SHARE
TWEET

certbot with split root domain blocks: http tls

a guest Sep 25th, 2019 5 in 345 days
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # certbot renew --dry-run --debug-challenges -v --cert-name friendsofvalledeoro.org
  2. Root logging level set at 10
  3. Saving debug log to /var/log/letsencrypt/letsencrypt.log
  4.  
  5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  6. Processing /etc/letsencrypt/renewal/friendsofvalledeoro.org.conf
  7. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  8. Requested authenticator <certbot.cli._Default object at 0x7f97e11596d8> and installer <certbot.cli._Default object at 0x7f97e11596d8>
  9. Var dry_run=True (set by user).
  10. Var server={'dry_run', 'staging'} (set by user).
  11. Var dry_run=True (set by user).
  12. Var server={'dry_run', 'staging'} (set by user).
  13. Var account={'server'} (set by user).
  14. Should renew, less than 30 days before certificate expiry 2019-10-13 01:44:04 UTC.
  15. Cert is due for renewal, auto-renewing...
  16. Requested authenticator nginx and installer nginx
  17. Single candidate plugin: * nginx
  18. Description: Nginx Web Server plugin
  19. Interfaces: IAuthenticator, IInstaller, IPlugin
  20. Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
  21. Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f97e115dc18>
  22. Prep: True
  23. Single candidate plugin: * nginx
  24. Description: Nginx Web Server plugin
  25. Interfaces: IAuthenticator, IInstaller, IPlugin
  26. Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
  27. Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f97e115dc18>
  28. Prep: True
  29. Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7f97e115dc18> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7f97e115dc18>
  30. Plugins selected: Authenticator nginx, Installer nginx
  31. Picked account: <Account(RegistrationResource(uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/6184802', body=Registration(agreement=None, key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f97e102f278>)>), status='valid', terms_of_service_agreed=None, contact=(), only_return_existing=None, external_account_binding=None), terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf', new_authzr_uri=None), f23b850d89b5271a151a3e0f986c5b36, Meta(creation_host='ubuntu-1gb-sfo2-01', creation_dt=datetime.datetime(2018, 5, 30, 21, 54, 11, tzinfo=<UTC>)))>
  32. Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
  33. Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
  34. https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 724
  35. Received response:
  36. HTTP 200
  37. Server: nginx
  38. Date: Wed, 25 Sep 2019 23:04:27 GMT
  39. Content-Type: application/json
  40. Content-Length: 724
  41. Connection: keep-alive
  42. Cache-Control: public, max-age=0, no-cache
  43. X-Frame-Options: DENY
  44. Strict-Transport-Security: max-age=604800
  45.  
  46. {
  47.   "BaN4vLggZfk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  48.   "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  49.   "meta": {
  50.     "caaIdentities": [
  51.       "letsencrypt.org"
  52.     ],
  53.     "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
  54.     "website": "https://letsencrypt.org/docs/staging-environment/"
  55.   },
  56.   "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  57.   "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  58.   "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  59.   "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
  60. }
  61. Renewing an existing certificate
  62. Requesting fresh nonce
  63. Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
  64. https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
  65. Received response:
  66. HTTP 200
  67. Server: nginx
  68. Date: Wed, 25 Sep 2019 23:04:28 GMT
  69. Connection: keep-alive
  70. Cache-Control: public, max-age=0, no-cache
  71. Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
  72. Replay-Nonce: 0001vnbGEcejtYKAi1aZaat2bvAqwHgNvukNPhvoRLRWzVs
  73. X-Frame-Options: DENY
  74. Strict-Transport-Security: max-age=604800
  75.  
  76.  
  77. Storing nonce: 0001vnbGEcejtYKAi1aZaat2bvAqwHgNvukNPhvoRLRWzVs
  78. JWS payload:
  79. b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "friendsofvalledeoro.org"\n    }\n  ]\n}'
  80. Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
  81. {
  82.   "signature": "cqNurkNNfzhgEE7ZVezSCu10yVNxEOzB-68P9Jwh1aA0A-ItXPaL17SWHJyI_DLFyywMRo1VRC56khe2lJSrGPdfgm3s5fa2X9hD4_DKYWrKV6gJdR18oCxjArr_ULfDbCtykc1VwFVkhGBvE7sw1y8ap1tGcr5LGMFr-DudCB_S-bsz_FXlM7-RAaEy1yU731suYfXO9nHKLY1ApPrKJiJO3wYSsU9GQORfmjzakhbxAwOKldD-ChPzxQigP8FGxfiAVu0T0bJ-V3xJ3Kdvso717Z6CvSC8thKNL9tkv53ZZN_Ae9B_nW0OygfhJA_SByPhaGQtrQcJU8-oS_a9Rw",
  83.   "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImZyaWVuZHNvZnZhbGxlZGVvcm8ub3JnIgogICAgfQogIF0KfQ",
  84.   "protected": "eyJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzYxODQ4MDIiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIjAwMDF2bmJHRWNlanRZS0FpMWFaYWF0MmJ2QXF3SGdOdnVrTlBodm9STFJXelZzIiwgImFsZyI6ICJSUzI1NiJ9"
  85. }
  86. https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 364
  87. Received response:
  88. HTTP 201
  89. Server: nginx
  90. Date: Wed, 25 Sep 2019 23:04:28 GMT
  91. Content-Type: application/json
  92. Content-Length: 364
  93. Connection: keep-alive
  94. Boulder-Requester: 6184802
  95. Cache-Control: public, max-age=0, no-cache
  96. Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
  97. Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/6184802/52233679
  98. Replay-Nonce: 0002pzz5NCC_714cHTcALuTL_H8T0YgcripqG1GmJMoZbWY
  99. X-Frame-Options: DENY
  100. Strict-Transport-Security: max-age=604800
  101.  
  102. {
  103.   "status": "pending",
  104.   "expires": "2019-10-02T23:04:28.168910139Z",
  105.   "identifiers": [
  106.     {
  107.       "type": "dns",
  108.       "value": "friendsofvalledeoro.org"
  109.     }
  110.   ],
  111.   "authorizations": [
  112.     "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10445629"
  113.   ],
  114.   "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/6184802/52233679"
  115. }
  116. Storing nonce: 0002pzz5NCC_714cHTcALuTL_H8T0YgcripqG1GmJMoZbWY
  117. JWS payload:
  118. b''
  119. Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10445629:
  120. {
  121.   "signature": "n5aAX2hJnAeUKfb0y0Fb6wLvBHf-17A01Ew9jkm19bydcLaujdR24np0aF24tVIfhzFTzmIe4DYfJEsCNC6dio2ozNmb4s0Rq71yEGkTFwjk3FKZlfaKwDwmqmi8bScw3GTUApOykag-mnx6FGJ2Wr8oq5HAdnBqczbrp8ZSyKBl-rAJ_QDeh7SFQ7QTxLg9EGGAtudH7YYSTOA1VPWzV8DV5gZ8DEtQuYX8i4-R3bm_p5SGWJ2zQ8KNY7akJ2_eskfofGZ3B3AQ1t4xetbdtebvUo56TxCpTp_Rlbw24u9fMECqo5dYYo1689AkpRbchfQbuyM1T6pjNHeiDC-YKg",
  122.   "payload": "",
  123.   "protected": "eyJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzYxODQ4MDIiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTA0NDU2MjkiLCAibm9uY2UiOiAiMDAwMnB6ejVOQ0NfNzE0Y0hUY0FMdVRMX0g4VDBZZ2NyaXBxRzFHbUpNb1piV1kiLCAiYWxnIjogIlJTMjU2In0"
  124. }
  125. https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/10445629 HTTP/1.1" 200 819
  126. Received response:
  127. HTTP 200
  128. Server: nginx
  129. Date: Wed, 25 Sep 2019 23:04:28 GMT
  130. Content-Type: application/json
  131. Content-Length: 819
  132. Connection: keep-alive
  133. Boulder-Requester: 6184802
  134. Cache-Control: public, max-age=0, no-cache
  135. Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
  136. Replay-Nonce: 0001YjU2PwCmqfiDJnPRJeJbow2iuqm8GYfal-ZNWI-egXo
  137. X-Frame-Options: DENY
  138. Strict-Transport-Security: max-age=604800
  139.  
  140. {
  141.   "identifier": {
  142.     "type": "dns",
  143.     "value": "friendsofvalledeoro.org"
  144.   },
  145.   "status": "pending",
  146.   "expires": "2019-10-02T23:04:28Z",
  147.   "challenges": [
  148.     {
  149.       "type": "http-01",
  150.       "status": "pending",
  151.       "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/10445629/cmjUog",
  152.       "token": "3nDFtxsXkac5th8PGfoj9WljTwk9ZJWlY3TjRR1qQfk"
  153.     },
  154.     {
  155.       "type": "dns-01",
  156.       "status": "pending",
  157.       "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/10445629/aAuKOQ",
  158.       "token": "3nDFtxsXkac5th8PGfoj9WljTwk9ZJWlY3TjRR1qQfk"
  159.     },
  160.     {
  161.       "type": "tls-alpn-01",
  162.       "status": "pending",
  163.       "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/10445629/WdgdXQ",
  164.       "token": "3nDFtxsXkac5th8PGfoj9WljTwk9ZJWlY3TjRR1qQfk"
  165.     }
  166.   ]
  167. }
  168. Storing nonce: 0001YjU2PwCmqfiDJnPRJeJbow2iuqm8GYfal-ZNWI-egXo
  169. Performing the following challenges:
  170. http-01 challenge for friendsofvalledeoro.org
  171. Generated server block:
  172. []
  173. Creating backup of /etc/nginx/conf.d/fileupload.conf
  174. Creating backup of /etc/nginx/nginx.conf
  175. Creating backup of /etc/nginx/sites-enabled/macsnm
  176. Creating backup of /etc/nginx/sites-enabled/friendsofvalledeoro
  177. Creating backup of /etc/nginx/sites-enabled/atwoodmalone
  178. Creating backup of /etc/nginx/sites-enabled/swipsnm-com
  179. Creating backup of /etc/nginx/conf.d/fbclid.conf
  180. Creating backup of /etc/nginx/sites-enabled/blackmesacoffeeco-com
  181. Creating backup of /etc/nginx/conf.d/tls.conf
  182. Creating backup of /etc/nginx/sites-enabled/ebnm
  183. Creating backup of /etc/nginx/sites-enabled/mcclearyrichter-freund
  184. Creating backup of /etc/nginx/sites-enabled/bacahoward-com
  185. Creating backup of /etc/nginx/sites-enabled/nmms-msmem
  186. Creating backup of /etc/nginx/sites-enabled/secure-demo
  187. Creating backup of /etc/nginx/sites-enabled/form-cove
  188. Creating backup of /etc/nginx/sites-enabled/abqsane
  189. Creating backup of /etc/nginx/sites-enabled/iteamnm-com
  190. Creating backup of /etc/nginx/sites-enabled/nmautismsociety-org
  191. Creating backup of /etc/nginx/sites-enabled/friendsofvalledeoro-store
  192. Creating backup of /etc/nginx/sites-enabled/natalie-and-matt-get-married-com
  193. Creating backup of /etc/nginx/sites-enabled/otapnm-com
  194. Creating backup of /etc/nginx/sites-enabled/metalcrafters-abq
  195. Creating backup of /etc/nginx/sites-enabled/heavyhog
  196. Creating backup of /etc/nginx/mime.types
  197. Creating backup of /etc/nginx/sites-enabled/ecinm
  198. Creating backup of /etc/nginx/sites-enabled/droplet-sf02-01
  199. Creating backup of /etc/nginx/sites-enabled/simonsfirm-com
  200. Creating backup of /etc/nginx/conf.d/default.conf
  201. Creating backup of /etc/nginx/sites-enabled/franklinsearthmoving-com
  202. Writing nginx conf tree to /etc/nginx/nginx.conf:
  203.  
  204. user  nginx;
  205. worker_processes  1;
  206.  
  207. error_log  /var/log/nginx/error.log warn;
  208. pid        /var/run/nginx.pid;
  209.  
  210.  
  211. events {
  212.     worker_connections  1024;
  213. }
  214.  
  215.  
  216. http {
  217. include /etc/letsencrypt/le_http_01_cert_challenge.conf;
  218. server_names_hash_bucket_size 128;
  219.     include       /etc/nginx/mime.types;
  220.     default_type  application/octet-stream;
  221.  
  222.     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
  223.                       '$status $body_bytes_sent "$http_referer" '
  224.                       '"$http_user_agent" "$http_x_forwarded_for"';
  225.  
  226.     access_log  /var/log/nginx/access.log  main;
  227.  
  228.     sendfile        on;
  229.     tcp_nopush     on;
  230.     tcp_nodelay on;
  231.     types_hash_max_size 2048;
  232.     server_tokens off;
  233.  
  234.     keepalive_timeout  65;
  235.  
  236.     #gzip  on;
  237.  
  238.     include /etc/nginx/conf.d/*.conf;
  239.     include /etc/nginx/sites-enabled/*;
  240.  
  241. }
  242.  
  243. Writing nginx conf tree to /etc/nginx/sites-enabled/friendsofvalledeoro:
  244. server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
  245.  
  246.  
  247. #    listen 443 ssl http2;
  248.     listen 80;
  249.     server_name friendsofvalledeoro.org;
  250.  
  251.     access_log  /var/log/nginx/friendsofvalledeoro.access.log  main;
  252.  
  253.     root /var/sftp/friendsofvalledeoro/friendsofvalledeoro;
  254.     index index.php index.html index.htm index.nginx-debian.html;
  255.  
  256.     # if redirect map is active, do 301 to the new url
  257. #    if ( $redirect_fbclid ) {
  258. #      return 301 $redirect_fbclid;
  259. #    }
  260.  
  261.  
  262.  
  263.     location / {
  264.         try_files $uri $uri/ /index.php?$args;
  265.     }
  266.  
  267.     #error_page  404              /404.html;
  268.  
  269.  
  270.     # redirect server error pages to the static page /50x.html
  271.     #
  272.     error_page   500 502 503 504  /50x.html;
  273.     location = /50x.html {
  274.         root   /usr/share/nginx/html;
  275.     }
  276.  
  277.     location ~ \.php$ {
  278.         include /etc/nginx/fastcgi.conf;
  279.         fastcgi_pass unix:/run/php/php7.0-fpm-friendsofvalledeoro.sock;
  280.     }
  281.  
  282.     location ~ /\.ht {
  283.         deny all;
  284.     }
  285.  
  286.     location = /favicon.ico {
  287.         log_not_found off;
  288.         access_log off;
  289.      }
  290.  
  291.     location = /robots.txt {
  292.         log_not_found off;
  293.         access_log off;
  294.         allow all;
  295.      }
  296.  
  297.     location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
  298.         expires max;
  299.         log_not_found off;
  300.      }
  301.  
  302.  
  303.     # no subdomains HSTS
  304.     #add_header Strict-Transport-Security "max-age=63072000; preload" always;
  305.  
  306.  
  307.     ssl_certificate /etc/letsencrypt/live/friendsofvalledeoro.org/fullchain.pem; # managed by Certbot
  308.     ssl_certificate_key /etc/letsencrypt/live/friendsofvalledeoro.org/privkey.pem; # managed by Certbot
  309. location = /.well-known/acme-challenge/3nDFtxsXkac5th8PGfoj9WljTwk9ZJWlY3TjRR1qQfk{default_type text/plain;return 200 3nDFtxsXkac5th8PGfoj9WljTwk9ZJWlY3TjRR1qQfk._aXkCzYdljdO7X_7roI7VYRyLzZt0m0gOCyeHx0aQAo;} # managed by Certbot
  310.  
  311. }
  312.  
  313.  
  314. #server{
  315. #    listen       80;
  316. #    listen       443 ssl http2;
  317. #    server_name www.friendsofvalledeoro.org;
  318. #    return 301 $scheme://friendsofvalledeoro.org$request_uri;
  319. #    ssl_certificate /etc/letsencrypt/live/www.friendsofvalledeoro.org/fullchain.pem; # managed by Certbot
  320. #    ssl_certificate_key /etc/letsencrypt/live/www.friendsofvalledeoro.org/privkey.pem; # managed by Certbot
  321. #}
  322.  
  323. server{
  324.     listen 443 ssl http2;
  325.     server_name friendsofvalledeoro.org;
  326. }
  327.  
  328. Waiting for verification...
  329.  
  330. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  331. Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about
  332. challenges.
  333. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  334. JWS payload:
  335. b'{\n  "keyAuthorization": "3nDFtxsXkac5th8PGfoj9WljTwk9ZJWlY3TjRR1qQfk._aXkCzYdljdO7X_7roI7VYRyLzZt0m0gOCyeHx0aQAo",\n  "type": "http-01",\n  "resource": "challenge"\n}'
  336. Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/10445629/cmjUog:
  337. {
  338.   "signature": "nsnCPeI9xBj8gXLSmEkrJKRsWePJ1ng_put6N-2o-ahLPUR__Z5t9Iu6Puna00ZgqG7Mx8Za_RsRk85WH1YlZdgcEOxxh5MSTl8lYEY8zI08TMQDmxgYt_IKe5MwuRG0zUoVDd5NgJ6DUl9uU050HZg_FDKVfSh0ubUmMLjtSB92qrO7za0Qri73tp3ge-M1fa1sMfbIac6oBpwaP_lyW2P_6eW_emYI37XjoEBsG2ovT4kGIzKmXopDY9HJ2xWcdtJVsBM3mDpQEtzC08at3dJHi6je035ZSBtoSjo478BAWb2eLvrngL_RWfOyRn8Rew7QD3hRC1jUn_6WP6s-uw",
  339.   "payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIjNuREZ0eHNYa2FjNXRoOFBHZm9qOVdsalR3azlaSldsWTNUalJSMXFRZmsuX2FYa0N6WWRsamRPN1hfN3JvSTdWWVJ5THpadDBtMGdPQ3llSHgwYVFBbyIsCiAgInR5cGUiOiAiaHR0cC0wMSIsCiAgInJlc291cmNlIjogImNoYWxsZW5nZSIKfQ",
  340.   "protected": "eyJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzYxODQ4MDIiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTA0NDU2MjkvY21qVW9nIiwgIm5vbmNlIjogIjAwMDFZalUyUHdDbXFmaURKblBSSmVKYm93Mml1cW04R1lmYWwtWk5XSS1lZ1hvIiwgImFsZyI6ICJSUzI1NiJ9"
  341. }
  342. https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/10445629/cmjUog HTTP/1.1" 200 191
  343. Received response:
  344. HTTP 200
  345. Server: nginx
  346. Date: Wed, 25 Sep 2019 23:04:29 GMT
  347. Content-Type: application/json
  348. Content-Length: 191
  349. Connection: keep-alive
  350. Boulder-Requester: 6184802
  351. Cache-Control: public, max-age=0, no-cache
  352. Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10445629>;rel="up"
  353. Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/10445629/cmjUog
  354. Replay-Nonce: 0001L0sT9mGU0V8dJ2tWc9-Xvclih6KO_Pdu7WQ-7Xa_Mek
  355. X-Frame-Options: DENY
  356. Strict-Transport-Security: max-age=604800
  357.  
  358. {
  359.   "type": "http-01",
  360.   "status": "pending",
  361.   "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/10445629/cmjUog",
  362.   "token": "3nDFtxsXkac5th8PGfoj9WljTwk9ZJWlY3TjRR1qQfk"
  363. }
  364. Storing nonce: 0001L0sT9mGU0V8dJ2tWc9-Xvclih6KO_Pdu7WQ-7Xa_Mek
  365. JWS payload:
  366. b''
  367. Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10445629:
  368. {
  369.   "signature": "oE3Dc9RpgzCZtmETINcMeAcPhXui32HjBuIPkzDFtukLCkpaTushw8fnQ6D3-SYcHELaGAnho3EdA7wSSARkDhlkEPJ5Jsv-ztadU3qWLYEvD4EnyBfH27DFTi7zxodZmYMo0bcwLHUpk6B09l8axZfMYJ_jA-o0QSDsiPVHSwlpdX4_KbkYVlDGKa8hx_mTzU_AMOs9zEF9nqjasUXQoaQ4DMpEnd_TsogAHLFersiOCz0lURNAZHuFVwIGA5-NTR3Sy4q2XDIncq6VxRk9Mlj6BDxQSYOOLZ2-yOOEZuvxcFgSKalagElgw3KdY22X_hrOYNZsJKXLddZAkXLyqw",
  370.   "payload": "",
  371.   "protected": "eyJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzYxODQ4MDIiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTA0NDU2MjkiLCAibm9uY2UiOiAiMDAwMUwwc1Q5bUdVMFY4ZEoydFdjOS1YdmNsaWg2S09fUGR1N1dRLTdYYV9NZWsiLCAiYWxnIjogIlJTMjU2In0"
  372. }
  373. https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/10445629 HTTP/1.1" 200 None
  374. Received response:
  375. HTTP 200
  376. Server: nginx
  377. Date: Wed, 25 Sep 2019 23:04:32 GMT
  378. Content-Type: application/json
  379. Transfer-Encoding: chunked
  380. Connection: keep-alive
  381. Boulder-Requester: 6184802
  382. Cache-Control: public, max-age=0, no-cache
  383. Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
  384. Replay-Nonce: 00010hs00ok8qyggfomiklI3heg52LIujDX6r42xMpL1q-8
  385. X-Frame-Options: DENY
  386. Strict-Transport-Security: max-age=604800
  387.  
  388. {
  389.   "identifier": {
  390.     "type": "dns",
  391.     "value": "friendsofvalledeoro.org"
  392.   },
  393.   "status": "invalid",
  394.   "expires": "2019-10-02T23:04:28Z",
  395.   "challenges": [
  396.     {
  397.       "type": "http-01",
  398.       "status": "invalid",
  399.       "error": {
  400.         "type": "urn:ietf:params:acme:error:unauthorized",
  401.         "detail": "Invalid response from https://friendsofvalledeoro.org/.well-known/acme-challenge/3nDFtxsXkac5th8PGfoj9WljTwk9ZJWlY3TjRR1qQfk [138.197.233.49]: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e403 Forbidden\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e403 Forbidden\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003enginx\u003c/center\u003e\\r\\n\"",
  402.         "status": 403
  403.       },
  404.       "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/10445629/cmjUog",
  405.       "token": "3nDFtxsXkac5th8PGfoj9WljTwk9ZJWlY3TjRR1qQfk",
  406.       "validationRecord": [
  407.         {
  408.           "url": "http://friendsofvalledeoro.org/.well-known/acme-challenge/3nDFtxsXkac5th8PGfoj9WljTwk9ZJWlY3TjRR1qQfk",
  409.           "hostname": "friendsofvalledeoro.org",
  410.           "port": "80",
  411.           "addressesResolved": [
  412.             "138.197.233.49"
  413.           ],
  414.           "addressUsed": "138.197.233.49"
  415.         },
  416.         {
  417.           "url": "https://friendsofvalledeoro.org/.well-known/acme-challenge/3nDFtxsXkac5th8PGfoj9WljTwk9ZJWlY3TjRR1qQfk",
  418.           "hostname": "friendsofvalledeoro.org",
  419.           "port": "443",
  420.           "addressesResolved": [
  421.             "138.197.233.49"
  422.           ],
  423.           "addressUsed": "138.197.233.49"
  424.         }
  425.       ]
  426.     },
  427.     {
  428.       "type": "dns-01",
  429.       "status": "invalid",
  430.       "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/10445629/aAuKOQ",
  431.       "token": "3nDFtxsXkac5th8PGfoj9WljTwk9ZJWlY3TjRR1qQfk"
  432.     },
  433.     {
  434.       "type": "tls-alpn-01",
  435.       "status": "invalid",
  436.       "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/10445629/WdgdXQ",
  437.       "token": "3nDFtxsXkac5th8PGfoj9WljTwk9ZJWlY3TjRR1qQfk"
  438.     }
  439.   ]
  440. }
  441. Storing nonce: 00010hs00ok8qyggfomiklI3heg52LIujDX6r42xMpL1q-8
  442. Reporting to user: The following errors were reported by the server:
  443.  
  444. Domain: friendsofvalledeoro.org
  445. Type:   unauthorized
  446. Detail: Invalid response from https://friendsofvalledeoro.org/.well-known/acme-challenge/3nDFtxsXkac5th8PGfoj9WljTwk9ZJWlY3TjRR1qQfk [138.197.233.49]: "<html>\r\n<head><title>403 Forbidden</title></head>\r\n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n"
  447.  
  448. To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
  449. Encountered exception:
  450. Traceback (most recent call last):
  451.   File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
  452.     self._respond(aauthzrs, resp, best_effort)
  453.   File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
  454.     self._poll_challenges(aauthzrs, chall_update, best_effort)
  455.   File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
  456.     raise errors.FailedChallenges(all_failed_achalls)
  457. certbot.errors.FailedChallenges: Failed authorization procedure. friendsofvalledeoro.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://friendsofvalledeoro.org/.well-known/acme-challenge/3nDFtxsXkac5th8PGfoj9WljTwk9ZJWlY3TjRR1qQfk [138.197.233.49]: "<html>\r\n<head><title>403 Forbidden</title></head>\r\n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n"
  458.  
  459. Calling registered functions
  460. Cleaning up challenges
  461. Attempting to renew cert (friendsofvalledeoro.org) from /etc/letsencrypt/renewal/friendsofvalledeoro.org.conf produced an unexpected error: Failed authorization procedure. friendsofvalledeoro.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://friendsofvalledeoro.org/.well-known/acme-challenge/3nDFtxsXkac5th8PGfoj9WljTwk9ZJWlY3TjRR1qQfk [138.197.233.49]: "<html>\r\n<head><title>403 Forbidden</title></head>\r\n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n". Skipping.
  462. Traceback was:
  463. Traceback (most recent call last):
  464.   File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 452, in handle_renewal_request
  465.     main.renew_cert(lineage_config, plugins, renewal_candidate)
  466.   File "/usr/lib/python3/dist-packages/certbot/main.py", line 1193, in renew_cert
  467.     renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  468.   File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
  469.     renewal.renew_cert(config, domains, le_client, lineage)
  470.   File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 310, in renew_cert
  471.     new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  472.   File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
  473.     orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  474.   File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
  475.     authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  476.   File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
  477.     self._respond(aauthzrs, resp, best_effort)
  478.   File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
  479.     self._poll_challenges(aauthzrs, chall_update, best_effort)
  480.   File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
  481.     raise errors.FailedChallenges(all_failed_achalls)
  482. certbot.errors.FailedChallenges: Failed authorization procedure. friendsofvalledeoro.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://friendsofvalledeoro.org/.well-known/acme-challenge/3nDFtxsXkac5th8PGfoj9WljTwk9ZJWlY3TjRR1qQfk [138.197.233.49]: "<html>\r\n<head><title>403 Forbidden</title></head>\r\n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n"
  483.  
  484. All renewal attempts failed. The following certs could not be renewed:
  485.   /etc/letsencrypt/live/friendsofvalledeoro.org/fullchain.pem (failure)
  486.  
  487. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  488. ** DRY RUN: simulating 'certbot renew' close to cert expiry
  489. **          (The test certificates below have not been saved.)
  490.  
  491. All renewal attempts failed. The following certs could not be renewed:
  492.   /etc/letsencrypt/live/friendsofvalledeoro.org/fullchain.pem (failure)
  493. ** DRY RUN: simulating 'certbot renew' close to cert expiry
  494. **          (The test certificates above have not been saved.)
  495. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  496. Exiting abnormally:
  497. Traceback (most recent call last):
  498.   File "/usr/bin/certbot", line 11, in <module>
  499.     load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  500.   File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
  501.     return config.func(config, plugins)
  502.   File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
  503.     renewal.handle_renewal_request(config)
  504.   File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 477, in handle_renewal_request
  505.     len(renew_failures), len(parse_failures)))
  506. certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
  507. 1 renew failure(s), 0 parse failure(s)
  508.  
  509. IMPORTANT NOTES:
  510.  - The following errors were reported by the server:
  511.  
  512.    Domain: friendsofvalledeoro.org
  513.    Type:   unauthorized
  514.    Detail: Invalid response from
  515.    https://friendsofvalledeoro.org/.well-known/acme-challenge/3nDFtxsXkac5th8PGfoj9WljTwk9ZJWlY3TjRR1qQfk
  516.    [138.197.233.49]: "<html>\r\n<head><title>403
  517.    Forbidden</title></head>\r\n<body>\r\n<center><h1>403
  518.    Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n"
  519.  
  520.    To fix these errors, please make sure that your domain name was
  521.    entered correctly and the DNS A/AAAA record(s) for that domain
  522.    contain(s) the right IP address.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top