[GH-ISSUE #3612] Let's Encrypt Certificate- too many failed authorizations recently #2394

New issue

Closed

opened 2026-02-26 07:35:23 +03:00 by kerem · 9 comments

kerem commented 2026-02-26 07:35:23 +03:00

Owner

Copy link

Originally created by @ckoeber83 on GitHub (Mar 8, 2024).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3612

By adding a Let's Encrypt Certificate I got an Internal Error with too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/

CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
An unexpected error occurred:
Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

    at /app/lib/utils.js:16:13
    at ChildProcess.exithandler (node:child_process:430:5)
    at ChildProcess.emit (node:events:518:28)
    at maybeClose (node:internal/child_process:1105:16)
    at ChildProcess._handle.onexit (node:internal/child_process:305:5)

[3/8/2024] [7:48:26 AM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -t -g "error_log off;"

[3/8/2024] [7:48:27 AM] [Nginx    ] › ℹ  info      Reloading Nginx

[3/8/2024] [7:48:27 AM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -s reload

[3/8/2024] [7:48:33 AM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #25: ...

[3/8/2024] [7:48:33 AM] [SSL      ] › ℹ  info      Command: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-25" --agree-tos --authenticator webroot --email "...@..." --preferred-challenges "dns,http" --domains "..." 

[3/8/2024] [7:48:33 AM] [Global   ] › ⬤  debug     CMD: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-25" --agree-tos --authenticator webroot --email "...@..." --preferred-challenges "dns,http" --domains "..." 

[3/8/2024] [7:48:36 AM] [Nginx    ] › ⬤  debug     Deleting file: /data/nginx/temp/letsencrypt_25.conf

[3/8/2024] [7:48:36 AM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -t -g "error_log off;"

[3/8/2024] [7:48:37 AM] [Nginx    ] › ℹ  info      Reloading Nginx

[3/8/2024] [7:48:37 AM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -s reload

[3/8/2024] [7:48:38 AM] [Express  ] › ⚠  warning   Saving debug log to /tmp/letsencrypt-log/letsencrypt.log

An unexpected error occurred:

Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/

Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

NPM_BUILD_VERSION | 2.11.1

Originally created by @ckoeber83 on GitHub (Mar 8, 2024). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3612 By adding a Let's Encrypt Certificate I got an Internal Error with too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/ ``` CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log An unexpected error occurred: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/ Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details. at /app/lib/utils.js:16:13 at ChildProcess.exithandler (node:child_process:430:5) at ChildProcess.emit (node:events:518:28) at maybeClose (node:internal/child_process:1105:16) at ChildProcess._handle.onexit (node:internal/child_process:305:5) ``` ``` [3/8/2024] [7:48:26 AM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -t -g "error_log off;" [3/8/2024] [7:48:27 AM] [Nginx ] › ℹ info Reloading Nginx [3/8/2024] [7:48:27 AM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -s reload [3/8/2024] [7:48:33 AM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #25: ... [3/8/2024] [7:48:33 AM] [SSL ] › ℹ info Command: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-25" --agree-tos --authenticator webroot --email "...@..." --preferred-challenges "dns,http" --domains "..." [3/8/2024] [7:48:33 AM] [Global ] › ⬤ debug CMD: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-25" --agree-tos --authenticator webroot --email "...@..." --preferred-challenges "dns,http" --domains "..." [3/8/2024] [7:48:36 AM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/temp/letsencrypt_25.conf [3/8/2024] [7:48:36 AM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -t -g "error_log off;" [3/8/2024] [7:48:37 AM] [Nginx ] › ℹ info Reloading Nginx [3/8/2024] [7:48:37 AM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -s reload [3/8/2024] [7:48:38 AM] [Express ] › ⚠ warning Saving debug log to /tmp/letsencrypt-log/letsencrypt.log An unexpected error occurred: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/ Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details. ``` NPM_BUILD_VERSION | 2.11.1

kerem 2026-02-26 07:35:23 +03:00

• closed this issue
• added the
  stale
  bug
  labels

kerem commented 2026-02-26 07:35:23 +03:00

Author

Owner

Copy link

@bluekitedreamer commented on GitHub (Mar 9, 2024):

I would say to look at the log, but it doesn't look like it's mapped outside the container

See the logfile /tmp/letsencrypt-log/letsencrypt.log

Do this command, it will print the lets encrypt log file to your commandline
docker exec -it [CONTAINER-NAME] cat /tmp/letsencrypt-log/letsencrypt.log

Take a look at why the lets encrypt authorization is failing

<!-- gh-comment-id:1986778266 --> @bluekitedreamer commented on GitHub (Mar 9, 2024): I would say to look at the log, but it doesn't look like it's mapped outside the container > See the logfile `/tmp/letsencrypt-log/letsencrypt.log` Do this command, it will print the lets encrypt log file to your commandline `docker exec -it [CONTAINER-NAME] cat /tmp/letsencrypt-log/letsencrypt.log` Take a look at why the lets encrypt authorization is failing

kerem commented 2026-02-26 07:35:23 +03:00

Author

Owner

Copy link

@bluekitedreamer commented on GitHub (Mar 9, 2024):

https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3575

Related

<!-- gh-comment-id:1986791887 --> @bluekitedreamer commented on GitHub (Mar 9, 2024): https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3575 Related

kerem commented 2026-02-26 07:35:23 +03:00

Author

Owner

Copy link

@chriszuercher commented on GitHub (Mar 10, 2024):

I'm facing the same issue (and as well #3575 )

<!-- gh-comment-id:1987381528 --> @chriszuercher commented on GitHub (Mar 10, 2024): I'm facing the same issue (and as well #3575 )

kerem commented 2026-02-26 07:35:24 +03:00

Author

Owner

Copy link

@tr1p0p commented on GitHub (Mar 11, 2024):

Facing the same issue, now my domain is blocked and have to wait to have a working website.

Here's the logs of letsencrypt failure :

2024-03-11 11:36:09,948:DEBUG:certbot._internal.main:certbot version: 2.9.0
2024-03-11 11:36:09,949:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2024-03-11 11:36:09,949:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-18', '--agree-tos', '--authenticator', 'webroot', '--email', 'leo.roubinowitz@gmail.com', '--preferred-challenges', 'dns,http', '--domains', 'alchimia.ink']
2024-03-11 11:36:09,950:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-ovh,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-03-11 11:36:09,960:DEBUG:certbot._internal.log:Root logging level set at 30
2024-03-11 11:36:09,960:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2024-03-11 11:36:09,961:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A seperate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7fff50e1e550>
Prep: True
2024-03-11 11:36:09,961:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7fff50e1e550> and installer None
2024-03-11 11:36:09,961:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2024-03-11 11:36:10,183:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1611770807', new_authzr_uri=None, terms_of_service=None), 401d9d1000388effb9661287e7722f52, Meta(creation_dt=datetime.datetime(2024, 3, 10, 17, 10, 24, tzinfo=<UTC>), creation_host='676e72629a1b', register_to_eff=None))>
2024-03-11 11:36:10,184:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-03-11 11:36:10,185:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-03-11 11:36:10,666:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2024-03-11 11:36:10,667:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 11 Mar 2024 11:36:20 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "B17ZkHo5yvo": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-03-11 11:36:10,668:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for alchimia.ink
2024-03-11 11:36:10,673:DEBUG:acme.client:Requesting fresh nonce
2024-03-11 11:36:10,673:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2024-03-11 11:36:10,829:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2024-03-11 11:36:10,829:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 11 Mar 2024 11:36:20 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: gYWQdAkZCCcelzt412RV95uwVPw6XR9klTnaZu03vW6sdWa_wyc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2024-03-11 11:36:10,829:DEBUG:acme.client:Storing nonce: gYWQdAkZCCcelzt412RV95uwVPw6XR9klTnaZu03vW6sdWa_wyc
2024-03-11 11:36:10,829:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "alchimia.ink"\n    }\n  ]\n}'
2024-03-11 11:36:10,838:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTYxMTc3MDgwNyIsICJub25jZSI6ICJnWVdRZEFrWkNDY2VsenQ0MTJSVjk1dXdWUHc2WFI5a2xUbmFadTAzdlc2c2RXYV93eWMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "zSEA_2U3U-CMDYI0pgNxzKHxq6tXc2CVNwrnIwBUINKngQ5soar3VaUHWBon769gVo2m29Hz0NDqZVSpPf0BANCGN731dmSRpoTeIOUL0hYVwgTMzqIBQd2--wYf0xFZDqsKi6m029Eq1xPjTHeITGnUkOmkEdXcPahOUlEVQTob0xmo3h7NYNncMO_GhOyjVh9gJvMfeUmCft3WUJcHsJlTw8vzg5o2MsDvRwOKJjoovYfNBt8YLuVdN5RC5yPd4Enpfsu7zvrm2oa_YXLx4D3IHfUai333dhzNaFxCcn4_U2XB54yrJJ9yYJofrooEdjhXvvHz6bGpe7pgOco5sw",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImFsY2hpbWlhLmluayIKICAgIH0KICBdCn0"
}
2024-03-11 11:36:11,022:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 429 318
2024-03-11 11:36:11,023:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Date: Mon, 11 Mar 2024 11:36:20 GMT
Content-Type: application/problem+json
Content-Length: 318
Connection: keep-alive
Boulder-Requester: 1611770807
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://letsencrypt.org/docs/rate-limits>;rel="help"
Replay-Nonce: gYWQdAkZurGClJ-tPz0B3FolRsQB5R4WWBsotLeaiTEOH2098rA
Retry-After: 107650

{
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: alchimia.ink, retry after 2024-03-12T17:30:31Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/",
  "status": 429
}
2024-03-11 11:36:11,023:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1600, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 478, in _get_order_and_authorizations
    orderr = self.acme.new_order(csr_pem)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 137, in new_order
    response = self._post(self.directory['newOrder'], order)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 365, in _post
    return self.net.post(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 738, in post
    return self._post_once(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 751, in _post_once
    response = self._check_response(response, content_type=content_type)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 602, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: alchimia.ink, retry after 2024-03-12T17:30:31Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/
2024-03-11 11:36:11,026:ERROR:certbot._internal.log:An unexpected error occurred:
2024-03-11 11:36:11,026:ERROR:certbot._internal.log:Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: alchimia.ink, retry after 2024-03-12T17:30:31Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/

<!-- gh-comment-id:1988251286 --> @tr1p0p commented on GitHub (Mar 11, 2024): Facing the same issue, now my domain is blocked and have to wait to have a working website. Here's the logs of letsencrypt failure : ``` 2024-03-11 11:36:09,948:DEBUG:certbot._internal.main:certbot version: 2.9.0 2024-03-11 11:36:09,949:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot 2024-03-11 11:36:09,949:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-18', '--agree-tos', '--authenticator', 'webroot', '--email', 'leo.roubinowitz@gmail.com', '--preferred-challenges', 'dns,http', '--domains', 'alchimia.ink'] 2024-03-11 11:36:09,950:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-ovh,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2024-03-11 11:36:09,960:DEBUG:certbot._internal.log:Root logging level set at 30 2024-03-11 11:36:09,960:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None 2024-03-11 11:36:09,961:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A seperate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported). Interfaces: Authenticator, Plugin Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins') Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7fff50e1e550> Prep: True 2024-03-11 11:36:09,961:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7fff50e1e550> and installer None 2024-03-11 11:36:09,961:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None 2024-03-11 11:36:10,183:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1611770807', new_authzr_uri=None, terms_of_service=None), 401d9d1000388effb9661287e7722f52, Meta(creation_dt=datetime.datetime(2024, 3, 10, 17, 10, 24, tzinfo=<UTC>), creation_host='676e72629a1b', register_to_eff=None))> 2024-03-11 11:36:10,184:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. 2024-03-11 11:36:10,185:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443 2024-03-11 11:36:10,666:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752 2024-03-11 11:36:10,667:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Mon, 11 Mar 2024 11:36:20 GMT Content-Type: application/json Content-Length: 752 Connection: keep-alive Cache-Control: public, max-age=0, no-cache X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "B17ZkHo5yvo": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" } 2024-03-11 11:36:10,668:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for alchimia.ink 2024-03-11 11:36:10,673:DEBUG:acme.client:Requesting fresh nonce 2024-03-11 11:36:10,673:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce. 2024-03-11 11:36:10,829:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0 2024-03-11 11:36:10,829:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Mon, 11 Mar 2024 11:36:20 GMT Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: gYWQdAkZCCcelzt412RV95uwVPw6XR9klTnaZu03vW6sdWa_wyc X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 2024-03-11 11:36:10,829:DEBUG:acme.client:Storing nonce: gYWQdAkZCCcelzt412RV95uwVPw6XR9klTnaZu03vW6sdWa_wyc 2024-03-11 11:36:10,829:DEBUG:acme.client:JWS payload: b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "alchimia.ink"\n }\n ]\n}' 2024-03-11 11:36:10,838:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTYxMTc3MDgwNyIsICJub25jZSI6ICJnWVdRZEFrWkNDY2VsenQ0MTJSVjk1dXdWUHc2WFI5a2xUbmFadTAzdlc2c2RXYV93eWMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9", "signature": "zSEA_2U3U-CMDYI0pgNxzKHxq6tXc2CVNwrnIwBUINKngQ5soar3VaUHWBon769gVo2m29Hz0NDqZVSpPf0BANCGN731dmSRpoTeIOUL0hYVwgTMzqIBQd2--wYf0xFZDqsKi6m029Eq1xPjTHeITGnUkOmkEdXcPahOUlEVQTob0xmo3h7NYNncMO_GhOyjVh9gJvMfeUmCft3WUJcHsJlTw8vzg5o2MsDvRwOKJjoovYfNBt8YLuVdN5RC5yPd4Enpfsu7zvrm2oa_YXLx4D3IHfUai333dhzNaFxCcn4_U2XB54yrJJ9yYJofrooEdjhXvvHz6bGpe7pgOco5sw", "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImFsY2hpbWlhLmluayIKICAgIH0KICBdCn0" } 2024-03-11 11:36:11,022:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 429 318 2024-03-11 11:36:11,023:DEBUG:acme.client:Received response: HTTP 429 Server: nginx Date: Mon, 11 Mar 2024 11:36:20 GMT Content-Type: application/problem+json Content-Length: 318 Connection: keep-alive Boulder-Requester: 1611770807 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://letsencrypt.org/docs/rate-limits>;rel="help" Replay-Nonce: gYWQdAkZurGClJ-tPz0B3FolRsQB5R4WWBsotLeaiTEOH2098rA Retry-After: 107650 { "type": "urn:ietf:params:acme:error:rateLimited", "detail": "Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: alchimia.ink, retry after 2024-03-12T17:30:31Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/", "status": 429 } 2024-03-11 11:36:11,023:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/opt/certbot/bin/certbot", line 8, in <module> sys.exit(main()) ^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main return internal_main.main(cli_args) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1894, in main return config.func(config, plugins) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1600, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 478, in _get_order_and_authorizations orderr = self.acme.new_order(csr_pem) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 137, in new_order response = self._post(self.directory['newOrder'], order) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 365, in _post return self.net.post(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 738, in post return self._post_once(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 751, in _post_once response = self._check_response(response, content_type=content_type) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 602, in _check_response raise messages.Error.from_json(jobj) acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: alchimia.ink, retry after 2024-03-12T17:30:31Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/ 2024-03-11 11:36:11,026:ERROR:certbot._internal.log:An unexpected error occurred: 2024-03-11 11:36:11,026:ERROR:certbot._internal.log:Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: alchimia.ink, retry after 2024-03-12T17:30:31Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/ ```

kerem commented 2026-02-26 07:35:24 +03:00

Author

Owner

Copy link

@chriszuercher commented on GitHub (Mar 13, 2024):

Did anybody find a workarround or solution? My certificate will expire in the next days and cannot be renewed.

<!-- gh-comment-id:1995310270 --> @chriszuercher commented on GitHub (Mar 13, 2024): Did anybody find a workarround or solution? My certificate will expire in the next days and cannot be renewed.

kerem commented 2026-02-26 07:35:24 +03:00

Author

Owner

Copy link

@bluekitedreamer commented on GitHub (Mar 14, 2024):

@chriszuercher Post your lets encrypt log, take note of personal information (emails, domains) and remove it

@tr1p0p

  "detail": "Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: <domain>, retry after 2024-03-12T17:30:31Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/",

You're hitting letsencrypts limit, use a wildcard instead for that domain

<!-- gh-comment-id:1996159824 --> @bluekitedreamer commented on GitHub (Mar 14, 2024): @chriszuercher Post your lets encrypt log, take note of personal information (emails, domains) and remove it @tr1p0p ``` "detail": "Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: <domain>, retry after 2024-03-12T17:30:31Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/", ``` You're hitting letsencrypts limit, use a wildcard instead for that domain

kerem commented 2026-02-26 07:35:24 +03:00

Author

Owner

Copy link

@chriszuercher commented on GitHub (Mar 17, 2024):

Edit: I could finally just create a new certificate (using same data) and use this one. Let's hope next renew works again. The rate limit didn't occur (last I couldn't do this because I was blocked out becuase of to many requests).

Original Problem:
I'm using 3 domains in the same certificate. One of them is handled in NPM (ha.) the others not. The challenge works for the two domains not handled at NPM but not for the one which is used as proxy there. This one stays pending forever. Portforwarding and DNS config is the same for all of them (and ha. ist alsow working and handeld in NPM):

  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwMjM2NTY5NiIsICJub25jZSI6ICJEV3JCM2dEdHhmbXItWjJubkdLR2VXNFkwYU9HQ3RPTzlWc0VtbURabGVGaE02bWhlUVEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "UvHGA_tBh9HCnkgqC3RA-yAm1GUOpLsmEQGlUWLHEu6Adrw-EqN6fglxzRMmXBcYwng_xniHIaj6L6BeG9eQ4pL3MfMbHhZDL-bKNhr02Z_TkK3Mz9qf6qbHWwx8bBtQTnynMRHn14WZqUhxNtE9k6jHvHk2__tpye4g1Ler-n-SAmT08zaevO8JfpWVrDaJykivssyZLrH8N0Doe7b_OdtmcNvR74EnFabitVeCfqKVgeV1f_Yh-aoj1kPgI7HbWA7iZPbmnieAIT2p-tooCnGlVuqSqYWgLDM5UTwQ_QCgfMQ38XHv__YeJTkQSgbVtzLzx5XXTBwSKXndCkMFUg",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImNocmlzLnp1ZXJjaGVyLmNvbS5teCIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJkaXNrc3RhdGlvbi56dWVyY2hlci5jb20ubXgiCiAgICB9LAogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAiaGEuenVlcmNoZXIuY29tLm14IgogICAgfQogIF0KfQ"
}
2024-03-17 08:51:05,990:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 638
2024-03-17 08:51:05,992:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sun, 17 Mar 2024 08:51:05 GMT
Content-Type: application/json
Content-Length: 638
Connection: keep-alive
Boulder-Requester: 1302365696
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1302365696/253028355397
Replay-Nonce: DWrB3gDtp3jrTxaPMrLYy56IhrwQ_z2KjI_LVRRepgoHZjp12MY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2024-03-23T20:53:05Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "chris.replaced.domain"
    },
    {
      "type": "dns",
      "value": "diskstation.replaced.domain"
    },
    {
      "type": "dns",
      "value": "ha.replaced.domain"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/318313474137",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/318313474147",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/327297272917"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1302365696/253028355397"
}
2024-03-17 08:51:05,992:DEBUG:acme.client:Storing nonce: DWrB3gDtp3jrTxaPMrLYy56IhrwQ_z2KjI_LVRRepgoHZjp12MY
2024-03-17 08:51:05,993:DEBUG:acme.client:JWS payload:
b''
2024-03-17 08:51:05,995:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/318313474137:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwMjM2NTY5NiIsICJub25jZSI6ICJEV3JCM2dEdHAzanJUeGFQTXJMWXk1NklocndRX3oyS2pJX0xWUlJlcGdvSFpqcDEyTVkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMxODMxMzQ3NDEzNyJ9",
  "signature": "EtaWvz-N4YJyTADBWIMLdz9TMIbB2R00BV-LsMYbcsPR_4xeHExGhREITwpG0hm_Xc9s2YqN2H74RY9nPkwReu0ZURATiB9TOsMniwN1R9oFhdmxwUeAbB9Czp3bOaa-uOkEBnfxnCfF0k1B_2Wt6lnjfDfKVx46Iax6sAXtxleGnqIKaYtV07y2JDzxwvS_26Zswy28s19i4nUxfUQXNxpXNYrHafOiC1RRV_kN3mTdaXYZJUWz7r8rTBeTHzDhjuAzmolSACbBGeDue9wI2ci01iPpBqwT2jNHOAJOf9nP7kcRmCOhpnX7_xKBJKbUwATCX_f3zsiLkE1fImWIUg",
  "payload": ""
}
2024-03-17 08:51:06,162:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/318313474137 HTTP/1.1" 200 1408
2024-03-17 08:51:06,163:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 17 Mar 2024 08:51:06 GMT
Content-Type: application/json
Content-Length: 1408
Connection: keep-alive
Boulder-Requester: 1302365696
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: DWrB3gDtOMmAHAArbyd15XfhT6aTTYK0SCiWl0smrBpPX0VkEAg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "chris.replaced.domain"
  },
  "status": "valid",
  "expires": "2024-03-23T20:53:05Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "valid",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318313474137/EkT6mQ",
      "token": "nVoEY_aQ-zAYX23qfVS4tuIeAlMILmlZ-puweAIzthA",
      "validationRecord": [
        {
          "url": "http://chris.replaced.domain/.well-known/acme-challenge/nVoEY_aQ-zAYX23qfVS4tuIeAlMILmlZ-puweAIzthA",
          "hostname": "chris.replaced.domain",
          "port": "80",
          "addressesResolved": [
            "x.x.x.x",
            "x:x:x:x::x"
          ],
          "addressUsed": "x:x:x:x::x",
          "resolverAddrs": [
            "A:10.1.12.84:23951",
            "AAAA:10.1.12.85:25056"
          ]
        },
        {
          "url": "http://chris.replaced.domain/.well-known/acme-challenge/nVoEY_aQ-zAYX23qfVS4tuIeAlMILmlZ-puweAIzthA",
          "hostname": "chris.replaced.domain",
          "port": "80",
          "addressesResolved": [
            "x.x.x.x",
            "x:x:x:x::x"
          ],
          "addressUsed": "x.x.x.x",
          "resolverAddrs": [
            "A:10.1.12.84:23951",
            "AAAA:10.1.12.85:25056"
          ]
        }
      ],
      "validated": "2024-02-22T20:52:51Z"
    }
  ]
}
2024-03-17 08:51:06,164:DEBUG:acme.client:Storing nonce: DWrB3gDtOMmAHAArbyd15XfhT6aTTYK0SCiWl0smrBpPX0VkEAg
2024-03-17 08:51:06,165:DEBUG:acme.client:JWS payload:
b''
2024-03-17 08:51:06,169:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/318313474147:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwMjM2NTY5NiIsICJub25jZSI6ICJEV3JCM2dEdE9NbUFIQUFyYnlkMTVYZmhUNmFUVFlLMFNDaVdsMHNtckJwUFgwVmtFQWciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMxODMxMzQ3NDE0NyJ9",
  "signature": "Ax20mnJCZNXQP5L7GzsTuYwCZJ1bZl4w4EDySQj1VR0_z5bcCXb8D2DoDFABV_477UGpgG9smCDLmQB95OkhJqGLOuYTmnEdMw5ktKphcIanU-8IPCCWWi7eMus_d7pVy3houCVFZQJzvao1dVspffiJka7s3xk1ovNLiPJNsT1349msyL0ubhvvPiIzxJDgym0wXqHt1AMjHviP0dhwZTPyFekSD5l4w_aRF6kVN--Rr-191qDG5n-kN-COo5OGXqIlEJqFa-OBxG2VcInWlssInG_HBd2ALP6ASNaCnFB0hQHQkQU6iAJdgquK3KggjdeAGdlbx1cdxJa8x5d7NQ",
  "payload": ""
}
2024-03-17 08:51:06,340:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/318313474147 HTTP/1.1" 200 1438
2024-03-17 08:51:06,342:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 17 Mar 2024 08:51:06 GMT
Content-Type: application/json
Content-Length: 1438
Connection: keep-alive
Boulder-Requester: 1302365696
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: DWrB3gDtYHs2lPBd1ybXQ0Kk3_YrJ8xASVDAKnKoFQrn2ewzarI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "diskstation.replaced.domain"
  },
  "status": "valid",
  "expires": "2024-03-23T20:53:09Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "valid",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318313474147/Sf9JFw",
      "token": "0OcqhmJfwT3MJ3X7KLEp2o--r4b_09eNAdRBQyo2oRw",
      "validationRecord": [
        {
          "url": "http://diskstation.replaced.domain/.well-known/acme-challenge/0OcqhmJfwT3MJ3X7KLEp2o--r4b_09eNAdRBQyo2oRw",
          "hostname": "diskstation.replaced.domain",
          "port": "80",
          "addressesResolved": [
            "x.x.x.x",
            "x:x:x:x::x"
          ],
          "addressUsed": "x:x:x:x::x",
          "resolverAddrs": [
            "A:10.1.12.81:27532",
            "AAAA:10.1.12.83:29977"
          ]
        },
        {
          "url": "http://diskstation.replaced.domain/.well-known/acme-challenge/0OcqhmJfwT3MJ3X7KLEp2o--r4b_09eNAdRBQyo2oRw",
          "hostname": "diskstation.replaced.domain",
          "port": "80",
          "addressesResolved": [
            "x.x.x.x",
            "x:x:x:x::x"
          ],
          "addressUsed": "x.x.x.x",
          "resolverAddrs": [
            "A:10.1.12.81:27532",
            "AAAA:10.1.12.83:29977"
          ]
        }
      ],
      "validated": "2024-02-22T20:52:52Z"
    }
  ]
}
2024-03-17 08:51:06,342:DEBUG:acme.client:Storing nonce: DWrB3gDtYHs2lPBd1ybXQ0Kk3_YrJ8xASVDAKnKoFQrn2ewzarI
2024-03-17 08:51:06,343:DEBUG:acme.client:JWS payload:
b''
2024-03-17 08:51:06,345:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/327297272917:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwMjM2NTY5NiIsICJub25jZSI6ICJEV3JCM2dEdFlIczJsUEJkMXliWFEwS2szX1lySjh4QVNWREFLbktvRlFybjJld3phckkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMyNzI5NzI3MjkxNyJ9",
  "signature": "GpJPVuLERrh4dBos65MXccEdzNMe0BI5fUvN_IGjCs-_SQziT0K4E1HjFVkrRmhPmmHGuDVNRPqE_1144RZdT6chCY5a8z8kv1zrvfizwomAhBDkE_lJyMEhABu3f0RrkRqV4cmIYz4hlbqvc86Pf8af3BZDDrpfTz_JKMcp55v1NmxzBHaTYS_qPioAa-DPSCOAk548yabZUepZI17O2d8mKni3eZcNSFYUD-mEX6YFWt-wO8kPwHCpOSyAe-JCHZIHjRuFNcCBafJM-c0gll-J1pRJ8rP-Nij8D5jgalIUzXq9UdfS-96syfrjC2cAw4Dn_-aGVPv4m1j8hx2kuw",
  "payload": ""
}
2024-03-17 08:51:06,509:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/327297272917 HTTP/1.1" 200 802
2024-03-17 08:51:06,510:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 17 Mar 2024 08:51:06 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 1302365696
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: aJwww7uyNyqd3d2lYChtWRWenG3b22l28MW_jEnmm2YElIJ8V_c
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "ha.replaced.domain"
  },
  "status": "pending",
  "expires": "2024-03-24T08:51:05Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/5O063A",
      "token": "doBLhmfu_cXoimWigpbxDU33PgVfdnxre5JbajwbwYY"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/yBVRCA",
      "token": "doBLhmfu_cXoimWigpbxDU33PgVfdnxre5JbajwbwYY"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/fSg17w",
      "token": "doBLhmfu_cXoimWigpbxDU33PgVfdnxre5JbajwbwYY"
    }
  ]
}
2024-03-17 08:51:06,510:DEBUG:acme.client:Storing nonce: aJwww7uyNyqd3d2lYChtWRWenG3b22l28MW_jEnmm2YElIJ8V_c
2024-03-17 08:51:06,511:INFO:certbot._internal.auth_handler:Performing the following challenges:
2024-03-17 08:51:06,511:INFO:certbot._internal.auth_handler:http-01 challenge for ha.replaced.domain
2024-03-17 08:51:06,511:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2024-03-17 08:51:06,512:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2024-03-17 08:51:06,513:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/doBLhmfu_cXoimWigpbxDU33PgVfdnxre5JbajwbwYY
2024-03-17 08:51:06,513:DEBUG:acme.client:JWS payload:
b'{}'
2024-03-17 08:51:06,516:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/5O063A:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwMjM2NTY5NiIsICJub25jZSI6ICJhSnd3dzd1eU55cWQzZDJsWUNodFdSV2VuRzNiMjJsMjhNV19qRW5tbTJZRWxJSjhWX2MiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMyNzI5NzI3MjkxNy81TzA2M0EifQ",
  "signature": "H5NiGjRQgAI89ZalYBFMj51j4hxnTik1fX8h_fs5BybV4FQC-ZSgZ2o0Flddb3Mq5HUaSzcvj8zl22oQEZ07XaHts5-sDzkReFbYDaS0ZtY_Andsa8Dkms9Licq3QLoyOwPVkDW0-oMrME8V93f1A_d6mLW0aQpNjXkE5RHCCAyMcOlY4ciIWTiWVXZhwTfEWXT8o7xgjLpicD-h4isz7dkvy2d1YR_JplocWyb3HjjydSnORK9e04kt8j7mRyzlmYKNvkXX2XOOb6YJT2RRrB0tQ4jA92lXP9s9kJRGy6zf7Fth2zkjdjvxXT3v3Z5FfVFEuZs1O7CS2k4f6jH8yA",
  "payload": "e30"
}
2024-03-17 08:51:06,697:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/327297272917/5O063A HTTP/1.1" 200 187
2024-03-17 08:51:06,698:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 17 Mar 2024 08:51:06 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1302365696
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/327297272917>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/5O063A
Replay-Nonce: aJwww7uyOuZi4bGEDbnBDiwnOIpHBrREG7O0jQoxmUCIoxn_9rE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/5O063A",
  "token": "doBLhmfu_cXoimWigpbxDU33PgVfdnxre5JbajwbwYY"
}
2024-03-17 08:51:06,699:DEBUG:acme.client:Storing nonce: aJwww7uyOuZi4bGEDbnBDiwnOIpHBrREG7O0jQoxmUCIoxn_9rE
2024-03-17 08:51:06,699:INFO:certbot._internal.auth_handler:Waiting for verification...

<!-- gh-comment-id:2002376096 --> @chriszuercher commented on GitHub (Mar 17, 2024): **Edit**: I could finally just create a new certificate (using same data) and use this one. Let's hope next renew works again. The rate limit didn't occur (last I couldn't do this because I was blocked out becuase of to many requests). **Original Problem**: I'm using 3 domains in the same certificate. One of them is handled in NPM (ha.) the others not. The challenge works for the two domains not handled at NPM but not for the one which is used as proxy there. This one stays pending forever. Portforwarding and DNS config is the same for all of them (and ha. ist alsow working and handeld in NPM): ``` "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwMjM2NTY5NiIsICJub25jZSI6ICJEV3JCM2dEdHhmbXItWjJubkdLR2VXNFkwYU9HQ3RPTzlWc0VtbURabGVGaE02bWhlUVEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9", "signature": "UvHGA_tBh9HCnkgqC3RA-yAm1GUOpLsmEQGlUWLHEu6Adrw-EqN6fglxzRMmXBcYwng_xniHIaj6L6BeG9eQ4pL3MfMbHhZDL-bKNhr02Z_TkK3Mz9qf6qbHWwx8bBtQTnynMRHn14WZqUhxNtE9k6jHvHk2__tpye4g1Ler-n-SAmT08zaevO8JfpWVrDaJykivssyZLrH8N0Doe7b_OdtmcNvR74EnFabitVeCfqKVgeV1f_Yh-aoj1kPgI7HbWA7iZPbmnieAIT2p-tooCnGlVuqSqYWgLDM5UTwQ_QCgfMQ38XHv__YeJTkQSgbVtzLzx5XXTBwSKXndCkMFUg", "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImNocmlzLnp1ZXJjaGVyLmNvbS5teCIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJkaXNrc3RhdGlvbi56dWVyY2hlci5jb20ubXgiCiAgICB9LAogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAiaGEuenVlcmNoZXIuY29tLm14IgogICAgfQogIF0KfQ" } 2024-03-17 08:51:05,990:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 638 2024-03-17 08:51:05,992:DEBUG:acme.client:Received response: HTTP 201 Server: nginx Date: Sun, 17 Mar 2024 08:51:05 GMT Content-Type: application/json Content-Length: 638 Connection: keep-alive Boulder-Requester: 1302365696 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Location: https://acme-v02.api.letsencrypt.org/acme/order/1302365696/253028355397 Replay-Nonce: DWrB3gDtp3jrTxaPMrLYy56IhrwQ_z2KjI_LVRRepgoHZjp12MY X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "status": "pending", "expires": "2024-03-23T20:53:05Z", "identifiers": [ { "type": "dns", "value": "chris.replaced.domain" }, { "type": "dns", "value": "diskstation.replaced.domain" }, { "type": "dns", "value": "ha.replaced.domain" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz-v3/318313474137", "https://acme-v02.api.letsencrypt.org/acme/authz-v3/318313474147", "https://acme-v02.api.letsencrypt.org/acme/authz-v3/327297272917" ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1302365696/253028355397" } 2024-03-17 08:51:05,992:DEBUG:acme.client:Storing nonce: DWrB3gDtp3jrTxaPMrLYy56IhrwQ_z2KjI_LVRRepgoHZjp12MY 2024-03-17 08:51:05,993:DEBUG:acme.client:JWS payload: b'' 2024-03-17 08:51:05,995:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/318313474137: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwMjM2NTY5NiIsICJub25jZSI6ICJEV3JCM2dEdHAzanJUeGFQTXJMWXk1NklocndRX3oyS2pJX0xWUlJlcGdvSFpqcDEyTVkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMxODMxMzQ3NDEzNyJ9", "signature": "EtaWvz-N4YJyTADBWIMLdz9TMIbB2R00BV-LsMYbcsPR_4xeHExGhREITwpG0hm_Xc9s2YqN2H74RY9nPkwReu0ZURATiB9TOsMniwN1R9oFhdmxwUeAbB9Czp3bOaa-uOkEBnfxnCfF0k1B_2Wt6lnjfDfKVx46Iax6sAXtxleGnqIKaYtV07y2JDzxwvS_26Zswy28s19i4nUxfUQXNxpXNYrHafOiC1RRV_kN3mTdaXYZJUWz7r8rTBeTHzDhjuAzmolSACbBGeDue9wI2ci01iPpBqwT2jNHOAJOf9nP7kcRmCOhpnX7_xKBJKbUwATCX_f3zsiLkE1fImWIUg", "payload": "" } 2024-03-17 08:51:06,162:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/318313474137 HTTP/1.1" 200 1408 2024-03-17 08:51:06,163:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sun, 17 Mar 2024 08:51:06 GMT Content-Type: application/json Content-Length: 1408 Connection: keep-alive Boulder-Requester: 1302365696 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: DWrB3gDtOMmAHAArbyd15XfhT6aTTYK0SCiWl0smrBpPX0VkEAg X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "chris.replaced.domain" }, "status": "valid", "expires": "2024-03-23T20:53:05Z", "challenges": [ { "type": "http-01", "status": "valid", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318313474137/EkT6mQ", "token": "nVoEY_aQ-zAYX23qfVS4tuIeAlMILmlZ-puweAIzthA", "validationRecord": [ { "url": "http://chris.replaced.domain/.well-known/acme-challenge/nVoEY_aQ-zAYX23qfVS4tuIeAlMILmlZ-puweAIzthA", "hostname": "chris.replaced.domain", "port": "80", "addressesResolved": [ "x.x.x.x", "x:x:x:x::x" ], "addressUsed": "x:x:x:x::x", "resolverAddrs": [ "A:10.1.12.84:23951", "AAAA:10.1.12.85:25056" ] }, { "url": "http://chris.replaced.domain/.well-known/acme-challenge/nVoEY_aQ-zAYX23qfVS4tuIeAlMILmlZ-puweAIzthA", "hostname": "chris.replaced.domain", "port": "80", "addressesResolved": [ "x.x.x.x", "x:x:x:x::x" ], "addressUsed": "x.x.x.x", "resolverAddrs": [ "A:10.1.12.84:23951", "AAAA:10.1.12.85:25056" ] } ], "validated": "2024-02-22T20:52:51Z" } ] } 2024-03-17 08:51:06,164:DEBUG:acme.client:Storing nonce: DWrB3gDtOMmAHAArbyd15XfhT6aTTYK0SCiWl0smrBpPX0VkEAg 2024-03-17 08:51:06,165:DEBUG:acme.client:JWS payload: b'' 2024-03-17 08:51:06,169:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/318313474147: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwMjM2NTY5NiIsICJub25jZSI6ICJEV3JCM2dEdE9NbUFIQUFyYnlkMTVYZmhUNmFUVFlLMFNDaVdsMHNtckJwUFgwVmtFQWciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMxODMxMzQ3NDE0NyJ9", "signature": "Ax20mnJCZNXQP5L7GzsTuYwCZJ1bZl4w4EDySQj1VR0_z5bcCXb8D2DoDFABV_477UGpgG9smCDLmQB95OkhJqGLOuYTmnEdMw5ktKphcIanU-8IPCCWWi7eMus_d7pVy3houCVFZQJzvao1dVspffiJka7s3xk1ovNLiPJNsT1349msyL0ubhvvPiIzxJDgym0wXqHt1AMjHviP0dhwZTPyFekSD5l4w_aRF6kVN--Rr-191qDG5n-kN-COo5OGXqIlEJqFa-OBxG2VcInWlssInG_HBd2ALP6ASNaCnFB0hQHQkQU6iAJdgquK3KggjdeAGdlbx1cdxJa8x5d7NQ", "payload": "" } 2024-03-17 08:51:06,340:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/318313474147 HTTP/1.1" 200 1438 2024-03-17 08:51:06,342:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sun, 17 Mar 2024 08:51:06 GMT Content-Type: application/json Content-Length: 1438 Connection: keep-alive Boulder-Requester: 1302365696 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: DWrB3gDtYHs2lPBd1ybXQ0Kk3_YrJ8xASVDAKnKoFQrn2ewzarI X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "diskstation.replaced.domain" }, "status": "valid", "expires": "2024-03-23T20:53:09Z", "challenges": [ { "type": "http-01", "status": "valid", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318313474147/Sf9JFw", "token": "0OcqhmJfwT3MJ3X7KLEp2o--r4b_09eNAdRBQyo2oRw", "validationRecord": [ { "url": "http://diskstation.replaced.domain/.well-known/acme-challenge/0OcqhmJfwT3MJ3X7KLEp2o--r4b_09eNAdRBQyo2oRw", "hostname": "diskstation.replaced.domain", "port": "80", "addressesResolved": [ "x.x.x.x", "x:x:x:x::x" ], "addressUsed": "x:x:x:x::x", "resolverAddrs": [ "A:10.1.12.81:27532", "AAAA:10.1.12.83:29977" ] }, { "url": "http://diskstation.replaced.domain/.well-known/acme-challenge/0OcqhmJfwT3MJ3X7KLEp2o--r4b_09eNAdRBQyo2oRw", "hostname": "diskstation.replaced.domain", "port": "80", "addressesResolved": [ "x.x.x.x", "x:x:x:x::x" ], "addressUsed": "x.x.x.x", "resolverAddrs": [ "A:10.1.12.81:27532", "AAAA:10.1.12.83:29977" ] } ], "validated": "2024-02-22T20:52:52Z" } ] } 2024-03-17 08:51:06,342:DEBUG:acme.client:Storing nonce: DWrB3gDtYHs2lPBd1ybXQ0Kk3_YrJ8xASVDAKnKoFQrn2ewzarI 2024-03-17 08:51:06,343:DEBUG:acme.client:JWS payload: b'' 2024-03-17 08:51:06,345:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/327297272917: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwMjM2NTY5NiIsICJub25jZSI6ICJEV3JCM2dEdFlIczJsUEJkMXliWFEwS2szX1lySjh4QVNWREFLbktvRlFybjJld3phckkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMyNzI5NzI3MjkxNyJ9", "signature": "GpJPVuLERrh4dBos65MXccEdzNMe0BI5fUvN_IGjCs-_SQziT0K4E1HjFVkrRmhPmmHGuDVNRPqE_1144RZdT6chCY5a8z8kv1zrvfizwomAhBDkE_lJyMEhABu3f0RrkRqV4cmIYz4hlbqvc86Pf8af3BZDDrpfTz_JKMcp55v1NmxzBHaTYS_qPioAa-DPSCOAk548yabZUepZI17O2d8mKni3eZcNSFYUD-mEX6YFWt-wO8kPwHCpOSyAe-JCHZIHjRuFNcCBafJM-c0gll-J1pRJ8rP-Nij8D5jgalIUzXq9UdfS-96syfrjC2cAw4Dn_-aGVPv4m1j8hx2kuw", "payload": "" } 2024-03-17 08:51:06,509:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/327297272917 HTTP/1.1" 200 802 2024-03-17 08:51:06,510:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sun, 17 Mar 2024 08:51:06 GMT Content-Type: application/json Content-Length: 802 Connection: keep-alive Boulder-Requester: 1302365696 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: aJwww7uyNyqd3d2lYChtWRWenG3b22l28MW_jEnmm2YElIJ8V_c X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "ha.replaced.domain" }, "status": "pending", "expires": "2024-03-24T08:51:05Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/5O063A", "token": "doBLhmfu_cXoimWigpbxDU33PgVfdnxre5JbajwbwYY" }, { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/yBVRCA", "token": "doBLhmfu_cXoimWigpbxDU33PgVfdnxre5JbajwbwYY" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/fSg17w", "token": "doBLhmfu_cXoimWigpbxDU33PgVfdnxre5JbajwbwYY" } ] } 2024-03-17 08:51:06,510:DEBUG:acme.client:Storing nonce: aJwww7uyNyqd3d2lYChtWRWenG3b22l28MW_jEnmm2YElIJ8V_c 2024-03-17 08:51:06,511:INFO:certbot._internal.auth_handler:Performing the following challenges: 2024-03-17 08:51:06,511:INFO:certbot._internal.auth_handler:http-01 challenge for ha.replaced.domain 2024-03-17 08:51:06,511:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. 2024-03-17 08:51:06,512:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge 2024-03-17 08:51:06,513:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/doBLhmfu_cXoimWigpbxDU33PgVfdnxre5JbajwbwYY 2024-03-17 08:51:06,513:DEBUG:acme.client:JWS payload: b'{}' 2024-03-17 08:51:06,516:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/5O063A: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwMjM2NTY5NiIsICJub25jZSI6ICJhSnd3dzd1eU55cWQzZDJsWUNodFdSV2VuRzNiMjJsMjhNV19qRW5tbTJZRWxJSjhWX2MiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMyNzI5NzI3MjkxNy81TzA2M0EifQ", "signature": "H5NiGjRQgAI89ZalYBFMj51j4hxnTik1fX8h_fs5BybV4FQC-ZSgZ2o0Flddb3Mq5HUaSzcvj8zl22oQEZ07XaHts5-sDzkReFbYDaS0ZtY_Andsa8Dkms9Licq3QLoyOwPVkDW0-oMrME8V93f1A_d6mLW0aQpNjXkE5RHCCAyMcOlY4ciIWTiWVXZhwTfEWXT8o7xgjLpicD-h4isz7dkvy2d1YR_JplocWyb3HjjydSnORK9e04kt8j7mRyzlmYKNvkXX2XOOb6YJT2RRrB0tQ4jA92lXP9s9kJRGy6zf7Fth2zkjdjvxXT3v3Z5FfVFEuZs1O7CS2k4f6jH8yA", "payload": "e30" } 2024-03-17 08:51:06,697:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/327297272917/5O063A HTTP/1.1" 200 187 2024-03-17 08:51:06,698:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sun, 17 Mar 2024 08:51:06 GMT Content-Type: application/json Content-Length: 187 Connection: keep-alive Boulder-Requester: 1302365696 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/327297272917>;rel="up" Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/5O063A Replay-Nonce: aJwww7uyOuZi4bGEDbnBDiwnOIpHBrREG7O0jQoxmUCIoxn_9rE X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/5O063A", "token": "doBLhmfu_cXoimWigpbxDU33PgVfdnxre5JbajwbwYY" } 2024-03-17 08:51:06,699:DEBUG:acme.client:Storing nonce: aJwww7uyOuZi4bGEDbnBDiwnOIpHBrREG7O0jQoxmUCIoxn_9rE 2024-03-17 08:51:06,699:INFO:certbot._internal.auth_handler:Waiting for verification... ```

kerem commented 2026-02-26 07:35:24 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Oct 28, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:2440359468 --> @github-actions[bot] commented on GitHub (Oct 28, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented 2026-02-26 07:35:24 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Oct 31, 2025):

Issue was closed due to inactivity.

<!-- gh-comment-id:3471024033 --> @github-actions[bot] commented on GitHub (Oct 31, 2025): Issue was closed due to inactivity.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#2394

No description provided.