2023-07-08 15:06:39,443:DEBUG:certbot._internal.main:certbot version: 1.21.0
2023-07-08 15:06:39,444:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2023-07-08 15:06:39,444:DEBUG:certbot._internal.main:Arguments: ['--nginx', '--agree-tos', '--cert-name', 'lemmy2.adambowl.es', '-d', 'lemmy2.adambowl.es', '-m', 'letsencrypt@adambowl.es']
2023-07-08 15:06:39,444:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-07-08 15:06:39,455:DEBUG:certbot._internal.log:Root logging level set at 30
2023-07-08 15:06:39,456:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2023-07-08 15:06:39,562:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7fa0cf12ac80>
Prep: True
2023-07-08 15:06:39,563:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7fa0cf12ac80>
Prep: True
2023-07-08 15:06:39,563:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7fa0cf12ac80> and installer <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7fa0cf12ac80>
2023-07-08 15:06:39,563:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2023-07-08 15:06:39,618:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1197043447', new_authzr_uri=None, terms_of_service=None), f23825f3d005f149a97090f392a83328, Meta(creation_dt=datetime.datetime(2023, 7, 8, 12, 29, tzinfo=<UTC>), creation_host='lemmy', register_to_eff=None))>
2023-07-08 15:06:39,619:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-07-08 15:06:39,621:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2023-07-08 15:06:39,996:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2023-07-08 15:06:39,997:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 08 Jul 2023 15:06:39 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"JhLy6j4Ih8g": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2023-07-08 15:06:39,998:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for lemmy2.adambowl.es
2023-07-08 15:06:40,202:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0007_key-certbot.pem
2023-07-08 15:06:40,208:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0007_csr-certbot.pem
2023-07-08 15:06:40,211:DEBUG:acme.client:Requesting fresh nonce
2023-07-08 15:06:40,211:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2023-07-08 15:06:40,336:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2023-07-08 15:06:40,336:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 08 Jul 2023 15:06:40 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 853FLq9gG_OVtNPeKcau200MYtFEHlqZIBsJoqeoFcAISJ8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2023-07-08 15:06:40,337:DEBUG:acme.client:Storing nonce: 853FLq9gG_OVtNPeKcau200MYtFEHlqZIBsJoqeoFcAISJ8
2023-07-08 15:06:40,337:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "lemmy2.adambowl.es"\n }\n ]\n}'
2023-07-08 15:06:40,339:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5NzA0MzQ0NyIsICJub25jZSI6ICI4NTNGTHE5Z0dfT1Z0TlBlS2NhdTIwME1ZdEZFSGxxWklCc0pvcWVvRmNBSVNKOCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
"signature": "CzlFpS1wGf-Wp6YlZ3D_SiiBnqnxLoYMN2kAnHkqAbgnfycX8UL841XnvO02gIuIbJYZ--p4unTXR-NLdAUjMS7sCgcj_5-AdAmR9EDL8Qd68XIrQqA6G30Tw5FPlaA29oXGUOO1LyndIUtttZIEvFIQKtxQu7YBe0g_Q1h6u6NLdRDiNCCh9jNdam-NZ1jY3ta9SmBfzmL9WcKm9yo871ivIwZuwvCp1yZqxCih8b0QRGy3YMzKWGzN5RiMJz5tAtuTi4rtEMxI3ea3-E0q4UcazgEpQB-zmXy3GOO6zyzQigYUflVmZNZYCKMA6rEynDLLLCz9q4nG6F_Oh9z7lQ",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImxlbW15Mi5hZGFtYm93bC5lcyIKICAgIH0KICBdCn0"
}
2023-07-08 15:06:40,495:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 344
2023-07-08 15:06:40,496:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sat, 08 Jul 2023 15:06:40 GMT
Content-Type: application/json
Content-Length: 344
Connection: keep-alive
Boulder-Requester: 1197043447
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1197043447/193635196187
Replay-Nonce: F70EoEfE9lwe5RaZwYmeXphrbOrOcXWCuKHS7sV19fECp44
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2023-07-15T15:06:40Z",
"identifiers": [
{
"type": "dns",
"value": "lemmy2.adambowl.es"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/243785980757"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1197043447/193635196187"
}
2023-07-08 15:06:40,496:DEBUG:acme.client:Storing nonce: F70EoEfE9lwe5RaZwYmeXphrbOrOcXWCuKHS7sV19fECp44
2023-07-08 15:06:40,497:DEBUG:acme.client:JWS payload:
b''
2023-07-08 15:06:40,499:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/243785980757:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5NzA0MzQ0NyIsICJub25jZSI6ICJGNzBFb0VmRTlsd2U1UmFad1ltZVhwaHJiT3JPY1hXQ3VLSFM3c1YxOWZFQ3A0NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQzNzg1OTgwNzU3In0",
"signature": "OzX_EG9V9LzDjTplclMJsNpGDZ5WjnebAn1bI-vmJi5Ekn8vsZ7t9wXEGtVZChhrfDENm1BT73_sep4W0vNETt9wA3odVMY9gpm6GTffr9hlEgLg2zDCoBPToNWql04e1J8Y4PPsX6xkuiCqAlqgzvaglo6hQGxJqe0DSjf2H4gYLvmBESp0aFa5G1fZb9s3peMY_u1XD62NxFSvnNez_qqHfP9UrYoZpwATha1AIsEgmvprdTcMrjxcvvcTYprR0DpliANANRuNOVpa3bKnCwfiB6b59QkDgyf5mZlQIlucai79OpoZkAPVfRn9NcmGVCT-b9FSX8EZ20u8mX00mg",
"payload": ""
}
2023-07-08 15:06:40,627:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/243785980757 HTTP/1.1" 200 802
2023-07-08 15:06:40,628:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 08 Jul 2023 15:06:40 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 1197043447
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 853F3Gai_rFN-5rHGZaO9qONuZ3_anAxitCGrxo2_5hbxb0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "lemmy2.adambowl.es"
},
"status": "pending",
"expires": "2023-07-15T15:06:40Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/Z7QxFw",
"token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/ixjIlw",
"token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/nQFT6Q",
"token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
}
]
}
2023-07-08 15:06:40,628:DEBUG:acme.client:Storing nonce: 853F3Gai_rFN-5rHGZaO9qONuZ3_anAxitCGrxo2_5hbxb0
2023-07-08 15:06:40,628:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-07-08 15:06:40,629:INFO:certbot._internal.auth_handler:http-01 challenge for lemmy2.adambowl.es
2023-07-08 15:06:40,646:DEBUG:certbot_nginx._internal.http_01:Generated server block:
[]
2023-07-08 15:06:40,646:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-mail.conf
2023-07-08 15:06:40,647:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf
2023-07-08 15:06:40,647:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-stream.conf
2023-07-08 15:06:40,647:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
2023-07-08 15:06:40,648:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/70-mod-stream-geoip2.conf
2023-07-08 15:06:40,648:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
2023-07-08 15:06:40,648:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-geoip2.conf
2023-07-08 15:06:40,648:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-image-filter.conf
2023-07-08 15:06:40,649:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/default
2023-07-08 15:06:40,650:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
include /etc/letsencrypt/le_http_01_cert_challenge.conf;
server_names_hash_bucket_size 128;
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
2023-07-08 15:06:40,651:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/sites-enabled/default:
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
listen 80 ;
listen [::]:80 ;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name lemmy2.adambowl.es; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
location = /.well-known/acme-challenge/NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU{default_type text/plain;return 200 NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU.PZXVjnuwY4mZj3yn1MojjGahfGg1HSbznlLj4GWCJQo;} # managed by Certbot
}
2023-07-08 15:06:41,673:DEBUG:acme.client:JWS payload:
b'{}'
2023-07-08 15:06:41,675:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/Z7QxFw:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5NzA0MzQ0NyIsICJub25jZSI6ICI4NTNGM0dhaV9yRk4tNXJIR1phTzlxT051WjNfYW5BeGl0Q0dyeG8yXzVoYnhiMCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMjQzNzg1OTgwNzU3L1o3UXhGdyJ9",
"signature": "h1-a0t7rtpHNAtMpC4W02JybniSYW7ngjmnpcFrR_Kc19CLoUJvIQhlOsZKVRm56otD4LYEYdc7QCMpnf-gefcTX2sveKMyuelmLPsN_nq9T-L1Ui7utaHy7xp7q22qx2xvnxT_Ye5-u7N6ByTrclWjidDk4L3wrmncJIjg-vwTXWSxXCU6NsClpjynpWi7cYopbHJAJz0e_LZ5mpzbohqy61arEuDn4TqbAM1spG89i18tf67xbuVhx9bnZTwma4kW0w9yUq9SCX0NR_EbteRvMitsVKjM3WZ_Na5Fu2xqjP5ps2T6Rwhg_daFbh8m_YWYIVOQXDw-Pg2NpPCfDeg",
"payload": "e30"
}
2023-07-08 15:06:41,818:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/243785980757/Z7QxFw HTTP/1.1" 200 187
2023-07-08 15:06:41,819:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 08 Jul 2023 15:06:41 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1197043447
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/243785980757>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/Z7QxFw
Replay-Nonce: 853FtdPRkm3HqIu2Xd6CUpNq277mcDFFp7Aq0ZZ5LCKdS-0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/Z7QxFw",
"token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
}
2023-07-08 15:06:41,819:DEBUG:acme.client:Storing nonce: 853FtdPRkm3HqIu2Xd6CUpNq277mcDFFp7Aq0ZZ5LCKdS-0
2023-07-08 15:06:41,819:INFO:certbot._internal.auth_handler:Waiting for verification...
2023-07-08 15:06:42,821:DEBUG:acme.client:JWS payload:
b''
2023-07-08 15:06:42,823:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/243785980757:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5NzA0MzQ0NyIsICJub25jZSI6ICI4NTNGdGRQUmttM0hxSXUyWGQ2Q1VwTnEyNzdtY0RGRnA3QXEwWlo1TENLZFMtMCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQzNzg1OTgwNzU3In0",
"signature": "Wxfj3Ie1RYqCJUkWVKFnyjoNyuIxRevYajoWZuLVKsrPV6hW6eHC4Fk4E5nsd13nbQhaxiYiMlw7ha1grXDXxb-_TOzjAlb7E3-0bAqVGn5YknhOcb5AbM2omrA01Q5vFmhDS4lvmGZXC674rGLphrdMJpS3IkGU7ac1VqXluOMLWAmX_wPlLkF70WWK2cgKVG0J7QWFmflcC-FENgx9QhxQab3mJ_XK0o4UfS0W6yAkdqnjsCxjrOntln4Nt7ww7Uc8FLIPFh_h_K0dNUK5DJckbDoEpR2kUNqJBjBOdTJTfLpRvS55oY4OKbLXHfKrZr1Oz0dpOdv7CzL4Qhj1wg",
"payload": ""
}
2023-07-08 15:06:42,954:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/243785980757 HTTP/1.1" 200 802
2023-07-08 15:06:42,955:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 08 Jul 2023 15:06:42 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 1197043447
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: F70EZwz4-rYuyz1nTVpm08y2oIh350VRGETMHR7gT6XeO9c
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "lemmy2.adambowl.es"
},
"status": "pending",
"expires": "2023-07-15T15:06:40Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/Z7QxFw",
"token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/ixjIlw",
"token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/nQFT6Q",
"token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
}
]
}
2023-07-08 15:06:42,955:DEBUG:acme.client:Storing nonce: F70EZwz4-rYuyz1nTVpm08y2oIh350VRGETMHR7gT6XeO9c
2023-07-08 15:06:45,959:DEBUG:acme.client:JWS payload:
b''
2023-07-08 15:06:45,960:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/243785980757:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5NzA0MzQ0NyIsICJub25jZSI6ICJGNzBFWnd6NC1yWXV5ejFuVFZwbTA4eTJvSWgzNTBWUkdFVE1IUjdnVDZYZU85YyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQzNzg1OTgwNzU3In0",
"signature": "PPluYdUGJbmTqXs9iG7O4voJC3BrRI-sLgMpr_MjCGHkHiBXvpFOCUn-tMbG1BP6hf7fZQH8N3OREZ7TipbnKZ319mGlT0MJyx1yJ16qfunG1Y1vNYart-XAODyLcVs2sw5L4lHuLwnPxmOep8qI-KGabgHaxoI5AmneGB_ZfkIjS6er7cCRbewnSWyrpQPoUHH7q0vYNgRpKvgjuHRMyl7fLmyKr73uu04IDX1F2cN_bSxNHZK2FjO45Hz9xGS9DF0fuND8CWbXYqXikQIYth5A3td3qJAthkrhb78fuOilBVypjrRl9hVz82xWtvQ7fGA24C6AFqx--mW5xvt0kg",
"payload": ""
}
2023-07-08 15:06:46,089:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/243785980757 HTTP/1.1" 200 802
2023-07-08 15:06:46,090:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 08 Jul 2023 15:06:46 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 1197043447
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: F70EZ3B81DCzfHtiqU_rqcQ4U6f52OIPFgdbzVZUdmLBhEQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "lemmy2.adambowl.es"
},
"status": "pending",
"expires": "2023-07-15T15:06:40Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/Z7QxFw",
"token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/ixjIlw",
"token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/nQFT6Q",
"token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
}
]
}
2023-07-08 15:06:46,090:DEBUG:acme.client:Storing nonce: F70EZ3B81DCzfHtiqU_rqcQ4U6f52OIPFgdbzVZUdmLBhEQ
2023-07-08 15:06:49,093:DEBUG:acme.client:JWS payload:
b''
2023-07-08 15:06:49,094:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/243785980757:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5NzA0MzQ0NyIsICJub25jZSI6ICJGNzBFWjNCODFEQ3pmSHRpcVVfcnFjUTRVNmY1Mk9JUEZnZGJ6VlpVZG1MQmhFUSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQzNzg1OTgwNzU3In0",
"signature": "Emi8ng9c3LkJrs0As0d4ug4wA3xE0o44gOap1TDS6_sV8gXNAmsde9fGgKhEKVorIaeVTW_xs6fK67i4IxwatWdwZsJQ8PT0lJzYhD4pHOFJ0mUwCQkkpgCuaVYfxhOOgmAAeVj3HVFPZY_gmUAtSS-j5OMOXRYa1MEX1bK8k3BMAdt6Skzs09ww9ySJ_T18DZ7_Pv7uk_P8mYVxESfuJFqfiuOVpobhbAby01V2Dpo-MARxbuyrxjX59aUQifQ1D4_g67pJg__35-ELBZGEfWw_36XPlTYxG4YbilP5ywSHtzQRKo0XbOVC_usuQ_RsPuJA1qyYn95g4Gy2wKU1bQ",
"payload": ""
}
2023-07-08 15:06:49,223:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/243785980757 HTTP/1.1" 200 802
2023-07-08 15:06:49,224:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 08 Jul 2023 15:06:49 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 1197043447
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 853FGHIigGR-xA0T4jxwIM7gpqmdmIpCI8BGschjaz41QWI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "lemmy2.adambowl.es"
},
"status": "pending",
"expires": "2023-07-15T15:06:40Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/Z7QxFw",
"token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/ixjIlw",
"token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/nQFT6Q",
"token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
}
]
}
2023-07-08 15:06:49,224:DEBUG:acme.client:Storing nonce: 853FGHIigGR-xA0T4jxwIM7gpqmdmIpCI8BGschjaz41QWI
2023-07-08 15:06:52,235:DEBUG:acme.client:JWS payload:
b''
2023-07-08 15:06:52,240:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/243785980757:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5NzA0MzQ0NyIsICJub25jZSI6ICI4NTNGR0hJaWdHUi14QTBUNGp4d0lNN2dwcW1kbUlwQ0k4QkdzY2hqYXo0MVFXSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQzNzg1OTgwNzU3In0",
"signature": "B57YCotoqRvpFAf2NqYVZL7XiNC9OsumCko5UKvWmMFajZWD9tGnb7QOKbMvpu0GRmKUw308BrzAfCva4WN-4zApMOeli7vcvW0bWH_1AUDZVBXu6KKMPMezqYQOTm4fN9GaWYzQ80xCD17q-_JcP1TgGlGCwzGIOujJ8QTP99hn56dBgfSx13_urE4D_th2Iv74ShTJZ7P55wvVmE1ZVUakwvsmkhmWcdLsz7Oov9YFez7ofxnXEyQHxU1SMcqSEj9iQ3Lq2xtHk3JjM4V9Hqe2ClNhMjg93WCxFD9SzukaL8olOdkphVk-Vlf_oydUyZYQGvJg_HzgnLOfLKeFzA",
"payload": ""
}
2023-07-08 15:06:52,371:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/243785980757 HTTP/1.1" 200 802
2023-07-08 15:06:52,372:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 08 Jul 2023 15:06:52 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 1197043447
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: F70Eqocfq6aMPKA4JCLm1ENf_UbvV1KfCRdz9uxNIobBNO4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "lemmy2.adambowl.es"
},
"status": "pending",
"expires": "2023-07-15T15:06:40Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/Z7QxFw",
"token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/ixjIlw",
"token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/nQFT6Q",
"token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
}
]
}
2023-07-08 15:06:52,373:DEBUG:acme.client:Storing nonce: F70Eqocfq6aMPKA4JCLm1ENf_UbvV1KfCRdz9uxNIobBNO4
2023-07-08 15:06:55,377:DEBUG:acme.client:JWS payload:
b''
2023-07-08 15:06:55,380:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/243785980757:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5NzA0MzQ0NyIsICJub25jZSI6ICJGNzBFcW9jZnE2YU1QS0E0SkNMbTFFTmZfVWJ2VjFLZkNSZHo5dXhOSW9iQk5PNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQzNzg1OTgwNzU3In0",
"signature": "rSBQhLeGJyYu3ikqSwcIK6IlTjzSKXZFZTaTfBGsr-GbqTuO5o6QElynvi9fe0Ug07iMRHD7Ep_qdrxpgFATifphccvu92SinWi8sNDabC7MgkNusQCZkun2HaBklX8A4h0rnW875nsicch5m2HqwK3Aer9K7rkmxTq3znzvZ5hyh173XWPMXpwUoDv_2nqq2Kp-zGTDeWCBbOJBM2WKPbtMIG2ReT0jcGg0kyrcs01pQjPqt4CjMGL_5OPuYKQujyUiRpJ0nMZTKjMMvlB02m19rUWGuGoivWYsI2mLW5VBC9r5Tzg96Oy9REcolOybAvKxa8ZoqpgfLljiIA5oug",
"payload": ""
}
2023-07-08 15:06:55,507:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/243785980757 HTTP/1.1" 200 1067
2023-07-08 15:06:55,508:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 08 Jul 2023 15:06:55 GMT
Content-Type: application/json
Content-Length: 1067
Connection: keep-alive
Boulder-Requester: 1197043447
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 853Fqf8WpIkXquKfHTKev9q9v3PsoJiza5szMXAXScrMiPg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "lemmy2.adambowl.es"
},
"status": "invalid",
"expires": "2023-07-15T15:06:40Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "45.77.58.251: Fetching http://lemmy2.adambowl.es/.well-known/acme-challenge/NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU: Timeout during connect (likely firewall problem)",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/Z7QxFw",
"token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU",
"validationRecord": [
{
"url": "http://lemmy2.adambowl.es/.well-known/acme-challenge/NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU",
"hostname": "lemmy2.adambowl.es",
"port": "80",
"addressesResolved": [
"45.77.58.251"
],
"addressUsed": "45.77.58.251"
}
],
"validated": "2023-07-08T15:06:41Z"
}
]
}
2023-07-08 15:06:55,508:DEBUG:acme.client:Storing nonce: 853Fqf8WpIkXquKfHTKev9q9v3PsoJiza5szMXAXScrMiPg
2023-07-08 15:06:55,509:INFO:certbot._internal.auth_handler:Challenge failed for domain lemmy2.adambowl.es
2023-07-08 15:06:55,509:INFO:certbot._internal.auth_handler:http-01 challenge for lemmy2.adambowl.es
2023-07-08 15:06:55,510:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: lemmy2.adambowl.es
Type: connection
Detail: 45.77.58.251: Fetching http://lemmy2.adambowl.es/.well-known/acme-challenge/NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
2023-07-08 15:06:55,511:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-07-08 15:06:55,511:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-07-08 15:06:55,511:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-07-08 15:06:56,647:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in <module>
sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1574, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1434, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 459, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 389, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 439, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-07-08 15:06:56,648:ERROR:certbot._internal.log:Some challenges have failed.
Let's Encrypt fails during an install on a clean Ubuntu 22.04 Vultr VPS
/var/log/letsencrypt/letsencrypt.log: