Open fgarcia-humanoide opened 3 months ago
worked 6 months. Now certificates expired and if you force a rennovation an error appears
Renew Let's Encrypt Certificate Internal Error
same problem, version 2.11.1
Same here, here is the output of the log (id's, base64, domains replaced):
2024-04-18 21:02:13,524:DEBUG:certbot._internal.main:certbot version: 2.9.0 2024-04-18 21:02:13,525:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot 2024-04-18 21:02:13,525:DEBUG:certbot._internal.main:Arguments: ['--force-renewal', '--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-13', '--disable-hook-validation', '--no-random-sleep-on-renew'] 2024-04-18 21:02:13,525:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#directadmin,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2024-04-18 21:02:13,579:DEBUG:certbot._internal.log:Root logging level set at 30 2024-04-18 21:02:13,581:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/npm-13.conf 2024-04-18 21:02:13,583:DEBUG:certbot.configuration:Var config_dir=/etc/letsencrypt (set by user). 2024-04-18 21:02:13,583:DEBUG:certbot.configuration:Var logs_dir=/tmp/letsencrypt-log (set by user). 2024-04-18 21:02:13,583:DEBUG:certbot.configuration:Var work_dir=/tmp/letsencrypt-lib (set by user). 2024-04-18 21:02:13,584:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None 2024-04-18 21:02:13,584:DEBUG:certbot.configuration:Var preferred_chain=ISRG Root X1 (set by user). 2024-04-18 21:02:13,584:DEBUG:certbot.configuration:Var key_type=ecdsa (set by user). 2024-04-18 21:02:13,584:DEBUG:certbot.configuration:Var elliptic_curve=secp384r1 (set by user). 2024-04-18 21:02:13,599:DEBUG:certbot._internal.renewal:Auto-renewal forced with --force-renewal... 2024-04-18 21:02:13,600:DEBUG:certbot._internal.plugins.selection:Requested authenticator directadmin and installer None 2024-04-18 21:02:13,600:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: directadmin Description: Obtain a certificate using a DNS TXT record in directadmin Interfaces: Authenticator, Plugin Entry point: EntryPoint(name='directadmin', value='certbot_dns_directadmin.dns_directadmin:Authenticator', group='certbot.plugins') Initialized: <certbot_dns_directadmin.dns_directadmin.Authenticator object at 0x7f1cdc395b90> Prep: True 2024-04-18 21:02:13,601:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_directadmin.dns_directadmin.Authenticator object at 0x7f1cdc395b90> and installer None 2024-04-18 21:02:13,601:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator directadmin, Installer None 2024-04-18 21:02:13,736:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/
', new_authzr_uri=None, terms_of_service=None), 7d91f774b85261e99787fb37989f16d8, Meta(creation_dt=datetime.datetime(2021, 2, 25, 9, 28, 46, tzinfo= .website.nl 2024-04-18 21:02:14,148:DEBUG:acme.client:Requesting fresh nonce 2024-04-18 21:02:14,148:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce. 2024-04-18 21:02:14,283:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0 2024-04-18 21:02:14,284:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 18 Apr 2024 21:02:14 GMT Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index" Replay-Nonce: FUnC6kMpCZMAkAb02iWTYOvskc4chpss_xG8LllzLOR5hxbTtvc X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 2024-04-18 21:02:14,284:DEBUG:acme.client:Storing nonce: FUnC6kMpCZMAkAb02iWTYOvskc4chpss_xG8LllzLOR5hxbTtvc 2024-04-18 21:02:14,284:DEBUG:acme.client:JWS payload: b'{\n "identifiers": [\n {\n "type": "dns",\n "value": ".website.nl"\n }\n ]\n}' 2024-04-18 21:02:14,289:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order: { "protected": "), creation_host='a9a7ec130998', register_to_eff=None))> 2024-04-18 21:02:13,738:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. 2024-04-18 21:02:13,741:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443 2024-04-18 21:02:14,139:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 747 2024-04-18 21:02:14,140:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 18 Apr 2024 21:02:14 GMT Content-Type: application/json Content-Length: 747 Connection: keep-alive Cache-Control: public, max-age=0, no-cache X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "Vvg5AejWZ-g": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" } 2024-04-18 21:02:14,142:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for ", "signature": " .website.nl" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz-v3/", "payload": " " } 2024-04-18 21:02:14,613:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 341 2024-04-18 21:02:14,614:DEBUG:acme.client:Received response: HTTP 201 Server: nginx Date: Thu, 18 Apr 2024 21:02:14 GMT Content-Type: application/json Content-Length: 341 Connection: keep-alive Boulder-Requester: 113867616 Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index" Location: https://acme-v02.api.letsencrypt.org/acme/order/ Replay-Nonce: Y89UXNyaeHtNDdgR8Zc1dRY8gED8axjHUmMpKW1BMnSD79nD7wI X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "status": "pending", "expires": "2024-04-25T21:02:14Z", "identifiers": [ { "type": "dns", "value": " " ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/ " } 2024-04-18 21:02:14,614:DEBUG:acme.client:Storing nonce: Y89UXNyaeHtNDdgR8Zc1dRY8gED8axjHUmMpKW1BMnSD79nD7wI 2024-04-18 21:02:14,614:DEBUG:acme.client:JWS payload: b'' 2024-04-18 21:02:14,617:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/ : { "protected": " ", "signature": " ", "payload": "" } 2024-04-18 21:02:14,776:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/ HTTP/1.1" 200 388 2024-04-18 21:02:14,776:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 18 Apr 2024 21:02:14 GMT Content-Type: application/json Content-Length: 388 Connection: keep-alive Boulder-Requester: 113867616 Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index" Replay-Nonce: FUnC6kMpzkXJl7wO0pvulDAYAIkFvszesCA1Abblz67F-VF8n94 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "website.nl" }, "status": "pending", "expires": "2024-04-25T21:02:14Z", "challenges": [ { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/ / ", "token": " " } ], "wildcard": true } 2024-04-18 21:02:14,776:DEBUG:acme.client:Storing nonce: FUnC6kMpzkXJl7wO0pvulDAYAIkFvszesCA1Abblz67F-VF8n94 2024-04-18 21:02:14,777:INFO:certbot._internal.auth_handler:Performing the following challenges: 2024-04-18 21:02:14,777:INFO:certbot._internal.auth_handler:dns-01 challenge for website.nl 2024-04-18 21:02:15,173:DEBUG:certbot_dns_directadmin.dns_directadmin:Record Domain: _acme-challenge.website.nl 2024-04-18 21:02:15,174:DEBUG:certbot_dns_directadmin.dns_directadmin:Subdomain: _acme-challenge 2024-04-18 21:02:15,174:DEBUG:certbot_dns_directadmin.dns_directadmin:Domain: website.nl 2024-04-18 21:02:22,424:DEBUG:certbot_dns_directadmin.dns_directadmin:{'error': '0', 'message': 'Record toegevoegd'} 2024-04-18 21:02:22,424:INFO:certbot_dns_directadmin.dns_directadmin:Successfully added TXT record for _acme-challenge.website.nl 2024-04-18 21:02:22,424:DEBUG:certbot._internal.display.obj:Notifying user: Waiting 60 seconds for DNS changes to propagate 2024-04-18 21:03:22,425:DEBUG:acme.client:JWS payload: b'{}' 2024-04-18 21:03:22,428:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/ / : { "protected": " ", "signature": " ", "payload": "e30" } 2024-04-18 21:03:22,605:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/ / HTTP/1.1" 200 186 2024-04-18 21:03:22,606:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 18 Apr 2024 21:03:22 GMT Content-Type: application/json Content-Length: 186 Connection: keep-alive Boulder-Requester: 113867616 Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/ >;rel="up" Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/ / Replay-Nonce: Y89UXNyamjbV4w4lm5tAafZSD7n3wESszQClc71lhiI1fwTEbYQ X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/ / ", "token": "
" } 2024-04-18 21:03:22,606:DEBUG:acme.client:Storing nonce: Y89UXNyamjbV4w4lm5tAafZSD7n3wESszQClc71lhiI1fwTEbYQ 2024-04-18 21:03:22,607:INFO:certbot._internal.auth_handler:Waiting for verification... 2024-04-18 21:03:23,607:DEBUG:acme.client:JWS payload: b'' 2024-04-18 21:03:23,611:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/ : { "protected": " ", "signature": " ", "payload": "" } 2024-04-18 21:03:23,767:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/ HTTP/1.1" 200 683 2024-04-18 21:03:23,768:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 18 Apr 2024 21:03:23 GMT Content-Type: application/json Content-Length: 683 Connection: keep-alive Boulder-Requester: 113867616 Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index" Replay-Nonce: FUnC6kMpHX49EszZJ1e9KsOKNw5FWL4Uj6QJ5pwnV3keuqJKprA X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "website.nl" }, "status": "invalid", "expires": "2024-04-25T21:02:14Z", "challenges": [ { "type": "dns-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "Incorrect TXT record \"xR9dGioZ22CdTpHBP-NoYleDK3lw61DC2e2zIsBXtto\" (and 724 more) found at _acme-challenge.website.nl", "status": 403 }, "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/ / ", "token": "
", "validated": "2024-04-18T21:03:22Z" } ], "wildcard": true } 2024-04-18 21:03:23,768:DEBUG:acme.client:Storing nonce: FUnC6kMpHX49EszZJ1e9KsOKNw5FWL4Uj6QJ5pwnV3keuqJKprA 2024-04-18 21:03:23,769:INFO:certbot._internal.auth_handler:Challenge failed for domain website.nl 2024-04-18 21:03:23,769:INFO:certbot._internal.auth_handler:dns-01 challenge for website.nl 2024-04-18 21:03:23,769:DEBUG:certbot._internal.display.obj:Notifying user: Certbot failed to authenticate some domains (authenticator: directadmin). The Certificate Authority reported these problems: Domain: website.nl Type: unauthorized Detail: Incorrect TXT record "xR9dGioZ22CdTpHBP-NoYleDK3lw61DC2e2zIsBXtto" (and 724 more) found at _acme-challenge.website.nl Hint: The Certificate Authority failed to verify the DNS TXT records created by --directadmin. Ensure the above domains are hosted by this DNS provider, or try increasing --directadmin-propagation-seconds (currently 60 seconds). 2024-04-18 21:03:23,770:DEBUG:certbot._internal.error_handler:Encountered exception: Traceback (most recent call last): File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort) File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2024-04-18 21:03:23,771:DEBUG:certbot._internal.error_handler:Calling registered functions 2024-04-18 21:03:23,771:INFO:certbot._internal.auth_handler:Cleaning up challenges 2024-04-18 21:03:24,156:DEBUG:certbot_dns_directadmin.dns_directadmin:Record Domain: _acme-challenge.website.nl 2024-04-18 21:03:24,157:DEBUG:certbot_dns_directadmin.dns_directadmin:Subdomain: _acme-challenge 2024-04-18 21:03:24,157:DEBUG:certbot_dns_directadmin.dns_directadmin:Domain: website.nl 2024-04-18 21:03:33,402:DEBUG:certbot_dns_directadmin.dns_directadmin:{'error': '0', 'message': 'Records verwijderd'} 2024-04-18 21:03:33,402:INFO:certbot_dns_directadmin.dns_directadmin:Successfully removed TXT record for _acme-challenge.website.nl 2024-04-18 21:03:33,403:ERROR:certbot._internal.renewal:Failed to renew certificate npm-13 with error: Some challenges have failed. 2024-04-18 21:03:33,406:DEBUG:certbot._internal.renewal:Traceback was: Traceback (most recent call last): File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request main.renew_cert(lineage_config, plugins, renewal_candidate) File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1550, in renew_cert renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 131, in _get_and_save_cert renewal.renew_cert(config, domains, le_client, lineage) File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert new_cert, new_chain, newkey, = le_client.obtain_certificate(domains, new_key) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort) File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2024-04-18 21:03:33,410:DEBUG:certbot._internal.display.obj:Notifying user:
2024-04-18 21:03:33,411:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed: 2024-04-18 21:03:33,411:ERROR:certbot._internal.renewal: /etc/letsencrypt/live/npm-13/fullchain.pem (failure) 2024-04-18 21:03:33,411:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2024-04-18 21:03:33,411:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/opt/certbot/bin/certbot", line 8, in
sys.exit(main()) ^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main return internal_main.main(cli_args) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1894, in main return config.func(config, plugins) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1642, in renew renewed_domains, failed_domains = renewal.handle_renewal_request(config) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request raise errors.Error( certbot.errors.Error: 1 renew failure(s), 0 parse failure(s) 2024-04-18 21:03:33,413:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
I had this same issue. For whatever reason, after deleting and re-adding my port forwards for NPM, I was able to manually renew the scripts...but it seems NPM wasn't going to renew them on its own? Im not sure now as I went ahead and manually renewed everything.
Also having this problem:
2024-05-02 09:12:51,194:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/345775467017:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU4NzUyMzY1NyIsICJub25jZSI6ICJZXzdBSVF1VVA3Qk9RTHJmSDlyWjZUSldvWGMwaW4xZ0pYc1ZlVm9XVGIyanhBNUFEZWsiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM0NTc3NTQ2NzAxNyJ9",
"signature": "Ty2thtpIzJZ2zsWD9jPtH6hjKKCNGZ6ChgDTc5sMUfVg2Aos1UXQKr2fmqPHIA4LrQiFRJtnCaJwjm0S2Dg96deTnTWZ-cxHH7SXJVlHalc7ULjWHtININltC7z56x79F0OZ_QoIK1ZToujHtJXqqG2edD970IPwoQ9entU9yq9O05jv02YqXPECFvosiYMAvUt-RwYYcnvyOqzN-nJUguAWOGu2MUhPHtQgw-2tzUG_2uGS4FEhCFHxpZ9mVYBJ-iG6C09bNL0NKGnO56_HbAK7rOEhN-wRB3cY62rXkvOyt6dRj_8EFbkuS5SAQxQQdfCpEEOvTHDYQ0i4gkPbZg",
"payload": ""
}
2024-05-02 09:12:51,272:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/345775467017 HTTP/1.1" 200 1622
2024-05-02 09:12:51,272:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 02 May 2024 13:12:51 GMT
Content-Type: application/json
Content-Length: 1622
Connection: keep-alive
Boulder-Requester: 1587523657
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: O0afatDIoVQUycPsUmZ0-4Xy_aMurgSzbBqqdJgeM7jOK-PtDH8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "scopexxxx.us.to"
},
"status": "invalid",
"expires": "2024-05-09T13:12:37Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "During secondary validation: 73.160.xx.xxx: Fetching http://scopexxxx.us.to/.well-known/acme-challenge/5qB8bq97izOw1_69iyQtN3SGR9ERT9okSRHCyLq2O-8: Timeout during connect (likely firewall problem)",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/345775467017/OjYacA",
"token": "5qB8bq97izOw1_69iyQtN3SGR9ERT9okSRHCyLq2O-8",
"validationRecord": [
{
"url": "http://scopexxxx.us.to/.well-known/acme-challenge/5qB8bq97izOw1_69iyQtN3SGR9ERT9okSRHCyLq2O-8",
"hostname": "scopexxxx.us.to",
"port": "80",
"addressesResolved": [
"73.160.xx.xxx"
],
"addressUsed": "73.160.xx.xxx",
"resolverAddrs": [
"A:10.1.12.81:31390",
"AAAA:10.1.12.89:26534"
]
},
{
"url": "https://scopexxxx.us.to/.well-known/acme-challenge/5qB8bq97izOw1_69iyQtN3SGR9ERT9okSRHCyLq2O-8",
"hostname": "scopexxxx.us.to",
"port": "443",
"addressesResolved": [
"73.160.xx.xxx"
],
"addressUsed": "73.160.xx.xxx",
"resolverAddrs": [
"A:10.1.12.85:30182",
"AAAA:10.1.12.89:26534"
]
}
],
"validated": "2024-05-02T13:12:37Z"
}
]
}
2024-05-02 09:12:51,272:DEBUG:acme.client:Storing nonce: O0afatDIoVQUycPsUmZ0-4Xy_aMurgSzbBqqdJgeM7jOK-PtDH8
2024-05-02 09:12:51,272:INFO:certbot._internal.auth_handler:Challenge failed for domain scopexxxx.us.to
2024-05-02 09:12:51,272:INFO:certbot._internal.auth_handler:http-01 challenge for scopexxxx.us.to
2024-05-02 09:12:51,273:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: scopexxxx.us.to
Type: connection
Detail: During secondary validation: 73.160.xx.xxx: Fetching http://scopexxxx.us.to/.well-known/acme-challenge/5qB8bq97izOw1_69iyQtN3SGR9ERT9okSRHCyLq2O-8: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
2024-05-02 09:12:51,273:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2024-05-02 09:12:51,273:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-05-02 09:12:51,273:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-05-02 09:12:51,273:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/5qB8bq97izOw1_69iyQtN3SGR9ERT9okSRHCyLq2O-8
2024-05-02 09:12:51,273:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2024-05-02 09:12:51,274:ERROR:certbot._internal.renewal:Failed to renew certificate npm-4 with error: Some challenges have failed.
2024-05-02 09:12:51,275:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1550, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 131, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2024-05-02 09:12:51,276:DEBUG:certbot._internal.display.obj:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2024-05-02 09:12:51,276:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2024-05-02 09:12:51,276:ERROR:certbot._internal.renewal: /etc/letsencrypt/live/npm-4/fullchain.pem (failure)
2024-05-02 09:12:51,276:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2024-05-02 09:12:51,276:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/opt/certbot/bin/certbot", line 8, in <module>
sys.exit(main())
^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1894, in main
return config.func(config, plugins)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1642, in renew
renewed_domains, failed_domains = renewal.handle_renewal_request(config)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request
raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2024-05-02 09:12:51,276:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
I tried removed re-adding, but too bad. Now I updated my docker container to the latest version (V2.11.2), re-added the (wildcard) certificate with propagation set to 120 seconds (DNS challenge with DIrectAdmin). During setup for a new certificate it will add 2 ACME challenge DNS records, and I had to delete the first generated. If I didn't it failed (invalid ACME challenge).
I have zero knowledge of this, but this what worked for me, dunno why.
Ok, if it helps anybody else... I found the culprit for me at least. GEO BLOCKING in my router. I have Unifi gear and I block inbound based on country. Recent changes in the Let's Encrypt API have the checks coming in from non-US locations. I temp turned it off and was able to renew all 4 of my certs.
npm cannot renew letsencrypt certificates, certificates expire and there is no renovation