search

LemmyNet / lemmy-ansible

A docker deploy for ansible
GNU Affero General Public License v3.0
248 stars 94 forks source link

Fails on "request initial letsencrypt certificate" #125

Open adambowles opened 1 year ago

adambowles commented 1 year ago

Let's Encrypt fails during an install on a clean Ubuntu 22.04 Vultr VPS

$ ansible-playbook -i inventory/hosts lemmy.yml --become

PLAY [all] **************************************************************************************************************************************************

TASK [check lemmy_base_dir] *********************************************************************************************************************************
skipping: [root@lemmy2.adambowl.es]

TASK [install python for Ansible] ***************************************************************************************************************************
changed: [root@lemmy2.adambowl.es]

TASK [setup] ************************************************************************************************************************************************
ok: [root@lemmy2.adambowl.es]

TASK [Install aptitude] *************************************************************************************************************************************
ok: [root@lemmy2.adambowl.es]

TASK [install dependencies] *********************************************************************************************************************************
ok: [root@lemmy2.adambowl.es]

TASK [Add Docker GPG apt Key] *******************************************************************************************************************************
skipping: [root@lemmy2.adambowl.es]

TASK [Add Docker Repository] ********************************************************************************************************************************
skipping: [root@lemmy2.adambowl.es]

TASK [Download Docker GPG Key] ******************************************************************************************************************************
ok: [root@lemmy2.adambowl.es]

TASK [Add Docker to apt] ************************************************************************************************************************************
ok: [root@lemmy2.adambowl.es]

TASK [Update apt and install docker-ce] *********************************************************************************************************************
ok: [root@lemmy2.adambowl.es]

TASK [Install Docker Module and docker-compose for Python] **************************************************************************************************
ok: [root@lemmy2.adambowl.es]

TASK [copy docker config] ***********************************************************************************************************************************
ok: [root@lemmy2.adambowl.es]

TASK [request initial letsencrypt certificate] **************************************************************************************************************
fatal: [root@lemmy2.adambowl.es]: FAILED! => {"changed": true, "cmd": ["certbot", "certonly", "--nginx", "--agree-tos", "--cert-name", "lemmy2.adambowl.es", "-d", "lemmy2.adambowl.es", "-m", "letsencrypt@adambowl.es"], "delta": "0:00:17.861276", "end": "2023-07-08 15:06:56.737869", "msg": "non-zero return code", "rc": 1, "start": "2023-07-08 15:06:38.876593", "stderr": "Saving debug log to /var/log/letsencrypt/letsencrypt.log\nSome challenges have failed.\nAsk for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.", "stderr_lines": ["Saving debug log to /var/log/letsencrypt/letsencrypt.log", "Some challenges have failed.", "Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details."], "stdout": "Requesting a certificate for lemmy2.adambowl.es\n\nCertbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:\n  Domain: lemmy2.adambowl.es\n  Type:   connection\n  Detail: 45.77.58.251: Fetching http://lemmy2.adambowl.es/.well-known/acme-challenge/NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU: Timeout during connect (likely firewall problem)\n\nHint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.", "stdout_lines": ["Requesting a certificate for lemmy2.adambowl.es", "", "Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:", "  Domain: lemmy2.adambowl.es", "  Type:   connection", "  Detail: 45.77.58.251: Fetching http://lemmy2.adambowl.es/.well-known/acme-challenge/NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU: Timeout during connect (likely firewall problem)", "", "Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet."]}

PLAY RECAP **************************************************************************************************************************************************
root@lemmy2.adambowl.es    : ok=9    changed=1    unreachable=0    failed=1    skipped=3    rescued=0    ignored=0

/var/log/letsencrypt/letsencrypt.log:

2023-07-08 15:06:39,443:DEBUG:certbot._internal.main:certbot version: 1.21.0
2023-07-08 15:06:39,444:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2023-07-08 15:06:39,444:DEBUG:certbot._internal.main:Arguments: ['--nginx', '--agree-tos', '--cert-name', 'lemmy2.adambowl.es', '-d', 'lemmy2.adambowl.es', '-m', 'letsencrypt@adambowl.es']
2023-07-08 15:06:39,444:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-07-08 15:06:39,455:DEBUG:certbot._internal.log:Root logging level set at 30
2023-07-08 15:06:39,456:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2023-07-08 15:06:39,562:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7fa0cf12ac80>
Prep: True
2023-07-08 15:06:39,563:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7fa0cf12ac80>
Prep: True
2023-07-08 15:06:39,563:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7fa0cf12ac80> and installer <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7fa0cf12ac80>
2023-07-08 15:06:39,563:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2023-07-08 15:06:39,618:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1197043447', new_authzr_uri=None, terms_of_service=None), f23825f3d005f149a97090f392a83328, Meta(creation_dt=datetime.datetime(2023, 7, 8, 12, 29, tzinfo=<UTC>), creation_host='lemmy', register_to_eff=None))>
2023-07-08 15:06:39,619:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-07-08 15:06:39,621:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2023-07-08 15:06:39,996:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2023-07-08 15:06:39,997:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 08 Jul 2023 15:06:39 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "JhLy6j4Ih8g": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2023-07-08 15:06:39,998:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for lemmy2.adambowl.es
2023-07-08 15:06:40,202:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0007_key-certbot.pem
2023-07-08 15:06:40,208:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0007_csr-certbot.pem
2023-07-08 15:06:40,211:DEBUG:acme.client:Requesting fresh nonce
2023-07-08 15:06:40,211:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2023-07-08 15:06:40,336:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2023-07-08 15:06:40,336:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 08 Jul 2023 15:06:40 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 853FLq9gG_OVtNPeKcau200MYtFEHlqZIBsJoqeoFcAISJ8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2023-07-08 15:06:40,337:DEBUG:acme.client:Storing nonce: 853FLq9gG_OVtNPeKcau200MYtFEHlqZIBsJoqeoFcAISJ8
2023-07-08 15:06:40,337:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "lemmy2.adambowl.es"\n    }\n  ]\n}'
2023-07-08 15:06:40,339:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5NzA0MzQ0NyIsICJub25jZSI6ICI4NTNGTHE5Z0dfT1Z0TlBlS2NhdTIwME1ZdEZFSGxxWklCc0pvcWVvRmNBSVNKOCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
  "signature": "CzlFpS1wGf-Wp6YlZ3D_SiiBnqnxLoYMN2kAnHkqAbgnfycX8UL841XnvO02gIuIbJYZ--p4unTXR-NLdAUjMS7sCgcj_5-AdAmR9EDL8Qd68XIrQqA6G30Tw5FPlaA29oXGUOO1LyndIUtttZIEvFIQKtxQu7YBe0g_Q1h6u6NLdRDiNCCh9jNdam-NZ1jY3ta9SmBfzmL9WcKm9yo871ivIwZuwvCp1yZqxCih8b0QRGy3YMzKWGzN5RiMJz5tAtuTi4rtEMxI3ea3-E0q4UcazgEpQB-zmXy3GOO6zyzQigYUflVmZNZYCKMA6rEynDLLLCz9q4nG6F_Oh9z7lQ",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImxlbW15Mi5hZGFtYm93bC5lcyIKICAgIH0KICBdCn0"
}
2023-07-08 15:06:40,495:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 344
2023-07-08 15:06:40,496:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sat, 08 Jul 2023 15:06:40 GMT
Content-Type: application/json
Content-Length: 344
Connection: keep-alive
Boulder-Requester: 1197043447
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1197043447/193635196187
Replay-Nonce: F70EoEfE9lwe5RaZwYmeXphrbOrOcXWCuKHS7sV19fECp44
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2023-07-15T15:06:40Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "lemmy2.adambowl.es"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/243785980757"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1197043447/193635196187"
}
2023-07-08 15:06:40,496:DEBUG:acme.client:Storing nonce: F70EoEfE9lwe5RaZwYmeXphrbOrOcXWCuKHS7sV19fECp44
2023-07-08 15:06:40,497:DEBUG:acme.client:JWS payload:
b''
2023-07-08 15:06:40,499:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/243785980757:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5NzA0MzQ0NyIsICJub25jZSI6ICJGNzBFb0VmRTlsd2U1UmFad1ltZVhwaHJiT3JPY1hXQ3VLSFM3c1YxOWZFQ3A0NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQzNzg1OTgwNzU3In0",
  "signature": "OzX_EG9V9LzDjTplclMJsNpGDZ5WjnebAn1bI-vmJi5Ekn8vsZ7t9wXEGtVZChhrfDENm1BT73_sep4W0vNETt9wA3odVMY9gpm6GTffr9hlEgLg2zDCoBPToNWql04e1J8Y4PPsX6xkuiCqAlqgzvaglo6hQGxJqe0DSjf2H4gYLvmBESp0aFa5G1fZb9s3peMY_u1XD62NxFSvnNez_qqHfP9UrYoZpwATha1AIsEgmvprdTcMrjxcvvcTYprR0DpliANANRuNOVpa3bKnCwfiB6b59QkDgyf5mZlQIlucai79OpoZkAPVfRn9NcmGVCT-b9FSX8EZ20u8mX00mg",
  "payload": ""
}
2023-07-08 15:06:40,627:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/243785980757 HTTP/1.1" 200 802
2023-07-08 15:06:40,628:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 08 Jul 2023 15:06:40 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 1197043447
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 853F3Gai_rFN-5rHGZaO9qONuZ3_anAxitCGrxo2_5hbxb0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "lemmy2.adambowl.es"
  },
  "status": "pending",
  "expires": "2023-07-15T15:06:40Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/Z7QxFw",
      "token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/ixjIlw",
      "token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/nQFT6Q",
      "token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
    }
  ]
}
2023-07-08 15:06:40,628:DEBUG:acme.client:Storing nonce: 853F3Gai_rFN-5rHGZaO9qONuZ3_anAxitCGrxo2_5hbxb0
2023-07-08 15:06:40,628:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-07-08 15:06:40,629:INFO:certbot._internal.auth_handler:http-01 challenge for lemmy2.adambowl.es
2023-07-08 15:06:40,646:DEBUG:certbot_nginx._internal.http_01:Generated server block:
[]
2023-07-08 15:06:40,646:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-mail.conf
2023-07-08 15:06:40,647:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf
2023-07-08 15:06:40,647:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-stream.conf
2023-07-08 15:06:40,647:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
2023-07-08 15:06:40,648:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/70-mod-stream-geoip2.conf
2023-07-08 15:06:40,648:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
2023-07-08 15:06:40,648:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-geoip2.conf
2023-07-08 15:06:40,648:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-image-filter.conf
2023-07-08 15:06:40,649:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/default
2023-07-08 15:06:40,650:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {
include /etc/letsencrypt/le_http_01_cert_challenge.conf;
server_names_hash_bucket_size 128;

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}

2023-07-08 15:06:40,651:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/sites-enabled/default:
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        # pass PHP scripts to FastCGI server
        #
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php-fpm (or other unix sockets):
        #       fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        #       # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}

# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#       listen 80;
#       listen [::]:80;
#
#       server_name example.com;
#
#       root /var/www/example.com;
#       index index.html;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}

server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot

        listen 80 ;
        listen [::]:80 ;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;
    server_name lemmy2.adambowl.es; # managed by Certbot

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        # pass PHP scripts to FastCGI server
        #
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php-fpm (or other unix sockets):
        #       fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        #       # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}

location = /.well-known/acme-challenge/NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU{default_type text/plain;return 200 NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU.PZXVjnuwY4mZj3yn1MojjGahfGg1HSbznlLj4GWCJQo;} # managed by Certbot

}
2023-07-08 15:06:41,673:DEBUG:acme.client:JWS payload:
b'{}'
2023-07-08 15:06:41,675:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/Z7QxFw:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5NzA0MzQ0NyIsICJub25jZSI6ICI4NTNGM0dhaV9yRk4tNXJIR1phTzlxT051WjNfYW5BeGl0Q0dyeG8yXzVoYnhiMCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMjQzNzg1OTgwNzU3L1o3UXhGdyJ9",
  "signature": "h1-a0t7rtpHNAtMpC4W02JybniSYW7ngjmnpcFrR_Kc19CLoUJvIQhlOsZKVRm56otD4LYEYdc7QCMpnf-gefcTX2sveKMyuelmLPsN_nq9T-L1Ui7utaHy7xp7q22qx2xvnxT_Ye5-u7N6ByTrclWjidDk4L3wrmncJIjg-vwTXWSxXCU6NsClpjynpWi7cYopbHJAJz0e_LZ5mpzbohqy61arEuDn4TqbAM1spG89i18tf67xbuVhx9bnZTwma4kW0w9yUq9SCX0NR_EbteRvMitsVKjM3WZ_Na5Fu2xqjP5ps2T6Rwhg_daFbh8m_YWYIVOQXDw-Pg2NpPCfDeg",
  "payload": "e30"
}
2023-07-08 15:06:41,818:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/243785980757/Z7QxFw HTTP/1.1" 200 187
2023-07-08 15:06:41,819:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 08 Jul 2023 15:06:41 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1197043447
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/243785980757>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/Z7QxFw
Replay-Nonce: 853FtdPRkm3HqIu2Xd6CUpNq277mcDFFp7Aq0ZZ5LCKdS-0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/Z7QxFw",
  "token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
}
2023-07-08 15:06:41,819:DEBUG:acme.client:Storing nonce: 853FtdPRkm3HqIu2Xd6CUpNq277mcDFFp7Aq0ZZ5LCKdS-0
2023-07-08 15:06:41,819:INFO:certbot._internal.auth_handler:Waiting for verification...
2023-07-08 15:06:42,821:DEBUG:acme.client:JWS payload:
b''
2023-07-08 15:06:42,823:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/243785980757:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5NzA0MzQ0NyIsICJub25jZSI6ICI4NTNGdGRQUmttM0hxSXUyWGQ2Q1VwTnEyNzdtY0RGRnA3QXEwWlo1TENLZFMtMCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQzNzg1OTgwNzU3In0",
  "signature": "Wxfj3Ie1RYqCJUkWVKFnyjoNyuIxRevYajoWZuLVKsrPV6hW6eHC4Fk4E5nsd13nbQhaxiYiMlw7ha1grXDXxb-_TOzjAlb7E3-0bAqVGn5YknhOcb5AbM2omrA01Q5vFmhDS4lvmGZXC674rGLphrdMJpS3IkGU7ac1VqXluOMLWAmX_wPlLkF70WWK2cgKVG0J7QWFmflcC-FENgx9QhxQab3mJ_XK0o4UfS0W6yAkdqnjsCxjrOntln4Nt7ww7Uc8FLIPFh_h_K0dNUK5DJckbDoEpR2kUNqJBjBOdTJTfLpRvS55oY4OKbLXHfKrZr1Oz0dpOdv7CzL4Qhj1wg",
  "payload": ""
}
2023-07-08 15:06:42,954:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/243785980757 HTTP/1.1" 200 802
2023-07-08 15:06:42,955:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 08 Jul 2023 15:06:42 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 1197043447
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: F70EZwz4-rYuyz1nTVpm08y2oIh350VRGETMHR7gT6XeO9c
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "lemmy2.adambowl.es"
  },
  "status": "pending",
  "expires": "2023-07-15T15:06:40Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/Z7QxFw",
      "token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/ixjIlw",
      "token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/nQFT6Q",
      "token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
    }
  ]
}
2023-07-08 15:06:42,955:DEBUG:acme.client:Storing nonce: F70EZwz4-rYuyz1nTVpm08y2oIh350VRGETMHR7gT6XeO9c
2023-07-08 15:06:45,959:DEBUG:acme.client:JWS payload:
b''
2023-07-08 15:06:45,960:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/243785980757:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5NzA0MzQ0NyIsICJub25jZSI6ICJGNzBFWnd6NC1yWXV5ejFuVFZwbTA4eTJvSWgzNTBWUkdFVE1IUjdnVDZYZU85YyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQzNzg1OTgwNzU3In0",
  "signature": "PPluYdUGJbmTqXs9iG7O4voJC3BrRI-sLgMpr_MjCGHkHiBXvpFOCUn-tMbG1BP6hf7fZQH8N3OREZ7TipbnKZ319mGlT0MJyx1yJ16qfunG1Y1vNYart-XAODyLcVs2sw5L4lHuLwnPxmOep8qI-KGabgHaxoI5AmneGB_ZfkIjS6er7cCRbewnSWyrpQPoUHH7q0vYNgRpKvgjuHRMyl7fLmyKr73uu04IDX1F2cN_bSxNHZK2FjO45Hz9xGS9DF0fuND8CWbXYqXikQIYth5A3td3qJAthkrhb78fuOilBVypjrRl9hVz82xWtvQ7fGA24C6AFqx--mW5xvt0kg",
  "payload": ""
}
2023-07-08 15:06:46,089:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/243785980757 HTTP/1.1" 200 802
2023-07-08 15:06:46,090:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 08 Jul 2023 15:06:46 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 1197043447
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: F70EZ3B81DCzfHtiqU_rqcQ4U6f52OIPFgdbzVZUdmLBhEQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "lemmy2.adambowl.es"
  },
  "status": "pending",
  "expires": "2023-07-15T15:06:40Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/Z7QxFw",
      "token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/ixjIlw",
      "token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/nQFT6Q",
      "token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
    }
  ]
}
2023-07-08 15:06:46,090:DEBUG:acme.client:Storing nonce: F70EZ3B81DCzfHtiqU_rqcQ4U6f52OIPFgdbzVZUdmLBhEQ
2023-07-08 15:06:49,093:DEBUG:acme.client:JWS payload:
b''
2023-07-08 15:06:49,094:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/243785980757:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5NzA0MzQ0NyIsICJub25jZSI6ICJGNzBFWjNCODFEQ3pmSHRpcVVfcnFjUTRVNmY1Mk9JUEZnZGJ6VlpVZG1MQmhFUSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQzNzg1OTgwNzU3In0",
  "signature": "Emi8ng9c3LkJrs0As0d4ug4wA3xE0o44gOap1TDS6_sV8gXNAmsde9fGgKhEKVorIaeVTW_xs6fK67i4IxwatWdwZsJQ8PT0lJzYhD4pHOFJ0mUwCQkkpgCuaVYfxhOOgmAAeVj3HVFPZY_gmUAtSS-j5OMOXRYa1MEX1bK8k3BMAdt6Skzs09ww9ySJ_T18DZ7_Pv7uk_P8mYVxESfuJFqfiuOVpobhbAby01V2Dpo-MARxbuyrxjX59aUQifQ1D4_g67pJg__35-ELBZGEfWw_36XPlTYxG4YbilP5ywSHtzQRKo0XbOVC_usuQ_RsPuJA1qyYn95g4Gy2wKU1bQ",
  "payload": ""
}
2023-07-08 15:06:49,223:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/243785980757 HTTP/1.1" 200 802
2023-07-08 15:06:49,224:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 08 Jul 2023 15:06:49 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 1197043447
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 853FGHIigGR-xA0T4jxwIM7gpqmdmIpCI8BGschjaz41QWI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "lemmy2.adambowl.es"
  },
  "status": "pending",
  "expires": "2023-07-15T15:06:40Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/Z7QxFw",
      "token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/ixjIlw",
      "token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/nQFT6Q",
      "token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
    }
  ]
}
2023-07-08 15:06:49,224:DEBUG:acme.client:Storing nonce: 853FGHIigGR-xA0T4jxwIM7gpqmdmIpCI8BGschjaz41QWI
2023-07-08 15:06:52,235:DEBUG:acme.client:JWS payload:
b''
2023-07-08 15:06:52,240:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/243785980757:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5NzA0MzQ0NyIsICJub25jZSI6ICI4NTNGR0hJaWdHUi14QTBUNGp4d0lNN2dwcW1kbUlwQ0k4QkdzY2hqYXo0MVFXSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQzNzg1OTgwNzU3In0",
  "signature": "B57YCotoqRvpFAf2NqYVZL7XiNC9OsumCko5UKvWmMFajZWD9tGnb7QOKbMvpu0GRmKUw308BrzAfCva4WN-4zApMOeli7vcvW0bWH_1AUDZVBXu6KKMPMezqYQOTm4fN9GaWYzQ80xCD17q-_JcP1TgGlGCwzGIOujJ8QTP99hn56dBgfSx13_urE4D_th2Iv74ShTJZ7P55wvVmE1ZVUakwvsmkhmWcdLsz7Oov9YFez7ofxnXEyQHxU1SMcqSEj9iQ3Lq2xtHk3JjM4V9Hqe2ClNhMjg93WCxFD9SzukaL8olOdkphVk-Vlf_oydUyZYQGvJg_HzgnLOfLKeFzA",
  "payload": ""
}
2023-07-08 15:06:52,371:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/243785980757 HTTP/1.1" 200 802
2023-07-08 15:06:52,372:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 08 Jul 2023 15:06:52 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 1197043447
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: F70Eqocfq6aMPKA4JCLm1ENf_UbvV1KfCRdz9uxNIobBNO4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "lemmy2.adambowl.es"
  },
  "status": "pending",
  "expires": "2023-07-15T15:06:40Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/Z7QxFw",
      "token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/ixjIlw",
      "token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/nQFT6Q",
      "token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU"
    }
  ]
}
2023-07-08 15:06:52,373:DEBUG:acme.client:Storing nonce: F70Eqocfq6aMPKA4JCLm1ENf_UbvV1KfCRdz9uxNIobBNO4
2023-07-08 15:06:55,377:DEBUG:acme.client:JWS payload:
b''
2023-07-08 15:06:55,380:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/243785980757:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE5NzA0MzQ0NyIsICJub25jZSI6ICJGNzBFcW9jZnE2YU1QS0E0SkNMbTFFTmZfVWJ2VjFLZkNSZHo5dXhOSW9iQk5PNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQzNzg1OTgwNzU3In0",
  "signature": "rSBQhLeGJyYu3ikqSwcIK6IlTjzSKXZFZTaTfBGsr-GbqTuO5o6QElynvi9fe0Ug07iMRHD7Ep_qdrxpgFATifphccvu92SinWi8sNDabC7MgkNusQCZkun2HaBklX8A4h0rnW875nsicch5m2HqwK3Aer9K7rkmxTq3znzvZ5hyh173XWPMXpwUoDv_2nqq2Kp-zGTDeWCBbOJBM2WKPbtMIG2ReT0jcGg0kyrcs01pQjPqt4CjMGL_5OPuYKQujyUiRpJ0nMZTKjMMvlB02m19rUWGuGoivWYsI2mLW5VBC9r5Tzg96Oy9REcolOybAvKxa8ZoqpgfLljiIA5oug",
  "payload": ""
}
2023-07-08 15:06:55,507:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/243785980757 HTTP/1.1" 200 1067
2023-07-08 15:06:55,508:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 08 Jul 2023 15:06:55 GMT
Content-Type: application/json
Content-Length: 1067
Connection: keep-alive
Boulder-Requester: 1197043447
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 853Fqf8WpIkXquKfHTKev9q9v3PsoJiza5szMXAXScrMiPg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "lemmy2.adambowl.es"
  },
  "status": "invalid",
  "expires": "2023-07-15T15:06:40Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "45.77.58.251: Fetching http://lemmy2.adambowl.es/.well-known/acme-challenge/NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU: Timeout during connect (likely firewall problem)",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/243785980757/Z7QxFw",
      "token": "NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU",
      "validationRecord": [
        {
          "url": "http://lemmy2.adambowl.es/.well-known/acme-challenge/NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU",
          "hostname": "lemmy2.adambowl.es",
          "port": "80",
          "addressesResolved": [
            "45.77.58.251"
          ],
          "addressUsed": "45.77.58.251"
        }
      ],
      "validated": "2023-07-08T15:06:41Z"
    }
  ]
}
2023-07-08 15:06:55,508:DEBUG:acme.client:Storing nonce: 853Fqf8WpIkXquKfHTKev9q9v3PsoJiza5szMXAXScrMiPg
2023-07-08 15:06:55,509:INFO:certbot._internal.auth_handler:Challenge failed for domain lemmy2.adambowl.es
2023-07-08 15:06:55,509:INFO:certbot._internal.auth_handler:http-01 challenge for lemmy2.adambowl.es
2023-07-08 15:06:55,510:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: lemmy2.adambowl.es
  Type:   connection
  Detail: 45.77.58.251: Fetching http://lemmy2.adambowl.es/.well-known/acme-challenge/NPwhXh-aYrizH0apnbFvaFbI1e0qgNyEZCk3sfzyIjU: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

2023-07-08 15:06:55,511:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-07-08 15:06:55,511:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-07-08 15:06:55,511:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-07-08 15:06:56,647:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1574, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1434, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 459, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 389, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 439, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-07-08 15:06:56,648:ERROR:certbot._internal.log:Some challenges have failed.
adambowles commented 1 year ago

Fixed by adding Nginx access through firewall via sudo ufw allow 'Nginx HTTP', while we're here might as well add sudo ufw allow 'Nginx HTTPS'

akzmonster commented 1 year ago

I'm having the same issue:

2023-07-22 08:13:37,860:DEBUG:certbot._internal.main:certbot version: 1.21.0
2023-07-22 08:13:37,860:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2023-07-22 08:13:37,860:DEBUG:certbot._internal.main:Arguments: ['--nginx', '--agree-tos', '--cert-name', 'my.domain', '-d', 'my.domain', '-m', 'my@email.address']
2023-07-22 08:13:37,862:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-07-22 08:13:37,871:DEBUG:certbot._internal.log:Root logging level set at 30
2023-07-22 08:13:37,872:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2023-07-22 08:13:37,908:ERROR:certbot.util:Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

2023-07-22 08:13:37,908:DEBUG:certbot._internal.plugins.disco:Misconfigured PluginEntryPoint#nginx: Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 976, in config_test
    util.run_script([self.conf('ctl'), "-c", self.nginx_conf, "-t"])
  File "/usr/lib/python3/dist-packages/certbot/util.py", line 116, in run_script
    raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/disco.py", line 151, in prepare
    self._initialized.prepare()
  File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 191, in prepare
    self.config_test()
  File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 978, in config_test
    raise errors.MisconfigurationError(str(err))
certbot.errors.MisconfigurationError: Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

2023-07-22 08:13:37,910:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f0ca80d5d80>
Prep: Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

2023-07-22 08:13:37,911:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f0ca80d5d80>
Prep: Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

2023-07-22 08:13:37,911:DEBUG:certbot._internal.plugins.selection:Selected authenticator None and installer None
2023-07-22 08:13:37,911:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1574, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1414, in certonly
    installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
  File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/selection.py", line 228, in choose_configurator_plugins
    diagnose_configurator_problem("authenticator", req_auth, plugins)
  File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/selection.py", line 332, in diagnose_configurator_problem
    raise errors.PluginSelectionError(msg)
certbot.errors.PluginSelectionError: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')
2023-07-22 08:13:37,913:ERROR:certbot._internal.log:The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')
2023-07-22 08:14:08,715:DEBUG:certbot._internal.main:certbot version: 1.21.0
2023-07-22 08:14:08,715:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2023-07-22 08:14:08,715:DEBUG:certbot._internal.main:Arguments: ['--nginx', '--agree-tos', '--cert-name', 'my.domain', '-d', 'my.domain', '-m', 'my@email.address']
2023-07-22 08:14:08,717:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-07-22 08:14:08,726:DEBUG:certbot._internal.log:Root logging level set at 30
2023-07-22 08:14:08,728:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2023-07-22 08:14:08,740:ERROR:certbot.util:Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

2023-07-22 08:14:08,740:DEBUG:certbot._internal.plugins.disco:Misconfigured PluginEntryPoint#nginx: Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 976, in config_test
    util.run_script([self.conf('ctl'), "-c", self.nginx_conf, "-t"])
  File "/usr/lib/python3/dist-packages/certbot/util.py", line 116, in run_script
    raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/disco.py", line 151, in prepare
    self._initialized.prepare()
  File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 191, in prepare
    self.config_test()
  File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 978, in config_test
    raise errors.MisconfigurationError(str(err))
certbot.errors.MisconfigurationError: Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

2023-07-22 08:14:08,741:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f6be6ca5d80>
Prep: Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

2023-07-22 08:14:08,742:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f6be6ca5d80>
Prep: Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

2023-07-22 08:14:08,742:DEBUG:certbot._internal.plugins.selection:Selected authenticator None and installer None
2023-07-22 08:14:08,742:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1574, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1414, in certonly
    installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
  File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/selection.py", line 228, in choose_configurator_plugins
    diagnose_configurator_problem("authenticator", req_auth, plugins)
  File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/selection.py", line 332, in diagnose_configurator_problem
    raise errors.PluginSelectionError(msg)
certbot.errors.PluginSelectionError: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')
2023-07-22 08:14:08,743:ERROR:certbot._internal.log:The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')
2023-07-22 08:20:10,687:DEBUG:certbot._internal.main:certbot version: 1.21.0
2023-07-22 08:20:10,687:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2023-07-22 08:20:10,687:DEBUG:certbot._internal.main:Arguments: ['--nginx', '--agree-tos', '--cert-name', 'my.domain', '-d', 'my.domain', '-m', 'my@email.address']
2023-07-22 08:20:10,689:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-07-22 08:20:10,697:DEBUG:certbot._internal.log:Root logging level set at 30
2023-07-22 08:20:10,698:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2023-07-22 08:20:10,709:ERROR:certbot.util:Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

2023-07-22 08:20:10,709:DEBUG:certbot._internal.plugins.disco:Misconfigured PluginEntryPoint#nginx: Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 976, in config_test
    util.run_script([self.conf('ctl'), "-c", self.nginx_conf, "-t"])
  File "/usr/lib/python3/dist-packages/certbot/util.py", line 116, in run_script
    raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/disco.py", line 151, in prepare
    self._initialized.prepare()
  File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 191, in prepare
    self.config_test()
  File "/usr/lib/python3/dist-packages/certbot_nginx/_internal/configurator.py", line 978, in config_test
    raise errors.MisconfigurationError(str(err))
certbot.errors.MisconfigurationError: Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

2023-07-22 08:20:10,710:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f7754801d20>
Prep: Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

2023-07-22 08:20:10,710:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f7754801d20>
Prep: Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

2023-07-22 08:20:10,710:DEBUG:certbot._internal.plugins.selection:Selected authenticator None and installer None
2023-07-22 08:20:10,710:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1574, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1414, in certonly
    installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
  File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/selection.py", line 228, in choose_configurator_plugins
    diagnose_configurator_problem("authenticator", req_auth, plugins)
  File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/selection.py", line 332, in diagnose_configurator_problem
    raise errors.PluginSelectionError(msg)
certbot.errors.PluginSelectionError: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')
2023-07-22 08:20:10,711:ERROR:certbot._internal.log:The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] directive "limit_req_zone" is not terminated by ";" in /etc/nginx/conf.d/default.conf:1\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')
kurspelli commented 9 months ago

Hi @adambowles

The guided installation still fails on this same issue which seems to be marked complete without any pull request or commit linked to this. Your suggestion did help, though! It indeed was about the port(s) being closed.

If some changes were made to handle the firewall port opening thing automagically, then apparently they aren't present on the version in question (git checkout $(git describe --tags)).

Should the README have a notion of punching that ufw allow rule, or should the command just be included in the install automation? I can make a PR or something.

codyro commented 9 months ago

@MURTOMAASORTAJA I opted to punch a hole in firewalld for the AlmaLinux/RHEL playbook if I detected it running: https://github.com/LemmyNet/lemmy-ansible/blob/main/lemmy-almalinux.yml#L118-L130. We should probably do the same for the Ubuntu/Debian playbook to keep it consistent--unless we see a problem with assuming that those ports should be opened (I can't think of any in the context of the people who would be running the playbooks to get a Lemmy instance going).

Would you like to make a PR with these changes using ufw?