[GH-ISSUE #1297] Error creating certificate [Solved] #1044

New issue

Closed

opened 2026-02-26 06:35:32 +03:00 by kerem · 11 comments

kerem commented 2026-02-26 06:35:32 +03:00

Owner

Copy link

Originally created by @talesam on GitHub (Aug 7, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1297

I'm trying to create a certificate but it's giving an error. Ports 80 and 443 are open.

ERROR:

Error: Command failed: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-22" --agree-tos --email "talesam@gmail.com" --preferred-challenges "dns,http" --domains "n1.t4l35.site" 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

    at ChildProcess.exithandler (node:child_process:326:12)
    at ChildProcess.emit (node:events:369:20)
    at maybeClose (node:internal/child_process:1067:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)

Letsencrypt Log

2021-08-07 20:51:48,168:DEBUG:certbot._internal.main:certbot version: 1.17.0
2021-08-07 20:51:48,168:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2021-08-07 20:51:48,168:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-22', '--agree-tos', '--email', 'talesam@gmail.com', '--preferred-challenges', 'dns,http', '--domains', 'n1.t4l35.site']
2021-08-07 20:51:48,168:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-08-07 20:51:48,183:DEBUG:certbot._internal.log:Root logging level set at 30
2021-08-07 20:51:48,184:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2021-08-07 20:51:48,187:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f0a2b35a978>
Prep: True
2021-08-07 20:51:48,188:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f0a2b35a978> and installer None
2021-08-07 20:51:48,188:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-08-07 20:51:48,199:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/126590777', new_authzr_uri=None, terms_of_service=None), 453e9dfd311338c9f17d679125cf65c9, Meta(creation_dt=datetime.datetime(2021, 6, 10, 2, 59, 20, tzinfo=<UTC>), creation_host='2a6c1c54a134', register_to_eff=None))>
2021-08-07 20:51:48,200:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-08-07 20:51:48,203:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-08-07 20:51:48,392:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-08-07 20:51:48,393:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 07 Aug 2021 21:01:52 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "Yy-2vWokHFk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-08-07 20:51:48,394:DEBUG:certbot.display.util:Notifying user: Requesting a certificate for n1.t4l35.site
2021-08-07 20:51:48,473:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0012_key-certbot.pem
2021-08-07 20:51:48,475:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0012_csr-certbot.pem
2021-08-07 20:51:48,476:DEBUG:acme.client:Requesting fresh nonce
2021-08-07 20:51:48,476:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-08-07 20:51:48,520:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-08-07 20:51:48,521:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 07 Aug 2021 21:01:53 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101cu5exVAVDsY3RFds9sfuAsTcbUduTfP9wwFt54hnW4s
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-08-07 20:51:48,522:DEBUG:acme.client:Storing nonce: 0101cu5exVAVDsY3RFds9sfuAsTcbUduTfP9wwFt54hnW4s
2021-08-07 20:51:48,522:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "n1.t4l35.site"\n    }\n  ]\n}'
2021-08-07 20:51:48,525:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI2NTkwNzc3IiwgIm5vbmNlIjogIjAxMDFjdTVleFZBVkRzWTNSRmRzOXNmdUFzVGNiVWR1VGZQOXd3RnQ1NGhuVzRzIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "ZeL08fLgmZmxRWj0Q4WUp-0GZTttAchJ_WsgPTcDz4vDpdnAXGmE_fOTArfVUbeRavemSnDGIXin3gnGIzOdBCChk0iIanUeMBkuc4zBTiNdb0l5hem6c326gHFnCXEu7psG1w6aljtIFx0ynzw42kTDSTaTXVJJPsZqjZvgnS3T-pt7e-wCF0rTzpeeEgLCYFlIzvnVF9LKB0Lre1ufCwZyKGkHKkjHv9Ljax4NLPJy4F3rvldwLGubLyhv5nBRJcn4wEPCY2b7rfhSzyca5wKYhhkubc0j0afX544_lc-Z3-2FI8l0ewlWwesz543MvdR6bfiiomCJb6F3oiTTag",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm4xLnQ0bDM1LnNpdGUiCiAgICB9CiAgXQp9"
}
2021-08-07 20:51:48,740:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 336
2021-08-07 20:51:48,741:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sat, 07 Aug 2021 21:01:53 GMT
Content-Type: application/json
Content-Length: 336
Connection: keep-alive
Boulder-Requester: 126590777
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/126590777/15258772520
Replay-Nonce: 0101I9UUwEI5UimOUjts7k8jPn6IhdrNagwbOQ05xokvDSU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-08-14T21:01:53Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "n1.t4l35.site"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/19858791360"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/126590777/15258772520"
}
2021-08-07 20:51:48,741:DEBUG:acme.client:Storing nonce: 0101I9UUwEI5UimOUjts7k8jPn6IhdrNagwbOQ05xokvDSU
2021-08-07 20:51:48,741:DEBUG:acme.client:JWS payload:
b''
2021-08-07 20:51:48,743:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/19858791360:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI2NTkwNzc3IiwgIm5vbmNlIjogIjAxMDFJOVVVd0VJNVVpbU9VanRzN2s4alBuNkloZHJOYWd3Yk9RMDV4b2t2RFNVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xOTg1ODc5MTM2MCJ9",
  "signature": "H7kgyZIv0uS-Ag1nZs3it6yx4MU6zTrmAHQmVYmALxv_RhN-YeYxWn9It-5intFc8Ud3LxO5BrdMo-YJ1PibhWsHZ9DquD8DqxSkBdMqDbfls5gL3XtamqGFk1gPqqbqNyRrSfwc4SF-O0KzO7TghLm9DnbYSe2pyLMi_JHgbYTkmlEm8IcDFl7WYOYkUWz5ge-EoXRtskxzJPlnl_c0gWKwqInfW9FVWQxPgG5X_qDH16K5mHyvASKHKqkE6bkb-SaR7AZgEImPEkbOgkI1rWB9ZIM1zv9Sg674PxYCX3Wcab_c1qqpX4E4sew7niKbX1PqJolWBTyxkh9ciSQJAQ",
  "payload": ""
}
2021-08-07 20:51:48,816:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/19858791360 HTTP/1.1" 200 794
2021-08-07 20:51:48,816:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 07 Aug 2021 21:01:53 GMT
Content-Type: application/json
Content-Length: 794
Connection: keep-alive
Boulder-Requester: 126590777
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102PZIo8u2K3MRzirogaz4WRNkaIplFjUD6MKjTFSAAM38
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "n1.t4l35.site"
  },
  "status": "pending",
  "expires": "2021-08-14T21:01:53Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/ZUzLqQ",
      "token": "7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/Zw0u3g",
      "token": "7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/JkvCXQ",
      "token": "7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM"
    }
  ]
}
2021-08-07 20:51:48,817:DEBUG:acme.client:Storing nonce: 0102PZIo8u2K3MRzirogaz4WRNkaIplFjUD6MKjTFSAAM38
2021-08-07 20:51:48,817:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-08-07 20:51:48,817:INFO:certbot._internal.auth_handler:http-01 challenge for n1.t4l35.site
2021-08-07 20:51:48,817:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2021-08-07 20:51:48,817:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2021-08-07 20:51:48,818:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM
2021-08-07 20:51:48,819:DEBUG:acme.client:JWS payload:
b'{}'
2021-08-07 20:51:48,820:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/ZUzLqQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI2NTkwNzc3IiwgIm5vbmNlIjogIjAxMDJQWklvOHUySzNNUnppcm9nYXo0V1JOa2FJcGxGalVENk1LalRGU0FBTTM4IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xOTg1ODc5MTM2MC9aVXpMcVEifQ",
  "signature": "d25jBTD3RAF3zARuxRWxrTcurAX3K3hYDgt51XB0ELTp5NyEMIyrggmxTeNGW73plOm7V5TqikMfdLFap536TRv7Zv0d83qgEgcWzd1VxaNs-ErYs5Y_4ELIZxss5tirJvu7l6h51XY4s36zP75ya7C9bJBAKvwN2rDXkLqMAERPjMXKSOa2PfqXsHpYWK2UWtyatEsVy09j6R60i8xpcPq7uKUMQ1BwoGuMtc5M74TAAh1XZ1FLbtYRQVYrDw8qUhshl2UcH7TOg_3Gr8lRDLlbUk2vVy2lP1OVnrBb6fVwLvxX_MeneDuxEit63bniHVSbWh5nj4Zo56VNtEQwFA",
  "payload": "e30"
}
2021-08-07 20:51:48,932:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/19858791360/ZUzLqQ HTTP/1.1" 200 186
2021-08-07 20:51:48,933:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 07 Aug 2021 21:01:53 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 126590777
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/19858791360>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/ZUzLqQ
Replay-Nonce: 0101zJKg3vdijm3k6MxbC0ksY9NmVRU7wgSYPCfTEOZy0TM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/ZUzLqQ",
  "token": "7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM"
}
2021-08-07 20:51:48,933:DEBUG:acme.client:Storing nonce: 0101zJKg3vdijm3k6MxbC0ksY9NmVRU7wgSYPCfTEOZy0TM
2021-08-07 20:51:48,933:INFO:certbot._internal.auth_handler:Waiting for verification...
2021-08-07 20:51:49,935:DEBUG:acme.client:JWS payload:
b''
2021-08-07 20:51:49,937:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/19858791360:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI2NTkwNzc3IiwgIm5vbmNlIjogIjAxMDF6SktnM3ZkaWptM2s2TXhiQzBrc1k5Tm1WUlU3d2dTWVBDZlRFT1p5MFRNIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xOTg1ODc5MTM2MCJ9",
  "signature": "AehLKcVRLg-Vb2kvj9jSYH9DI12w9N4Vqfcw5adD1EcBkiSQ1pcvFID4Mxa4GbTaYdJYOICVr02ZwmEmtaTn7ewJSuI0Fg3KPuZwrq7UzpxzH6rzG_WXUfjxGzQizBm5Jt09n1-KBKdKE1CohlsNwNPRPnga6ORB47FZqh_lvZsFrkpmOz7LLyKO9wK16A2wCN2Co1p4oGLkV4rbBraC7mNPwjJpuIcAte4iB5t2V7NSaQMuyOO2VRQNa79rDvOCcDcUqgC5VpgNOs75CP1eV85L4QPRPCWKD8OsbRGPwu_mccInWSODJilZUNtAr2Laa9fKQU4a_9GNrQ1LNfw6zA",
  "payload": ""
}
2021-08-07 20:51:50,014:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/19858791360 HTTP/1.1" 200 1321
2021-08-07 20:51:50,015:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 07 Aug 2021 21:01:54 GMT
Content-Type: application/json
Content-Length: 1321
Connection: keep-alive
Boulder-Requester: 126590777
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102IYljwRC_FJ3MkHUjtTyduB1yceYiRiC3z9yi_WnbAVk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "n1.t4l35.site"
  },
  "status": "invalid",
  "expires": "2021-08-14T21:01:53Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "Invalid response from http://n1.t4l35.site/.well-known/acme-challenge/7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM [209.145.50.150]: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003eopenresty\u003c/cente\"",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/ZUzLqQ",
      "token": "7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM",
      "validationRecord": [
        {
          "url": "http://n1.t4l35.site/.well-known/acme-challenge/7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM",
          "hostname": "n1.t4l35.site",
          "port": "80",
          "addressesResolved": [
            "209.145.50.150",
            "198.98.60.69"
          ],
          "addressUsed": "209.145.50.150"
        }
      ],
      "validated": "2021-08-07T21:01:53Z"
    }
  ]
}
2021-08-07 20:51:50,015:DEBUG:acme.client:Storing nonce: 0102IYljwRC_FJ3MkHUjtTyduB1yceYiRiC3z9yi_WnbAVk
2021-08-07 20:51:50,016:INFO:certbot._internal.auth_handler:Challenge failed for domain n1.t4l35.site
2021-08-07 20:51:50,016:INFO:certbot._internal.auth_handler:http-01 challenge for n1.t4l35.site
2021-08-07 20:51:50,016:DEBUG:certbot.display.util:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: n1.t4l35.site
  Type:   unauthorized
  Detail: Invalid response from http://n1.t4l35.site/.well-known/acme-challenge/7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM [209.145.50.150]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>openresty</cente"

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2021-08-07 20:51:50,017:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 93, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 181, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2021-08-07 20:51:50,017:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-08-07 20:51:50,017:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-08-07 20:51:50,017:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM
2021-08-07 20:51:50,018:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2021-08-07 20:51:50,019:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1574, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1435, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 128, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 445, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 375, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 425, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 93, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 181, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-08-07 20:51:50,021:ERROR:certbot._internal.log:Some challenges have failed.

Originally created by @talesam on GitHub (Aug 7, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1297 I'm trying to create a certificate but it's giving an error. Ports 80 and 443 are open. ERROR: ``` Error: Command failed: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-22" --agree-tos --email "talesam@gmail.com" --preferred-challenges "dns,http" --domains "n1.t4l35.site" Saving debug log to /var/log/letsencrypt/letsencrypt.log Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. at ChildProcess.exithandler (node:child_process:326:12) at ChildProcess.emit (node:events:369:20) at maybeClose (node:internal/child_process:1067:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5) ```  <details><summary>Letsencrypt Log</summary> ``` 2021-08-07 20:51:48,168:DEBUG:certbot._internal.main:certbot version: 1.17.0 2021-08-07 20:51:48,168:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot 2021-08-07 20:51:48,168:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-22', '--agree-tos', '--email', 'talesam@gmail.com', '--preferred-challenges', 'dns,http', '--domains', 'n1.t4l35.site'] 2021-08-07 20:51:48,168:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2021-08-07 20:51:48,183:DEBUG:certbot._internal.log:Root logging level set at 30 2021-08-07 20:51:48,184:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None 2021-08-07 20:51:48,187:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot Description: Place files in webroot directory Interfaces: IAuthenticator, IPlugin Entry point: webroot = certbot._internal.plugins.webroot:Authenticator Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f0a2b35a978> Prep: True 2021-08-07 20:51:48,188:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f0a2b35a978> and installer None 2021-08-07 20:51:48,188:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None 2021-08-07 20:51:48,199:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/126590777', new_authzr_uri=None, terms_of_service=None), 453e9dfd311338c9f17d679125cf65c9, Meta(creation_dt=datetime.datetime(2021, 6, 10, 2, 59, 20, tzinfo=<UTC>), creation_host='2a6c1c54a134', register_to_eff=None))> 2021-08-07 20:51:48,200:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. 2021-08-07 20:51:48,203:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443 2021-08-07 20:51:48,392:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658 2021-08-07 20:51:48,393:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sat, 07 Aug 2021 21:01:52 GMT Content-Type: application/json Content-Length: 658 Connection: keep-alive Cache-Control: public, max-age=0, no-cache X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "Yy-2vWokHFk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" } 2021-08-07 20:51:48,394:DEBUG:certbot.display.util:Notifying user: Requesting a certificate for n1.t4l35.site 2021-08-07 20:51:48,473:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0012_key-certbot.pem 2021-08-07 20:51:48,475:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0012_csr-certbot.pem 2021-08-07 20:51:48,476:DEBUG:acme.client:Requesting fresh nonce 2021-08-07 20:51:48,476:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce. 2021-08-07 20:51:48,520:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0 2021-08-07 20:51:48,521:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sat, 07 Aug 2021 21:01:53 GMT Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: 0101cu5exVAVDsY3RFds9sfuAsTcbUduTfP9wwFt54hnW4s X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 2021-08-07 20:51:48,522:DEBUG:acme.client:Storing nonce: 0101cu5exVAVDsY3RFds9sfuAsTcbUduTfP9wwFt54hnW4s 2021-08-07 20:51:48,522:DEBUG:acme.client:JWS payload: b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "n1.t4l35.site"\n }\n ]\n}' 2021-08-07 20:51:48,525:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI2NTkwNzc3IiwgIm5vbmNlIjogIjAxMDFjdTVleFZBVkRzWTNSRmRzOXNmdUFzVGNiVWR1VGZQOXd3RnQ1NGhuVzRzIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ", "signature": "ZeL08fLgmZmxRWj0Q4WUp-0GZTttAchJ_WsgPTcDz4vDpdnAXGmE_fOTArfVUbeRavemSnDGIXin3gnGIzOdBCChk0iIanUeMBkuc4zBTiNdb0l5hem6c326gHFnCXEu7psG1w6aljtIFx0ynzw42kTDSTaTXVJJPsZqjZvgnS3T-pt7e-wCF0rTzpeeEgLCYFlIzvnVF9LKB0Lre1ufCwZyKGkHKkjHv9Ljax4NLPJy4F3rvldwLGubLyhv5nBRJcn4wEPCY2b7rfhSzyca5wKYhhkubc0j0afX544_lc-Z3-2FI8l0ewlWwesz543MvdR6bfiiomCJb6F3oiTTag", "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm4xLnQ0bDM1LnNpdGUiCiAgICB9CiAgXQp9" } 2021-08-07 20:51:48,740:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 336 2021-08-07 20:51:48,741:DEBUG:acme.client:Received response: HTTP 201 Server: nginx Date: Sat, 07 Aug 2021 21:01:53 GMT Content-Type: application/json Content-Length: 336 Connection: keep-alive Boulder-Requester: 126590777 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Location: https://acme-v02.api.letsencrypt.org/acme/order/126590777/15258772520 Replay-Nonce: 0101I9UUwEI5UimOUjts7k8jPn6IhdrNagwbOQ05xokvDSU X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "status": "pending", "expires": "2021-08-14T21:01:53Z", "identifiers": [ { "type": "dns", "value": "n1.t4l35.site" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz-v3/19858791360" ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/126590777/15258772520" } 2021-08-07 20:51:48,741:DEBUG:acme.client:Storing nonce: 0101I9UUwEI5UimOUjts7k8jPn6IhdrNagwbOQ05xokvDSU 2021-08-07 20:51:48,741:DEBUG:acme.client:JWS payload: b'' 2021-08-07 20:51:48,743:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/19858791360: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI2NTkwNzc3IiwgIm5vbmNlIjogIjAxMDFJOVVVd0VJNVVpbU9VanRzN2s4alBuNkloZHJOYWd3Yk9RMDV4b2t2RFNVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xOTg1ODc5MTM2MCJ9", "signature": "H7kgyZIv0uS-Ag1nZs3it6yx4MU6zTrmAHQmVYmALxv_RhN-YeYxWn9It-5intFc8Ud3LxO5BrdMo-YJ1PibhWsHZ9DquD8DqxSkBdMqDbfls5gL3XtamqGFk1gPqqbqNyRrSfwc4SF-O0KzO7TghLm9DnbYSe2pyLMi_JHgbYTkmlEm8IcDFl7WYOYkUWz5ge-EoXRtskxzJPlnl_c0gWKwqInfW9FVWQxPgG5X_qDH16K5mHyvASKHKqkE6bkb-SaR7AZgEImPEkbOgkI1rWB9ZIM1zv9Sg674PxYCX3Wcab_c1qqpX4E4sew7niKbX1PqJolWBTyxkh9ciSQJAQ", "payload": "" } 2021-08-07 20:51:48,816:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/19858791360 HTTP/1.1" 200 794 2021-08-07 20:51:48,816:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sat, 07 Aug 2021 21:01:53 GMT Content-Type: application/json Content-Length: 794 Connection: keep-alive Boulder-Requester: 126590777 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: 0102PZIo8u2K3MRzirogaz4WRNkaIplFjUD6MKjTFSAAM38 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "n1.t4l35.site" }, "status": "pending", "expires": "2021-08-14T21:01:53Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/ZUzLqQ", "token": "7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM" }, { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/Zw0u3g", "token": "7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/JkvCXQ", "token": "7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM" } ] } 2021-08-07 20:51:48,817:DEBUG:acme.client:Storing nonce: 0102PZIo8u2K3MRzirogaz4WRNkaIplFjUD6MKjTFSAAM38 2021-08-07 20:51:48,817:INFO:certbot._internal.auth_handler:Performing the following challenges: 2021-08-07 20:51:48,817:INFO:certbot._internal.auth_handler:http-01 challenge for n1.t4l35.site 2021-08-07 20:51:48,817:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. 2021-08-07 20:51:48,817:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge 2021-08-07 20:51:48,818:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM 2021-08-07 20:51:48,819:DEBUG:acme.client:JWS payload: b'{}' 2021-08-07 20:51:48,820:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/ZUzLqQ: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI2NTkwNzc3IiwgIm5vbmNlIjogIjAxMDJQWklvOHUySzNNUnppcm9nYXo0V1JOa2FJcGxGalVENk1LalRGU0FBTTM4IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xOTg1ODc5MTM2MC9aVXpMcVEifQ", "signature": "d25jBTD3RAF3zARuxRWxrTcurAX3K3hYDgt51XB0ELTp5NyEMIyrggmxTeNGW73plOm7V5TqikMfdLFap536TRv7Zv0d83qgEgcWzd1VxaNs-ErYs5Y_4ELIZxss5tirJvu7l6h51XY4s36zP75ya7C9bJBAKvwN2rDXkLqMAERPjMXKSOa2PfqXsHpYWK2UWtyatEsVy09j6R60i8xpcPq7uKUMQ1BwoGuMtc5M74TAAh1XZ1FLbtYRQVYrDw8qUhshl2UcH7TOg_3Gr8lRDLlbUk2vVy2lP1OVnrBb6fVwLvxX_MeneDuxEit63bniHVSbWh5nj4Zo56VNtEQwFA", "payload": "e30" } 2021-08-07 20:51:48,932:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/19858791360/ZUzLqQ HTTP/1.1" 200 186 2021-08-07 20:51:48,933:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sat, 07 Aug 2021 21:01:53 GMT Content-Type: application/json Content-Length: 186 Connection: keep-alive Boulder-Requester: 126590777 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/19858791360>;rel="up" Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/ZUzLqQ Replay-Nonce: 0101zJKg3vdijm3k6MxbC0ksY9NmVRU7wgSYPCfTEOZy0TM X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/ZUzLqQ", "token": "7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM" } 2021-08-07 20:51:48,933:DEBUG:acme.client:Storing nonce: 0101zJKg3vdijm3k6MxbC0ksY9NmVRU7wgSYPCfTEOZy0TM 2021-08-07 20:51:48,933:INFO:certbot._internal.auth_handler:Waiting for verification... 2021-08-07 20:51:49,935:DEBUG:acme.client:JWS payload: b'' 2021-08-07 20:51:49,937:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/19858791360: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI2NTkwNzc3IiwgIm5vbmNlIjogIjAxMDF6SktnM3ZkaWptM2s2TXhiQzBrc1k5Tm1WUlU3d2dTWVBDZlRFT1p5MFRNIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xOTg1ODc5MTM2MCJ9", "signature": "AehLKcVRLg-Vb2kvj9jSYH9DI12w9N4Vqfcw5adD1EcBkiSQ1pcvFID4Mxa4GbTaYdJYOICVr02ZwmEmtaTn7ewJSuI0Fg3KPuZwrq7UzpxzH6rzG_WXUfjxGzQizBm5Jt09n1-KBKdKE1CohlsNwNPRPnga6ORB47FZqh_lvZsFrkpmOz7LLyKO9wK16A2wCN2Co1p4oGLkV4rbBraC7mNPwjJpuIcAte4iB5t2V7NSaQMuyOO2VRQNa79rDvOCcDcUqgC5VpgNOs75CP1eV85L4QPRPCWKD8OsbRGPwu_mccInWSODJilZUNtAr2Laa9fKQU4a_9GNrQ1LNfw6zA", "payload": "" } 2021-08-07 20:51:50,014:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/19858791360 HTTP/1.1" 200 1321 2021-08-07 20:51:50,015:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sat, 07 Aug 2021 21:01:54 GMT Content-Type: application/json Content-Length: 1321 Connection: keep-alive Boulder-Requester: 126590777 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: 0102IYljwRC_FJ3MkHUjtTyduB1yceYiRiC3z9yi_WnbAVk X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "n1.t4l35.site" }, "status": "invalid", "expires": "2021-08-14T21:01:53Z", "challenges": [ { "type": "http-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "Invalid response from http://n1.t4l35.site/.well-known/acme-challenge/7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM [209.145.50.150]: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003eopenresty\u003c/cente\"", "status": 403 }, "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/19858791360/ZUzLqQ", "token": "7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM", "validationRecord": [ { "url": "http://n1.t4l35.site/.well-known/acme-challenge/7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM", "hostname": "n1.t4l35.site", "port": "80", "addressesResolved": [ "209.145.50.150", "198.98.60.69" ], "addressUsed": "209.145.50.150" } ], "validated": "2021-08-07T21:01:53Z" } ] } 2021-08-07 20:51:50,015:DEBUG:acme.client:Storing nonce: 0102IYljwRC_FJ3MkHUjtTyduB1yceYiRiC3z9yi_WnbAVk 2021-08-07 20:51:50,016:INFO:certbot._internal.auth_handler:Challenge failed for domain n1.t4l35.site 2021-08-07 20:51:50,016:INFO:certbot._internal.auth_handler:http-01 challenge for n1.t4l35.site 2021-08-07 20:51:50,016:DEBUG:certbot.display.util:Notifying user: Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: n1.t4l35.site Type: unauthorized Detail: Invalid response from http://n1.t4l35.site/.well-known/acme-challenge/7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM [209.145.50.150]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>openresty</cente" Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet. 2021-08-07 20:51:50,017:DEBUG:certbot._internal.error_handler:Encountered exception: Traceback (most recent call last): File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 93, in handle_authorizations self._poll_authorizations(authzrs, max_retries, best_effort) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 181, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2021-08-07 20:51:50,017:DEBUG:certbot._internal.error_handler:Calling registered functions 2021-08-07 20:51:50,017:INFO:certbot._internal.auth_handler:Cleaning up challenges 2021-08-07 20:51:50,017:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/7NbxNjK3MQNOoxSjXFZYs6YHL45J4QcZklHm9vOdONM 2021-08-07 20:51:50,018:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up 2021-08-07 20:51:50,019:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/opt/certbot/bin/certbot", line 8, in <module> sys.exit(main()) File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 15, in main return internal_main.main(cli_args) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1574, in main return config.func(config, plugins) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1435, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 128, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 445, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 375, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 425, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 93, in handle_authorizations self._poll_authorizations(authzrs, max_retries, best_effort) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 181, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2021-08-07 20:51:50,021:ERROR:certbot._internal.log:Some challenges have failed. ``` </details>

kerem 2026-02-26 06:35:32 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-02-26 06:35:32 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (Aug 8, 2021):

Are you sure the domain is set up to point to the correct server? Could you try updating to v2.9.7 and see if the issue persists?

<!-- gh-comment-id:894772806 --> @chaptergy commented on GitHub (Aug 8, 2021): Are you sure the domain is set up to point to the correct server? Could you try updating to v2.9.7 and see if the issue persists?

kerem commented 2026-02-26 06:35:32 +03:00

Author

Owner

Copy link

@talesam commented on GitHub (Aug 8, 2021):

Yes, domain is for the correct IP. If I access IP:81 from NPM, it works better, with the domain it's giving an error, but before that it wasn't possible. I will update and test.

<!-- gh-comment-id:894856363 --> @talesam commented on GitHub (Aug 8, 2021): Yes, domain is for the correct IP. If I access IP:81 from NPM, it works better, with the domain it's giving an error, but before that it wasn't possible. I will update and test.

kerem commented 2026-02-26 06:35:32 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (Aug 12, 2021):

Have you enabled the Use DNS Challenge toggle?

If your issue still persists even after the update, please post the contents of the file /var/log/letsencrypt/letsencrypt.log in the npm container directly after the error occurs.

<!-- gh-comment-id:897523676 --> @chaptergy commented on GitHub (Aug 12, 2021): Have you enabled the _Use DNS Challenge_ toggle? If your issue still persists even after the update, please post the contents of the file `/var/log/letsencrypt/letsencrypt.log` in the npm container directly after the error occurs.

kerem commented 2026-02-26 06:35:32 +03:00

Author

Owner

Copy link

@ririko5834 commented on GitHub (Aug 23, 2021):

I get same error, when I want to create SSL

<!-- gh-comment-id:903852998 --> @ririko5834 commented on GitHub (Aug 23, 2021): I get same error, when I want to create SSL

kerem commented 2026-02-26 06:35:32 +03:00

Author

Owner

Copy link

@nahuedev commented on GitHub (Sep 5, 2021):

I get same error, when I want to create SSL.I have done tests with several versions, the versions, 2.8.0, 2.9.7 and latest. In no case could I generate certificates.

<!-- gh-comment-id:913219035 --> @nahuedev commented on GitHub (Sep 5, 2021): I get same error, when I want to create SSL.I have done tests with several versions, the versions, 2.8.0, 2.9.7 and latest. In no case could I generate certificates.

kerem commented 2026-02-26 06:35:32 +03:00

Author

Owner

Copy link

@talesam commented on GitHub (Oct 11, 2021):

New oracle server, posts 80 and 443 open, I can't create certificate, internal error appears.

It's a clean install!

NPM version: 2.9.9

Docker log

Generating a RSA private key
[10/11/2021] [11:42:50 PM] [Global   ] › ℹ  info      Generating MySQL db configuration from environment variables
[10/11/2021] [11:42:50 PM] [Global   ] › ℹ  info      Wrote db configuration to config file: ./config/production.json
...........................................................................+++++
..........................+++++
writing new private key to '/data/nginx/dummykey.pem'
-----
Complete
❯ Enabling IPV6 in hosts: /etc/nginx/conf.d
  ❯ /etc/nginx/conf.d/include/force-ssl.conf
  ❯ /etc/nginx/conf.d/include/block-exploits.conf
  ❯ /etc/nginx/conf.d/include/ssl-ciphers.conf
  ❯ /etc/nginx/conf.d/include/ip_ranges.conf
  ❯ /etc/nginx/conf.d/include/proxy.conf
  ❯ /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
  ❯ /etc/nginx/conf.d/include/assets.conf
  ❯ /etc/nginx/conf.d/include/resolvers.conf
  ❯ /etc/nginx/conf.d/production.conf
  ❯ /etc/nginx/conf.d/default.conf
❯ Enabling IPV6 in hosts: /data/nginx
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      Current database version: none
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] Migrating Up...
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] auth Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] user Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] user_permission Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] proxy_host Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] redirection_host Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] dead_host Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] stream Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] access_list Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] certificate Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] access_list_auth Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [initial-schema] audit_log Table created
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [websockets] Migrating Up...
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [websockets] proxy_host Table altered
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [forward_host] Migrating Up...
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [forward_host] proxy_host Table altered
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [http2_support] Migrating Up...
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [http2_support] proxy_host Table altered
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [http2_support] redirection_host Table altered
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [http2_support] dead_host Table altered
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [forward_scheme] Migrating Up...
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [forward_scheme] proxy_host Table altered
[10/11/2021] [11:42:51 PM] [Migrate  ] › ℹ  info      [disabled] Migrating Up...
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [disabled] proxy_host Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [disabled] redirection_host Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [disabled] dead_host Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [disabled] stream Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [custom_locations] Migrating Up...
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [custom_locations] proxy_host Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [hsts] Migrating Up...
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [hsts] proxy_host Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [hsts] redirection_host Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [hsts] dead_host Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [settings] Migrating Up...
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [settings] setting Table created
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [access_list_client] Migrating Up...
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [access_list_client] access_list_client Table created
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [access_list_client] access_list Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [access_list_client_fix] Migrating Up...
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [access_list_client_fix] access_list Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [pass_auth] Migrating Up...
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [pass_auth] access_list Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [redirection_scheme] Migrating Up...
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [redirection_scheme] redirection_host Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [redirection_status_code] Migrating Up...
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [redirection_status_code] redirection_host Table altered
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [stream_domain] Migrating Up...
[10/11/2021] [11:42:52 PM] [Migrate  ] › ℹ  info      [stream_domain] stream Table altered
[10/11/2021] [11:42:52 PM] [Setup    ] › ℹ  info      Creating a new JWT key pair...
[10/11/2021] [11:42:59 PM] [Setup    ] › ℹ  info      Wrote JWT key pair to config file: /app/config/production.json
[10/11/2021] [11:42:59 PM] [Setup    ] › ℹ  info      Creating a new user: admin@example.com with password: changeme
[10/11/2021] [11:42:59 PM] [Setup    ] › ℹ  info      Initial admin setup completed
[10/11/2021] [11:42:59 PM] [Setup    ] › ℹ  info      Logrotate Timer initialized
[10/11/2021] [11:42:59 PM] [Setup    ] › ℹ  info      Default settings added
[10/11/2021] [11:42:59 PM] [Setup    ] › ℹ  info      Logrotate completed.
[10/11/2021] [11:42:59 PM] [IP Ranges] › ℹ  info      Fetching IP Ranges from online services...
[10/11/2021] [11:42:59 PM] [IP Ranges] › ℹ  info      Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[10/11/2021] [11:43:00 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v4
[10/11/2021] [11:43:00 PM] [IP Ranges] › ℹ  info      Fetching https://www.cloudflare.com/ips-v6
[10/11/2021] [11:43:00 PM] [SSL      ] › ℹ  info      Let's Encrypt Renewal Timer initialized
[10/11/2021] [11:43:00 PM] [SSL      ] › ℹ  info      Renewing SSL certs close to expiry...
[10/11/2021] [11:43:00 PM] [IP Ranges] › ℹ  info      IP Ranges Renewal Timer initialized
[10/11/2021] [11:43:00 PM] [Global   ] › ℹ  info      Backend PID 241 listening on port 3000 ...
[10/11/2021] [11:43:00 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[10/11/2021] [11:43:00 PM] [SSL      ] › ℹ  info      Renew Complete
[10/11/2021] [11:43:06 PM] [Express  ] › ⚠  warning   invalid signature
`QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0
`QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0
QueryBuilder#omit is deprecated. This method will be removed in version 3.0
[10/11/2021] [11:49:18 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[10/11/2021] [11:49:18 PM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #1: portainer.t4l35.host
[10/11/2021] [11:49:18 PM] [SSL      ] › ℹ  info      Command: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --agree-tos --authenticator webroot --email "talesam@gmail.com" --preferred-challenges "dns,http" --domains "portainer.t4l35.host" 
[10/11/2021] [11:49:19 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[10/11/2021] [11:49:19 PM] [Express  ] › ⚠  warning   Command failed: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --agree-tos --authenticator webroot --email "talesam@gmail.com" --preferred-challenges "dns,http" --domains "portainer.t4l35.host" 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
The server experienced an internal error :: The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Letsencrypt log

cat /var/log/letsencrypt/letsencrypt.log
2021-10-11 23:49:18,809:DEBUG:certbot._internal.main:certbot version: 1.19.0
2021-10-11 23:49:18,810:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2021-10-11 23:49:18,810:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-1', '--agree-tos', '--authenticator', 'webroot', '--email', 'talesam@gmail.com', '--preferred-challenges', 'dns,http', '--domains', 'portainer.t4l35.host']
2021-10-11 23:49:18,810:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-10-11 23:49:18,823:DEBUG:certbot._internal.log:Root logging level set at 30
2021-10-11 23:49:18,823:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2021-10-11 23:49:18,826:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0xffff8d679b38>
Prep: True
2021-10-11 23:49:18,826:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0xffff8d679b38> and installer None
2021-10-11 23:49:18,826:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-10-11 23:49:18,969:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-10-11 23:49:18,971:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-10-11 23:49:19,745:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 503 178
2021-10-11 23:49:19,746:DEBUG:acme.client:Received response:
HTTP 503
Server: nginx
Date: Mon, 11 Oct 2021 23:49:19 GMT
Content-Type: application/problem+json
Content-Length: 178
Connection: keep-alive
ETag: "611d36fb-b2"

{
  "type": "urn:acme:error:serverInternal",
  "detail": "The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details."
}

2021-10-11 23:49:19,746:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1572, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1414, in certonly
    le_client = _init_le_client(config, auth, installer)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 761, in _init_le_client
    acc, acme = _determine_account(config)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 679, in _determine_account
    config, account_storage, tos_cb=_tos_cb)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 180, in register
    acme = acme_from_config_key(config, key)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 44, in acme_from_config_key
    client = acme_client.BackwardsCompatibleClientV2(net, key, config.server)
  File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 840, in __init__
    directory = messages.Directory.from_json(net.get(server).json())
  File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 1194, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 1087, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:acme:error:serverInternal :: The server experienced an internal error :: The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details.
2021-10-11 23:49:19,747:ERROR:certbot._internal.log:An unexpected error occurred:
2021-10-11 23:49:19,748:ERROR:certbot._internal.log:The server experienced an internal error :: The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details.

<!-- gh-comment-id:940525953 --> @talesam commented on GitHub (Oct 11, 2021): New oracle server, posts 80 and 443 open, I can't create certificate, internal error appears. It's a clean install! NPM version: 2.9.9 <details><summary>Docker log</summary> ``` Generating a RSA private key [10/11/2021] [11:42:50 PM] [Global ] › ℹ info Generating MySQL db configuration from environment variables [10/11/2021] [11:42:50 PM] [Global ] › ℹ info Wrote db configuration to config file: ./config/production.json ...........................................................................+++++ ..........................+++++ writing new private key to '/data/nginx/dummykey.pem' ----- Complete ❯ Enabling IPV6 in hosts: /etc/nginx/conf.d ❯ /etc/nginx/conf.d/include/force-ssl.conf ❯ /etc/nginx/conf.d/include/block-exploits.conf ❯ /etc/nginx/conf.d/include/ssl-ciphers.conf ❯ /etc/nginx/conf.d/include/ip_ranges.conf ❯ /etc/nginx/conf.d/include/proxy.conf ❯ /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf ❯ /etc/nginx/conf.d/include/assets.conf ❯ /etc/nginx/conf.d/include/resolvers.conf ❯ /etc/nginx/conf.d/production.conf ❯ /etc/nginx/conf.d/default.conf ❯ Enabling IPV6 in hosts: /data/nginx [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info Current database version: none [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [initial-schema] Migrating Up... [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [initial-schema] auth Table created [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [initial-schema] user Table created [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [initial-schema] user_permission Table created [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [initial-schema] proxy_host Table created [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [initial-schema] redirection_host Table created [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [initial-schema] dead_host Table created [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [initial-schema] stream Table created [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [initial-schema] access_list Table created [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [initial-schema] certificate Table created [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [initial-schema] access_list_auth Table created [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [initial-schema] audit_log Table created [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [websockets] Migrating Up... [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [websockets] proxy_host Table altered [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [forward_host] Migrating Up... [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [forward_host] proxy_host Table altered [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [http2_support] Migrating Up... [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [http2_support] proxy_host Table altered [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [http2_support] redirection_host Table altered [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [http2_support] dead_host Table altered [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [forward_scheme] Migrating Up... [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [forward_scheme] proxy_host Table altered [10/11/2021] [11:42:51 PM] [Migrate ] › ℹ info [disabled] Migrating Up... [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [disabled] proxy_host Table altered [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [disabled] redirection_host Table altered [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [disabled] dead_host Table altered [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [disabled] stream Table altered [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [custom_locations] Migrating Up... [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [custom_locations] proxy_host Table altered [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [hsts] Migrating Up... [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [hsts] proxy_host Table altered [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [hsts] redirection_host Table altered [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [hsts] dead_host Table altered [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [settings] Migrating Up... [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [settings] setting Table created [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [access_list_client] Migrating Up... [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [access_list_client] access_list_client Table created [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [access_list_client] access_list Table altered [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [access_list_client_fix] Migrating Up... [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [access_list_client_fix] access_list Table altered [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [pass_auth] Migrating Up... [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [pass_auth] access_list Table altered [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [redirection_scheme] Migrating Up... [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [redirection_scheme] redirection_host Table altered [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [redirection_status_code] Migrating Up... [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [redirection_status_code] redirection_host Table altered [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [stream_domain] Migrating Up... [10/11/2021] [11:42:52 PM] [Migrate ] › ℹ info [stream_domain] stream Table altered [10/11/2021] [11:42:52 PM] [Setup ] › ℹ info Creating a new JWT key pair... [10/11/2021] [11:42:59 PM] [Setup ] › ℹ info Wrote JWT key pair to config file: /app/config/production.json [10/11/2021] [11:42:59 PM] [Setup ] › ℹ info Creating a new user: admin@example.com with password: changeme [10/11/2021] [11:42:59 PM] [Setup ] › ℹ info Initial admin setup completed [10/11/2021] [11:42:59 PM] [Setup ] › ℹ info Logrotate Timer initialized [10/11/2021] [11:42:59 PM] [Setup ] › ℹ info Default settings added [10/11/2021] [11:42:59 PM] [Setup ] › ℹ info Logrotate completed. [10/11/2021] [11:42:59 PM] [IP Ranges] › ℹ info Fetching IP Ranges from online services... [10/11/2021] [11:42:59 PM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json [10/11/2021] [11:43:00 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4 [10/11/2021] [11:43:00 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6 [10/11/2021] [11:43:00 PM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized [10/11/2021] [11:43:00 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry... [10/11/2021] [11:43:00 PM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized [10/11/2021] [11:43:00 PM] [Global ] › ℹ info Backend PID 241 listening on port 3000 ... [10/11/2021] [11:43:00 PM] [Nginx ] › ℹ info Reloading Nginx [10/11/2021] [11:43:00 PM] [SSL ] › ℹ info Renew Complete [10/11/2021] [11:43:06 PM] [Express ] › ⚠ warning invalid signature `QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0 `QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0 QueryBuilder#omit is deprecated. This method will be removed in version 3.0 [10/11/2021] [11:49:18 PM] [Nginx ] › ℹ info Reloading Nginx [10/11/2021] [11:49:18 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #1: portainer.t4l35.host [10/11/2021] [11:49:18 PM] [SSL ] › ℹ info Command: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --agree-tos --authenticator webroot --email "talesam@gmail.com" --preferred-challenges "dns,http" --domains "portainer.t4l35.host" [10/11/2021] [11:49:19 PM] [Nginx ] › ℹ info Reloading Nginx [10/11/2021] [11:49:19 PM] [Express ] › ⚠ warning Command failed: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --agree-tos --authenticator webroot --email "talesam@gmail.com" --preferred-challenges "dns,http" --domains "portainer.t4l35.host" Saving debug log to /var/log/letsencrypt/letsencrypt.log An unexpected error occurred: The server experienced an internal error :: The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. ``` </details> <details><summary>Letsencrypt log</summary> ``` cat /var/log/letsencrypt/letsencrypt.log 2021-10-11 23:49:18,809:DEBUG:certbot._internal.main:certbot version: 1.19.0 2021-10-11 23:49:18,810:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot 2021-10-11 23:49:18,810:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-1', '--agree-tos', '--authenticator', 'webroot', '--email', 'talesam@gmail.com', '--preferred-challenges', 'dns,http', '--domains', 'portainer.t4l35.host'] 2021-10-11 23:49:18,810:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2021-10-11 23:49:18,823:DEBUG:certbot._internal.log:Root logging level set at 30 2021-10-11 23:49:18,823:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None 2021-10-11 23:49:18,826:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot Description: Place files in webroot directory Interfaces: Authenticator, Plugin Entry point: webroot = certbot._internal.plugins.webroot:Authenticator Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0xffff8d679b38> Prep: True 2021-10-11 23:49:18,826:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0xffff8d679b38> and installer None 2021-10-11 23:49:18,826:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None 2021-10-11 23:49:18,969:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. 2021-10-11 23:49:18,971:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443 2021-10-11 23:49:19,745:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 503 178 2021-10-11 23:49:19,746:DEBUG:acme.client:Received response: HTTP 503 Server: nginx Date: Mon, 11 Oct 2021 23:49:19 GMT Content-Type: application/problem+json Content-Length: 178 Connection: keep-alive ETag: "611d36fb-b2" { "type": "urn:acme:error:serverInternal", "detail": "The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details." } 2021-10-11 23:49:19,746:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/opt/certbot/bin/certbot", line 8, in <module> sys.exit(main()) File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 15, in main return internal_main.main(cli_args) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1572, in main return config.func(config, plugins) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1414, in certonly le_client = _init_le_client(config, auth, installer) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 761, in _init_le_client acc, acme = _determine_account(config) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 679, in _determine_account config, account_storage, tos_cb=_tos_cb) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 180, in register acme = acme_from_config_key(config, key) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 44, in acme_from_config_key client = acme_client.BackwardsCompatibleClientV2(net, key, config.server) File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 840, in __init__ directory = messages.Directory.from_json(net.get(server).json()) File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 1194, in get self._send_request('GET', url, **kwargs), content_type=content_type) File "/opt/certbot/lib/python3.7/site-packages/acme/client.py", line 1087, in _check_response raise messages.Error.from_json(jobj) acme.messages.Error: urn:acme:error:serverInternal :: The server experienced an internal error :: The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details. 2021-10-11 23:49:19,747:ERROR:certbot._internal.log:An unexpected error occurred: 2021-10-11 23:49:19,748:ERROR:certbot._internal.log:The server experienced an internal error :: The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details. ``` </details>

kerem commented 2026-02-26 06:35:33 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (Oct 12, 2021):

@talesam This time your error is different. As it says in the both of the logs:

The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details.

As you can see on the letsencrypt status page the issuance was temporarily unavailable that night. Please retry.

<!-- gh-comment-id:940822579 --> @chaptergy commented on GitHub (Oct 12, 2021): @talesam This time your error is different. As it says in the both of the logs: ``` The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details. ``` As you can see [on the letsencrypt status page](https://letsencrypt.status.io/pages/history/55957a99e800baa4470002da) the issuance was temporarily unavailable that night. Please retry.

kerem commented 2026-02-26 06:35:33 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (Oct 12, 2021):

@ririko5834 @nahuedev and to everyone who encounters Some challenges have failed.: The error is extremely generic and could mean anything. It is necessary you provide the letsencrypt log in order to have any chance at finding the issue. Please see https://github.com/jc21/nginx-proxy-manager/issues/1271#user-content-certificate-error on how to do that.

<!-- gh-comment-id:940826702 --> @chaptergy commented on GitHub (Oct 12, 2021): @ririko5834 @nahuedev and to everyone who encounters `Some challenges have failed.`: The error is extremely generic and could mean anything. It is necessary you provide the letsencrypt log in order to have any chance at finding the issue. Please see https://github.com/jc21/nginx-proxy-manager/issues/1271#user-content-certificate-error on how to do that.

kerem commented 2026-02-26 06:35:33 +03:00

Author

Owner

Copy link

@talesam commented on GitHub (Oct 12, 2021):

@talesam Desta vez, seu erro é diferente. Como está escrito em ambos os logs:

The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details.

Como você pode ver na página de status letsencrypt, a emissão estava temporariamente indisponível naquela noite. Por favor tente novamente.

Still with error...

Error: Command failed: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-4" --agree-tos --authenticator webroot --email "talesam@gmail.com" --preferred-challenges "dns,http" --domains "portainer.t4l35.host" 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

    at ChildProcess.exithandler (node:child_process:397:12)
    at ChildProcess.emit (node:events:394:28)
    at maybeClose (node:internal/child_process:1064:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)
    ```
     

<!-- gh-comment-id:941142770 --> @talesam commented on GitHub (Oct 12, 2021): > @talesam Desta vez, seu erro é diferente. Como está escrito em ambos os logs: > > ``` > The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details. > ``` > > Como você pode ver [na página de status letsencrypt,](https://letsencrypt.status.io/pages/history/55957a99e800baa4470002da) a emissão estava temporariamente indisponível naquela noite. Por favor tente novamente. Still with error...  ``` Error: Command failed: certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-4" --agree-tos --authenticator webroot --email "talesam@gmail.com" --preferred-challenges "dns,http" --domains "portainer.t4l35.host" Saving debug log to /var/log/letsencrypt/letsencrypt.log Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. at ChildProcess.exithandler (node:child_process:397:12) at ChildProcess.emit (node:events:394:28) at maybeClose (node:internal/child_process:1064:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5) ```

kerem commented 2026-02-26 06:35:33 +03:00

Author

Owner

Copy link

@talesam commented on GitHub (Oct 13, 2021):

Log error:

[root@docker-2975096e2791:/app]# cat /var/log/letsencrypt/letsencrypt.log
2021-10-13 23:37:54,671:DEBUG:certbot._internal.main:certbot version: 1.19.0
2021-10-13 23:37:54,672:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2021-10-13 23:37:54,672:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-6', '--agree-tos', '--authenticator', 'webroot', '--email', 'talesam@gmail.com', '--preferred-challenges', 'dns,http', '--domains', 'portainer.t4l35.host']
2021-10-13 23:37:54,672:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-10-13 23:37:54,685:DEBUG:certbot._internal.log:Root logging level set at 30
2021-10-13 23:37:54,686:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2021-10-13 23:37:54,688:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0xffff95077a90>
Prep: True
2021-10-13 23:37:54,688:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0xffff95077a90> and installer None
2021-10-13 23:37:54,688:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-10-13 23:37:54,705:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/236307560', new_authzr_uri=None, terms_of_service=None), 9c551d352acbefa090bc2138f79d75f1, Meta(creation_dt=datetime.datetime(2021, 10, 12, 15, 49, 35, tzinfo=<UTC>), creation_host='2975096e2791', register_to_eff=None))>
2021-10-13 23:37:54,706:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-10-13 23:37:54,708:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-10-13 23:37:55,524:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-10-13 23:37:55,525:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 13 Oct 2021 23:37:55 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "rDAdBkYkans": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-10-13 23:37:55,526:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for portainer.t4l35.host
2021-10-13 23:37:55,532:DEBUG:certbot.crypto_util:Generating ECDSA key (2048 bits): /etc/letsencrypt/keys/0004_key-certbot.pem
2021-10-13 23:37:55,535:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0004_csr-certbot.pem
2021-10-13 23:37:55,535:DEBUG:acme.client:Requesting fresh nonce
2021-10-13 23:37:55,536:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-10-13 23:37:55,740:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-10-13 23:37:55,740:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 13 Oct 2021 23:37:55 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002HhH05d6D6bIGxkO1vbnLfnV-jiRU7lXuKm2yDuJ-E4k
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-10-13 23:37:55,740:DEBUG:acme.client:Storing nonce: 0002HhH05d6D6bIGxkO1vbnLfnV-jiRU7lXuKm2yDuJ-E4k
2021-10-13 23:37:55,741:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "portainer.t4l35.host"\n    }\n  ]\n}'
2021-10-13 23:37:55,744:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDJIaEgwNWQ2RDZiSUd4a08xdmJuTGZuVi1qaVJVN2xYdUttMnlEdUotRTRrIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "tgHA1KhKrQkm1rl9EH2QKaq_f8MxikT_Y32PXnw3C0cm6JVqJc6PkJRHAxba_H9N4ucM_FbJ9V0tUp_hU1muTRBW8UIz--coooBTV5I8kLXw3dXB8tm9MNGmI28KksacrSbpXBZXg2an8YhxEitr4QmRMedwJZnsWYvCg9TdbXfhbJZIy5X4Hp5Xd0qQV28KU68IaJioYPkDYd9M2JZb7FfQ3zGmit03L-QPQPgcWsVZH0c0yKMjV9bs41xdeQ6YZoAzVOAZHG3wD7YOMiDS1eiEDyl5tgOsWCvmi9gypaBHX8ez9gsqefLFGnVS7h2uS4RsNU1QFT8HKEaWs3wmFw",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInBvcnRhaW5lci50NGwzNS5ob3N0IgogICAgfQogIF0KfQ"
}
2021-10-13 23:37:55,972:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 343
2021-10-13 23:37:55,973:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 13 Oct 2021 23:37:55 GMT
Content-Type: application/json
Content-Length: 343
Connection: keep-alive
Boulder-Requester: 236307560
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/236307560/31678208840
Replay-Nonce: 0002BFm1adluJbpzbonmb8yYM6CXEVB4K0pU6y9bl6UCXDw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-10-20T23:37:55Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "portainer.t4l35.host"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/236307560/31678208840"
}
2021-10-13 23:37:55,973:DEBUG:acme.client:Storing nonce: 0002BFm1adluJbpzbonmb8yYM6CXEVB4K0pU6y9bl6UCXDw
2021-10-13 23:37:55,973:DEBUG:acme.client:JWS payload:
b''
2021-10-13 23:37:55,977:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDJCRm0xYWRsdUpicHpib25tYjh5WU02Q1hFVkI0SzBwVTZ5OWJsNlVDWER3IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zOTY4NjU5MTg1MCJ9",
  "signature": "pebwZwlCcB4ELExNBYyV7ks5kDavyn4fA7Be1t8lnmUQE9bWSxPb8RxIMMY8zB_wezKevjCkRfa3MwW1iz2JPRkNGUxLt9e8WTcnCTSRakCZzCcGWiURBq34Z1veUw6_N6nSxJRyp42NpAV0ELAOLNsAD1bB8aBSO_Ttkgvl-WafX-3oeI10KgY5nqeiW6qF1T8zTw5Kafnm3GGgScEslkmgbKuP9TMIdI899gCQRKL-TcxNJEkNddwB9IW7h-FX7UABVFkaz_Rff8PrkMHCDIlVonwkGNkQuqdcGWZKQ2wX7dyEV7K-imkjpfhHE0Gt9eJ1Q1NrtioMRRogEXPnoA",
  "payload": ""
}
2021-10-13 23:37:56,186:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/39686591850 HTTP/1.1" 200 801
2021-10-13 23:37:56,187:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 13 Oct 2021 23:37:56 GMT
Content-Type: application/json
Content-Length: 801
Connection: keep-alive
Boulder-Requester: 236307560
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00025ivGHY4mwWhTHbglsazSpBzQ8LGeBAl_LJCn6L0l5co
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "portainer.t4l35.host"
  },
  "status": "pending",
  "expires": "2021-10-20T23:37:55Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/3M80GA",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/KodMWw",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    }
  ]
}
2021-10-13 23:37:56,187:DEBUG:acme.client:Storing nonce: 00025ivGHY4mwWhTHbglsazSpBzQ8LGeBAl_LJCn6L0l5co
2021-10-13 23:37:56,187:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-10-13 23:37:56,187:INFO:certbot._internal.auth_handler:http-01 challenge for portainer.t4l35.host
2021-10-13 23:37:56,187:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2021-10-13 23:37:56,188:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2021-10-13 23:37:56,189:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY
2021-10-13 23:37:56,190:DEBUG:acme.client:JWS payload:
b'{}'
2021-10-13 23:37:56,193:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDI1aXZHSFk0bXdXaFRIYmdsc2F6U3BCelE4TEdlQkFsX0xKQ242TDBsNWNvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8zOTY4NjU5MTg1MC84c2lzS2cifQ",
  "signature": "123-jsiSOhzEkQs6Wz-chki0GTSX8LLr-RfJDyWAUZjH64fihSCcM9fXEuMo2Ob7TOVO3WfoM8v6Uod1pWgs66plhBxRFPXm_wz-r54XgYAbLY2J53tlut_8GvgxFp8tg3m4vwqMFcRybNSccuyCojvOc-eVMraaP-V86ou9PgtX-ULDcLF9jj5so-WbzXZIySeag2VPvIfswA2pAhSUg6-_bK_ihNi5rU_EyIiGz2p1wl2fYen39nuUYzzglcKAmLQtEyh6w1mbkf8p1DAIHFlHOeDBELUhjOw5xY7NA_pvsAr3ouSOUUsgzrR9VDHKH6wE-_Q_587Ij434wB7DdA",
  "payload": "e30"
}
2021-10-13 23:37:56,404:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/39686591850/8sisKg HTTP/1.1" 200 186
2021-10-13 23:37:56,405:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 13 Oct 2021 23:37:56 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 236307560
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg
Replay-Nonce: 0001iEGTBOOqjcjRH5ZrqDZLAzNB4Dq1WRuP9INXM0pYi68
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg",
  "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
}
2021-10-13 23:37:56,405:DEBUG:acme.client:Storing nonce: 0001iEGTBOOqjcjRH5ZrqDZLAzNB4Dq1WRuP9INXM0pYi68
2021-10-13 23:37:56,405:INFO:certbot._internal.auth_handler:Waiting for verification...
2021-10-13 23:37:57,407:DEBUG:acme.client:JWS payload:
b''
2021-10-13 23:37:57,410:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDFpRUdUQk9PcWpjalJINVpycURaTEF6TkI0RHExV1J1UDlJTlhNMHBZaTY4IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zOTY4NjU5MTg1MCJ9",
  "signature": "f_qkdZisxNg0cPzPzSPNdMLOA9EZqlpTEgW4Lrph33VbJLX8sXB_ranSatqDWiea90564jyHuJPTUT4vf8rT0vN-9w2VAcvn7r22YDABWteknPLL0bkMOC4g-XTCiDBMAm90mVBy8EqXXSzgF5GHhH9LBgHUIJppX04jKYrqxOJZxC-XdUbFi-j9Bfofksaq407t4o_s24byNbeThGZPCJ5R00BI_KwKDYCG56MKJJIQ5gb40CQbf6MpiwRTscr55Da1DZVJssTRxU3JGGaGs9FpEDsAW_XdSH6LKbzmR7LE5HQtA3GLT-1i_s0GS3UxgtiL_GkMfm9BjGrEcz3aKw",
  "payload": ""
}
2021-10-13 23:37:57,619:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/39686591850 HTTP/1.1" 200 801
2021-10-13 23:37:57,619:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 13 Oct 2021 23:37:57 GMT
Content-Type: application/json
Content-Length: 801
Connection: keep-alive
Boulder-Requester: 236307560
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 000287Nv5Tv2CEzLvD9N7Db14D0mxNHm8ep-OHFKk15qpr0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "portainer.t4l35.host"
  },
  "status": "pending",
  "expires": "2021-10-20T23:37:55Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/3M80GA",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/KodMWw",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    }
  ]
}
2021-10-13 23:37:57,619:DEBUG:acme.client:Storing nonce: 000287Nv5Tv2CEzLvD9N7Db14D0mxNHm8ep-OHFKk15qpr0
2021-10-13 23:38:00,623:DEBUG:acme.client:JWS payload:
b''
2021-10-13 23:38:00,626:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDI4N052NVR2MkNFekx2RDlON0RiMTREMG14TkhtOGVwLU9IRktrMTVxcHIwIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zOTY4NjU5MTg1MCJ9",
  "signature": "wiOeFbg7b6HSaOevVv_sq4Sk8lXWy2BBd9KC-gpOela40ku2swrw-Hh3gJPJCe-Rw26WrApHybdomBMxAbpU8DVVTzWwV-pximVNi-y1zi-flpvCmZV4raoX09t6X1DFmiMCp4wfoq4Liytu-XiORlDHwwBwKAg-bnJb-MhJt4oyqB63-sQeQv7a1JlCJoTq72Mp_uMWoi30nmrfKD91FyrVU-FxxVGURTC4nOau0gNYMKKQzjIRrxKdw4aW80lKSKRn-n7g2guI8oDLI4AUgDBCzs9gxmYXs6hnskgCjnfZ_u5lUsDx5wXxIOWS4dz7xyanCDtsYgce9PCFJfqnMg",
  "payload": ""
}
2021-10-13 23:38:00,849:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/39686591850 HTTP/1.1" 200 801
2021-10-13 23:38:00,849:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 13 Oct 2021 23:38:00 GMT
Content-Type: application/json
Content-Length: 801
Connection: keep-alive
Boulder-Requester: 236307560
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001ep_PM3n9lrFnzNq8aAtO295WKjHpvG3DXklFMmzrm-Q
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "portainer.t4l35.host"
  },
  "status": "pending",
  "expires": "2021-10-20T23:37:55Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/3M80GA",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/KodMWw",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    }
  ]
}
2021-10-13 23:38:00,850:DEBUG:acme.client:Storing nonce: 0001ep_PM3n9lrFnzNq8aAtO295WKjHpvG3DXklFMmzrm-Q
2021-10-13 23:38:03,853:DEBUG:acme.client:JWS payload:
b''
2021-10-13 23:38:03,857:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDFlcF9QTTNuOWxyRm56TnE4YUF0TzI5NVdLakhwdkczRFhrbEZNbXpybS1RIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zOTY4NjU5MTg1MCJ9",
  "signature": "P-YKYi-FLEu5u5oEygG2InDlgnoRLLY0rQrMua4D5z3oGcgdvOqyuB-YRANp7aWjzASLHmUG6cOdEVVieA3m-F5VnW9MSr7PAO-7beMLL9O2LC9KMhpkKHZo2sgkTGDD929ke4RyxtfOhUUvO4NYRFFSvl5ZXpNXbZlA0i7umPNqseIlFJB2soOmTS-C-dbKpfAv7p5tm6tSc8-4ABvqraDxI6G4Gh0SmXZ7WQaYrZj1DGhdSvzW41rRNtgf1ZVypEHceHV7Llr9b-kibec4RbRIGMAoHp3kWSRcQbzehR3XzmtoCNreIgC_Hyvqhy_WMqRTykIJht7TcN5sU27wsw",
  "payload": ""
}
2021-10-13 23:38:04,071:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/39686591850 HTTP/1.1" 200 801
2021-10-13 23:38:04,072:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 13 Oct 2021 23:38:03 GMT
Content-Type: application/json
Content-Length: 801
Connection: keep-alive
Boulder-Requester: 236307560
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002-_tdzSt2TSXCe5VoIdHaylOxYQR-U46ddF9E2LWWRAU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "portainer.t4l35.host"
  },
  "status": "pending",
  "expires": "2021-10-20T23:37:55Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/3M80GA",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/KodMWw",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY"
    }
  ]
}
2021-10-13 23:38:04,072:DEBUG:acme.client:Storing nonce: 0002-_tdzSt2TSXCe5VoIdHaylOxYQR-U46ddF9E2LWWRAU
2021-10-13 23:38:07,075:DEBUG:acme.client:JWS payload:
b''
2021-10-13 23:38:07,079:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDItX3RkelN0MlRTWENlNVZvSWRIYXlsT3hZUVItVTQ2ZGRGOUUyTFdXUkFVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zOTY4NjU5MTg1MCJ9",
  "signature": "hExj6-ls1Q9fVuSQcJr6oFNdtjlAjt2kP9WqmiktLBnYfbn_fOVO2yPrR9vNObNL85HmrJVNyGrAEfI52M5Mikz4WJMd3ium7f9ZJaBU-ZDccxo6eYHcV85_zoGrnPgSHFxOG7FoK0m14Top_iRAY_jeCaCzNpIMNvGsoE8-X-iyisnbxa4noPikYYzC6UpIJfNp12R832jCtBM0obUNc7b5b8idVkp8FBGNe59gWyedDPvzu91q5_Rau5mB-e1pr1UOTsfYVV7VRkYcbuuWQ43Hinwr6Yrko3rlhRlyjf3Ygey2nYWxchVQaIiBl1COh737KuTduj58HD0wUXFJVw",
  "payload": ""
}
2021-10-13 23:38:07,288:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/39686591850 HTTP/1.1" 200 1064
2021-10-13 23:38:07,289:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 13 Oct 2021 23:38:07 GMT
Content-Type: application/json
Content-Length: 1064
Connection: keep-alive
Boulder-Requester: 236307560
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002Aej4uHvLdHzKKAGWCz65X-7Bct1f-ydTuZhQEQKbR5E
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "portainer.t4l35.host"
  },
  "status": "invalid",
  "expires": "2021-10-20T23:37:55Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "Fetching http://portainer.t4l35.host/.well-known/acme-challenge/XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY: Timeout during connect (likely firewall problem)",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg",
      "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY",
      "validationRecord": [
        {
          "url": "http://portainer.t4l35.host/.well-known/acme-challenge/XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY",
          "hostname": "portainer.t4l35.host",
          "port": "80",
          "addressesResolved": [
            "152.70.222.248"
          ],
          "addressUsed": "152.70.222.248"
        }
      ],
      "validated": "2021-10-13T23:37:56Z"
    }
  ]
}
2021-10-13 23:38:07,289:DEBUG:acme.client:Storing nonce: 0002Aej4uHvLdHzKKAGWCz65X-7Bct1f-ydTuZhQEQKbR5E
2021-10-13 23:38:07,290:INFO:certbot._internal.auth_handler:Challenge failed for domain portainer.t4l35.host
2021-10-13 23:38:07,290:INFO:certbot._internal.auth_handler:http-01 challenge for portainer.t4l35.host
2021-10-13 23:38:07,290:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: portainer.t4l35.host
  Type:   connection
  Detail: Fetching http://portainer.t4l35.host/.well-known/acme-challenge/XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2021-10-13 23:38:07,298:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2021-10-13 23:38:07,298:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-10-13 23:38:07,298:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-10-13 23:38:07,298:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY
2021-10-13 23:38:07,298:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2021-10-13 23:38:07,299:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1572, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1432, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 454, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 384, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 434, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-10-13 23:38:07,299:ERROR:certbot._internal.log:Some challenges have failed.

Does anyone know if it's still error from the lestcrypt website?

<!-- gh-comment-id:942800466 --> @talesam commented on GitHub (Oct 13, 2021): Log error: ``` [root@docker-2975096e2791:/app]# cat /var/log/letsencrypt/letsencrypt.log 2021-10-13 23:37:54,671:DEBUG:certbot._internal.main:certbot version: 1.19.0 2021-10-13 23:37:54,672:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot 2021-10-13 23:37:54,672:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-6', '--agree-tos', '--authenticator', 'webroot', '--email', 'talesam@gmail.com', '--preferred-challenges', 'dns,http', '--domains', 'portainer.t4l35.host'] 2021-10-13 23:37:54,672:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2021-10-13 23:37:54,685:DEBUG:certbot._internal.log:Root logging level set at 30 2021-10-13 23:37:54,686:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None 2021-10-13 23:37:54,688:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot Description: Place files in webroot directory Interfaces: Authenticator, Plugin Entry point: webroot = certbot._internal.plugins.webroot:Authenticator Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0xffff95077a90> Prep: True 2021-10-13 23:37:54,688:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0xffff95077a90> and installer None 2021-10-13 23:37:54,688:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None 2021-10-13 23:37:54,705:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/236307560', new_authzr_uri=None, terms_of_service=None), 9c551d352acbefa090bc2138f79d75f1, Meta(creation_dt=datetime.datetime(2021, 10, 12, 15, 49, 35, tzinfo=<UTC>), creation_host='2975096e2791', register_to_eff=None))> 2021-10-13 23:37:54,706:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. 2021-10-13 23:37:54,708:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443 2021-10-13 23:37:55,524:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658 2021-10-13 23:37:55,525:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Wed, 13 Oct 2021 23:37:55 GMT Content-Type: application/json Content-Length: 658 Connection: keep-alive Cache-Control: public, max-age=0, no-cache X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "rDAdBkYkans": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" } 2021-10-13 23:37:55,526:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for portainer.t4l35.host 2021-10-13 23:37:55,532:DEBUG:certbot.crypto_util:Generating ECDSA key (2048 bits): /etc/letsencrypt/keys/0004_key-certbot.pem 2021-10-13 23:37:55,535:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0004_csr-certbot.pem 2021-10-13 23:37:55,535:DEBUG:acme.client:Requesting fresh nonce 2021-10-13 23:37:55,536:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce. 2021-10-13 23:37:55,740:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0 2021-10-13 23:37:55,740:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Wed, 13 Oct 2021 23:37:55 GMT Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: 0002HhH05d6D6bIGxkO1vbnLfnV-jiRU7lXuKm2yDuJ-E4k X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 2021-10-13 23:37:55,740:DEBUG:acme.client:Storing nonce: 0002HhH05d6D6bIGxkO1vbnLfnV-jiRU7lXuKm2yDuJ-E4k 2021-10-13 23:37:55,741:DEBUG:acme.client:JWS payload: b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "portainer.t4l35.host"\n }\n ]\n}' 2021-10-13 23:37:55,744:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDJIaEgwNWQ2RDZiSUd4a08xdmJuTGZuVi1qaVJVN2xYdUttMnlEdUotRTRrIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ", "signature": "tgHA1KhKrQkm1rl9EH2QKaq_f8MxikT_Y32PXnw3C0cm6JVqJc6PkJRHAxba_H9N4ucM_FbJ9V0tUp_hU1muTRBW8UIz--coooBTV5I8kLXw3dXB8tm9MNGmI28KksacrSbpXBZXg2an8YhxEitr4QmRMedwJZnsWYvCg9TdbXfhbJZIy5X4Hp5Xd0qQV28KU68IaJioYPkDYd9M2JZb7FfQ3zGmit03L-QPQPgcWsVZH0c0yKMjV9bs41xdeQ6YZoAzVOAZHG3wD7YOMiDS1eiEDyl5tgOsWCvmi9gypaBHX8ez9gsqefLFGnVS7h2uS4RsNU1QFT8HKEaWs3wmFw", "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInBvcnRhaW5lci50NGwzNS5ob3N0IgogICAgfQogIF0KfQ" } 2021-10-13 23:37:55,972:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 343 2021-10-13 23:37:55,973:DEBUG:acme.client:Received response: HTTP 201 Server: nginx Date: Wed, 13 Oct 2021 23:37:55 GMT Content-Type: application/json Content-Length: 343 Connection: keep-alive Boulder-Requester: 236307560 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Location: https://acme-v02.api.letsencrypt.org/acme/order/236307560/31678208840 Replay-Nonce: 0002BFm1adluJbpzbonmb8yYM6CXEVB4K0pU6y9bl6UCXDw X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "status": "pending", "expires": "2021-10-20T23:37:55Z", "identifiers": [ { "type": "dns", "value": "portainer.t4l35.host" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850" ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/236307560/31678208840" } 2021-10-13 23:37:55,973:DEBUG:acme.client:Storing nonce: 0002BFm1adluJbpzbonmb8yYM6CXEVB4K0pU6y9bl6UCXDw 2021-10-13 23:37:55,973:DEBUG:acme.client:JWS payload: b'' 2021-10-13 23:37:55,977:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDJCRm0xYWRsdUpicHpib25tYjh5WU02Q1hFVkI0SzBwVTZ5OWJsNlVDWER3IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zOTY4NjU5MTg1MCJ9", "signature": "pebwZwlCcB4ELExNBYyV7ks5kDavyn4fA7Be1t8lnmUQE9bWSxPb8RxIMMY8zB_wezKevjCkRfa3MwW1iz2JPRkNGUxLt9e8WTcnCTSRakCZzCcGWiURBq34Z1veUw6_N6nSxJRyp42NpAV0ELAOLNsAD1bB8aBSO_Ttkgvl-WafX-3oeI10KgY5nqeiW6qF1T8zTw5Kafnm3GGgScEslkmgbKuP9TMIdI899gCQRKL-TcxNJEkNddwB9IW7h-FX7UABVFkaz_Rff8PrkMHCDIlVonwkGNkQuqdcGWZKQ2wX7dyEV7K-imkjpfhHE0Gt9eJ1Q1NrtioMRRogEXPnoA", "payload": "" } 2021-10-13 23:37:56,186:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/39686591850 HTTP/1.1" 200 801 2021-10-13 23:37:56,187:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Wed, 13 Oct 2021 23:37:56 GMT Content-Type: application/json Content-Length: 801 Connection: keep-alive Boulder-Requester: 236307560 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: 00025ivGHY4mwWhTHbglsazSpBzQ8LGeBAl_LJCn6L0l5co X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "portainer.t4l35.host" }, "status": "pending", "expires": "2021-10-20T23:37:55Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg", "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY" }, { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/3M80GA", "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/KodMWw", "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY" } ] } 2021-10-13 23:37:56,187:DEBUG:acme.client:Storing nonce: 00025ivGHY4mwWhTHbglsazSpBzQ8LGeBAl_LJCn6L0l5co 2021-10-13 23:37:56,187:INFO:certbot._internal.auth_handler:Performing the following challenges: 2021-10-13 23:37:56,187:INFO:certbot._internal.auth_handler:http-01 challenge for portainer.t4l35.host 2021-10-13 23:37:56,187:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. 2021-10-13 23:37:56,188:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge 2021-10-13 23:37:56,189:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY 2021-10-13 23:37:56,190:DEBUG:acme.client:JWS payload: b'{}' 2021-10-13 23:37:56,193:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDI1aXZHSFk0bXdXaFRIYmdsc2F6U3BCelE4TEdlQkFsX0xKQ242TDBsNWNvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8zOTY4NjU5MTg1MC84c2lzS2cifQ", "signature": "123-jsiSOhzEkQs6Wz-chki0GTSX8LLr-RfJDyWAUZjH64fihSCcM9fXEuMo2Ob7TOVO3WfoM8v6Uod1pWgs66plhBxRFPXm_wz-r54XgYAbLY2J53tlut_8GvgxFp8tg3m4vwqMFcRybNSccuyCojvOc-eVMraaP-V86ou9PgtX-ULDcLF9jj5so-WbzXZIySeag2VPvIfswA2pAhSUg6-_bK_ihNi5rU_EyIiGz2p1wl2fYen39nuUYzzglcKAmLQtEyh6w1mbkf8p1DAIHFlHOeDBELUhjOw5xY7NA_pvsAr3ouSOUUsgzrR9VDHKH6wE-_Q_587Ij434wB7DdA", "payload": "e30" } 2021-10-13 23:37:56,404:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/39686591850/8sisKg HTTP/1.1" 200 186 2021-10-13 23:37:56,405:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Wed, 13 Oct 2021 23:37:56 GMT Content-Type: application/json Content-Length: 186 Connection: keep-alive Boulder-Requester: 236307560 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850>;rel="up" Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg Replay-Nonce: 0001iEGTBOOqjcjRH5ZrqDZLAzNB4Dq1WRuP9INXM0pYi68 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg", "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY" } 2021-10-13 23:37:56,405:DEBUG:acme.client:Storing nonce: 0001iEGTBOOqjcjRH5ZrqDZLAzNB4Dq1WRuP9INXM0pYi68 2021-10-13 23:37:56,405:INFO:certbot._internal.auth_handler:Waiting for verification... 2021-10-13 23:37:57,407:DEBUG:acme.client:JWS payload: b'' 2021-10-13 23:37:57,410:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDFpRUdUQk9PcWpjalJINVpycURaTEF6TkI0RHExV1J1UDlJTlhNMHBZaTY4IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zOTY4NjU5MTg1MCJ9", "signature": "f_qkdZisxNg0cPzPzSPNdMLOA9EZqlpTEgW4Lrph33VbJLX8sXB_ranSatqDWiea90564jyHuJPTUT4vf8rT0vN-9w2VAcvn7r22YDABWteknPLL0bkMOC4g-XTCiDBMAm90mVBy8EqXXSzgF5GHhH9LBgHUIJppX04jKYrqxOJZxC-XdUbFi-j9Bfofksaq407t4o_s24byNbeThGZPCJ5R00BI_KwKDYCG56MKJJIQ5gb40CQbf6MpiwRTscr55Da1DZVJssTRxU3JGGaGs9FpEDsAW_XdSH6LKbzmR7LE5HQtA3GLT-1i_s0GS3UxgtiL_GkMfm9BjGrEcz3aKw", "payload": "" } 2021-10-13 23:37:57,619:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/39686591850 HTTP/1.1" 200 801 2021-10-13 23:37:57,619:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Wed, 13 Oct 2021 23:37:57 GMT Content-Type: application/json Content-Length: 801 Connection: keep-alive Boulder-Requester: 236307560 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: 000287Nv5Tv2CEzLvD9N7Db14D0mxNHm8ep-OHFKk15qpr0 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "portainer.t4l35.host" }, "status": "pending", "expires": "2021-10-20T23:37:55Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg", "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY" }, { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/3M80GA", "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/KodMWw", "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY" } ] } 2021-10-13 23:37:57,619:DEBUG:acme.client:Storing nonce: 000287Nv5Tv2CEzLvD9N7Db14D0mxNHm8ep-OHFKk15qpr0 2021-10-13 23:38:00,623:DEBUG:acme.client:JWS payload: b'' 2021-10-13 23:38:00,626:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDI4N052NVR2MkNFekx2RDlON0RiMTREMG14TkhtOGVwLU9IRktrMTVxcHIwIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zOTY4NjU5MTg1MCJ9", "signature": "wiOeFbg7b6HSaOevVv_sq4Sk8lXWy2BBd9KC-gpOela40ku2swrw-Hh3gJPJCe-Rw26WrApHybdomBMxAbpU8DVVTzWwV-pximVNi-y1zi-flpvCmZV4raoX09t6X1DFmiMCp4wfoq4Liytu-XiORlDHwwBwKAg-bnJb-MhJt4oyqB63-sQeQv7a1JlCJoTq72Mp_uMWoi30nmrfKD91FyrVU-FxxVGURTC4nOau0gNYMKKQzjIRrxKdw4aW80lKSKRn-n7g2guI8oDLI4AUgDBCzs9gxmYXs6hnskgCjnfZ_u5lUsDx5wXxIOWS4dz7xyanCDtsYgce9PCFJfqnMg", "payload": "" } 2021-10-13 23:38:00,849:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/39686591850 HTTP/1.1" 200 801 2021-10-13 23:38:00,849:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Wed, 13 Oct 2021 23:38:00 GMT Content-Type: application/json Content-Length: 801 Connection: keep-alive Boulder-Requester: 236307560 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: 0001ep_PM3n9lrFnzNq8aAtO295WKjHpvG3DXklFMmzrm-Q X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "portainer.t4l35.host" }, "status": "pending", "expires": "2021-10-20T23:37:55Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg", "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY" }, { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/3M80GA", "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/KodMWw", "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY" } ] } 2021-10-13 23:38:00,850:DEBUG:acme.client:Storing nonce: 0001ep_PM3n9lrFnzNq8aAtO295WKjHpvG3DXklFMmzrm-Q 2021-10-13 23:38:03,853:DEBUG:acme.client:JWS payload: b'' 2021-10-13 23:38:03,857:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDFlcF9QTTNuOWxyRm56TnE4YUF0TzI5NVdLakhwdkczRFhrbEZNbXpybS1RIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zOTY4NjU5MTg1MCJ9", "signature": "P-YKYi-FLEu5u5oEygG2InDlgnoRLLY0rQrMua4D5z3oGcgdvOqyuB-YRANp7aWjzASLHmUG6cOdEVVieA3m-F5VnW9MSr7PAO-7beMLL9O2LC9KMhpkKHZo2sgkTGDD929ke4RyxtfOhUUvO4NYRFFSvl5ZXpNXbZlA0i7umPNqseIlFJB2soOmTS-C-dbKpfAv7p5tm6tSc8-4ABvqraDxI6G4Gh0SmXZ7WQaYrZj1DGhdSvzW41rRNtgf1ZVypEHceHV7Llr9b-kibec4RbRIGMAoHp3kWSRcQbzehR3XzmtoCNreIgC_Hyvqhy_WMqRTykIJht7TcN5sU27wsw", "payload": "" } 2021-10-13 23:38:04,071:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/39686591850 HTTP/1.1" 200 801 2021-10-13 23:38:04,072:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Wed, 13 Oct 2021 23:38:03 GMT Content-Type: application/json Content-Length: 801 Connection: keep-alive Boulder-Requester: 236307560 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: 0002-_tdzSt2TSXCe5VoIdHaylOxYQR-U46ddF9E2LWWRAU X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "portainer.t4l35.host" }, "status": "pending", "expires": "2021-10-20T23:37:55Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg", "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY" }, { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/3M80GA", "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/KodMWw", "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY" } ] } 2021-10-13 23:38:04,072:DEBUG:acme.client:Storing nonce: 0002-_tdzSt2TSXCe5VoIdHaylOxYQR-U46ddF9E2LWWRAU 2021-10-13 23:38:07,075:DEBUG:acme.client:JWS payload: b'' 2021-10-13 23:38:07,079:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/39686591850: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM2MzA3NTYwIiwgIm5vbmNlIjogIjAwMDItX3RkelN0MlRTWENlNVZvSWRIYXlsT3hZUVItVTQ2ZGRGOUUyTFdXUkFVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zOTY4NjU5MTg1MCJ9", "signature": "hExj6-ls1Q9fVuSQcJr6oFNdtjlAjt2kP9WqmiktLBnYfbn_fOVO2yPrR9vNObNL85HmrJVNyGrAEfI52M5Mikz4WJMd3ium7f9ZJaBU-ZDccxo6eYHcV85_zoGrnPgSHFxOG7FoK0m14Top_iRAY_jeCaCzNpIMNvGsoE8-X-iyisnbxa4noPikYYzC6UpIJfNp12R832jCtBM0obUNc7b5b8idVkp8FBGNe59gWyedDPvzu91q5_Rau5mB-e1pr1UOTsfYVV7VRkYcbuuWQ43Hinwr6Yrko3rlhRlyjf3Ygey2nYWxchVQaIiBl1COh737KuTduj58HD0wUXFJVw", "payload": "" } 2021-10-13 23:38:07,288:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/39686591850 HTTP/1.1" 200 1064 2021-10-13 23:38:07,289:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Wed, 13 Oct 2021 23:38:07 GMT Content-Type: application/json Content-Length: 1064 Connection: keep-alive Boulder-Requester: 236307560 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: 0002Aej4uHvLdHzKKAGWCz65X-7Bct1f-ydTuZhQEQKbR5E X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "portainer.t4l35.host" }, "status": "invalid", "expires": "2021-10-20T23:37:55Z", "challenges": [ { "type": "http-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:connection", "detail": "Fetching http://portainer.t4l35.host/.well-known/acme-challenge/XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY: Timeout during connect (likely firewall problem)", "status": 400 }, "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/39686591850/8sisKg", "token": "XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY", "validationRecord": [ { "url": "http://portainer.t4l35.host/.well-known/acme-challenge/XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY", "hostname": "portainer.t4l35.host", "port": "80", "addressesResolved": [ "152.70.222.248" ], "addressUsed": "152.70.222.248" } ], "validated": "2021-10-13T23:37:56Z" } ] } 2021-10-13 23:38:07,289:DEBUG:acme.client:Storing nonce: 0002Aej4uHvLdHzKKAGWCz65X-7Bct1f-ydTuZhQEQKbR5E 2021-10-13 23:38:07,290:INFO:certbot._internal.auth_handler:Challenge failed for domain portainer.t4l35.host 2021-10-13 23:38:07,290:INFO:certbot._internal.auth_handler:http-01 challenge for portainer.t4l35.host 2021-10-13 23:38:07,290:DEBUG:certbot._internal.display.obj:Notifying user: Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: portainer.t4l35.host Type: connection Detail: Fetching http://portainer.t4l35.host/.well-known/acme-challenge/XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY: Timeout during connect (likely firewall problem) Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet. 2021-10-13 23:38:07,298:DEBUG:certbot._internal.error_handler:Encountered exception: Traceback (most recent call last): File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations self._poll_authorizations(authzrs, max_retries, best_effort) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2021-10-13 23:38:07,298:DEBUG:certbot._internal.error_handler:Calling registered functions 2021-10-13 23:38:07,298:INFO:certbot._internal.auth_handler:Cleaning up challenges 2021-10-13 23:38:07,298:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/XH5McNnirAfGWYgESs_Hd9G8NUFSi35d5-sXpl-XlsY 2021-10-13 23:38:07,298:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up 2021-10-13 23:38:07,299:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/opt/certbot/bin/certbot", line 8, in <module> sys.exit(main()) File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 15, in main return internal_main.main(cli_args) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1572, in main return config.func(config, plugins) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1432, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 454, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 384, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 434, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations self._poll_authorizations(authzrs, max_retries, best_effort) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2021-10-13 23:38:07,299:ERROR:certbot._internal.log:Some challenges have failed. ``` Does anyone know if it's still error from the lestcrypt website?

kerem commented 2026-02-26 06:35:33 +03:00

Author

Owner

Copy link

@talesam commented on GitHub (Oct 14, 2021):

It was something in the oracle firewall, I disabled everything and I'm using ufw.

<!-- gh-comment-id:942818574 --> @talesam commented on GitHub (Oct 14, 2021): It was something in the oracle firewall, I disabled everything and I'm using ufw.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#1044

No description provided.