[CentOS-de] letzencript challenge schlägt fehl
Olaf Radicke
briefkasten at olaf-radicke.de
So Mai 13 17:12:00 UTC 2018
Hi!
ich habe eine Domain bei der ich letzencript schon seid geraumer Zeit verwende und mehrmals erneuert habe.
Jetzt wollte ich für eine weiter Domain ein ssl beantragen und es geht ums verrecken nicht (die alte Domain aber schon). Ich benutze den selben Nginx mit fast identischer Config. Aber es will einfach nicht. Ich habe schon duzende Verfahren probiert, aber mir fällt nichts mehr ein was ich noch versuchen kann. Soweit ich sehen kann, scheint das Script gar kein /.well-known/acme-challenge/irgentwas anzulegen. (Sicher bin ich mir aber nicht). Auch eine /etc/letsencrypt/renewal/meine-neue-domain.conf wird nicht erstellt.
Hier mal der Befehl mit Ausgabe. Wird da irgend wir schlau draus, was das Problem ist?
[root at lvps92-51-165-102 opt]# ./certbot-auto certonly --nginx -d the-independent-friend.de --debug-challenges -v
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator nginx and installer nginx
Single candidate plugin: * nginx
Description: Nginx Web Server plugin - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7effa2425110>
Prep: True
Single candidate plugin: * nginx
Description: Nginx Web Server plugin - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7effa2425110>
Prep: True
Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7effa2425110> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7effa2425110>
Plugins selected: Authenticator nginx, Installer nginx
Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, contact=(u'mailto:briefkasten at olaf-radicke.de',), agreement=u'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf', key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7effa2492650>)>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/2720790', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf'), a102b385331ee92e07dd76a3ad9949e7, Meta(creation_host=u'lvps92-51-165-102.dedicated.hosteurope.de', creation_dt=datetime.datetime(2016, 7, 21, 20, 2, 54, tzinfo=<UTC>)))>
Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 658
Replay-Nonce: scPF6eq5DRG-1_U02Bv7P26qZXH9Kv-5Izt-2bE-xyw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 13 May 2018 16:47:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 13 May 2018 16:47:35 GMT
Connection: keep-alive
{
"b8Dfdcfz_Cg": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
"revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
Obtaining a new certificate
Generating key (2048 bits): /etc/letsencrypt/keys/0036_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0036_csr-certbot.pem
Requesting fresh nonce
Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
https://acme-v01.api.letsencrypt.org:443 "HEAD /acme/new-authz HTTP/1.1" 405 0
Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Replay-Nonce: p1QD5VPqEyNFDhD2hrIEQTNpEwE8KmqnszeMOxkrs0k
Expires: Sun, 13 May 2018 16:47:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 13 May 2018 16:47:35 GMT
Connection: keep-alive
Storing nonce: p1QD5VPqEyNFDhD2hrIEQTNpEwE8KmqnszeMOxkrs0k
JWS payload:
{
"identifier": {
"type": "dns",
"value": "the-independent-friend.de"
},
"resource": "new-authz"
}
Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
"protected": "eyJub25jZSI6ICJwMVFENVZQcUV5TkZEaEQyaHJJRVFUTnBFd0U4S21xbnN6ZU1PeGtyczBrIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidXgwZ2RNTVpmY1R1NTFQQ1JETXJTZWlFamROY3RwM1lEb2dqZTVwNmhWZVhhSFoyd0x2bzgzOV9WODhFMUtmcWREY25WbFBYTk9ZS1E1STU1UmJYeThUUGRfbHRmb3lxTVUzWmRKNmh3Yl9yQXMxUU1FS0NoTmY5bUlrbmdhc1NzRnpSS0VrUUtJT1BrOWZ1M3o2enpYWDBJRUJZZ2g5YTFJYWhWbUVOU2xTMURaMnFLbU1yY1Iyb3NmdHVLTTZwcTVzVm5ac3EzTG1STHdIZGtmay1Vem80VjdzelEtUG5BZmplUkJQbWNxTFltcmpQLWQtMTU5NEVkajNibW5JVlJjZ2YxRXBLWHc5VklpNHNPckdZeVc4ZGhHRkRKVThpWU1sSnVwQmlaOURoNWl5ZWEwSlNlU050TlN3R3JEZ3hIT3g1WC1DYmcyTk8wdUJwa0xMUG93In19",
"payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAidGhlLWluZGVwZW5kZW50LWZyaWVuZC5kZSIKICB9LCAKICAicmVzb3VyY2UiOiAibmV3LWF1dGh6Igp9",
"signature": "kSQYECBimRW-aA3Ws35yStc9qG1RFB1P_ERwhSU1xY1Zxz6og6BxIfoWOAQuM6eOdE6oB3M5sKsVqwRpXUQOdFn4gtkKCIlAsg17KAQnfajVU49lgMJO7CHv1bgocgJi8yF72NaeGGBcRAQLpmFrogtoUbRgVebIwqs8UFynFEzuxzKgQJG3o52m0SkPbUSL8AP0fQh4grSa9g48Kj7G7P1IhJvl8KZyKQv958MNw-zsHbilIKY5BCuishz43jxO_Kd6BuazJEb4h00lZxSrOztNEQyZD5Q-UfKkCL013vLp_ymGIn9vS6AYFNOrOHFWkrh_pPvnjkop9IeRcPkA_w"
}
https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 740
Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 740
Boulder-Requester: 2720790
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw
Replay-Nonce: 8lCAKdYLv4g2fUpDSLW3nA0OEf2qV5gw6yK6H0X02-8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 13 May 2018 16:47:36 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 13 May 2018 16:47:36 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "the-independent-friend.de"
},
"status": "pending",
"expires": "2018-05-20T16:47:35.933817306Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw/4627835640",
"token": "ae08hjFFIM7eHugIJ7vzTkJg0Qr6jo-rj7IVcwAbXSY"
},
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw/4627835641",
"token": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo"
}
],
"combinations": [
[
0
],
[
1
]
]
}
Storing nonce: 8lCAKdYLv4g2fUpDSLW3nA0OEf2qV5gw6yK6H0X02-8
Performing the following challenges:
http-01 challenge for the-independent-friend.de
Creating backup of /etc/nginx/nginx.conf
Creating backup of /etc/nginx/conf.d/reverseproxy.conf
Creating backup of /etc/nginx/mime.types
Creating backup of /etc/nginx/conf.d/tif-static.conf
Writing nginx conf tree to /etc/nginx/nginx.conf:
user nginx;
worker_processes 2; # Set to number of CPU cores
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/letsencrypt/le_http_01_cert_challenge.conf;
server_names_hash_bucket_size 128;
include /etc/nginx/mime.types;
default_type application/ictet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
# index index.html index.htm;
}
Writing nginx conf tree to /etc/nginx/conf.d/tif-static.conf:
######### the-independent-friend.de #########
server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
# Redirect any port http/80 requests, to https/443 -- generally only matters for internal requests
listen 80;
listen [::]:80;
server_name the-independent-friend.de;
location ^~ /.well-known/ {
allow all;
root /srv/nginx/;
}
location / {
root /srv/nginx/tif-static/;
}
# return 301 https://$host$request_uri;
location = /.well-known/acme-challenge/FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo{default_type text/plain;return 200 FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo.guyjIMqLlBKMkBWxCC5P2sjEOlfFfcd_CDLn3Hn4yBk;} # managed by Certbot
}
server {
listen 443 ssl;
server_name the-independent-friend.de;
ssl on;
# ssl_certificate /etc/letsencrypt/live/the-independent-friend.de/cert.pem;
# ssl_certificate_key /etc/letsencrypt/live/the-independent-friend.de/privkey.pem;
ssl_certificate /etc/httpd/ssl/the-independent-friend.de.cert.pem;
ssl_certificate_key /etc/httpd/ssl/the-independent-friend.de.key.pem;
location ^~ /.well-known/ {
allow all;
root /srv/nginx/;
}
location / {
root /srv/nginx/tif-static/;
}
}
Waiting for verification...
-------------------------------------------------------------------------------
Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about
challenges.
-------------------------------------------------------------------------------
Press Enter to Continue
JWS payload:
{
"keyAuthorization": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo.guyjIMqLlBKMkBWxCC5P2sjEOlfFfcd_CDLn3Hn4yBk",
"type": "http-01",
"resource": "challenge"
}
Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw/4627835641:
{
"protected": "eyJub25jZSI6ICI4bENBS2RZTHY0ZzJmVXBEU0xXM25BME9FZjJxVjVndzZ5SzZIMFgwMi04IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidXgwZ2RNTVpmY1R1NTFQQ1JETXJTZWlFamROY3RwM1lEb2dqZTVwNmhWZVhhSFoyd0x2bzgzOV9WODhFMUtmcWREY25WbFBYTk9ZS1E1STU1UmJYeThUUGRfbHRmb3lxTVUzWmRKNmh3Yl9yQXMxUU1FS0NoTmY5bUlrbmdhc1NzRnpSS0VrUUtJT1BrOWZ1M3o2enpYWDBJRUJZZ2g5YTFJYWhWbUVOU2xTMURaMnFLbU1yY1Iyb3NmdHVLTTZwcTVzVm5ac3EzTG1STHdIZGtmay1Vem80VjdzelEtUG5BZmplUkJQbWNxTFltcmpQLWQtMTU5NEVkajNibW5JVlJjZ2YxRXBLWHc5VklpNHNPckdZeVc4ZGhHRkRKVThpWU1sSnVwQmlaOURoNWl5ZWEwSlNlU050TlN3R3JEZ3hIT3g1WC1DYmcyTk8wdUJwa0xMUG93In19",
"payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIkZiTlZzV0VxOE12b1RrZVNKV1pvX25jdFFiYmhjNFBrWU5qMDdqTnR3SW8uZ3V5aklNcUxsQktNa0JXeENDNVAyc2pFT2xmRmZjZF9DRExuM0huNHlCayIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
"signature": "g8SxxosLA9MiC2hnWW-Y12HUdFa3v89eP-Z1xud_oGpAcFjKYL5r34-2kIs7e9LOdZ88VVCFbhnLH9ww92pZj6cc1jRXUthKZrQ0StXewplkn_iZRIEK6hZjL1WQxPll15Od4tkz1rG3jzWXhMxZOcE01Symndowq3oUvEzC4JFw0qLBSKoAtmrp3ajSWliSjWwNNlacjAdjwNTUuTA_3p1Fikhba_1vkpkaZNwlpm_xYHVvSrjEhVxZvtGWQwzlLwRyK5-_i4k9s-LlDrWhORvnUq3zMJdVDeVuNQFsfhwf9yV_IdoB7T4AeSNucR61L5Tl0XlnqGGMUOMnsAwYzA"
}
https://acme-v01.api.letsencrypt.org:443 "POST /acme/challenge/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw/4627835641 HTTP/1.1" 202 336
Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 336
Boulder-Requester: 2720790
Link: <https://acme-v01.api.letsencrypt.org/acme/authz/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw>;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw/4627835641
Replay-Nonce: UmmHdSQGXnZ6GjpfAiRfV16V0oFKqWjcYnN0maz_o3c
Expires: Sun, 13 May 2018 16:47:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 13 May 2018 16:47:38 GMT
Connection: keep-alive
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw/4627835641",
"token": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo",
"keyAuthorization": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo.guyjIMqLlBKMkBWxCC5P2sjEOlfFfcd_CDLn3Hn4yBk"
}
Storing nonce: UmmHdSQGXnZ6GjpfAiRfV16V0oFKqWjcYnN0maz_o3c
Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw.
https://acme-v01.api.letsencrypt.org:443 "GET /acme/authz/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw HTTP/1.1" 200 1708
Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1708
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Replay-Nonce: 81rSHlqX6nGMdi_MW4pGuccufR8is_8Me4EPooLW-u8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 13 May 2018 16:47:42 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 13 May 2018 16:47:42 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "the-independent-friend.de"
},
"status": "invalid",
"expires": "2018-05-20T16:47:35Z",
"challenges": [
{
"type": "dns-01",
"status": "invalid",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw/4627835640",
"token": "ae08hjFFIM7eHugIJ7vzTkJg0Qr6jo-rj7IVcwAbXSY"
},
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:unauthorized",
"detail": "Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo: \"\u003c!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"\n \"http://www.w3.org/TR/html4/loose.dtd\"\u003e\n\u003chtml\u003e\n\u003chead\u003e\n \u003cm\"",
"status": 403
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw/4627835641",
"token": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo",
"keyAuthorization": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo.guyjIMqLlBKMkBWxCC5P2sjEOlfFfcd_CDLn3Hn4yBk",
"validationRecord": [
{
"url": "http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo",
"hostname": "the-independent-friend.de",
"port": "80",
"addressesResolved": [
"92.51.165.102",
"2a01:488:42:1000:50ed:8499:db:fa85"
],
"addressUsed": "2a01:488:42:1000:50ed:8499:db:fa85"
}
]
}
],
"combinations": [
[
0
],
[
1
]
]
}
Reporting to user: The following errors were reported by the server:
Domain: the-independent-friend.de
Type: unauthorized
Detail: Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<m"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
Encountered exception:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 80, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 153, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 224, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. the-independent-friend.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<m"
Calling registered functions
Cleaning up challenges
Exiting abnormally:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in <module>
sys.exit(main())
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 1315, in main
return config.func(config, plugins)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 1206, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 118, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py", line 351, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py", line 294, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py", line 330, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 80, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 153, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 224, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. the-independent-friend.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<m"
Failed authorization procedure. the-independent-friend.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<m"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: the-independent-friend.de
Type: unauthorized
Detail: Invalid response from
http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo:
"<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<m"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Mehr Informationen über die Mailingliste CentOS-de