
  567.       "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/53STkvooHiUYqdo0_1cFUZgK74RYvv2Rj1C7N-y2_LQ/12304932547",
  568.       "token": "DoW_DiAod6JfJHpF6dnx7ZS_rgXgnIpapgvoKjhuoro"
  569.     },
  570.     {
  571.       "type": "http-01",
  572.       "status": "pending",
  573.       "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/53STkvooHiUYqdo0_1cFUZgK74RYvv2Rj1C7N-y2_LQ/12304932548",
  574.       "token": "aqYC2ZeettBJzUNNCeXCUR-ZsVNwH09fRCJjumKVHB4"
  575.     },
  576.     {
  577.       "type": "tls-alpn-01",
  578.       "status": "pending",
  579.       "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/53STkvooHiUYqdo0_1cFUZgK74RYvv2Rj1C7N-y2_LQ/12304932549",
  580.       "token": "BI19fy6pwGoF7j0ArLSK-o5skBUyKVgxnqoUCgrgaUw"
  581.     }
  582.   ]
  583. }
  584. 2019-02-06 12:01:07,174:DEBUG:acme.client:Storing nonce: hInGRhCBjqdZuM4mGH16zkUxXvc0aC9J1bvMSiAxRfY
  585. 2019-02-06 12:01:07,175:INFO:certbot.auth_handler:Performing the following challenges:
  586. 2019-02-06 12:01:07,175:INFO:certbot.auth_handler:http-01 challenge for subdomain.example.co.uk
  587. 2019-02-06 12:01:07,209:DEBUG:certbot_nginx.http_01:Generated server block:
  588. []
  589. 2019-02-06 12:01:07,211:DEBUG:certbot.reverter:Creating backup of /usr/share/nginx/modules/mod-http-perl.conf
  590. 2019-02-06 12:01:07,211:DEBUG:certbot.reverter:Creating backup of /etc/nginx/conf.d/subdomain.example.conf
  591. 2019-02-06 12:01:07,212:DEBUG:certbot.reverter:Creating backup of /usr/share/nginx/modules/mod-http-image-filter.conf
  592. 2019-02-06 12:01:07,212:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
  593. 2019-02-06 12:01:07,213:DEBUG:certbot.reverter:Creating backup of /etc/nginx/conf.d/ssl.conf
  594. 2019-02-06 12:01:07,213:DEBUG:certbot.reverter:Creating backup of /usr/share/nginx/modules/mod-http-geoip.conf
  595. 2019-02-06 12:01:07,214:DEBUG:certbot.reverter:Creating backup of /etc/nginx/conf.d/subdomain2.example.conf
  596. 2019-02-06 12:01:07,214:DEBUG:certbot.reverter:Creating backup of /usr/share/nginx/modules/mod-http-xslt-filter.conf
  597. 2019-02-06 12:01:07,215:DEBUG:certbot.reverter:Creating backup of /usr/share/nginx/modules/mod-stream.conf
  598. 2019-02-06 12:01:07,215:DEBUG:certbot.reverter:Creating backup of /etc/nginx/conf.d/virtual.conf
  599. 2019-02-06 12:01:07,216:DEBUG:certbot.reverter:Creating backup of /usr/share/nginx/modules/mod-mail.conf
  600. 2019-02-06 12:01:07,216:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
  601. 2019-02-06 12:01:07,219:DEBUG:certbot_nginx.parser:Writing nginx conf tree to /etc/nginx/conf.d/subdomain.example.conf:
  602. upstream wrapped.example {
  603.         server 127.0.0.1:8082;
  604.         server 127.0.0.1:8083;
  605.         server 127.0.0.1:8085;
  606.         server 127.0.0.1:8086;
  607.         server 127.0.0.1:8087;
  608.         server 127.0.0.1:8088;
  609.         server 127.0.0.1:8089;
  610.         server 127.0.0.1:8090;
  611. }
  612.  
  613. server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
  614.  
  615.  
  616.     listen  subdomain.example.co.uk:80;
  617.     server_name        subdomain.example.co.uk;
  618.     return 301 https://$server_name$request_uri;
  619. location = /.well-known/acme-challenge/aqYC2ZeettBJzUNNCeXCUR-ZsVNwH09fRCJjumKVHB4{default_type text/plain;return 200 aqYC2ZeettBJzUNNCeXCUR-ZsVNwH09fRCJjumKVHB4.lpk35UZHk93QJD25xXO8QY5cp41Zlsnd7-MVW8IITy8;} # managed by Certbot
  620.  
  621. }
  622.  
  623. server {
  624.   # Allow large uploads
  625.   client_max_body_size 500M;
  626.   listen              subdomain.example.co.uk:443;
  627.  
  628.   # DO NOT EDIT BELOW HERE --------------------------------------------
  629.   ssl on;
  630.   ssl_protocols  TLSv1.2;
  631.     ssl_certificate /etc/letsencrypt/live/subdomain.example.co.uk/fullchain.pem; # managed by Certbot
  632.     ssl_certificate_key /etc/letsencrypt/live/subdomain.example.co.uk/privkey.pem; # managed by Certbot
  633.   ssl_ecdh_curve secp384r1;
  634.   ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
  635.   ssl_prefer_server_ciphers on;
  636.   ssl_dhparam /etc/nginx/ssl/dhparam.pem;
  637.   # DO NOT EDIT ABOVE HERE --------------------------------------------
  638.  
  639.   # Prevent click jacking.
  640.   add_header X-Frame-Options "SAMEORIGIN";
  641.  
  642.   # Prevent man-in-middle attacks
  643.   add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; ";
  644.  
  645.   server_name         subdomain.example.co.uk;
  646.   access_log          /var/log/nginx/wrapped.example.access.log;
  647.  
  648.   location /nginx_status {
  649.          access_log off;
  650.          allow SERVER-IP;
  651.          allow OFFICE-IP;
  652.          allow 127.0.0.1;
  653.          deny all;
  654.          stub_status on;
  655.   }
  656.  
  657.   location / {
  658.     proxy_pass http://wrapped.example;
  659.     proxy_redirect          off;
  660.     proxy_set_header        Host            $host;
  661.     proxy_set_header        X-Real-IP       $remote_addr;
  662.     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  663.     proxy_pass_request_body on;
  664.     proxy_pass_request_headers on;
  665.         proxy_connect_timeout       300;
  666.         proxy_send_timeout          300;
  667.         proxy_read_timeout          300;
  668.         send_timeout                300;
  669.     # - - - - - - - - - -
  670.     #   SERVICE STATUS
  671.  
  672.     # 'proxy_intercept_errors' needs to be turned on for Error pages to work
  673.     #proxy_intercept_errors on;
  674.     include /etc/nginx/conf.d/service/*.conf;
  675.  
  676.     # - - - - - - - - - -
  677.    }
  678.  
  679. }
  680.  
  681. 2019-02-06 12:01:07,221:DEBUG:certbot_nginx.parser:Writing nginx conf tree to /etc/nginx/nginx.conf:
  682. # For more information on configuration, see:
  683. #   * Official English Documentation: http://nginx.org/en/docs/
  684. #   * Official Russian Documentation: http://nginx.org/ru/docs/
  685.  
  686. user nginx;
  687. worker_processes auto;
  688. error_log /var/log/nginx/error.log;
  689. pid /var/run/nginx.pid;
  690.  
  691. # Load dynamic modules. See /usr/share/nginx/README.dynamic.
  692. include /usr/share/nginx/modules/*.conf;
  693.  
  694. events {
  695.     worker_connections  1024;
  696. }
  697.  
  698.  
  699. http {
  700. include /etc/letsencrypt/le_http_01_cert_challenge.conf;
  701. server_names_hash_bucket_size 128;
  702.     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
  703.                       '$status $body_bytes_sent "$http_referer" '
  704.                       '"$http_user_agent" "$http_x_forwarded_for"';
  705.  
  706.     access_log  /var/log/nginx/access.log  main;
  707.  
  708.     sendfile            on;
  709.     tcp_nopush          on;
  710.     tcp_nodelay         on;
  711.     keepalive_timeout   65;
  712.     types_hash_max_size 2048;
  713.  
  714.     include             /etc/nginx/mime.types;
  715.     default_type        application/octet-stream;
  716.  
  717.     # Load modular configuration files from the /etc/nginx/conf.d directory.
  718.     # See http://nginx.org/en/docs/ngx_core_module.html#include
  719.     # for more information.
  720.     include /etc/nginx/conf.d/*.conf;
  721. }
  722.  
  723. 2019-02-06 12:01:08,271:INFO:certbot.auth_handler:Waiting for verification...
  724. 2019-02-06 12:01:08,273:DEBUG:acme.client:JWS payload:
  725. b'{\n  "type": "http-01",\n  "resource": "challenge",\n  "keyAuthorization": "aqYC2ZeettBJzUNNCeXCUR-ZsVNwH09fRCJjumKVHB4.lpk35UZHk93QJD25xXO8QY5cp41Zlsnd7-MVW8IITy8"\n}'
  726. 2019-02-06 12:01:08,276:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/challenge/53STkvooHiUYqdo0_1cFUZgK74RYvv2Rj1C7N-y2_LQ/12304932548:
  727. {
  728.   "payload": "ewogICJ0eXBlIjogImh0dHAtMDEiLAogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJrZXlBdXRob3JpemF0aW9uIjogImFxWUMyWmVldHRCSnpVTk5DZVhDVVItWnNWTndIMDlmUkNKanVtS1ZIQjQubHBrMzVVWkhrOTNRSkQyNXhYTzhRWTVjcDQxWmxzbmQ3LU1WVzhJSVR5OCIKfQ",
  729.   "signature": "Mb8feQ4o3rb6YtJsLVrNGS8kYz8bJiLsfvSs7GM2j4rJKyOWtNXnWJX2VVSKnUfd1LrISACe1VoGqRBmxV5HJSkGygbrl981r02Y6D_evREJ2Lx-zU_Ocv_LpP3LMxqpSE_m3boeD-cUt9OcIrXtMRg_JJOVnWYB8tu5SKrza4Z2cLfI0Rc3RgcUysaZ4f-L1M-GzyIJ-XYWuxUfrwjlo85_BHM06EZeKbBnLfiKv-HrNEqCBZc4xRUt31mVtVnJh-NyY9oPt_Hg_cL7luu0-tzSbDXZxxq7YbCK9cDz4rEL_wH4z4bwBgBk8Nl9oDnwWInSvEQKV03ZDcUm0ipN0Q",
  730.   "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzkzNTE0NzMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsZW5nZS81M1NUa3Zvb0hpVVlxZG8wXzFjRlVaZ0s3NFJZdnYyUmoxQzdOLXkyX0xRLzEyMzA0OTMyNTQ4IiwgIm5vbmNlIjogImhJbkdSaENCanFkWnVNNG1HSDE2emtVeFh2YzBhQzlKMWJ2TVNpQXhSZlkifQ"
  731. }
  732. 2019-02-06 12:01:08,588:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/challenge/53STkvooHiUYqdo0_1cFUZgK74RYvv2Rj1C7N-y2_LQ/12304932548 HTTP/1.1" 200 224
  733. 2019-02-06 12:01:08,590:DEBUG:acme.client:Received response:
  734. HTTP 200
  735. Server: nginx
  736. Content-Type: application/json
  737. Content-Length: 224
  738. Boulder-Requester: 39351473
  739. Link: <https://acme-v02.api.letsencrypt.org/acme/authz/53STkvooHiUYqdo0_1cFUZgK74RYvv2Rj1C7N-y2_LQ>;rel="up"
  740. Location: https://acme-v02.api.letsencrypt.org/acme/challenge/53STkvooHiUYqdo0_1cFUZgK74RYvv2Rj1C7N-y2_LQ/12304932548
  741. Replay-Nonce: 7xDsgp7biPIWCJeY3PHI-lYU-2j84NrMgiUnRhoaqx4
  742. X-Frame-Options: DENY
  743. Strict-Transport-Security: max-age=604800
  744. Expires: Wed, 06 Feb 2019 12:01:08 GMT
  745. Cache-Control: max-age=0, no-cache, no-store
  746. Pragma: no-cache
  747. Date: Wed, 06 Feb 2019 12:01:08 GMT
  748. Connection: keep-alive
  749.  
  750. {
  751.   "type": "http-01",
  752.   "status": "pending",
  753.   "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/53STkvooHiUYqdo0_1cFUZgK74RYvv2Rj1C7N-y2_LQ/12304932548",
  754.   "token": "aqYC2ZeettBJzUNNCeXCUR-ZsVNwH09fRCJjumKVHB4"
  755. }
  756. 2019-02-06 12:01:08,591:DEBUG:acme.client:Storing nonce: 7xDsgp7biPIWCJeY3PHI-lYU-2j84NrMgiUnRhoaqx4
  757. 2019-02-06 12:01:11,595:DEBUG:acme.client:JWS payload:
  758. b''
  759. 2019-02-06 12:01:11,597:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/53STkvooHiUYqdo0_1cFUZgK74RYvv2Rj1C7N-y2_LQ:
  760. {
  761.   "payload": "",
  762.   "signature": "wnyTCmDoRRGWR3ObQ4hf95KT2q3n0H6huQqxNJPCPzbW2M-VcDJvm69JgOkzmpRhFPv3ZBbO_TG-ruKEmKdySmfZ-51sfBdCN6dIN_D-676gQB5dqndHNAcMFoyi9cJl_X-76za9_eGnP0OJO-loIistNxeD3BaPmlPf0LUdeQidcIzVwXz6na_JQRNu_CPR7I6CuLO3Tz3PoA7E8sADDJja5QiFdGXkQUqaNIbNYnTxV1cLxOe8tppxotb08703AOap2RRyLGeDqB85Jv74IWNcc2os0u8Zxae0B1YxB6zTQ5n_2MJXhpAsRv0pB5Yl9B8pU1ONGd53grR7PBdXBw",
  763.   "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzkzNTE0NzMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzUzU1Rrdm9vSGlVWXFkbzBfMWNGVVpnSzc0Ull2djJSajFDN04teTJfTFEiLCAibm9uY2UiOiAiN3hEc2dwN2JpUElXQ0plWTNQSEktbFlVLTJqODROck1naVVuUmhvYXF4NCJ9"
  764. }
  765. 2019-02-06 12:01:11,938:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/53STkvooHiUYqdo0_1cFUZgK74RYvv2Rj1C7N-y2_LQ HTTP/1.1" 200 2346
  766. 2019-02-06 12:01:11,939:DEBUG:acme.client:Received response:
  767. HTTP 200
  768. Server: nginx
  769. Content-Type: application/json
  770. Boulder-Requester: 39351473
  771. Replay-Nonce: lMAJMEdpsIinxhdSnIyaIFnqune2QJEUk_05VYTmLq4
  772. X-Frame-Options: DENY
  773. Strict-Transport-Security: max-age=604800
  774. Content-Length: 2346
  775. Expires: Wed, 06 Feb 2019 12:01:11 GMT
  776. Cache-Control: max-age=0, no-cache, no-store
  777. Pragma: no-cache
  778. Date: Wed, 06 Feb 2019 12:01:11 GMT
  779. Connection: keep-alive
  780.  
  781. {
  782.   "identifier": {
  783.     "type": "dns",
  784.     "value": "subdomain.example.co.uk"
  785.   },
  786.   "status": "invalid",
  787.   "expires": "2019-02-13T12:01:06Z",
  788.   "challenges": [
  789.     {
  790.       "type": "dns-01",
  791.       "status": "invalid",
  792.       "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/53STkvooHiUYqdo0_1cFUZgK74RYvv2Rj1C7N-y2_LQ/12304932546",
  793.       "token": "c-ShWqBZPXzmIZQTuuliYBkPsH7pyMvKFeBorcfkhxk"
  794.     },
  795.     {
  796.       "type": "tls-sni-01",
  797.       "status": "invalid",
  798.       "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/53STkvooHiUYqdo0_1cFUZgK74RYvv2Rj1C7N-y2_LQ/12304932547",
  799.       "token": "DoW_DiAod6JfJHpF6dnx7ZS_rgXgnIpapgvoKjhuoro"
  800.     },
  801.     {
  802.       "type": "http-01",
  803.       "status": "invalid",
  804.       "error": {
  805.         "type": "urn:ietf:params:acme:error:unauthorized",
  806.         "detail": "Invalid response from http://subdomain.example.co.uk/.well-known/acme-challenge/aqYC2ZeettBJzUNNCeXCUR-ZsVNwH09fRCJjumKVHB4: \"  \u003ch2\u003eSite Error\u003c/h2\u003e\\n  \u003cp\u003eAn error was encountered while publishing this resource.\\n  \u003c/p\u003e\\n  \u003cp\u003e\u003cstrong\u003eResource not found\u003c/stro\"",
  807.         "status": 403
  808.       },
  809.       "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/53STkvooHiUYqdo0_1cFUZgK74RYvv2Rj1C7N-y2_LQ/12304932548",
  810.       "token": "aqYC2ZeettBJzUNNCeXCUR-ZsVNwH09fRCJjumKVHB4",
  811.       "validationRecord": [
  812.         {
  813.           "url": "http://subdomain.example.co.uk/.well-known/acme-challenge/aqYC2ZeettBJzUNNCeXCUR-ZsVNwH09fRCJjumKVHB4",
  814.           "hostname": "subdomain.example.co.uk",
  815.           "port": "80",
  816.           "addressesResolved": [
  817.             "SERVER-IP"
  818.           ],
  819.           "addressUsed": "SERVER-IP"
  820.         },
  821.         {
  822.           "url": "https://subdomain.example.co.uk/.well-known/acme-challenge/aqYC2ZeettBJzUNNCeXCUR-ZsVNwH09fRCJjumKVHB4",
  823.           "hostname": "subdomain.example.co.uk",
  824.           "port": "443",
  825.           "addressesResolved": [
  826.             "SERVER-IP"
  827.           ],
  828.           "addressUsed": "SERVER-IP"
  829.         }
  830.       ]
  831.     },
  832.     {
  833.       "type": "tls-alpn-01",
  834.       "status": "invalid",
  835.       "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/53STkvooHiUYqdo0_1cFUZgK74RYvv2Rj1C7N-y2_LQ/12304932549",
  836.       "token": "BI19fy6pwGoF7j0ArLSK-o5skBUyKVgxnqoUCgrgaUw"
  837.     }
  838.   ]
  839. }
  840. 2019-02-06 12:01:11,940:DEBUG:acme.client:Storing nonce: lMAJMEdpsIinxhdSnIyaIFnqune2QJEUk_05VYTmLq4
  841. 2019-02-06 12:01:11,941:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
  842.  
  843. Domain: subdomain.example.co.uk
  844. Type:   unauthorized
  845. Detail: Invalid response from http://subdomain.example.co.uk/.well-known/acme-challenge/aqYC2ZeettBJzUNNCeXCUR-ZsVNwH09fRCJjumKVHB4: "  <h2>Site Error</h2>\n  <p>An error was encountered while publishing this resource.\n  </p>\n  <p><strong>Resource not found</stro"
  846.  
  847. To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
  848. 2019-02-06 12:01:11,942:DEBUG:certbot.error_handler:Encountered exception:
  849. Traceback (most recent call last):
  850.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py", line 82, in handle_authorizations
  851.     self._respond(aauthzrs, resp, best_effort)
  852.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py", line 161, in _respond
  853.     self._poll_challenges(aauthzrs, chall_update, best_effort)
  854.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py", line 232, in _poll_challenges
  855.     raise errors.FailedChallenges(all_failed_achalls)
  856. certbot.errors.FailedChallenges: Failed authorization procedure. subdomain.example.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://subdomain.example.co.uk/.well-known/acme-challenge/aqYC2ZeettBJzUNNCeXCUR-ZsVNwH09fRCJjumKVHB4: "  <h2>Site Error</h2>\n  <p>An error was encountered while publishing this resource.\n  </p>\n  <p><strong>Resource not found</stro"
  857.  
  858. 2019-02-06 12:01:11,942:DEBUG:certbot.error_handler:Calling registered functions
  859. 2019-02-06 12:01:11,942:INFO:certbot.auth_handler:Cleaning up challenges
  860. 2019-02-06 12:01:13,325:WARNING:certbot.renewal:Attempting to renew cert (subdomain.example.co.uk) from /etc/letsencrypt/renewal/subdomain.example.co.uk.conf produced an unexpected error: Failed authorization procedure. subdomain.example.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://subdomain.example.co.uk/.well-known/acme-challenge/aqYC2ZeettBJzUNNCeXCUR-ZsVNwH09fRCJjumKVHB4: "  <h2>Site Error</h2>\n  <p>An error was encountered while publishing this resource.\n  </p>\n  <p><strong>Resource not found</stro". Skipping.
  861. 2019-02-06 12:01:13,326:DEBUG:certbot.renewal:Traceback was:
  862. Traceback (most recent call last):
  863.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/renewal.py", line 452, in handle_renewal_request
  864.     main.renew_cert(lineage_config, plugins, renewal_candidate)
  865.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/main.py", line 1192, in renew_cert
  866.     renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  867.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/main.py", line 116, in _get_and_save_cert
  868.     renewal.renew_cert(config, domains, le_client, lineage)
  869.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/renewal.py", line 310, in renew_cert
  870.     new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  871.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/client.py", line 353, in obtain_certificate
  872.     orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  873.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/client.py", line 389, in _get_order_and_authorizations
  874.     authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  875.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py", line 82, in handle_authorizations
  876.     self._respond(aauthzrs, resp, best_effort)
  877.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py", line 161, in _respond
  878.     self._poll_challenges(aauthzrs, chall_update, best_effort)
  879.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py", line 232, in _poll_challenges
  880.     raise errors.FailedChallenges(all_failed_achalls)
  881. certbot.errors.FailedChallenges: Failed authorization procedure. subdomain.example.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://subdomain.example.co.uk/.well-known/acme-challenge/aqYC2ZeettBJzUNNCeXCUR-ZsVNwH09fRCJjumKVHB4: "  <h2>Site Error</h2>\n  <p>An error was encountered while publishing this resource.\n  </p>\n  <p><strong>Resource not found</stro"
  882.  
  883. 2019-02-06 12:01:13,327:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
  884. 2019-02-06 12:01:13,327:ERROR:certbot.renewal:  /etc/letsencrypt/live/example.co.uk/fullchain.pem (failure)
  885.   /etc/letsencrypt/live/subdomain.example.co.uk/fullchain.pem (failure)
  886. 2019-02-06 12:01:13,327:INFO:certbot.hooks:Running post-hook command: /sbin/service nginx start
  887. 2019-02-06 12:01:13,392:DEBUG:certbot.log:Exiting abnormally:
  888. Traceback (most recent call last):
  889.   File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in <module>
  890.     load_entry_point('letsencrypt==0.7.0', 'console_scripts', 'letsencrypt')()
  891.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/main.py", line 1364, in main
  892.     return config.func(config, plugins)
  893.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/main.py", line 1271, in renew
  894.     renewal.handle_renewal_request(config)
  895.   File "/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/renewal.py", line 477, in handle_renewal_request
  896.     len(renew_failures), len(parse_failures)))
  897. certbot.errors.Error: 2 renew failure(s), 0 parse failure(s)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!