Comments (6)
fgarcia-humanoide
commented on June 8, 2024
4
Renew Let's Encrypt Certificate
Internal Error
from nginx-proxy-manager.
fgarcia-humanoide
commented on June 8, 2024
worked 6 months. Now certificates expired and if you force a rennovation an error appears
from nginx-proxy-manager.
gokuale
commented on June 8, 2024
same problem, version 2.11.1
from nginx-proxy-manager.
YummyToadies
commented on June 8, 2024
Same here, here is the output of the log (id's, base64, domains replaced):
2024-04-18 21:02:13,524:DEBUG:certbot._internal.main:certbot version: 2.9.0
2024-04-18 21:02:13,525:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2024-04-18 21:02:13,525:DEBUG:certbot._internal.main:Arguments: ['--force-renewal', '--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-13', '--disable-hook-validation', '--no-random-sleep-on-renew']
2024-04-18 21:02:13,525:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#directadmin,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-04-18 21:02:13,579:DEBUG:certbot._internal.log:Root logging level set at 30
2024-04-18 21:02:13,581:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/npm-13.conf
2024-04-18 21:02:13,583:DEBUG:certbot.configuration:Var config_dir=/etc/letsencrypt (set by user).
2024-04-18 21:02:13,583:DEBUG:certbot.configuration:Var logs_dir=/tmp/letsencrypt-log (set by user).
2024-04-18 21:02:13,583:DEBUG:certbot.configuration:Var work_dir=/tmp/letsencrypt-lib (set by user).
2024-04-18 21:02:13,584:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2024-04-18 21:02:13,584:DEBUG:certbot.configuration:Var preferred_chain=ISRG Root X1 (set by user).
2024-04-18 21:02:13,584:DEBUG:certbot.configuration:Var key_type=ecdsa (set by user).
2024-04-18 21:02:13,584:DEBUG:certbot.configuration:Var elliptic_curve=secp384r1 (set by user).
2024-04-18 21:02:13,599:DEBUG:certbot._internal.renewal:Auto-renewal forced with --force-renewal...
2024-04-18 21:02:13,600:DEBUG:certbot._internal.plugins.selection:Requested authenticator directadmin and installer None
2024-04-18 21:02:13,600:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * directadmin
Description: Obtain a certificate using a DNS TXT record in directadmin
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='directadmin', value='certbot_dns_directadmin.dns_directadmin:Authenticator', group='certbot.plugins')
Initialized: <certbot_dns_directadmin.dns_directadmin.Authenticator object at 0x7f1cdc395b90>
Prep: True
2024-04-18 21:02:13,601:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_directadmin.dns_directadmin.Authenticator object at 0x7f1cdc395b90> and installer None
2024-04-18 21:02:13,601:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator directadmin, Installer None
2024-04-18 21:02:13,736:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/', new_authzr_uri=None, terms_of_service=None), 7d91f774b85261e99787fb37989f16d8, Meta(creation_dt=datetime.datetime(2021, 2, 25, 9, 28, 46, tzinfo=), creation_host='a9a7ec130998', register_to_eff=None))>
2024-04-18 21:02:13,738:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-04-18 21:02:13,741:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-04-18 21:02:14,139:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 747
2024-04-18 21:02:14,140:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 18 Apr 2024 21:02:14 GMT
Content-Type: application/json
Content-Length: 747
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"Vvg5AejWZ-g": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-04-18 21:02:14,142:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for .website.nl
2024-04-18 21:02:14,148:DEBUG:acme.client:Requesting fresh nonce
2024-04-18 21:02:14,148:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2024-04-18 21:02:14,283:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2024-04-18 21:02:14,284:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 18 Apr 2024 21:02:14 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: FUnC6kMpCZMAkAb02iWTYOvskc4chpss_xG8LllzLOR5hxbTtvc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2024-04-18 21:02:14,284:DEBUG:acme.client:Storing nonce: FUnC6kMpCZMAkAb02iWTYOvskc4chpss_xG8LllzLOR5hxbTtvc
2024-04-18 21:02:14,284:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": ".website.nl"\n }\n ]\n}'
2024-04-18 21:02:14,289:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "",
"signature": "",
"payload": ""
}
2024-04-18 21:02:14,613:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 341
2024-04-18 21:02:14,614:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 18 Apr 2024 21:02:14 GMT
Content-Type: application/json
Content-Length: 341
Connection: keep-alive
Boulder-Requester: 113867616
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/
Replay-Nonce: Y89UXNyaeHtNDdgR8Zc1dRY8gED8axjHUmMpKW1BMnSD79nD7wI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2024-04-25T21:02:14Z",
"identifiers": [
{
"type": "dns",
"value": "*.website.nl"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/"
}
2024-04-18 21:02:14,614:DEBUG:acme.client:Storing nonce: Y89UXNyaeHtNDdgR8Zc1dRY8gED8axjHUmMpKW1BMnSD79nD7wI
2024-04-18 21:02:14,614:DEBUG:acme.client:JWS payload:
b''
2024-04-18 21:02:14,617:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/:
{
"protected": "",
"signature": "",
"payload": ""
}
2024-04-18 21:02:14,776:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/ HTTP/1.1" 200 388
2024-04-18 21:02:14,776:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 18 Apr 2024 21:02:14 GMT
Content-Type: application/json
Content-Length: 388
Connection: keep-alive
Boulder-Requester: 113867616
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: FUnC6kMpzkXJl7wO0pvulDAYAIkFvszesCA1Abblz67F-VF8n94
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "website.nl"
},
"status": "pending",
"expires": "2024-04-25T21:02:14Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3//",
"token": ""
}
],
"wildcard": true
}
2024-04-18 21:02:14,776:DEBUG:acme.client:Storing nonce: FUnC6kMpzkXJl7wO0pvulDAYAIkFvszesCA1Abblz67F-VF8n94
2024-04-18 21:02:14,777:INFO:certbot._internal.auth_handler:Performing the following challenges:
2024-04-18 21:02:14,777:INFO:certbot._internal.auth_handler:dns-01 challenge for website.nl
2024-04-18 21:02:15,173:DEBUG:certbot_dns_directadmin.dns_directadmin:Record Domain: _acme-challenge.website.nl
2024-04-18 21:02:15,174:DEBUG:certbot_dns_directadmin.dns_directadmin:Subdomain: _acme-challenge
2024-04-18 21:02:15,174:DEBUG:certbot_dns_directadmin.dns_directadmin:Domain: website.nl
2024-04-18 21:02:22,424:DEBUG:certbot_dns_directadmin.dns_directadmin:{'error': '0', 'message': 'Record toegevoegd'}
2024-04-18 21:02:22,424:INFO:certbot_dns_directadmin.dns_directadmin:Successfully added TXT record for _acme-challenge.website.nl
2024-04-18 21:02:22,424:DEBUG:certbot._internal.display.obj:Notifying user: Waiting 60 seconds for DNS changes to propagate
2024-04-18 21:03:22,425:DEBUG:acme.client:JWS payload:
b'{}'
2024-04-18 21:03:22,428:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3//:
{
"protected": "",
"signature": "",
"payload": "e30"
}
2024-04-18 21:03:22,605:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3//HTTP/1.1" 200 186
2024-04-18 21:03:22,606:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 18 Apr 2024 21:03:22 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 113867616
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3//
Replay-Nonce: Y89UXNyamjbV4w4lm5tAafZSD7n3wESszQClc71lhiI1fwTEbYQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3//",
"token": ""
}
2024-04-18 21:03:22,606:DEBUG:acme.client:Storing nonce: Y89UXNyamjbV4w4lm5tAafZSD7n3wESszQClc71lhiI1fwTEbYQ
2024-04-18 21:03:22,607:INFO:certbot._internal.auth_handler:Waiting for verification...
2024-04-18 21:03:23,607:DEBUG:acme.client:JWS payload:
b''
2024-04-18 21:03:23,611:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/:
{
"protected": "",
"signature": "",
"payload": ""
}
2024-04-18 21:03:23,767:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/ HTTP/1.1" 200 683
2024-04-18 21:03:23,768:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 18 Apr 2024 21:03:23 GMT
Content-Type: application/json
Content-Length: 683
Connection: keep-alive
Boulder-Requester: 113867616
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: FUnC6kMpHX49EszZJ1e9KsOKNw5FWL4Uj6QJ5pwnV3keuqJKprA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "website.nl"
},
"status": "invalid",
"expires": "2024-04-25T21:02:14Z",
"challenges": [
{
"type": "dns-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Incorrect TXT record "xR9dGioZ22CdTpHBP-NoYleDK3lw61DC2e2zIsBXtto" (and 724 more) found at _acme-challenge.website.nl",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3//",
"token": "",
"validated": "2024-04-18T21:03:22Z"
}
],
"wildcard": true
}
2024-04-18 21:03:23,768:DEBUG:acme.client:Storing nonce: FUnC6kMpHX49EszZJ1e9KsOKNw5FWL4Uj6QJ5pwnV3keuqJKprA
2024-04-18 21:03:23,769:INFO:certbot._internal.auth_handler:Challenge failed for domain website.nl
2024-04-18 21:03:23,769:INFO:certbot._internal.auth_handler:dns-01 challenge for website.nl
2024-04-18 21:03:23,769:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: directadmin). The Certificate Authority reported these problems:
Domain: website.nl
Type: unauthorized
Detail: Incorrect TXT record "xR9dGioZ22CdTpHBP-NoYleDK3lw61DC2e2zIsBXtto" (and 724 more) found at _acme-challenge.website.nl
Hint: The Certificate Authority failed to verify the DNS TXT records created by --directadmin. Ensure the above domains are hosted by this DNS provider, or try increasing --directadmin-propagation-seconds (currently 60 seconds).
2024-04-18 21:03:23,770:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2024-04-18 21:03:23,771:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-04-18 21:03:23,771:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-04-18 21:03:24,156:DEBUG:certbot_dns_directadmin.dns_directadmin:Record Domain: _acme-challenge.website.nl
2024-04-18 21:03:24,157:DEBUG:certbot_dns_directadmin.dns_directadmin:Subdomain: _acme-challenge
2024-04-18 21:03:24,157:DEBUG:certbot_dns_directadmin.dns_directadmin:Domain: website.nl
2024-04-18 21:03:33,402:DEBUG:certbot_dns_directadmin.dns_directadmin:{'error': '0', 'message': 'Records verwijderd'}
2024-04-18 21:03:33,402:INFO:certbot_dns_directadmin.dns_directadmin:Successfully removed TXT record for _acme-challenge.website.nl
2024-04-18 21:03:33,403:ERROR:certbot._internal.renewal:Failed to renew certificate npm-13 with error: Some challenges have failed.
2024-04-18 21:03:33,406:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1550, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 131, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2024-04-18 21:03:33,410:DEBUG:certbot._internal.display.obj:Notifying user:
2024-04-18 21:03:33,411:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2024-04-18 21:03:33,411:ERROR:certbot._internal.renewal: /etc/letsencrypt/live/npm-13/fullchain.pem (failure)
2024-04-18 21:03:33,411:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2024-04-18 21:03:33,411:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/opt/certbot/bin/certbot", line 8, in
sys.exit(main())
^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1894, in main
return config.func(config, plugins)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1642, in renew
renewed_domains, failed_domains = renewal.handle_renewal_request(config)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request
raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2024-04-18 21:03:33,413:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
from nginx-proxy-manager.
LargeTalons
commented on June 8, 2024
I had this same issue. For whatever reason, after deleting and re-adding my port forwards for NPM, I was able to manually renew the scripts...but it seems NPM wasn't going to renew them on its own? Im not sure now as I went ahead and manually renewed everything.
from nginx-proxy-manager.
Scope666
commented on June 8, 2024
Also having this problem:
2024-05-02 09:12:51,194:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/345775467017:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU4NzUyMzY1NyIsICJub25jZSI6ICJZXzdBSVF1VVA3Qk9RTHJmSDlyWjZUSldvWGMwaW4xZ0pYc1ZlVm9XVGIyanhBNUFEZWsiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM0NTc3NTQ2NzAxNyJ9",
"signature": "Ty2thtpIzJZ2zsWD9jPtH6hjKKCNGZ6ChgDTc5sMUfVg2Aos1UXQKr2fmqPHIA4LrQiFRJtnCaJwjm0S2Dg96deTnTWZ-cxHH7SXJVlHalc7ULjWHtININltC7z56x79F0OZ_QoIK1ZToujHtJXqqG2edD970IPwoQ9entU9yq9O05jv02YqXPECFvosiYMAvUt-RwYYcnvyOqzN-nJUguAWOGu2MUhPHtQgw-2tzUG_2uGS4FEhCFHxpZ9mVYBJ-iG6C09bNL0NKGnO56_HbAK7rOEhN-wRB3cY62rXkvOyt6dRj_8EFbkuS5SAQxQQdfCpEEOvTHDYQ0i4gkPbZg",
"payload": ""
}
2024-05-02 09:12:51,272:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/345775467017 HTTP/1.1" 200 1622
2024-05-02 09:12:51,272:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 02 May 2024 13:12:51 GMT
Content-Type: application/json
Content-Length: 1622
Connection: keep-alive
Boulder-Requester: 1587523657
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: O0afatDIoVQUycPsUmZ0-4Xy_aMurgSzbBqqdJgeM7jOK-PtDH8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "scopexxxx.us.to"
},
"status": "invalid",
"expires": "2024-05-09T13:12:37Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "During secondary validation: 73.160.xx.xxx: Fetching http://scopexxxx.us.to/.well-known/acme-challenge/5qB8bq97izOw1_69iyQtN3SGR9ERT9okSRHCyLq2O-8: Timeout during connect (likely firewall problem)",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/345775467017/OjYacA",
"token": "5qB8bq97izOw1_69iyQtN3SGR9ERT9okSRHCyLq2O-8",
"validationRecord": [
{
"url": "http://scopexxxx.us.to/.well-known/acme-challenge/5qB8bq97izOw1_69iyQtN3SGR9ERT9okSRHCyLq2O-8",
"hostname": "scopexxxx.us.to",
"port": "80",
"addressesResolved": [
"73.160.xx.xxx"
],
"addressUsed": "73.160.xx.xxx",
"resolverAddrs": [
"A:10.1.12.81:31390",
"AAAA:10.1.12.89:26534"
]
},
{
"url": "https://scopexxxx.us.to/.well-known/acme-challenge/5qB8bq97izOw1_69iyQtN3SGR9ERT9okSRHCyLq2O-8",
"hostname": "scopexxxx.us.to",
"port": "443",
"addressesResolved": [
"73.160.xx.xxx"
],
"addressUsed": "73.160.xx.xxx",
"resolverAddrs": [
"A:10.1.12.85:30182",
"AAAA:10.1.12.89:26534"
]
}
],
"validated": "2024-05-02T13:12:37Z"
}
]
}
2024-05-02 09:12:51,272:DEBUG:acme.client:Storing nonce: O0afatDIoVQUycPsUmZ0-4Xy_aMurgSzbBqqdJgeM7jOK-PtDH8
2024-05-02 09:12:51,272:INFO:certbot._internal.auth_handler:Challenge failed for domain scopexxxx.us.to
2024-05-02 09:12:51,272:INFO:certbot._internal.auth_handler:http-01 challenge for scopexxxx.us.to
2024-05-02 09:12:51,273:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: scopexxxx.us.to
Type: connection
Detail: During secondary validation: 73.160.xx.xxx: Fetching http://scopexxxx.us.to/.well-known/acme-challenge/5qB8bq97izOw1_69iyQtN3SGR9ERT9okSRHCyLq2O-8: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
2024-05-02 09:12:51,273:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2024-05-02 09:12:51,273:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-05-02 09:12:51,273:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-05-02 09:12:51,273:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/5qB8bq97izOw1_69iyQtN3SGR9ERT9okSRHCyLq2O-8
2024-05-02 09:12:51,273:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2024-05-02 09:12:51,274:ERROR:certbot._internal.renewal:Failed to renew certificate npm-4 with error: Some challenges have failed.
2024-05-02 09:12:51,275:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1550, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 131, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2024-05-02 09:12:51,276:DEBUG:certbot._internal.display.obj:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2024-05-02 09:12:51,276:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2024-05-02 09:12:51,276:ERROR:certbot._internal.renewal: /etc/letsencrypt/live/npm-4/fullchain.pem (failure)
2024-05-02 09:12:51,276:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2024-05-02 09:12:51,276:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/opt/certbot/bin/certbot", line 8, in <module>
sys.exit(main())
^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1894, in main
return config.func(config, plugins)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1642, in renew
renewed_domains, failed_domains = renewal.handle_renewal_request(config)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request
raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2024-05-02 09:12:51,276:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
from nginx-proxy-manager.
Related Issues (20)
- [SECURITY] Possible Security Vuln HOT 3
- NPM template, or at mimimum copy a configuration
- Make "NPM automatically create custom DNS with pihole" an option.
- Internal error (to do with NodeJS?) when trying to make an SSL certificate HOT 3
- Can't create or renew certs because of SSLError(SSLError(1, '[SSL: TLSV1_UNRECOGNIZED_NAME] tlsv1 unrecognized name (_ssl.c:992)')). HOT 1
- Internal Error: josepy.errors.DeserializationError: Deserialization error: Expecting value: line 1 column 1 (char 0) HOT 1
- Response Header from /subfolder are wrong or missing HOT 1
- How to specify Custom locations correctly HOT 6
- Statistics on the dashboard HOT 1
- NginxProxyManager Cors
- How do you configure redirects just on the local IP address? HOT 2
- Strato DNS change not working HOT 1
- Toggling "HSTS Enabled" leads to "Unknown hsts_header variable" error with proxy offline
- Ability to edit Let's Encrypt certificate DNS challenge options HOT 3
- How to change ssl receiving host?
- Error creating wilcard ssl certificate with cloudflare HOT 2
- A new /data/compose/3/v<x> directory is created with a vanilla database.sqlite whenever i pull new releases HOT 4
- 'force HTTPS' switch not recognized when creating new (proxy) host HOT 1
- ACLs does not work when using rootless HOT 1
- Cache purge for specific proxy host
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nginx-proxy-manager.