Cannot create LE Certs for Subdomain

Discussion in 'ISPConfig 3 Priority Support' started by ktownmods, Nov 19, 2018.

  1. ktownmods

    ktownmods Member

    Hey i try to create a cert for a subdomain but it says always WARNING - Could not verify domain blog.example.de, so excluding it from letsencrypt request.
    (changed adress to example)

    The Site is available and a cname in my dns is already set but it not work
    i enabled also le skip check but not work
    if i try to add subdomain in ispconfig there comes also that my root domain also cannot verify but there is also an le cert from 01.11.2018

    Code:
    WARNING - /usr/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v02.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected]  --domains blog.example.de --domains www.blog.example.de --webroot-path /usr/local/ispconfig/interface/acme
    Code:
    WARNING - Let's Encrypt SSL Cert for: blog.example.de could not be issued.
    Thanks
     
    Last edited: Nov 19, 2018
  2. ktownmods

    ktownmods Member

    now i cant create a cert for any domain i have on my server (root domain or subdomain)

    Code:
       Domain: blog.example.de
       Type:   unauthorized
       Detail: Invalid response from
       http://blog.example.de/.well-known/acme-challenge/-kvvqeWQ9zzsfzBxhyKlpp2gY1QxUb96XjNbiAh98Og:
       "<html>\r\n<head><title>404 Not
       Found</title></head>\r\n<body>\r\n<center><h1>404 Not
       Found</h1></center>\r\n<hr><center>nginx/1.15.4</ce"
    
       Domain: www.blog.example.de
       Type:   unauthorized
       Detail: Invalid response from
       http://www.blog.example.de/.well-known/acme-challenge/krsPRqyxg9TZ2dcgTz2oJja_fillVJT80Oo4HbN799U:
       "<html>\r\n<head><title>404 Not
       Found</title></head>\r\n<body>\r\n<center><h1>404 Not
       Found</h1></center>\r\n<hr><center>nginx/1.15.4</ce"
     
    Last edited: Nov 20, 2018
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Are you sure that you want to get an ssl cert for www.blog.example.de and not blog.example.de? Set auto subdomain to none in the subdomain.
     
  4. ktownmods

    ktownmods Member

    ok i try
     
  5. ktownmods

    ktownmods Member

    Code:
    /usr/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v02.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected]  --domains example.de --webroot-path /usr/local/ispconfig/interface/acme
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator webroot, Installer None
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for example.de
    Using the webroot path /usr/local/ispconfig/interface/acme for all unmatched domains.
    Waiting for verification...
    Cleaning up challenges
    Failed authorization procedure. example.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.de/.well-known/acme-challenge/lXJ9zGjloaA5ReeGQqPr2VxPC49OrW_c9XYPdq1B2mo: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.15.4</ce"
    
    IMPORTANT NOTES:
     - The following errors were reported by the server:
    
       Domain: example.de
       Type:   unauthorized
       Detail: Invalid response from
       http://example.de/.well-known/acme-challenge/lXJ9zGjloaA5ReeGQqPr2VxPC49OrW_c9XYPdq1B2mo:
       "<html>\r\n<head><title>404 Not
       Found</title></head>\r\n<body>\r\n<center><h1>404 Not
       Found</h1></center>\r\n<hr><center>nginx/1.15.4</ce"
    
       To fix these errors, please make sure that your domain name was
       entered correctly and the DNS A/AAAA record(s) for that domain
       contain(s) the right IP address.
     
  6. ktownmods

    ktownmods Member

    Code:
    2018-11-20 10:13:01,877:DEBUG:certbot.main:certbot version: 0.23.0
    2018-11-20 10:13:01,877:DEBUG:certbot.main:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', '[email protected]', '--domains', 'blog.samfreaks.de', '--webroot-path', '/usr/local/ispconfig/interface/acme']
    2018-11-20 10:13:01,878:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
    2018-11-20 10:13:01,883:DEBUG:certbot.log:Root logging level set at 20
    2018-11-20 10:13:01,884:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
    2018-11-20 10:13:01,884:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2018-11-20 10:13:01,884:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
    Description: Place files in webroot directory
    Interfaces: IAuthenticator, IPlugin
    Entry point: webroot = certbot.plugins.webroot:Authenticator
    Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f5a095a0f60>
    Prep: True
    2018-11-20 10:13:01,885:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f5a095a0f60> and installer None
    2018-11-20 10:13:01,885:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
    2018-11-20 10:13:01,889:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f5a0853b9b0>)>), contact=('mailto:[email protected]',), agreement=None, status='valid', terms_of_service_agreed=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/44791664', new_authzr_uri=None, terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'), f84482c897ff641016ba9ce0eb69c0fc, Meta(creation_dt=datetime.datetime(2018, 10, 30, 17, 6, 6, tzinfo=<UTC>), creation_host='mail.ktmsecure.de'))>
    2018-11-20 10:13:01,890:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
    2018-11-20 10:13:01,891:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
    2018-11-20 10:13:02,074:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
    2018-11-20 10:13:02,075:DEBUG:acme.client:Received response:
    HTTP 200
    Server: nginx
    Content-Type: application/json
    Content-Length: 658
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    Expires: Tue, 20 Nov 2018 09:13:02 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Tue, 20 Nov 2018 09:13:02 GMT
    Connection: keep-alive
    
    b'{\n  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",\n  "lIfgUX9KchY": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",\n  "meta": {\n    "caaIdentities": [\n      "letsencrypt.org"\n    ],\n    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",\n    "website": "https://letsencrypt.org"\n  },\n  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",\n  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",\n  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",\n  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"\n}'
    2018-11-20 10:13:02,079:INFO:certbot.main:Obtaining a new certificate
    2018-11-20 10:13:02,529:DEBUG:certbot.crypto_util:Generating key (4096 bits): /etc/letsencrypt/keys/0029_key-certbot.pem
    2018-11-20 10:13:02,536:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0029_csr-certbot.pem
    2018-11-20 10:13:02,537:DEBUG:acme.client:Requesting fresh nonce
    2018-11-20 10:13:02,537:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-order.
    2018-11-20 10:13:02,697:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-order HTTP/1.1" 405 0
    2018-11-20 10:13:02,698:DEBUG:acme.client:Received response:
    HTTP 405
    Server: nginx
    Content-Type: application/problem+json
    Content-Length: 103
    Allow: POST
    Replay-Nonce: 2UvjkwGjxJA5U6_4nHiVpUu7boJqiGu_5o35EddBHN4
    Expires: Tue, 20 Nov 2018 09:13:02 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Tue, 20 Nov 2018 09:13:02 GMT
    Connection: keep-alive
    
    b''
    2018-11-20 10:13:02,698:DEBUG:acme.client:Storing nonce: 2UvjkwGjxJA5U6_4nHiVpUu7boJqiGu_5o35EddBHN4
    2018-11-20 10:13:02,698:DEBUG:acme.client:JWS payload:
    b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "blog.samfreaks.de"\n    }\n  ],\n  "status": "pending",\n  "resource": "new-order"\n}'
    2018-11-20 10:13:02,709:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
    {
      "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDQ3OTE2NjQiLCAibm9uY2UiOiAiMlV2amt3R2p4SkE1VTZfNG5IaVZwVXU3Ym9KcWlHdV81bzM1RWRkQkhONCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
      "signature": "mIrclzKe-07ZvkhZf6GUHoRWsEKLACPLwkBAwK3SQTIB7-qpzEFFE43PCOOc1y6ZlyDrujD7HC_-ciYteoW2Qye02YffuIXF1m7mUOIMTk0sgJOxSHylLpvDv7PDO4YE0CtzeNXHI31xsOML2uXjJUo64cN2qpmuie6MzTotMO5WSDZK5Ogpms2CLXJrl0URgF_cjq1n01d_kuWm8z5CYQHbFHfQXjW5F6Su3ahY1U6eKwJTiPTOml__M2u-iChERZg2nk4B0bunpUWfmDj-R4k-X9JgccuHv2kAAPXG10K0fS56QdmCOukS8yyYq1LKlcYDhYyDV3Xfkupm5mkxPOeSNN_9r5Kgi5njVILmahbQbEu2XF6hnkvP96_s7oDs0LnR74coh_dp3h2vfYk2SnR2xowOSMSHQz2q_o8N3g6UpjPgdjbo0dJoWdZqcXxp38F9nSoySyny10oZY33pQXhSmzmSd7p5EXceVb-1wgea_EFVSuYFbM1xhzilNx306m2zCTVfz40oh9szy2YgioyTNh9HitDrauQTBAD6w9uoRb6cuOvY2sRNvhRqAhY8VZ5HLKmZ3fg7hvBhlFYjw1flM4YUyFqpVTV1JGJSQZo3XS90mRcGreVF_Usm8ZBhicgTlFyZezMo1tFfAFizTuUpGH6oLrqALms-kt_EjYM",
      "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImJsb2cuc2FtZnJlYWtzLmRlIgogICAgfQogIF0sCiAgInN0YXR1cyI6ICJwZW5kaW5nIiwKICAicmVzb3VyY2UiOiAibmV3LW9yZGVyIgp9"
    }
    2018-11-20 10:13:02,949:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 376
    2018-11-20 10:13:02,949:DEBUG:acme.client:Received response:
    HTTP 201
    Server: nginx
    Content-Type: application/json
    Content-Length: 376
    Boulder-Requester: 44791664
    Location: https://acme-v02.api.letsencrypt.org/acme/order/44791664/183451111
    Replay-Nonce: ZHWw7n0J4BHkK-Ms_17G8ywyDpD8V_JI3nPw0BrMYpo
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    Expires: Tue, 20 Nov 2018 09:13:02 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Tue, 20 Nov 2018 09:13:02 GMT
    Connection: keep-alive
     
  7. ktownmods

    ktownmods Member

    Code:
    b'{\n  "status": "pending",\n  "expires": "2018-11-27T09:13:02.833862517Z",\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "blog.samfreaks.de"\n    }\n  ],\n  "authorizations": [\n    "https://acme-v02.api.letsencrypt.org/acme/authz/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY"\n  ],\n  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/44791664/183451111"\n}'
    2018-11-20 10:13:02,949:DEBUG:acme.client:Storing nonce: ZHWw7n0J4BHkK-Ms_17G8ywyDpD8V_JI3nPw0BrMYpo
    2018-11-20 10:13:02,949:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/authz/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY.
    2018-11-20 10:13:03,121:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /acme/authz/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY HTTP/1.1" 200 909
    2018-11-20 10:13:03,122:DEBUG:acme.client:Received response:
    HTTP 200
    Server: nginx
    Content-Type: application/json
    Content-Length: 909
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    Expires: Tue, 20 Nov 2018 09:13:03 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Tue, 20 Nov 2018 09:13:03 GMT
    Connection: keep-alive
    
    b'{\n  "identifier": {\n    "type": "dns",\n    "value": "blog.samfreaks.de"\n  },\n  "status": "pending",\n  "expires": "2018-11-27T09:13:02Z",\n  "challenges": [\n    {\n      "type": "tls-alpn-01",\n      "status": "pending",\n      "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576162",\n      "token": "TT4M5rAYSPY46P1hqsE4IfGDPdFS98o6Nez_ZujfUEo"\n    },\n    {\n      "type": "dns-01",\n      "status": "pending",\n      "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576164",\n      "token": "B541dZyLHg3_Cweq8f-kSR2r-_gDBAbkKYoeFoM7_a0"\n    },\n    {\n      "type": "http-01",\n      "status": "pending",\n      "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576166",\n      "token": "dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U"\n    }\n  ]\n}'
    2018-11-20 10:13:03,122:DEBUG:acme.challenges:tls-alpn-01 was not recognized, full message: {'type': 'tls-alpn-01', 'status': 'pending', 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576162', 'token': 'TT4M5rAYSPY46P1hqsE4IfGDPdFS98o6Nez_ZujfUEo'}
    2018-11-20 10:13:03,123:INFO:certbot.auth_handler:Performing the following challenges:
    2018-11-20 10:13:03,123:INFO:certbot.auth_handler:http-01 challenge for blog.samfreaks.de
    2018-11-20 10:13:03,123:INFO:certbot.plugins.webroot:Using the webroot path /usr/local/ispconfig/interface/acme for all unmatched domains.
    2018-11-20 10:13:03,124:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
    2018-11-20 10:13:03,133:DEBUG:certbot.plugins.webroot:Attempting to save validation to /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U
    2018-11-20 10:13:03,134:INFO:certbot.auth_handler:Waiting for verification...
    2018-11-20 10:13:03,134:DEBUG:acme.client:JWS payload:
    b'{\n  "resource": "challenge",\n  "keyAuthorization": "dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U.XHsPKxUXdIo9po79sguoWOu-9BkbWVh1ShHripRsdgw",\n  "type": "http-01"\n}'
    2018-11-20 10:13:03,141:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576166:
    {
      "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDQ3OTE2NjQiLCAibm9uY2UiOiAiWkhXdzduMEo0QkhrSy1Nc18xN0c4eXd5RHBEOFZfSkkzblB3MEJyTVlwbyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlLy1ES1NYOFlRZnE2ekxFWC1RY0piTTBKR2FBd05PbExVVUUwQTFrTFBCRVkvOTQ2OTU3NjE2NiJ9",
      "signature": "au7kO9Khr5vyNtvaxtHb93xyYpfd7eHvGWNo7LpyqqL8Gwsbck_Nd2WjKvj9MBfRc33d-4FZqp-A-kPse8OZcvF3gGrmjCvU7YuzrDIYoojJ5nIS5D3-L_RQ4l6GzLQvGKmk-IvemxPctZLZzc3YlZgJ-DpBD8iq6aNDwk_ll-DAy4JP4Ps5MxU5sf7wEtr4kc6f4DYqdY34PqsxU7gznb6c9-CdxsYX42X4IyGkDOdaDLVR3em65v0YT2Lo-1KQGjjndCLf_w447fhhYKKq7O-aGkeRL0vetdUpfyZROlsinVo5RqRW0mB8CYojpQn0uHHNcbR2v9rNr-HV6Ywim4oCY9r4sP7C5frdirdtoSpdQfpeRDBY9i02x0Tt7zV9VWA1DFcWYCz0QJf38ngIIcrCw5JsANFGHrxXEh876lqHbftFXxvkopJ2u-tTG1v7MBHbRtUlobTNsGMfqT9R3zOzv7YoEDZGPnczXGihwbd7ljrskm7dB87J67jRYNw-nWsVl6YCh5WV7sQYI8v--MQZ4vEaSTR7kup4ZzQyg2OILyEzMfI34Z9qkYvRrITaRNwY8cnYnSsGmt8mN2YLpNdmYt5HEf-YS_EY0-imoNMdtHwKejEM2uZjjzbe7KnhpGJT6UImkSGiz0NVtnQc7xTacZUGw87v7-x0_pq012c",
      "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJrZXlBdXRob3JpemF0aW9uIjogImRGWWtBMk90OXU1QmdGZ1dzeGZheXhKdU5IUktnNHRZQzUxNF93MGNZMVUuWEhzUEt4VVhkSW85cG83OXNndW9XT3UtOUJrYldWaDFTaEhyaXBSc2RndyIsCiAgInR5cGUiOiAiaHR0cC0wMSIKfQ"
    }
    2018-11-20 10:13:03,319:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576166 HTTP/1.1" 200 223
    2018-11-20 10:13:03,320:DEBUG:acme.client:Received response:
    HTTP 200
    Server: nginx
    Content-Type: application/json
    Content-Length: 223
    Boulder-Requester: 44791664
    Link: <https://acme-v02.api.letsencrypt.org/acme/authz/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY>;rel="up"
    Location: https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576166
    Replay-Nonce: e3JQUzVziMC4QTLZCcOokuj8dk9BLNsElskQxJCG_0k
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    Expires: Tue, 20 Nov 2018 09:13:03 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Tue, 20 Nov 2018 09:13:03 GMT
    Connection: keep-alive
     
  8. ktownmods

    ktownmods Member

    Code:
    b'{\n  "type": "http-01",\n  "status": "pending",\n  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576166",\n  "token": "dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U"\n}'
    2018-11-20 10:13:03,320:DEBUG:acme.client:Storing nonce: e3JQUzVziMC4QTLZCcOokuj8dk9BLNsElskQxJCG_0k
    2018-11-20 10:13:06,324:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/authz/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY.
    2018-11-20 10:13:06,489:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /acme/authz/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY HTTP/1.1" 200 1825
    2018-11-20 10:13:06,490:DEBUG:acme.client:Received response:
    HTTP 200
    Server: nginx
    Content-Type: application/json
    Content-Length: 1825
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    Expires: Tue, 20 Nov 2018 09:13:06 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Tue, 20 Nov 2018 09:13:06 GMT
    Connection: keep-alive
    
    b'{\n  "identifier": {\n    "type": "dns",\n    "value": "blog.samfreaks.de"\n  },\n  "status": "invalid",\n  "expires": "2018-11-27T09:13:02Z",\n  "challenges": [\n    {\n      "type": "tls-alpn-01",\n      "status": "invalid",\n      "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576162",\n      "token": "TT4M5rAYSPY46P1hqsE4IfGDPdFS98o6Nez_ZujfUEo"\n    },\n    {\n      "type": "dns-01",\n      "status": "invalid",\n      "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576164",\n      "token": "B541dZyLHg3_Cweq8f-kSR2r-_gDBAbkKYoeFoM7_a0"\n    },\n    {\n      "type": "http-01",\n      "status": "invalid",\n      "error": {\n        "type": "urn:ietf:params:acme:error:unauthorized",\n        "detail": "Invalid response from http://blog.samfreaks.de/.well-known/acme-challenge/dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U: \\"\\u003chtml\\u003e\\\\r\\\\n\\u003chead\\u003e\\u003ctitle\\u003e404 Not Found\\u003c/title\\u003e\\u003c/head\\u003e\\\\r\\\\n\\u003cbody\\u003e\\\\r\\\\n\\u003ccenter\\u003e\\u003ch1\\u003e404 Not Found\\u003c/h1\\u003e\\u003c/center\\u003e\\\\r\\\\n\\u003chr\\u003e\\u003ccenter\\u003enginx/1.15.4\\u003c/ce\\"",\n        "status": 403\n      },\n      "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576166",\n      "token": "dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U",\n      "validationRecord": [\n        {\n          "url": "http://blog.example.de/.well-known/acme-challenge/dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U",\n          "hostname": "blog.example.de",\n          "port": "80",\n          "addressesResolved": [\n            "5.9.113.39",\n            "2a01:4f8:162:542e::2"\n          ],\n          "addressUsed": "2a01:4f8:162:542e::2"\n        }\n      ]\n    }\n  ]\n}'
    2018-11-20 10:13:06,491:DEBUG:acme.challenges:tls-alpn-01 was not recognized, full message: {'type': 'tls-alpn-01', 'status': 'invalid', 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576162', 'token': 'TT4M5rAYSPY46P1hqsE4IfGDPdFS98o6Nez_ZujfUEo'}
    2018-11-20 10:13:06,493:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
    
    Domain: blog.example.de
    Type:   unauthorized
    Detail: Invalid response from http://blog.example.de/.well-known/acme-challenge/dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.15.4</ce"
    
    To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
    2018-11-20 10:13:06,494:DEBUG:certbot.error_handler:Encountered exception:
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 80, in handle_authorizations
        self._respond(aauthzrs, resp, best_effort)
      File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 153, in _respond
        self._poll_challenges(aauthzrs, chall_update, best_effort)
      File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 224, in _poll_challenges
        raise errors.FailedChallenges(all_failed_achalls)
    certbot.errors.FailedChallenges: Failed authorization procedure. blog.example.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blog.example.de/.well-known/acme-challenge/dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.15.4</ce"
    
    2018-11-20 10:13:06,494:DEBUG:certbot.error_handler:Calling registered functions
    2018-11-20 10:13:06,494:INFO:certbot.auth_handler:Cleaning up challenges
    2018-11-20 10:13:06,495:DEBUG:certbot.plugins.webroot:Removing /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U
    2018-11-20 10:13:06,495:DEBUG:certbot.plugins.webroot:All challenges cleaned up
    2018-11-20 10:13:06,496:DEBUG:certbot.log:Exiting abnormally:
    Traceback (most recent call last):
      File "/usr/bin/letsencrypt", line 11, in <module>
        load_entry_point('certbot==0.23.0', 'console_scripts', 'certbot')()
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1266, in main
        return config.func(config, plugins)
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1157, in certonly
        lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 118, in _get_and_save_cert
        lineage = le_client.obtain_and_enroll_certificate(domains, certname)
      File "/usr/lib/python3/dist-packages/certbot/client.py", line 350, in obtain_and_enroll_certificate
        cert, chain, key, _ = self.obtain_certificate(domains)
      File "/usr/lib/python3/dist-packages/certbot/client.py", line 294, in obtain_certificate
        orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
      File "/usr/lib/python3/dist-packages/certbot/client.py", line 330, in _get_order_and_authorizations
        authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
      File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 80, in handle_authorizations
        self._respond(aauthzrs, resp, best_effort)
      File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 153, in _respond
        self._poll_challenges(aauthzrs, chall_update, best_effort)
      File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 224, in _poll_challenges
        raise errors.FailedChallenges(all_failed_achalls)
    certbot.errors.FailedChallenges: Failed authorization procedure. blog.example.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blog.example.de/.well-known/acme-challenge/dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.15.4</ce"
    
     
  9. ktownmods

    ktownmods Member

    @till i removed the aaaa record for my domain and now it works wit letsencrypt
    but i need this aaaa record for sending mails over ipv6 and ipv4
    what can i do that this works?
     
  10. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Can your server use IPv6 traffic and is the AAAA record correct for your server? Is the AAAA record available from the name server LE uses?
     
  11. ktownmods

    ktownmods Member

    i set the aaaa record and on domain settings ipv6^^ now works
     

Share This Page