Open ckoeber83 opened 6 months ago
bluekitedreamer
commented
6 months ago I would say to look at the log, but it doesn't look like it's mapped outside the container
See the logfile
/tmp/letsencrypt-log/letsencrypt.log
Do this command, it will print the lets encrypt log file to your commandline
docker exec -it [CONTAINER-NAME] cat /tmp/letsencrypt-log/letsencrypt.log
Take a look at why the lets encrypt authorization is failing
bluekitedreamer
commented
6 months ago 
chriszuercher
commented
6 months ago I'm facing the same issue (and as well #3575 )
tr1p0p
commented
6 months ago Facing the same issue, now my domain is blocked and have to wait to have a working website.
Here's the logs of letsencrypt failure :
2024-03-11 11:36:09,948:DEBUG:certbot._internal.main:certbot version: 2.9.0
2024-03-11 11:36:09,949:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2024-03-11 11:36:09,949:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-18', '--agree-tos', '--authenticator', 'webroot', '--email', 'leo.roubinowitz@gmail.com', '--preferred-challenges', 'dns,http', '--domains', 'alchimia.ink']
2024-03-11 11:36:09,950:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-ovh,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-03-11 11:36:09,960:DEBUG:certbot._internal.log:Root logging level set at 30
2024-03-11 11:36:09,960:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2024-03-11 11:36:09,961:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A seperate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7fff50e1e550>
Prep: True
2024-03-11 11:36:09,961:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7fff50e1e550> and installer None
2024-03-11 11:36:09,961:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2024-03-11 11:36:10,183:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1611770807', new_authzr_uri=None, terms_of_service=None), 401d9d1000388effb9661287e7722f52, Meta(creation_dt=datetime.datetime(2024, 3, 10, 17, 10, 24, tzinfo=<UTC>), creation_host='676e72629a1b', register_to_eff=None))>
2024-03-11 11:36:10,184:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-03-11 11:36:10,185:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-03-11 11:36:10,666:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2024-03-11 11:36:10,667:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 11 Mar 2024 11:36:20 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"B17ZkHo5yvo": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-03-11 11:36:10,668:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for alchimia.ink
2024-03-11 11:36:10,673:DEBUG:acme.client:Requesting fresh nonce
2024-03-11 11:36:10,673:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2024-03-11 11:36:10,829:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2024-03-11 11:36:10,829:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 11 Mar 2024 11:36:20 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: gYWQdAkZCCcelzt412RV95uwVPw6XR9klTnaZu03vW6sdWa_wyc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2024-03-11 11:36:10,829:DEBUG:acme.client:Storing nonce: gYWQdAkZCCcelzt412RV95uwVPw6XR9klTnaZu03vW6sdWa_wyc
2024-03-11 11:36:10,829:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "alchimia.ink"\n }\n ]\n}'
2024-03-11 11:36:10,838:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTYxMTc3MDgwNyIsICJub25jZSI6ICJnWVdRZEFrWkNDY2VsenQ0MTJSVjk1dXdWUHc2WFI5a2xUbmFadTAzdlc2c2RXYV93eWMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "zSEA_2U3U-CMDYI0pgNxzKHxq6tXc2CVNwrnIwBUINKngQ5soar3VaUHWBon769gVo2m29Hz0NDqZVSpPf0BANCGN731dmSRpoTeIOUL0hYVwgTMzqIBQd2--wYf0xFZDqsKi6m029Eq1xPjTHeITGnUkOmkEdXcPahOUlEVQTob0xmo3h7NYNncMO_GhOyjVh9gJvMfeUmCft3WUJcHsJlTw8vzg5o2MsDvRwOKJjoovYfNBt8YLuVdN5RC5yPd4Enpfsu7zvrm2oa_YXLx4D3IHfUai333dhzNaFxCcn4_U2XB54yrJJ9yYJofrooEdjhXvvHz6bGpe7pgOco5sw",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImFsY2hpbWlhLmluayIKICAgIH0KICBdCn0"
}
2024-03-11 11:36:11,022:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 429 318
2024-03-11 11:36:11,023:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Date: Mon, 11 Mar 2024 11:36:20 GMT
Content-Type: application/problem+json
Content-Length: 318
Connection: keep-alive
Boulder-Requester: 1611770807
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://letsencrypt.org/docs/rate-limits>;rel="help"
Replay-Nonce: gYWQdAkZurGClJ-tPz0B3FolRsQB5R4WWBsotLeaiTEOH2098rA
Retry-After: 107650
{
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: alchimia.ink, retry after 2024-03-12T17:30:31Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/",
"status": 429
}
2024-03-11 11:36:11,023:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/opt/certbot/bin/certbot", line 8, in <module>
sys.exit(main())
^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1894, in main
return config.func(config, plugins)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1600, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 478, in _get_order_and_authorizations
orderr = self.acme.new_order(csr_pem)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 137, in new_order
response = self._post(self.directory['newOrder'], order)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 365, in _post
return self.net.post(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 738, in post
return self._post_once(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 751, in _post_once
response = self._check_response(response, content_type=content_type)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 602, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: alchimia.ink, retry after 2024-03-12T17:30:31Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/
2024-03-11 11:36:11,026:ERROR:certbot._internal.log:An unexpected error occurred:
2024-03-11 11:36:11,026:ERROR:certbot._internal.log:Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: alchimia.ink, retry after 2024-03-12T17:30:31Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/
Did anybody find a workarround or solution? My certificate will expire in the next days and cannot be renewed.
bluekitedreamer
commented
6 months ago @chriszuercher Post your lets encrypt log, take note of personal information (emails, domains) and remove it
@tr1p0p
"detail": "Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: <domain>, retry after 2024-03-12T17:30:31Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/",You're hitting letsencrypts limit, use a wildcard instead for that domain
chriszuercher
commented
6 months ago Edit: I could finally just create a new certificate (using same data) and use this one. Let's hope next renew works again. The rate limit didn't occur (last I couldn't do this because I was blocked out becuase of to many requests).
Original Problem: I'm using 3 domains in the same certificate. One of them is handled in NPM (ha.) the others not. The challenge works for the two domains not handled at NPM but not for the one which is used as proxy there. This one stays pending forever. Portforwarding and DNS config is the same for all of them (and ha. ist alsow working and handeld in NPM):
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwMjM2NTY5NiIsICJub25jZSI6ICJEV3JCM2dEdHhmbXItWjJubkdLR2VXNFkwYU9HQ3RPTzlWc0VtbURabGVGaE02bWhlUVEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "UvHGA_tBh9HCnkgqC3RA-yAm1GUOpLsmEQGlUWLHEu6Adrw-EqN6fglxzRMmXBcYwng_xniHIaj6L6BeG9eQ4pL3MfMbHhZDL-bKNhr02Z_TkK3Mz9qf6qbHWwx8bBtQTnynMRHn14WZqUhxNtE9k6jHvHk2__tpye4g1Ler-n-SAmT08zaevO8JfpWVrDaJykivssyZLrH8N0Doe7b_OdtmcNvR74EnFabitVeCfqKVgeV1f_Yh-aoj1kPgI7HbWA7iZPbmnieAIT2p-tooCnGlVuqSqYWgLDM5UTwQ_QCgfMQ38XHv__YeJTkQSgbVtzLzx5XXTBwSKXndCkMFUg",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImNocmlzLnp1ZXJjaGVyLmNvbS5teCIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJkaXNrc3RhdGlvbi56dWVyY2hlci5jb20ubXgiCiAgICB9LAogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAiaGEuenVlcmNoZXIuY29tLm14IgogICAgfQogIF0KfQ"
}
2024-03-17 08:51:05,990:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 638
2024-03-17 08:51:05,992:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sun, 17 Mar 2024 08:51:05 GMT
Content-Type: application/json
Content-Length: 638
Connection: keep-alive
Boulder-Requester: 1302365696
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1302365696/253028355397
Replay-Nonce: DWrB3gDtp3jrTxaPMrLYy56IhrwQ_z2KjI_LVRRepgoHZjp12MY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2024-03-23T20:53:05Z",
"identifiers": [
{
"type": "dns",
"value": "chris.replaced.domain"
},
{
"type": "dns",
"value": "diskstation.replaced.domain"
},
{
"type": "dns",
"value": "ha.replaced.domain"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/318313474137",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/318313474147",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/327297272917"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1302365696/253028355397"
}
2024-03-17 08:51:05,992:DEBUG:acme.client:Storing nonce: DWrB3gDtp3jrTxaPMrLYy56IhrwQ_z2KjI_LVRRepgoHZjp12MY
2024-03-17 08:51:05,993:DEBUG:acme.client:JWS payload:
b''
2024-03-17 08:51:05,995:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/318313474137:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwMjM2NTY5NiIsICJub25jZSI6ICJEV3JCM2dEdHAzanJUeGFQTXJMWXk1NklocndRX3oyS2pJX0xWUlJlcGdvSFpqcDEyTVkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMxODMxMzQ3NDEzNyJ9",
"signature": "EtaWvz-N4YJyTADBWIMLdz9TMIbB2R00BV-LsMYbcsPR_4xeHExGhREITwpG0hm_Xc9s2YqN2H74RY9nPkwReu0ZURATiB9TOsMniwN1R9oFhdmxwUeAbB9Czp3bOaa-uOkEBnfxnCfF0k1B_2Wt6lnjfDfKVx46Iax6sAXtxleGnqIKaYtV07y2JDzxwvS_26Zswy28s19i4nUxfUQXNxpXNYrHafOiC1RRV_kN3mTdaXYZJUWz7r8rTBeTHzDhjuAzmolSACbBGeDue9wI2ci01iPpBqwT2jNHOAJOf9nP7kcRmCOhpnX7_xKBJKbUwATCX_f3zsiLkE1fImWIUg",
"payload": ""
}
2024-03-17 08:51:06,162:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/318313474137 HTTP/1.1" 200 1408
2024-03-17 08:51:06,163:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 17 Mar 2024 08:51:06 GMT
Content-Type: application/json
Content-Length: 1408
Connection: keep-alive
Boulder-Requester: 1302365696
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: DWrB3gDtOMmAHAArbyd15XfhT6aTTYK0SCiWl0smrBpPX0VkEAg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "chris.replaced.domain"
},
"status": "valid",
"expires": "2024-03-23T20:53:05Z",
"challenges": [
{
"type": "http-01",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318313474137/EkT6mQ",
"token": "nVoEY_aQ-zAYX23qfVS4tuIeAlMILmlZ-puweAIzthA",
"validationRecord": [
{
"url": "http://chris.replaced.domain/.well-known/acme-challenge/nVoEY_aQ-zAYX23qfVS4tuIeAlMILmlZ-puweAIzthA",
"hostname": "chris.replaced.domain",
"port": "80",
"addressesResolved": [
"x.x.x.x",
"x:x:x:x::x"
],
"addressUsed": "x:x:x:x::x",
"resolverAddrs": [
"A:10.1.12.84:23951",
"AAAA:10.1.12.85:25056"
]
},
{
"url": "http://chris.replaced.domain/.well-known/acme-challenge/nVoEY_aQ-zAYX23qfVS4tuIeAlMILmlZ-puweAIzthA",
"hostname": "chris.replaced.domain",
"port": "80",
"addressesResolved": [
"x.x.x.x",
"x:x:x:x::x"
],
"addressUsed": "x.x.x.x",
"resolverAddrs": [
"A:10.1.12.84:23951",
"AAAA:10.1.12.85:25056"
]
}
],
"validated": "2024-02-22T20:52:51Z"
}
]
}
2024-03-17 08:51:06,164:DEBUG:acme.client:Storing nonce: DWrB3gDtOMmAHAArbyd15XfhT6aTTYK0SCiWl0smrBpPX0VkEAg
2024-03-17 08:51:06,165:DEBUG:acme.client:JWS payload:
b''
2024-03-17 08:51:06,169:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/318313474147:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwMjM2NTY5NiIsICJub25jZSI6ICJEV3JCM2dEdE9NbUFIQUFyYnlkMTVYZmhUNmFUVFlLMFNDaVdsMHNtckJwUFgwVmtFQWciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMxODMxMzQ3NDE0NyJ9",
"signature": "Ax20mnJCZNXQP5L7GzsTuYwCZJ1bZl4w4EDySQj1VR0_z5bcCXb8D2DoDFABV_477UGpgG9smCDLmQB95OkhJqGLOuYTmnEdMw5ktKphcIanU-8IPCCWWi7eMus_d7pVy3houCVFZQJzvao1dVspffiJka7s3xk1ovNLiPJNsT1349msyL0ubhvvPiIzxJDgym0wXqHt1AMjHviP0dhwZTPyFekSD5l4w_aRF6kVN--Rr-191qDG5n-kN-COo5OGXqIlEJqFa-OBxG2VcInWlssInG_HBd2ALP6ASNaCnFB0hQHQkQU6iAJdgquK3KggjdeAGdlbx1cdxJa8x5d7NQ",
"payload": ""
}
2024-03-17 08:51:06,340:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/318313474147 HTTP/1.1" 200 1438
2024-03-17 08:51:06,342:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 17 Mar 2024 08:51:06 GMT
Content-Type: application/json
Content-Length: 1438
Connection: keep-alive
Boulder-Requester: 1302365696
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: DWrB3gDtYHs2lPBd1ybXQ0Kk3_YrJ8xASVDAKnKoFQrn2ewzarI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "diskstation.replaced.domain"
},
"status": "valid",
"expires": "2024-03-23T20:53:09Z",
"challenges": [
{
"type": "http-01",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318313474147/Sf9JFw",
"token": "0OcqhmJfwT3MJ3X7KLEp2o--r4b_09eNAdRBQyo2oRw",
"validationRecord": [
{
"url": "http://diskstation.replaced.domain/.well-known/acme-challenge/0OcqhmJfwT3MJ3X7KLEp2o--r4b_09eNAdRBQyo2oRw",
"hostname": "diskstation.replaced.domain",
"port": "80",
"addressesResolved": [
"x.x.x.x",
"x:x:x:x::x"
],
"addressUsed": "x:x:x:x::x",
"resolverAddrs": [
"A:10.1.12.81:27532",
"AAAA:10.1.12.83:29977"
]
},
{
"url": "http://diskstation.replaced.domain/.well-known/acme-challenge/0OcqhmJfwT3MJ3X7KLEp2o--r4b_09eNAdRBQyo2oRw",
"hostname": "diskstation.replaced.domain",
"port": "80",
"addressesResolved": [
"x.x.x.x",
"x:x:x:x::x"
],
"addressUsed": "x.x.x.x",
"resolverAddrs": [
"A:10.1.12.81:27532",
"AAAA:10.1.12.83:29977"
]
}
],
"validated": "2024-02-22T20:52:52Z"
}
]
}
2024-03-17 08:51:06,342:DEBUG:acme.client:Storing nonce: DWrB3gDtYHs2lPBd1ybXQ0Kk3_YrJ8xASVDAKnKoFQrn2ewzarI
2024-03-17 08:51:06,343:DEBUG:acme.client:JWS payload:
b''
2024-03-17 08:51:06,345:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/327297272917:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwMjM2NTY5NiIsICJub25jZSI6ICJEV3JCM2dEdFlIczJsUEJkMXliWFEwS2szX1lySjh4QVNWREFLbktvRlFybjJld3phckkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMyNzI5NzI3MjkxNyJ9",
"signature": "GpJPVuLERrh4dBos65MXccEdzNMe0BI5fUvN_IGjCs-_SQziT0K4E1HjFVkrRmhPmmHGuDVNRPqE_1144RZdT6chCY5a8z8kv1zrvfizwomAhBDkE_lJyMEhABu3f0RrkRqV4cmIYz4hlbqvc86Pf8af3BZDDrpfTz_JKMcp55v1NmxzBHaTYS_qPioAa-DPSCOAk548yabZUepZI17O2d8mKni3eZcNSFYUD-mEX6YFWt-wO8kPwHCpOSyAe-JCHZIHjRuFNcCBafJM-c0gll-J1pRJ8rP-Nij8D5jgalIUzXq9UdfS-96syfrjC2cAw4Dn_-aGVPv4m1j8hx2kuw",
"payload": ""
}
2024-03-17 08:51:06,509:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/327297272917 HTTP/1.1" 200 802
2024-03-17 08:51:06,510:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 17 Mar 2024 08:51:06 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 1302365696
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: aJwww7uyNyqd3d2lYChtWRWenG3b22l28MW_jEnmm2YElIJ8V_c
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "ha.replaced.domain"
},
"status": "pending",
"expires": "2024-03-24T08:51:05Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/5O063A",
"token": "doBLhmfu_cXoimWigpbxDU33PgVfdnxre5JbajwbwYY"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/yBVRCA",
"token": "doBLhmfu_cXoimWigpbxDU33PgVfdnxre5JbajwbwYY"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/fSg17w",
"token": "doBLhmfu_cXoimWigpbxDU33PgVfdnxre5JbajwbwYY"
}
]
}
2024-03-17 08:51:06,510:DEBUG:acme.client:Storing nonce: aJwww7uyNyqd3d2lYChtWRWenG3b22l28MW_jEnmm2YElIJ8V_c
2024-03-17 08:51:06,511:INFO:certbot._internal.auth_handler:Performing the following challenges:
2024-03-17 08:51:06,511:INFO:certbot._internal.auth_handler:http-01 challenge for ha.replaced.domain
2024-03-17 08:51:06,511:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2024-03-17 08:51:06,512:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2024-03-17 08:51:06,513:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/doBLhmfu_cXoimWigpbxDU33PgVfdnxre5JbajwbwYY
2024-03-17 08:51:06,513:DEBUG:acme.client:JWS payload:
b'{}'
2024-03-17 08:51:06,516:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/5O063A:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwMjM2NTY5NiIsICJub25jZSI6ICJhSnd3dzd1eU55cWQzZDJsWUNodFdSV2VuRzNiMjJsMjhNV19qRW5tbTJZRWxJSjhWX2MiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMyNzI5NzI3MjkxNy81TzA2M0EifQ",
"signature": "H5NiGjRQgAI89ZalYBFMj51j4hxnTik1fX8h_fs5BybV4FQC-ZSgZ2o0Flddb3Mq5HUaSzcvj8zl22oQEZ07XaHts5-sDzkReFbYDaS0ZtY_Andsa8Dkms9Licq3QLoyOwPVkDW0-oMrME8V93f1A_d6mLW0aQpNjXkE5RHCCAyMcOlY4ciIWTiWVXZhwTfEWXT8o7xgjLpicD-h4isz7dkvy2d1YR_JplocWyb3HjjydSnORK9e04kt8j7mRyzlmYKNvkXX2XOOb6YJT2RRrB0tQ4jA92lXP9s9kJRGy6zf7Fth2zkjdjvxXT3v3Z5FfVFEuZs1O7CS2k4f6jH8yA",
"payload": "e30"
}
2024-03-17 08:51:06,697:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/327297272917/5O063A HTTP/1.1" 200 187
2024-03-17 08:51:06,698:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 17 Mar 2024 08:51:06 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1302365696
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/327297272917>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/5O063A
Replay-Nonce: aJwww7uyOuZi4bGEDbnBDiwnOIpHBrREG7O0jQoxmUCIoxn_9rE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/5O063A",
"token": "doBLhmfu_cXoimWigpbxDU33PgVfdnxre5JbajwbwYY"
}
2024-03-17 08:51:06,699:DEBUG:acme.client:Storing nonce: aJwww7uyOuZi4bGEDbnBDiwnOIpHBrREG7O0jQoxmUCIoxn_9rE
2024-03-17 08:51:06,699:INFO:certbot._internal.auth_handler:Waiting for verification...
By adding a Let's Encrypt Certificate I got an Internal Error with too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/
NPM_BUILD_VERSION | 2.11.1