[CentOS-de] (solution) letzencript challenge schlägt fehl
briefkasten at olaf-radicke.de
briefkasten at olaf-radicke.de
Mo Mai 21 17:22:21 UTC 2018
Nur für das Archiv:
die Ursache war ein fehlerhafter Eintrag im DNS für IPv6, der nicht zur Auflösung der IPv4 passte. letzencript bevorzugt IPv6 und tools wie wget curl IPv4. Deshalb war nicht sofort ersichtlich, das der Hostname von letzencript anders aufgelöst wurde, und ins Nirwana führte.
VG
Olaf
> Olaf Radicke <briefkasten at olaf-radicke.de> hat am 13. Mai 2018 um 19:12 geschrieben:
>
>
> Hi!
>
> ich habe eine Domain bei der ich letzencript schon seid geraumer Zeit verwende und mehrmals erneuert habe.
>
> Jetzt wollte ich für eine weiter Domain ein ssl beantragen und es geht ums verrecken nicht (die alte Domain aber schon). Ich benutze den selben Nginx mit fast identischer Config. Aber es will einfach nicht. Ich habe schon duzende Verfahren probiert, aber mir fällt nichts mehr ein was ich noch versuchen kann. Soweit ich sehen kann, scheint das Script gar kein /.well-known/acme-challenge/irgentwas anzulegen. (Sicher bin ich mir aber nicht). Auch eine /etc/letsencrypt/renewal/meine-neue-domain.conf wird nicht erstellt.
>
> Hier mal der Befehl mit Ausgabe. Wird da irgend wir schlau draus, was das Problem ist?
>
> [root at lvps92-51-165-102 opt]# ./certbot-auto certonly --nginx -d the-independent-friend.de --debug-challenges -v
> Root logging level set at 10
> Saving debug log to /var/log/letsencrypt/letsencrypt.log
> Requested authenticator nginx and installer nginx
> Single candidate plugin: * nginx
> Description: Nginx Web Server plugin - Alpha
> Interfaces: IAuthenticator, IInstaller, IPlugin
> Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
> Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7effa2425110>
> Prep: True
> Single candidate plugin: * nginx
> Description: Nginx Web Server plugin - Alpha
> Interfaces: IAuthenticator, IInstaller, IPlugin
> Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
> Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7effa2425110>
> Prep: True
> Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7effa2425110> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7effa2425110>
> Plugins selected: Authenticator nginx, Installer nginx
> Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, contact=(u'mailto:briefkasten at olaf-radicke.de',), agreement=u'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf', key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7effa2492650>)>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/2720790', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf'), a102b385331ee92e07dd76a3ad9949e7, Meta(creation_host=u'lvps92-51-165-102.dedicated.hosteurope.de', creation_dt=datetime.datetime(2016, 7, 21, 20, 2, 54, tzinfo=<UTC>)))>
> Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
> Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
> https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
> Received response:
> HTTP 200
> Server: nginx
> Content-Type: application/json
> Content-Length: 658
> Replay-Nonce: scPF6eq5DRG-1_U02Bv7P26qZXH9Kv-5Izt-2bE-xyw
> X-Frame-Options: DENY
> Strict-Transport-Security: max-age=604800
> Expires: Sun, 13 May 2018 16:47:35 GMT
> Cache-Control: max-age=0, no-cache, no-store
> Pragma: no-cache
> Date: Sun, 13 May 2018 16:47:35 GMT
> Connection: keep-alive
>
> {
> "b8Dfdcfz_Cg": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
> "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
> "meta": {
> "caaIdentities": [
> "letsencrypt.org"
> ],
> "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
> "website": "https://letsencrypt.org"
> },
> "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
> "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
> "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
> "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
> }
> Obtaining a new certificate
> Generating key (2048 bits): /etc/letsencrypt/keys/0036_key-certbot.pem
> Creating CSR: /etc/letsencrypt/csr/0036_csr-certbot.pem
> Requesting fresh nonce
> Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
> https://acme-v01.api.letsencrypt.org:443 "HEAD /acme/new-authz HTTP/1.1" 405 0
> Received response:
> HTTP 405
> Server: nginx
> Content-Type: application/problem+json
> Content-Length: 91
> Allow: POST
> Replay-Nonce: p1QD5VPqEyNFDhD2hrIEQTNpEwE8KmqnszeMOxkrs0k
> Expires: Sun, 13 May 2018 16:47:35 GMT
> Cache-Control: max-age=0, no-cache, no-store
> Pragma: no-cache
> Date: Sun, 13 May 2018 16:47:35 GMT
> Connection: keep-alive
>
>
> Storing nonce: p1QD5VPqEyNFDhD2hrIEQTNpEwE8KmqnszeMOxkrs0k
> JWS payload:
> {
> "identifier": {
> "type": "dns",
> "value": "the-independent-friend.de"
> },
> "resource": "new-authz"
> }
> Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
> {
> "protected": "eyJub25jZSI6ICJwMVFENVZQcUV5TkZEaEQyaHJJRVFUTnBFd0U4S21xbnN6ZU1PeGtyczBrIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidXgwZ2RNTVpmY1R1NTFQQ1JETXJTZWlFamROY3RwM1lEb2dqZTVwNmhWZVhhSFoyd0x2bzgzOV9WODhFMUtmcWREY25WbFBYTk9ZS1E1STU1UmJYeThUUGRfbHRmb3lxTVUzWmRKNmh3Yl9yQXMxUU1FS0NoTmY5bUlrbmdhc1NzRnpSS0VrUUtJT1BrOWZ1M3o2enpYWDBJRUJZZ2g5YTFJYWhWbUVOU2xTMURaMnFLbU1yY1Iyb3NmdHVLTTZwcTVzVm5ac3EzTG1STHdIZGtmay1Vem80VjdzelEtUG5BZmplUkJQbWNxTFltcmpQLWQtMTU5NEVkajNibW5JVlJjZ2YxRXBLWHc5VklpNHNPckdZeVc4ZGhHRkRKVThpWU1sSnVwQmlaOURoNWl5ZWEwSlNlU050TlN3R3JEZ3hIT3g1WC1DYmcyTk8wdUJwa0xMUG93In19",
> "payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAidGhlLWluZGVwZW5kZW50LWZyaWVuZC5kZSIKICB9LCAKICAicmVzb3VyY2UiOiAibmV3LWF1dGh6Igp9",
> "signature": "kSQYECBimRW-aA3Ws35yStc9qG1RFB1P_ERwhSU1xY1Zxz6og6BxIfoWOAQuM6eOdE6oB3M5sKsVqwRpXUQOdFn4gtkKCIlAsg17KAQnfajVU49lgMJO7CHv1bgocgJi8yF72NaeGGBcRAQLpmFrogtoUbRgVebIwqs8UFynFEzuxzKgQJG3o52m0SkPbUSL8AP0fQh4grSa9g48Kj7G7P1IhJvl8KZyKQv958MNw-zsHbilIKY5BCuishz43jxO_Kd6BuazJEb4h00lZxSrOztNEQyZD5Q-UfKkCL013vLp_ymGIn9vS6AYFNOrOHFWkrh_pPvnjkop9IeRcPkA_w"
> }
> https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 740
> Received response:
> HTTP 201
> Server: nginx
> Content-Type: application/json
> Content-Length: 740
> Boulder-Requester: 2720790
> Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
> Location: https://acme-v01.api.letsencrypt.org/acme/authz/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw
> Replay-Nonce: 8lCAKdYLv4g2fUpDSLW3nA0OEf2qV5gw6yK6H0X02-8
> X-Frame-Options: DENY
> Strict-Transport-Security: max-age=604800
> Expires: Sun, 13 May 2018 16:47:36 GMT
> Cache-Control: max-age=0, no-cache, no-store
> Pragma: no-cache
> Date: Sun, 13 May 2018 16:47:36 GMT
> Connection: keep-alive
>
> {
> "identifier": {
> "type": "dns",
> "value": "the-independent-friend.de"
> },
> "status": "pending",
> "expires": "2018-05-20T16:47:35.933817306Z",
> "challenges": [
> {
> "type": "dns-01",
> "status": "pending",
> "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw/4627835640",
> "token": "ae08hjFFIM7eHugIJ7vzTkJg0Qr6jo-rj7IVcwAbXSY"
> },
> {
> "type": "http-01",
> "status": "pending",
> "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw/4627835641",
> "token": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo"
> }
> ],
> "combinations": [
> [
> 0
> ],
> [
> 1
> ]
> ]
> }
> Storing nonce: 8lCAKdYLv4g2fUpDSLW3nA0OEf2qV5gw6yK6H0X02-8
> Performing the following challenges:
> http-01 challenge for the-independent-friend.de
> Creating backup of /etc/nginx/nginx.conf
> Creating backup of /etc/nginx/conf.d/reverseproxy.conf
> Creating backup of /etc/nginx/mime.types
> Creating backup of /etc/nginx/conf.d/tif-static.conf
> Writing nginx conf tree to /etc/nginx/nginx.conf:
> user nginx;
> worker_processes 2; # Set to number of CPU cores
>
> error_log /var/log/nginx/error.log;
>
> pid /run/nginx.pid;
>
> events {
> worker_connections 1024;
> }
>
> http {
> include /etc/letsencrypt/le_http_01_cert_challenge.conf;
> server_names_hash_bucket_size 128;
> include /etc/nginx/mime.types;
> default_type application/ictet-stream;
>
> log_format main '$remote_addr - $remote_user [$time_local] "$request" '
> '$status $body_bytes_sent "$http_referer" '
> '"$http_user_agent" "$http_x_forwarded_for"';
>
> access_log /var/log/nginx/access.log main;
>
> sendfile on;
>
> keepalive_timeout 65;
>
> include /etc/nginx/conf.d/*.conf;
>
> # index index.html index.htm;
> }
>
>
>
>
> Writing nginx conf tree to /etc/nginx/conf.d/tif-static.conf:
> ######### the-independent-friend.de #########
> server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
>
>
> # Redirect any port http/80 requests, to https/443 -- generally only matters for internal requests
> listen 80;
> listen [::]:80;
> server_name the-independent-friend.de;
>
> location ^~ /.well-known/ {
> allow all;
> root /srv/nginx/;
> }
>
> location / {
> root /srv/nginx/tif-static/;
> }
> # return 301 https://$host$request_uri;
> location = /.well-known/acme-challenge/FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo{default_type text/plain;return 200 FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo.guyjIMqLlBKMkBWxCC5P2sjEOlfFfcd_CDLn3Hn4yBk;} # managed by Certbot
>
> }
>
> server {
> listen 443 ssl;
> server_name the-independent-friend.de;
>
> ssl on;
> # ssl_certificate /etc/letsencrypt/live/the-independent-friend.de/cert.pem;
> # ssl_certificate_key /etc/letsencrypt/live/the-independent-friend.de/privkey.pem;
> ssl_certificate /etc/httpd/ssl/the-independent-friend.de.cert.pem;
> ssl_certificate_key /etc/httpd/ssl/the-independent-friend.de.key.pem;
>
> location ^~ /.well-known/ {
> allow all;
> root /srv/nginx/;
> }
>
> location / {
> root /srv/nginx/tif-static/;
> }
> }
>
> Waiting for verification...
>
> -------------------------------------------------------------------------------
> Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about
> challenges.
> -------------------------------------------------------------------------------
> Press Enter to Continue
> JWS payload:
> {
> "keyAuthorization": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo.guyjIMqLlBKMkBWxCC5P2sjEOlfFfcd_CDLn3Hn4yBk",
> "type": "http-01",
> "resource": "challenge"
> }
> Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw/4627835641:
> {
> "protected": "eyJub25jZSI6ICI4bENBS2RZTHY0ZzJmVXBEU0xXM25BME9FZjJxVjVndzZ5SzZIMFgwMi04IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidXgwZ2RNTVpmY1R1NTFQQ1JETXJTZWlFamROY3RwM1lEb2dqZTVwNmhWZVhhSFoyd0x2bzgzOV9WODhFMUtmcWREY25WbFBYTk9ZS1E1STU1UmJYeThUUGRfbHRmb3lxTVUzWmRKNmh3Yl9yQXMxUU1FS0NoTmY5bUlrbmdhc1NzRnpSS0VrUUtJT1BrOWZ1M3o2enpYWDBJRUJZZ2g5YTFJYWhWbUVOU2xTMURaMnFLbU1yY1Iyb3NmdHVLTTZwcTVzVm5ac3EzTG1STHdIZGtmay1Vem80VjdzelEtUG5BZmplUkJQbWNxTFltcmpQLWQtMTU5NEVkajNibW5JVlJjZ2YxRXBLWHc5VklpNHNPckdZeVc4ZGhHRkRKVThpWU1sSnVwQmlaOURoNWl5ZWEwSlNlU050TlN3R3JEZ3hIT3g1WC1DYmcyTk8wdUJwa0xMUG93In19",
> "payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIkZiTlZzV0VxOE12b1RrZVNKV1pvX25jdFFiYmhjNFBrWU5qMDdqTnR3SW8uZ3V5aklNcUxsQktNa0JXeENDNVAyc2pFT2xmRmZjZF9DRExuM0huNHlCayIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
> "signature": "g8SxxosLA9MiC2hnWW-Y12HUdFa3v89eP-Z1xud_oGpAcFjKYL5r34-2kIs7e9LOdZ88VVCFbhnLH9ww92pZj6cc1jRXUthKZrQ0StXewplkn_iZRIEK6hZjL1WQxPll15Od4tkz1rG3jzWXhMxZOcE01Symndowq3oUvEzC4JFw0qLBSKoAtmrp3ajSWliSjWwNNlacjAdjwNTUuTA_3p1Fikhba_1vkpkaZNwlpm_xYHVvSrjEhVxZvtGWQwzlLwRyK5-_i4k9s-LlDrWhORvnUq3zMJdVDeVuNQFsfhwf9yV_IdoB7T4AeSNucR61L5Tl0XlnqGGMUOMnsAwYzA"
> }
> https://acme-v01.api.letsencrypt.org:443 "POST /acme/challenge/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw/4627835641 HTTP/1.1" 202 336
> Received response:
> HTTP 202
> Server: nginx
> Content-Type: application/json
> Content-Length: 336
> Boulder-Requester: 2720790
> Link: <https://acme-v01.api.letsencrypt.org/acme/authz/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw>;rel="up"
> Location: https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw/4627835641
> Replay-Nonce: UmmHdSQGXnZ6GjpfAiRfV16V0oFKqWjcYnN0maz_o3c
> Expires: Sun, 13 May 2018 16:47:38 GMT
> Cache-Control: max-age=0, no-cache, no-store
> Pragma: no-cache
> Date: Sun, 13 May 2018 16:47:38 GMT
> Connection: keep-alive
>
> {
> "type": "http-01",
> "status": "pending",
> "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw/4627835641",
> "token": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo",
> "keyAuthorization": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo.guyjIMqLlBKMkBWxCC5P2sjEOlfFfcd_CDLn3Hn4yBk"
> }
> Storing nonce: UmmHdSQGXnZ6GjpfAiRfV16V0oFKqWjcYnN0maz_o3c
> Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw.
> https://acme-v01.api.letsencrypt.org:443 "GET /acme/authz/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw HTTP/1.1" 200 1708
> Received response:
> HTTP 200
> Server: nginx
> Content-Type: application/json
> Content-Length: 1708
> Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
> Replay-Nonce: 81rSHlqX6nGMdi_MW4pGuccufR8is_8Me4EPooLW-u8
> X-Frame-Options: DENY
> Strict-Transport-Security: max-age=604800
> Expires: Sun, 13 May 2018 16:47:42 GMT
> Cache-Control: max-age=0, no-cache, no-store
> Pragma: no-cache
> Date: Sun, 13 May 2018 16:47:42 GMT
> Connection: keep-alive
>
> {
> "identifier": {
> "type": "dns",
> "value": "the-independent-friend.de"
> },
> "status": "invalid",
> "expires": "2018-05-20T16:47:35Z",
> "challenges": [
> {
> "type": "dns-01",
> "status": "invalid",
> "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw/4627835640",
> "token": "ae08hjFFIM7eHugIJ7vzTkJg0Qr6jo-rj7IVcwAbXSY"
> },
> {
> "type": "http-01",
> "status": "invalid",
> "error": {
> "type": "urn:acme:error:unauthorized",
> "detail": "Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo: \"\u003c!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"\n \"http://www.w3.org/TR/html4/loose.dtd\"\u003e\n\u003chtml\u003e\n\u003chead\u003e\n \u003cm\"",
> "status": 403
> },
> "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/A5jz1eGW39Wpa88swZqLrUJT_j_Y5CiUIKJKzF70xzw/4627835641",
> "token": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo",
> "keyAuthorization": "FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo.guyjIMqLlBKMkBWxCC5P2sjEOlfFfcd_CDLn3Hn4yBk",
> "validationRecord": [
> {
> "url": "http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo",
> "hostname": "the-independent-friend.de",
> "port": "80",
> "addressesResolved": [
> "92.51.165.102",
> "2a01:488:42:1000:50ed:8499:db:fa85"
> ],
> "addressUsed": "2a01:488:42:1000:50ed:8499:db:fa85"
> }
> ]
> }
> ],
> "combinations": [
> [
> 0
> ],
> [
> 1
> ]
> ]
> }
> Reporting to user: The following errors were reported by the server:
>
> Domain: the-independent-friend.de
> Type: unauthorized
> Detail: Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
> "http://www.w3.org/TR/html4/loose.dtd">
> <html>
> <head>
> <m"
>
> To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
> Encountered exception:
> Traceback (most recent call last):
> File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 80, in handle_authorizations
> self._respond(aauthzrs, resp, best_effort)
> File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 153, in _respond
> self._poll_challenges(aauthzrs, chall_update, best_effort)
> File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 224, in _poll_challenges
> raise errors.FailedChallenges(all_failed_achalls)
> FailedChallenges: Failed authorization procedure. the-independent-friend.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
> "http://www.w3.org/TR/html4/loose.dtd">
> <html>
> <head>
> <m"
>
> Calling registered functions
> Cleaning up challenges
> Exiting abnormally:
> Traceback (most recent call last):
> File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in <module>
> sys.exit(main())
> File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 1315, in main
> return config.func(config, plugins)
> File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 1206, in certonly
> lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
> File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 118, in _get_and_save_cert
> lineage = le_client.obtain_and_enroll_certificate(domains, certname)
> File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py", line 351, in obtain_and_enroll_certificate
> cert, chain, key, _ = self.obtain_certificate(domains)
> File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py", line 294, in obtain_certificate
> orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
> File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py", line 330, in _get_order_and_authorizations
> authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
> File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 80, in handle_authorizations
> self._respond(aauthzrs, resp, best_effort)
> File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 153, in _respond
> self._poll_challenges(aauthzrs, chall_update, best_effort)
> File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 224, in _poll_challenges
> raise errors.FailedChallenges(all_failed_achalls)
> FailedChallenges: Failed authorization procedure. the-independent-friend.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
> "http://www.w3.org/TR/html4/loose.dtd">
> <html>
> <head>
> <m"
> Failed authorization procedure. the-independent-friend.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
> "http://www.w3.org/TR/html4/loose.dtd">
> <html>
> <head>
> <m"
>
> IMPORTANT NOTES:
> - The following errors were reported by the server:
>
> Domain: the-independent-friend.de
> Type: unauthorized
> Detail: Invalid response from
> http://the-independent-friend.de/.well-known/acme-challenge/FbNVsWEq8MvoTkeSJWZo_nctQbbhc4PkYNj07jNtwIo:
> "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
> "http://www.w3.org/TR/html4/loose.dtd">
> <html>
> <head>
> <m"
>
> To fix these errors, please make sure that your domain name was
> entered correctly and the DNS A/AAAA record(s) for that domain
> contain(s) the right IP address.
Mehr Informationen über die Mailingliste CentOS-de