Hi!
ich habe eine Domain bei der ich letzencript schon seid geraumer Zeit verwende und mehrmals erneuert habe.
Jetzt wollte ich für eine weiter Domain ein ssl beantragen und es geht ums verrecken nicht (die alte Domain aber schon). Ich benutze den selben Nginx mit fast identischer Config. Aber es will einfach nicht. Ich habe schon duzende Verfahren probiert, aber mir fällt nichts mehr ein was ich noch versuchen kann. Soweit ich sehen kann, scheint das Script gar kein /.well-known/acme-challenge/irgentwas anzulegen. (Sicher bin ich mir aber nicht). Auch eine /etc/letsencrypt/renewal/meine-neue-domain.conf wird nicht erstellt.
Hier mal der Befehl mit Ausgabe. Wird da irgend wir schlau draus, was das Problem ist?
[root@lvps92-51-165-102 opt]# ./certbot-auto certonly --nginx -d the-independent-friend.de --debug-challenges -v Root logging level set at 10 Saving debug log to /var/log/letsencrypt/letsencrypt.log Requested authenticator nginx and installer nginx Single candidate plugin: * nginx Description: Nginx Web Server plugin - Alpha Interfaces: IAuthenticator, IInstaller, IPlugin Entry point: nginx = certbot_nginx.configurator:NginxConfigurator Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7effa2425110> Prep: True Single candidate plugin: * nginx Description: Nginx Web Server plugin - Alpha Interfaces: IAuthenticator, IInstaller, IPlugin Entry point: nginx = certbot_nginx.configurator:NginxConfigurator Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7effa2425110> Prep: True Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7effa2425110> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7effa2425110> Plugins selected: Authenticator nginx, Installer nginx Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, contact=(u'mailto:briefkasten@olaf-radicke.de',), agreement=u'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf', key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7effa2492650>)>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/2720790', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf'), a102b385331ee92e07dd76a3ad9949e7, Meta(creation_host=u'lvps92-51-165-102.dedicated.hosteurope.de', creation_dt=datetime.datetime(2016, 7, 21, 20, 2, 54, tzinfo=<UTC>)))> Sending GET request to https://acme-v01.api.letsencrypt.org/directory. Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658 Received response: HTTP 200 Server: nginx Content-Type: application/json Content-Length: 658 Replay-Nonce: scPF6eq5DRG-1_U02Bv7P26qZXH9Kv-5Izt-2bE-xyw X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sun, 13 May 2018 16:47:35 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 13 May 2018 16:47:35 GMT Connection: keep-alive
{ "b8Dfdcfz_Cg": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/3...", "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org" }, "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz", "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert", "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg", "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert" } Obtaining a new certificate Generating key (2048 bits): /etc/letsencrypt/keys/0036_key-certbot.pem Creating CSR: /etc/letsencrypt/csr/0036_csr-certbot.pem Requesting fresh nonce Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. https://acme-v01.api.letsencrypt.org:443 "HEAD /acme/new-authz HTTP/1.1" 405 0 Received response: HTTP 405 Server: nginx Content-Type: application/problem+json Content-Length: 91 Allow: POST Replay-Nonce: p1QD5VPqEyNFDhD2hrIEQTNpEwE8KmqnszeMOxkrs0k Expires: Sun, 13 May 2018 16:47:35 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 13 May 2018 16:47:35 GMT Connection: keep-alive
Storing nonce: p1QD5VPqEyNFDhD2hrIEQTNpEwE8KmqnszeMOxkrs0k JWS payload: { "identifier": { "type": "dns", "value": "the-independent-friend.de" }, "resource": "new-authz" } Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz: { "protected": "eyJub25jZSI6ICJwMVFENVZQcUV5TkZEaEQyaHJJRVFUTnBFd0U4S21xbnN6ZU1PeGtyczBrIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidXgwZ2RNTVpmY1R1NTFQQ1JETXJTZWlFamROY3RwM1lEb2dqZTVwNmhWZVhhSFoyd0x2bzgzOV9WODhFMUtmcWREY25WbFBYTk9ZS1E1STU1UmJYeThUUGRfbHRmb3lxTVUzWmRKNmh3Yl9yQXMxUU1FS0NoTmY5bUlrbmdhc1NzRnpSS0VrUUtJT1BrOWZ1M3o2enpYWDBJRUJZZ2g5YTFJYWhWbUVOU2xTMURaMnFLbU1yY1Iyb3NmdHVLTTZwcTVzVm5ac3EzTG1STHdIZGtmay1Vem80VjdzelEtUG5BZmplUkJQbWNxTFltcmpQLWQtMTU5NEVkajNibW5JVlJjZ2YxRXBLWHc5VklpNHNPckdZeVc4ZGhHRkRKVThpWU1sSnVwQmlaOURoNWl5ZWEwSlNlU050TlN3R3JEZ3hIT3g1WC1DYmcyTk8wdUJwa0xMUG93In19", "payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAidGhlLWluZGVwZW5kZW50LWZyaWVuZC5kZSIKICB9LCAKICAicmVzb3VyY2UiOiAibmV3LWF1dGh6Igp9", "signature": "kSQYECBimRW-aA3Ws35yStc9qG1RFB1P_ERwhSU1xY1Zxz6og6BxIfoWOAQuM6eOdE6oB3M5sKsVqwRpXUQOdFn4gtkKCIlAsg17KAQnfajVU49lgMJO7CHv1bgocgJi8yF72NaeGGBcRAQLpmFrogtoUbRgVebIwqs8UFynFEzuxzKgQJG3o52m0SkPbUSL8AP0fQh4grSa9g48Kj7G7P1IhJvl8KZyKQv958MNw-zsHbilIKY5BCuishz43jxO_Kd6BuazJEb4h00lZxSrOztNEQyZD5Q-UfKkCL013vLp_ymGIn9vS6AYFNOrOHFWkrh_pPvnjkop9IeRcPkA_w" } https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 740 Received response: HTTP 201 Server: nginx Content-Type: application/json Content-Length: 740 Boulder-Requester: 2720790 Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next" Location: https://acme-v01.api.letsencrypt.org/acme/authz/A5jz1eGW39Wpa88swZqLrUJT_j_Y... Replay-Nonce: 8lCAKdYLv4g2fUpDSLW3nA0OEf2qV5gw6yK6H0X02-8 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sun, 13 May 2018 16:47:36 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 13 May 2018 16:47:36 GMT Connection: keep-alive
{ "identifier": { "type": "dns", "value": "the-independent-friend.de" }, "status": "pending", "expires": "2018-05-20T16:47:35.933817306Z", "challenges": [ { "type": "dns-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT...", "token": "ae08hjFFIM7eHugIJ7vzTkJg0Qr6jo-rj7IVcwAbXSY" }, { "type": "http-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT...", "token": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo" } ], "combinations": [ [ 0 ], [ 1 ] ] } Storing nonce: 8lCAKdYLv4g2fUpDSLW3nA0OEf2qV5gw6yK6H0X02-8 Performing the following challenges: http-01 challenge for the-independent-friend.de Creating backup of /etc/nginx/nginx.conf Creating backup of /etc/nginx/conf.d/reverseproxy.conf Creating backup of /etc/nginx/mime.types Creating backup of /etc/nginx/conf.d/tif-static.conf Writing nginx conf tree to /etc/nginx/nginx.conf: user nginx; worker_processes 2; # Set to number of CPU cores
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events { worker_connections 1024; }
http { include /etc/letsencrypt/le_http_01_cert_challenge.conf; server_names_hash_bucket_size 128; include /etc/nginx/mime.types; default_type application/ictet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
# index index.html index.htm; }
Writing nginx conf tree to /etc/nginx/conf.d/tif-static.conf: ######### the-independent-friend.de ######### server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
# Redirect any port http/80 requests, to https/443 -- generally only matters for internal requests listen 80; listen [::]:80; server_name the-independent-friend.de;
location ^~ /.well-known/ { allow all; root /srv/nginx/; }
location / { root /srv/nginx/tif-static/; } # return 301 https://$host$request_uri; location = /.well-known/acme-challenge/FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo{default_type text/plain;return 200 FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo.guyjIMqLlBKMkBWxCC5P2sjEOlfFfcd_CDLn3Hn4yBk;} # managed by Certbot
}
server { listen 443 ssl; server_name the-independent-friend.de;
ssl on; # ssl_certificate /etc/letsencrypt/live/the-independent-friend.de/cert.pem; # ssl_certificate_key /etc/letsencrypt/live/the-independent-friend.de/privkey.pem; ssl_certificate /etc/httpd/ssl/the-independent-friend.de.cert.pem; ssl_certificate_key /etc/httpd/ssl/the-independent-friend.de.key.pem;
location ^~ /.well-known/ { allow all; root /srv/nginx/; }
location / { root /srv/nginx/tif-static/; } }
Waiting for verification...
------------------------------------------------------------------------------- Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about challenges. ------------------------------------------------------------------------------- Press Enter to Continue JWS payload: { "keyAuthorization": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo.guyjIMqLlBKMkBWxCC5P2sjEOlfFfcd_CDLn3Hn4yBk", "type": "http-01", "resource": "challenge" } Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT...: { "protected": "eyJub25jZSI6ICI4bENBS2RZTHY0ZzJmVXBEU0xXM25BME9FZjJxVjVndzZ5SzZIMFgwMi04IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidXgwZ2RNTVpmY1R1NTFQQ1JETXJTZWlFamROY3RwM1lEb2dqZTVwNmhWZVhhSFoyd0x2bzgzOV9WODhFMUtmcWREY25WbFBYTk9ZS1E1STU1UmJYeThUUGRfbHRmb3lxTVUzWmRKNmh3Yl9yQXMxUU1FS0NoTmY5bUlrbmdhc1NzRnpSS0VrUUtJT1BrOWZ1M3o2enpYWDBJRUJZZ2g5YTFJYWhWbUVOU2xTMURaMnFLbU1yY1Iyb3NmdHVLTTZwcTVzVm5ac3EzTG1STHdIZGtmay1Vem80VjdzelEtUG5BZmplUkJQbWNxTFltcmpQLWQtMTU5NEVkajNibW5JVlJjZ2YxRXBLWHc5VklpNHNPckdZeVc4ZGhHRkRKVThpWU1sSnVwQmlaOURoNWl5ZWEwSlNlU050TlN3R3JEZ3hIT3g1WC1DYmcyTk8wdUJwa0xMUG93In19", "payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIkZiTlZzV0VxOE12b1RrZVNKV1pvX25jdFFiYmhjNFBrWU5qMDdqTnR3SW8uZ3V5aklNcUxsQktNa0JXeENDNVAyc2pFT2xmRmZjZF9DRExuM0huNHlCayIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9", "signature": "g8SxxosLA9MiC2hnWW-Y12HUdFa3v89eP-Z1xud_oGpAcFjKYL5r34-2kIs7e9LOdZ88VVCFbhnLH9ww92pZj6cc1jRXUthKZrQ0StXewplkn_iZRIEK6hZjL1WQxPll15Od4tkz1rG3jzWXhMxZOcE01Symndowq3oUvEzC4JFw0qLBSKoAtmrp3ajSWliSjWwNNlacjAdjwNTUuTA_3p1Fikhba_1vkpkaZNwlpm_xYHVvSrjEhVxZvtGWQwzlLwRyK5-_i4k9s-LlDrWhORvnUq3zMJdVDeVuNQFsfhwf9yV_IdoB7T4AeSNucR61L5Tl0XlnqGGMUOMnsAwYzA" } https://acme-v01.api.letsencrypt.org:443 "POST /acme/challenge/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw/4627835641 HTTP/1.1" 202 336 Received response: HTTP 202 Server: nginx Content-Type: application/json Content-Length: 336 Boulder-Requester: 2720790 Link: https://acme-v01.api.letsencrypt.org/acme/authz/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw;rel="up" Location: https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT... Replay-Nonce: UmmHdSQGXnZ6GjpfAiRfV16V0oFKqWjcYnN0maz_o3c Expires: Sun, 13 May 2018 16:47:38 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 13 May 2018 16:47:38 GMT Connection: keep-alive
{ "type": "http-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT...", "token": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo", "keyAuthorization": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo.guyjIMqLlBKMkBWxCC5P2sjEOlfFfcd_CDLn3Hn4yBk" } Storing nonce: UmmHdSQGXnZ6GjpfAiRfV16V0oFKqWjcYnN0maz_o3c Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/A5jz1eGW39Wpa88swZqLrUJT_j_Y.... https://acme-v01.api.letsencrypt.org:443 "GET /acme/authz/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw HTTP/1.1" 200 1708 Received response: HTTP 200 Server: nginx Content-Type: application/json Content-Length: 1708 Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next" Replay-Nonce: 81rSHlqX6nGMdi_MW4pGuccufR8is_8Me4EPooLW-u8 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sun, 13 May 2018 16:47:42 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 13 May 2018 16:47:42 GMT Connection: keep-alive
{ "identifier": { "type": "dns", "value": "the-independent-friend.de" }, "status": "invalid", "expires": "2018-05-20T16:47:35Z", "challenges": [ { "type": "dns-01", "status": "invalid", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT...", "token": "ae08hjFFIM7eHugIJ7vzTkJg0Qr6jo-rj7IVcwAbXSY" }, { "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:unauthorized", "detail": "Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeS...: "\u003c!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"\n "http://www.w3.org/TR/html4/loose.dtd%5C%22%5Cu003e%5Cn%5Cu003chtml%5Cu003e%5... \u003cm"", "status": 403 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT...", "token": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo", "keyAuthorization": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo.guyjIMqLlBKMkBWxCC5P2sjEOlfFfcd_CDLn3Hn4yBk", "validationRecord": [ { "url": "http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeS...", "hostname": "the-independent-friend.de", "port": "80", "addressesResolved": [ "92.51.165.102", "2a01:488:42:1000:50ed:8499:db:fa85" ], "addressUsed": "2a01:488:42:1000:50ed:8499:db:fa85" } ] } ], "combinations": [ [ 0 ], [ 1 ] ] } Reporting to user: The following errors were reported by the server:
Domain: the-independent-friend.de Type: unauthorized Detail: Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeS...: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <m"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Encountered exception: Traceback (most recent call last): File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 80, in handle_authorizations self._respond(aauthzrs, resp, best_effort) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 153, in _respond self._poll_challenges(aauthzrs, chall_update, best_effort) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 224, in _poll_challenges raise errors.FailedChallenges(all_failed_achalls) FailedChallenges: Failed authorization procedure. the-independent-friend.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeS...: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <m"
Calling registered functions Cleaning up challenges Exiting abnormally: Traceback (most recent call last): File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in <module> sys.exit(main()) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 1315, in main return config.func(config, plugins) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 1206, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 118, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py", line 351, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py", line 294, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py", line 330, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, best_effort) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 80, in handle_authorizations self._respond(aauthzrs, resp, best_effort) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 153, in _respond self._poll_challenges(aauthzrs, chall_update, best_effort) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 224, in _poll_challenges raise errors.FailedChallenges(all_failed_achalls) FailedChallenges: Failed authorization procedure. the-independent-friend.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeS...: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <m" Failed authorization procedure. the-independent-friend.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeS...: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <m"
IMPORTANT NOTES: - The following errors were reported by the server:
Domain: the-independent-friend.de Type: unauthorized Detail: Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeS...: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <m"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
Olaf Radicke briefkasten@olaf-radicke.de hat am 13. Mai 2018 um 19:12 geschrieben: Ich habe schon duzende Verfahren probiert, aber mir fällt nichts mehr ein was ich noch versuchen kann.
Ich hab jetzt auch noch mal das ausprobiert:
./certbot-auto certonly --nginx --agree-tos --expand -d the-independent-friend.de,olaf-radicke.de --debug-challenges -v
Bin aber auch wieder von der unsichtbaren Gummiwand abgeprallt.
VG
Olaf
Nur für das Archiv:
die Ursache war ein fehlerhafter Eintrag im DNS für IPv6, der nicht zur Auflösung der IPv4 passte. letzencript bevorzugt IPv6 und tools wie wget curl IPv4. Deshalb war nicht sofort ersichtlich, das der Hostname von letzencript anders aufgelöst wurde, und ins Nirwana führte.
VG
Olaf
Olaf Radicke briefkasten@olaf-radicke.de hat am 13. Mai 2018 um 19:12 geschrieben:
Hi!
ich habe eine Domain bei der ich letzencript schon seid geraumer Zeit verwende und mehrmals erneuert habe.
Jetzt wollte ich für eine weiter Domain ein ssl beantragen und es geht ums verrecken nicht (die alte Domain aber schon). Ich benutze den selben Nginx mit fast identischer Config. Aber es will einfach nicht. Ich habe schon duzende Verfahren probiert, aber mir fällt nichts mehr ein was ich noch versuchen kann. Soweit ich sehen kann, scheint das Script gar kein /.well-known/acme-challenge/irgentwas anzulegen. (Sicher bin ich mir aber nicht). Auch eine /etc/letsencrypt/renewal/meine-neue-domain.conf wird nicht erstellt.
Hier mal der Befehl mit Ausgabe. Wird da irgend wir schlau draus, was das Problem ist?
[root@lvps92-51-165-102 opt]# ./certbot-auto certonly --nginx -d the-independent-friend.de --debug-challenges -v Root logging level set at 10 Saving debug log to /var/log/letsencrypt/letsencrypt.log Requested authenticator nginx and installer nginx Single candidate plugin: * nginx Description: Nginx Web Server plugin - Alpha Interfaces: IAuthenticator, IInstaller, IPlugin Entry point: nginx = certbot_nginx.configurator:NginxConfigurator Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7effa2425110> Prep: True Single candidate plugin: * nginx Description: Nginx Web Server plugin - Alpha Interfaces: IAuthenticator, IInstaller, IPlugin Entry point: nginx = certbot_nginx.configurator:NginxConfigurator Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7effa2425110> Prep: True Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7effa2425110> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7effa2425110> Plugins selected: Authenticator nginx, Installer nginx Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, contact=(u'mailto:briefkasten@olaf-radicke.de',), agreement=u'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf', key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7effa2492650>)>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/2720790', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf'), a102b385331ee92e07dd76a3ad9949e7, Meta(creation_host=u'lvps92-51-165-102.dedicated.hosteurope.de', creation_dt=datetime.datetime(2016, 7, 21, 20, 2, 54, tzinfo=<UTC>)))> Sending GET request to https://acme-v01.api.letsencrypt.org/directory. Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658 Received response: HTTP 200 Server: nginx Content-Type: application/json Content-Length: 658 Replay-Nonce: scPF6eq5DRG-1_U02Bv7P26qZXH9Kv-5Izt-2bE-xyw X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sun, 13 May 2018 16:47:35 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 13 May 2018 16:47:35 GMT Connection: keep-alive
{ "b8Dfdcfz_Cg": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/3...", "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org" }, "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz", "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert", "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg", "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert" } Obtaining a new certificate Generating key (2048 bits): /etc/letsencrypt/keys/0036_key-certbot.pem Creating CSR: /etc/letsencrypt/csr/0036_csr-certbot.pem Requesting fresh nonce Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. https://acme-v01.api.letsencrypt.org:443 "HEAD /acme/new-authz HTTP/1.1" 405 0 Received response: HTTP 405 Server: nginx Content-Type: application/problem+json Content-Length: 91 Allow: POST Replay-Nonce: p1QD5VPqEyNFDhD2hrIEQTNpEwE8KmqnszeMOxkrs0k Expires: Sun, 13 May 2018 16:47:35 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 13 May 2018 16:47:35 GMT Connection: keep-alive
Storing nonce: p1QD5VPqEyNFDhD2hrIEQTNpEwE8KmqnszeMOxkrs0k JWS payload: { "identifier": { "type": "dns", "value": "the-independent-friend.de" }, "resource": "new-authz" } Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz: { "protected": "eyJub25jZSI6ICJwMVFENVZQcUV5TkZEaEQyaHJJRVFUTnBFd0U4S21xbnN6ZU1PeGtyczBrIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidXgwZ2RNTVpmY1R1NTFQQ1JETXJTZWlFamROY3RwM1lEb2dqZTVwNmhWZVhhSFoyd0x2bzgzOV9WODhFMUtmcWREY25WbFBYTk9ZS1E1STU1UmJYeThUUGRfbHRmb3lxTVUzWmRKNmh3Yl9yQXMxUU1FS0NoTmY5bUlrbmdhc1NzRnpSS0VrUUtJT1BrOWZ1M3o2enpYWDBJRUJZZ2g5YTFJYWhWbUVOU2xTMURaMnFLbU1yY1Iyb3NmdHVLTTZwcTVzVm5ac3EzTG1STHdIZGtmay1Vem80VjdzelEtUG5BZmplUkJQbWNxTFltcmpQLWQtMTU5NEVkajNibW5JVlJjZ2YxRXBLWHc5VklpNHNPckdZeVc4ZGhHRkRKVThpWU1sSnVwQmlaOURoNWl5ZWEwSlNlU050TlN3R3JEZ3hIT3g1WC1DYmcyTk8wdUJwa0xMUG93In19", "payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAidGhlLWluZGVwZW5kZW50LWZyaWVuZC5kZSIKICB9LCAKICAicmVzb3VyY2UiOiAibmV3LWF1dGh6Igp9", "signature": "kSQYECBimRW-aA3Ws35yStc9qG1RFB1P_ERwhSU1xY1Zxz6og6BxIfoWOAQuM6eOdE6oB3M5sKsVqwRpXUQOdFn4gtkKCIlAsg17KAQnfajVU49lgMJO7CHv1bgocgJi8yF72NaeGGBcRAQLpmFrogtoUbRgVebIwqs8UFynFEzuxzKgQJG3o52m0SkPbUSL8AP0fQh4grSa9g48Kj7G7P1IhJvl8KZyKQv958MNw-zsHbilIKY5BCuishz43jxO_Kd6BuazJEb4h00lZxSrOztNEQyZD5Q-UfKkCL013vLp_ymGIn9vS6AYFNOrOHFWkrh_pPvnjkop9IeRcPkA_w" } https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 740 Received response: HTTP 201 Server: nginx Content-Type: application/json Content-Length: 740 Boulder-Requester: 2720790 Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next" Location: https://acme-v01.api.letsencrypt.org/acme/authz/A5jz1eGW39Wpa88swZqLrUJT_j_Y... Replay-Nonce: 8lCAKdYLv4g2fUpDSLW3nA0OEf2qV5gw6yK6H0X02-8 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sun, 13 May 2018 16:47:36 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 13 May 2018 16:47:36 GMT Connection: keep-alive
{ "identifier": { "type": "dns", "value": "the-independent-friend.de" }, "status": "pending", "expires": "2018-05-20T16:47:35.933817306Z", "challenges": [ { "type": "dns-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT...", "token": "ae08hjFFIM7eHugIJ7vzTkJg0Qr6jo-rj7IVcwAbXSY" }, { "type": "http-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT...", "token": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo" } ], "combinations": [ [ 0 ], [ 1 ] ] } Storing nonce: 8lCAKdYLv4g2fUpDSLW3nA0OEf2qV5gw6yK6H0X02-8 Performing the following challenges: http-01 challenge for the-independent-friend.de Creating backup of /etc/nginx/nginx.conf Creating backup of /etc/nginx/conf.d/reverseproxy.conf Creating backup of /etc/nginx/mime.types Creating backup of /etc/nginx/conf.d/tif-static.conf Writing nginx conf tree to /etc/nginx/nginx.conf: user nginx; worker_processes 2; # Set to number of CPU cores
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events { worker_connections 1024; }
http { include /etc/letsencrypt/le_http_01_cert_challenge.conf; server_names_hash_bucket_size 128; include /etc/nginx/mime.types; default_type application/ictet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
# index index.html index.htm; }
Writing nginx conf tree to /etc/nginx/conf.d/tif-static.conf: ######### the-independent-friend.de ######### server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
# Redirect any port http/80 requests, to https/443 -- generally only matters for internal requests listen 80; listen [::]:80; server_name the-independent-friend.de; location ^~ /.well-known/ { allow all; root /srv/nginx/; } location / { root /srv/nginx/tif-static/; }
# return 301 https://$host$request_uri; location = /.well-known/acme-challenge/FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo{default_type text/plain;return 200 FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo.guyjIMqLlBKMkBWxCC5P2sjEOlfFfcd_CDLn3Hn4yBk;} # managed by Certbot
}
server { listen 443 ssl; server_name the-independent-friend.de;
ssl on;
# ssl_certificate /etc/letsencrypt/live/the-independent-friend.de/cert.pem; # ssl_certificate_key /etc/letsencrypt/live/the-independent-friend.de/privkey.pem; ssl_certificate /etc/httpd/ssl/the-independent-friend.de.cert.pem; ssl_certificate_key /etc/httpd/ssl/the-independent-friend.de.key.pem;
location ^~ /.well-known/ { allow all; root /srv/nginx/; } location / { root /srv/nginx/tif-static/; }
}
Waiting for verification...
Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about challenges.
Press Enter to Continue JWS payload: { "keyAuthorization": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo.guyjIMqLlBKMkBWxCC5P2sjEOlfFfcd_CDLn3Hn4yBk", "type": "http-01", "resource": "challenge" } Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT...: { "protected": "eyJub25jZSI6ICI4bENBS2RZTHY0ZzJmVXBEU0xXM25BME9FZjJxVjVndzZ5SzZIMFgwMi04IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidXgwZ2RNTVpmY1R1NTFQQ1JETXJTZWlFamROY3RwM1lEb2dqZTVwNmhWZVhhSFoyd0x2bzgzOV9WODhFMUtmcWREY25WbFBYTk9ZS1E1STU1UmJYeThUUGRfbHRmb3lxTVUzWmRKNmh3Yl9yQXMxUU1FS0NoTmY5bUlrbmdhc1NzRnpSS0VrUUtJT1BrOWZ1M3o2enpYWDBJRUJZZ2g5YTFJYWhWbUVOU2xTMURaMnFLbU1yY1Iyb3NmdHVLTTZwcTVzVm5ac3EzTG1STHdIZGtmay1Vem80VjdzelEtUG5BZmplUkJQbWNxTFltcmpQLWQtMTU5NEVkajNibW5JVlJjZ2YxRXBLWHc5VklpNHNPckdZeVc4ZGhHRkRKVThpWU1sSnVwQmlaOURoNWl5ZWEwSlNlU050TlN3R3JEZ3hIT3g1WC1DYmcyTk8wdUJwa0xMUG93In19", "payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIkZiTlZzV0VxOE12b1RrZVNKV1pvX25jdFFiYmhjNFBrWU5qMDdqTnR3SW8uZ3V5aklNcUxsQktNa0JXeENDNVAyc2pFT2xmRmZjZF9DRExuM0huNHlCayIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9", "signature": "g8SxxosLA9MiC2hnWW-Y12HUdFa3v89eP-Z1xud_oGpAcFjKYL5r34-2kIs7e9LOdZ88VVCFbhnLH9ww92pZj6cc1jRXUthKZrQ0StXewplkn_iZRIEK6hZjL1WQxPll15Od4tkz1rG3jzWXhMxZOcE01Symndowq3oUvEzC4JFw0qLBSKoAtmrp3ajSWliSjWwNNlacjAdjwNTUuTA_3p1Fikhba_1vkpkaZNwlpm_xYHVvSrjEhVxZvtGWQwzlLwRyK5-_i4k9s-LlDrWhORvnUq3zMJdVDeVuNQFsfhwf9yV_IdoB7T4AeSNucR61L5Tl0XlnqGGMUOMnsAwYzA" } https://acme-v01.api.letsencrypt.org:443 "POST /acme/challenge/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw/4627835641 HTTP/1.1" 202 336 Received response: HTTP 202 Server: nginx Content-Type: application/json Content-Length: 336 Boulder-Requester: 2720790 Link: https://acme-v01.api.letsencrypt.org/acme/authz/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw;rel="up" Location: https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT... Replay-Nonce: UmmHdSQGXnZ6GjpfAiRfV16V0oFKqWjcYnN0maz_o3c Expires: Sun, 13 May 2018 16:47:38 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 13 May 2018 16:47:38 GMT Connection: keep-alive
{ "type": "http-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT...", "token": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo", "keyAuthorization": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo.guyjIMqLlBKMkBWxCC5P2sjEOlfFfcd_CDLn3Hn4yBk" } Storing nonce: UmmHdSQGXnZ6GjpfAiRfV16V0oFKqWjcYnN0maz_o3c Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/A5jz1eGW39Wpa88swZqLrUJT_j_Y.... https://acme-v01.api.letsencrypt.org:443 "GET /acme/authz/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw HTTP/1.1" 200 1708 Received response: HTTP 200 Server: nginx Content-Type: application/json Content-Length: 1708 Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next" Replay-Nonce: 81rSHlqX6nGMdi_MW4pGuccufR8is_8Me4EPooLW-u8 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sun, 13 May 2018 16:47:42 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 13 May 2018 16:47:42 GMT Connection: keep-alive
{ "identifier": { "type": "dns", "value": "the-independent-friend.de" }, "status": "invalid", "expires": "2018-05-20T16:47:35Z", "challenges": [ { "type": "dns-01", "status": "invalid", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT...", "token": "ae08hjFFIM7eHugIJ7vzTkJg0Qr6jo-rj7IVcwAbXSY" }, { "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:unauthorized", "detail": "Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeS...: "\u003c!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"\n "http://www.w3.org/TR/html4/loose.dtd%5C%22%5Cu003e%5Cn%5Cu003chtml%5Cu003e%5... \u003cm"", "status": 403 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT...", "token": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo", "keyAuthorization": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo.guyjIMqLlBKMkBWxCC5P2sjEOlfFfcd_CDLn3Hn4yBk", "validationRecord": [ { "url": "http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeS...", "hostname": "the-independent-friend.de", "port": "80", "addressesResolved": [ "92.51.165.102", "2a01:488:42:1000:50ed:8499:db:fa85" ], "addressUsed": "2a01:488:42:1000:50ed:8499:db:fa85" } ] } ], "combinations": [ [ 0 ], [ 1 ] ] } Reporting to user: The following errors were reported by the server:
Domain: the-independent-friend.de Type: unauthorized Detail: Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeS...: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html> <head> <m"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Encountered exception: Traceback (most recent call last): File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 80, in handle_authorizations self._respond(aauthzrs, resp, best_effort) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 153, in _respond self._poll_challenges(aauthzrs, chall_update, best_effort) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 224, in _poll_challenges raise errors.FailedChallenges(all_failed_achalls) FailedChallenges: Failed authorization procedure. the-independent-friend.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeS...: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html> <head> <m"
Calling registered functions Cleaning up challenges Exiting abnormally: Traceback (most recent call last): File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in <module> sys.exit(main()) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 1315, in main return config.func(config, plugins) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 1206, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 118, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py", line 351, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py", line 294, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py", line 330, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, best_effort) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 80, in handle_authorizations self._respond(aauthzrs, resp, best_effort) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 153, in _respond self._poll_challenges(aauthzrs, chall_update, best_effort) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 224, in _poll_challenges raise errors.FailedChallenges(all_failed_achalls) FailedChallenges: Failed authorization procedure. the-independent-friend.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeS...: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html> <head> <m" Failed authorization procedure. the-independent-friend.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <m"
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: the-independent-friend.de Type: unauthorized Detail: Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeS...: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html> <head> <m"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.