nils-wisiol
commented
2 years ago TXT records are usually cleaned up after issuance. Could you provide the log file of the failed certbot run?
Closed emvidi closed 2 years ago
nils-wisiol
commented
2 years ago TXT records are usually cleaned up after issuance. Could you provide the log file of the failed certbot run?
emvidi
commented
2 years ago 2021-12-30 17:55:59,933:DEBUG:certbot._internal.main:certbot version: 1.21.0 2021-12-30 17:55:59,933:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot 2021-12-30 17:55:59,933:DEBUG:certbot._internal.main:Arguments: ['--manual-cleanup-hook', '/etc/letsencrypt/renewal-hooks/deploy/emby.xxx.eu_deploy.sh', '--authenticator', 'dns-desec', '--dns-desec-credentials', '/etc/letsencrypt/.secrets/emby.xxx.eu.ini', '--dns-desec-propagation-seconds', '15', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '--agree-tos', '--rsa-key-size', '4096', '--email', 'xxx@xxx.me', '-d', 'emby.xxx.eu'] 2021-12-30 17:55:59,933:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#certbot-dns-desec:dns-desec,PluginEntryPoint#dns-desec,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2021-12-30 17:55:59,941:DEBUG:certbot._internal.log:Root logging level set at 30 2021-12-30 17:55:59,942:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-desec and installer None 2021-12-30 17:55:59,945:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * dns-desec Description: Obtain certificates using a DNS TXT record (if you are using deSEC.io for DNS). Interfaces: Authenticator, Plugin Entry point: dns-desec = certbot_dns_desec.dns_desec:Authenticator Initialized: <certbot_dns_desec.dns_desec.Authenticator object at 0x7f9dbc60dd20> Prep: True 2021-12-30 17:55:59,945:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_desec.dns_desec.Authenticator object at 0x7f9dbc60dd20> and installer None 2021-12-30 17:55:59,945:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator dns-desec, Installer None 2021-12-30 17:56:00,076:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. 2021-12-30 17:56:00,077:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443 2021-12-30 17:56:00,757:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658 2021-12-30 17:56:00,758:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 30 Dec 2021 15:55:54 GMT Content-Type: application/json Content-Length: 658 Connection: keep-alive Cache-Control: public, max-age=0, no-cache X-Frame-Options: DENY Strict-Transport-Security: max-age=604800
{ "VFCGWic5BIw": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" } 2021-12-30 17:56:00,759:DEBUG:acme.client:Requesting fresh nonce 2021-12-30 17:56:00,760:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce. 2021-12-30 17:56:00,931:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0 2021-12-30 17:56:00,932:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 30 Dec 2021 15:55:54 GMT Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index" Replay-Nonce: 0002Ytlf5v4HsAoXcMj7X3K7d_Vhu10m5SUTmQV5k2KR9tY X-Frame-Options: DENY Strict-Transport-Security: max-age=604800
2021-12-30 17:56:00,933:DEBUG:acme.client:Storing nonce: 0002Ytlf5v4HsAoXcMj7X3K7d_Vhu10m5SUTmQV5k2KR9tY 2021-12-30 17:56:00,933:DEBUG:acme.client:JWS payload: b'{\n "contact": [\n "mailto:xxx@xx.me"\n ],\n "termsOfServiceAgreed": true\n}' 2021-12-30 17:56:00,953:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-acct: { "protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogIjJRTkR2aDZscmhDdlEydlpwLUcyVW9DNW1OcTlnSmNreFFkbll6X3hqUnk0bENMNDFILVBHWjdtOEFpajhLNGxka2hiTm8zSnlsQnFEUHhDcGRCQ3NCUlpYRVlONmg2QTVBS1d6aUVFU2g3WjE2dnlEU1hSS3NoUm5PZ3lsNFR0Zi1pVk1HWjhOdUF2U2E0RmV2bXF1UF9hQmlOeHh0X2RSaHJGWF9QaTFMZzMyYjJOS29xR1dXRmhCTjdYSzlWaVNqSkFkZThoOFdSVWpYWDBxQjB2dTk5LWtGTmdOOW5DVkoxQzlaaFVfMGdqSFIxVVFkLS1MQlJsS0dRbHl6ZDlKNDdQUFdBRGlzSDh6VGFiMVlzbG91OUVNak93OFd6bTlBSGRXSTJnTXZvakZaNlpXM25qSFMzSEIwWmkySHpLWk9NRmdFTXQyaHc0Rk9pbEpodi1tRXM2NjhSMG1MSDNDZWUyTVFuWXpXMUZTalY0Rnd0ZXZ0aGNuMjRWYWstRUNKMGxRMXY3WU1ockhXMHFNaXA0Yk5SeG15c0UzVEx2bVg5Z09PWktZbGhFSVVUbmwwWEptNDFmY2RtU1piUFZwblk5bzdLQ2RnbkRtdmVlSENtQkdrODdrcVRaZ3B6ck9YRlNUdjFHN0tMSFZWOVhETGVRS0xnVmNqdnFuTmRvODhIZ3JGTmh3THJtdkZtS1FLS254QmY4OUhrbHRZRDZ4QWdTM0w5bUNSRHBvMUt0YzNwSU03c1BrYTEzbDNZZFZmZ3FwbXFWMHJ5QmRmRjUwejZsbmxiaDFyT3ZJNmJsNFRGSnM0TU03V2ZhUlJ5ajBNcVY5ZjlLM0padUl4eTlQdUhtZ1BiX2dmVUpJWk1pMWJGd05BSGhrTXN1QkhOcGF2RG5iSENSdFEwIiwgImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIn0sICJub25jZSI6ICIwMDAyWXRsZjV2NEhzQW9YY01qN1gzSzdkX1ZodTEwbTVTVVRtUVY1azJLUjl0WSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LWFjY3QifQ", "signature": "SIztYPiGhGLwDqyfIovp5NlwscRE_929_kMsotuJ0fsRnOjeC1htIwUYKE_xgs-w_Y9Hx14-O0iZF-Gd89yTu1LFArBvUIwQHjtcBj6k9HV3gzCC6T7pYoWlCjWty8bUYksRiHnmEZi8JC3t8U_bcw4J9EpGf1Kgjg1q2jpA6ImeoVD17kWGC4EkZ48cNvP8fzSvYLNmiZQlpFWE01_y6YjTVba7VQjMutVvA99UnTDVVDr4Zurc6dMOMZjBxXQ2Sqa9e51SNnZawvHOipkup7KSGinAld6m4a6PUHhVAVfUez55y0jpsTifvFvJQ4lOAId5qvBc60lyxI6F-nXMmvtpCqjt798f_1y0Rz3V2eQbmrwAphCuOp9tgRDUVFrOWFO25ErKW_RRpGSwwhxWXklMEJ8bDa_ie0dYRv5S4QqVsujLnDNAwXiouKcufOoocV9d59IhUhaxU6j1AGnkbgetYfxgpdtQbEo6f7T1Z6BWGJxZ6swTeeyhN-HgtHac2ioYO_GAfQnfz9-X4ahW-FFSRXKrax0w5RaW2ZlVPhBO4uGbn27CBIM1EZntGiaUUO2rPOfM0vZ3jIRStr9g0tuVCICOihMP1s6QiHUks5k7z5IUpypXg28oTlKb6TrKirI5ou7kT_N0bjl7_sQT_JD4L23jqgdeSWz75XL_MjI", "payload": "ewogICJjb250YWN0IjogWwogICAgIm1haWx0bzplbXZpZGlAcG0ubWUiCiAgXSwKICAidGVybXNPZlNlcnZpY2VBZ3JlZWQiOiB0cnVlCn0" } 2021-12-30 17:56:01,134:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-acct HTTP/1.1" 201 895 2021-12-30 17:56:01,135:DEBUG:acme.client:Received response: HTTP 201 Server: nginx Date: Thu, 30 Dec 2021 15:55:55 GMT Content-Type: application/json Content-Length: 895 Connection: keep-alive Boulder-Requester: 342644180 Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf;rel="terms-of-service" Location: https://acme-v02.api.letsencrypt.org/acme/acct/342644180 Replay-Nonce: 0001LHaFctfreKotSEBBlgVOfWvhIcX2t1buSom4ohgRync X-Frame-Options: DENY Strict-Transport-Security: max-age=604800
{
"key": {
"kty": "RSA",
"n": "2QNDvh6lrhCvQ2vZp-G2UoC5mNq9gJckxQdnYz_xjRy4lCL41H-PGZ7m8Aij8K4ldkhbNo3JylBqDPxCpdBCsBRZXEYN6h6A5AKWziEESh7Z16vyDSXRKshRnOgyl4Ttf-iVMGZ8NuAvSa4FevmquP_aBiNxxt_dRhrFX_Pi1Lg32b2NKoqGWWFhBN7XK9ViSjJAde8h8WRUjXX0qB0vu99-kFNgN9nCVJ1C9ZhU_0gjHR1UQd--LBRlKGQlyzd9J47PPWADisH8zTab1Yslou9EMjOw8Wzm9AHdWI2gMvojFZ6ZW3njHS3HB0Zi2HzKZOMFgEMt2hw4FOilJhv-mEs668R0mLH3Cee2MQnYzW1FSjV4Fwtevthcn24Vak-ECJ0lQ1v7YMhrHW0qMip4bNRxmysE3TLvmX9gOOZKYlhEIUTnl0XJm41fcdmSZbPVpnY9o7KCdgnDmveeHCmBGk87kqTZgpzrOXFSTv1G7KLHVV9XDLeQKLgVcjvqnNdo88HgrFNhwLrmvFmKQKKnxBf89HkltYD6xAgS3L9mCRDpo1Ktc3pIM7sPka13l3YdVfgqpmqV0ryBdfF50z6lnlbh1rOvI6bl4TFJs4MM7WfaRRyj0MqV9f9K3JZuIxy9PuHmgPb_gfUJIZMi1bFwNAHhkMsuBHNpavDnbHCRtQ0",
"e": "AQAB"
},
"contact": [
"mailto:xxx@xx.me"
],
"initialIp": "109.103.234.14",
"createdAt": "2021-12-30T15:55:55.1843644Z",
"status": "valid"
}
2021-12-30 17:56:01,135:DEBUG:acme.client:Storing nonce: 0001LHaFctfreKotSEBBlgVOfWvhIcX2t1buSom4ohgRync
2021-12-30 17:56:34,243:DEBUG:certbot._internal.display.obj:Notifying user: Account registered.
2021-12-30 17:56:34,243:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f9dbc7e39d0>)>), contact=('mailto:xxx@xxx.me',), agreement=None, status='valid', terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/342644180', new_authzr_uri=None, terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'), 8fc76e2fa3fe2257ac640b1c10c4295b, Meta(creation_dt=datetime.datetime(2021, 12, 30, 15, 56, 1, tzinfo=
{ "status": "pending", "expires": "2022-01-06T15:56:28Z", "identifiers": [ { "type": "dns", "value": "emby.xxx.eu" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz-v3/63424898360" ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/342644180/51341488120" } 2021-12-30 17:56:34,786:DEBUG:acme.client:Storing nonce: 00014UTXJ-5DPHPPMVaUc4L0u_q0tGKW47PEN4Dq73nQSeY 2021-12-30 17:56:34,788:DEBUG:acme.client:JWS payload: b'' 2021-12-30 17:56:34,805:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/63424898360: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzQyNjQ0MTgwIiwgIm5vbmNlIjogIjAwMDE0VVRYSi01RFBIUFBNVmFVYzRMMHVfcTB0R0tXNDdQRU40RHE3M25RU2VZIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My82MzQyNDg5ODM2MCJ9", "signature": "Ygu2X7WLknEtYZ68FKTqeurYHYv8PB6nTBIZDefh3_zn4mcdHUUeGCcZawjYrHlm4fVYrjMjjbJa6Ejc3erUCl7WhLXFnBam4qZbGeQbmiG_cgrwGnWis87GX64gvNCaiAUcy6rskiGKtBvDHDAb7b4QV4xkbigNElreNqdytkoZjcatfhcWe9M3oWwFUPiUjQC-N1FE3YN5EWYghpQ4zRTrUBGLBieecuBEKFRmrAbwd1DBJMJ87XjH2Z6uhd7zx6qfhA8zvt3PG9g1YeV3KN43TEagkC8DiROOM_EGbC3dJC85WvMQxBNOYD9CC0gHVPkjcfYpMcLM5iunz3sLqCNYomydDdzaUxEPdxV_XPBHTGR8GqDu9hCnMw2Ero0IxIGVLm4SgmA4c4hAKWYeJJ1af-RUC42uQnfFjUyyGLUDneUIBWqYgIWkm1EMBHC-XSD1NP4oG9n7Xfff1xafuSSWcA7XtpSSU8h28h2VnL2Uz5hyIpnHyKLvV_sWMI0AbH4jQLkRS2Qm5umhhco1OZgzXSGzid7GRPvxdyZQC5czfePn7rLpON4I_rSAaOf6lANdtKYExr5hWM29pT0s-wheevAk0ugVOJltDYhTbvCquNof-Qo6FrCSVL5LlTkBPrl3_LDxKHCKz305pQauJdo-vWIdIgbY8t_klH_awKA", "payload": "" } 2021-12-30 17:56:34,979:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/63424898360 HTTP/1.1" 200 795 2021-12-30 17:56:34,980:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 30 Dec 2021 15:56:29 GMT Content-Type: application/json Content-Length: 795 Connection: keep-alive Boulder-Requester: 342644180 Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index" Replay-Nonce: 0001y5a6jHU2c-h2A_wAQ8BrEyxfwUDurkY1gT4KKlmhjhI X-Frame-Options: DENY Strict-Transport-Security: max-age=604800
{ "identifier": { "type": "dns", "value": "emby.xxx.eu" }, "status": "pending", "expires": "2022-01-06T15:56:28Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/63424898360/UrLdVQ", "token": "6qHnPhKnCVrZrFkOyLAnHB0N2xheur9HTA5-6ky-OMM" }, { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/63424898360/Ox_VPA", "token": "6qHnPhKnCVrZrFkOyLAnHB0N2xheur9HTA5-6ky-OMM" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/63424898360/vNRDvA", "token": "6qHnPhKnCVrZrFkOyLAnHB0N2xheur9HTA5-6ky-OMM" } ] } 2021-12-30 17:56:34,981:DEBUG:acme.client:Storing nonce: 0001y5a6jHU2c-h2A_wAQ8BrEyxfwUDurkY1gT4KKlmhjhI 2021-12-30 17:56:34,982:INFO:certbot._internal.auth_handler:Performing the following challenges: 2021-12-30 17:56:34,982:INFO:certbot._internal.auth_handler:dns-01 challenge for emby.xxx.eu 2021-12-30 17:56:34,984:DEBUG:certbot_dns_desec.dns_desec:Authenticator._perform: emby.xxx.eu, _acme-challenge.emby.xxx.eu, OUN-ZJNHYToHZEFt3BrRSh--XwIgRHVbYps8I9OhNrw 2021-12-30 17:56:34,985:DEBUG:certbot_dns_desec.dns_desec:creating _DesecConfigClient 2021-12-30 17:56:34,988:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): desec.io:443 2021-12-30 17:56:35,309:DEBUG:urllib3.connectionpool:https://desec.io:443 "GET /api/v1//domains/?owns_qname=_acme-challenge.emby.xxx.eu HTTP/1.1" 200 163 2021-12-30 17:56:35,352:DEBUG:urllib3.connectionpool:https://desec.io:443 "GET /api/v1//domains/xxx.eu/rrsets/_acme-challenge.emby/TXT HTTP/1.1" 301 0 2021-12-30 17:56:35,473:DEBUG:urllib3.connectionpool:https://desec.io:443 "GET /api/v1/domains/xxx.eu/rrsets/_acme-challenge.emby/TXT/ HTTP/1.1" 200 262 2021-12-30 17:56:35,692:DEBUG:urllib3.connectionpool:https://desec.io:443 "PUT /api/v1//domains/xxx.eu/rrsets/ HTTP/1.1" 200 314 2021-12-30 17:56:35,697:DEBUG:certbot._internal.display.obj:Notifying user: Waiting 15 seconds for DNS changes to propagate 2021-12-30 17:56:50,706:DEBUG:acme.client:JWS payload: b'{}' 2021-12-30 17:56:50,723:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/63424898360/Ox_VPA: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzQyNjQ0MTgwIiwgIm5vbmNlIjogIjAwMDF5NWE2akhVMmMtaDJBX3dBUThCckV5eGZ3VUR1cmtZMWdUNEtLbG1oamhJIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My82MzQyNDg5ODM2MC9PeF9WUEEifQ", "signature": "eJAn3GAPq16HeHD_Pq-C05swD4-LtPx5AtpLPwQgu_aEgtMc7LquLxXjjyucKKHVtiMWPPYk8LEtaedUyzZzpUnFDsaGYTbRaSxelp-1cpmH0Pi2RiZ_6m4r1shOBfj511iDTVo8cqqY5387nRmHKlCkh34hls1dX9aYfSFtR2z5vli-4_i1quYHfPlOjQtzoddfW3UcGKhhLMbBTsriARy4ysWxGh_5NZj4ZFEd_zIf2oBxbRK0VHKDsebWMBo5Fm5-rZUB2AgDkrd6-8SadWE0Sp7EZ5MNdL2t6tlPpP_bnqZALtDyJPlzvPnde6Mt69IQfqLlydyOtJ2yRnfJnHacjbZCdoyMnjzlSPihAGpGsPP4K2_ReiTpo2QcOhZRHbjcy5k5SBPRxWvS3r3Lz_9cZgWZFuSJEQkQTULzHl-scCeMgQP8X98zWhyCHeCrwhQJ0Ra_4xHWMtDBuRuzgPB9BHZj9FX8mIhh51lPscbmP-2nNdulShHVy_lypU2Z-tAOJ8zhriAhsHlwBycGAG0MaT6SeGA-HJ20kkrlfsPqFdSBPatw2b15LMKiE-VjI5xOd4QyiF3IegvVYaJfmrNQHHBS0plPYQRPKaj1W-v-3FcPnC39vW526iSne-nCVi37nW9otuT3Zx6fDBSwMSZDE1XVlj2Y7aM5Klz8G5c", "payload": "e30" } 2021-12-30 17:56:50,901:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/63424898360/Ox_VPA HTTP/1.1" 200 185 2021-12-30 17:56:50,903:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 30 Dec 2021 15:56:44 GMT Content-Type: application/json Content-Length: 185 Connection: keep-alive Boulder-Requester: 342644180 Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz-v3/63424898360;rel="up" Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/63424898360/Ox_VPA Replay-Nonce: 0001ciUuccHW_O6SeA7Y5ubndDhBuPHf7dKFu-5tXB0zyuU X-Frame-Options: DENY Strict-Transport-Security: max-age=604800
{ "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/63424898360/Ox_VPA", "token": "6qHnPhKnCVrZrFkOyLAnHB0N2xheur9HTA5-6ky-OMM" } 2021-12-30 17:56:50,903:DEBUG:acme.client:Storing nonce: 0001ciUuccHW_O6SeA7Y5ubndDhBuPHf7dKFu-5tXB0zyuU 2021-12-30 17:56:50,904:INFO:certbot._internal.auth_handler:Waiting for verification... 2021-12-30 17:56:51,905:DEBUG:acme.client:JWS payload: b'' 2021-12-30 17:56:51,914:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/63424898360: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzQyNjQ0MTgwIiwgIm5vbmNlIjogIjAwMDFjaVV1Y2NIV19PNlNlQTdZNXVibmREaEJ1UEhmN2RLRnUtNXRYQjB6eXVVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My82MzQyNDg5ODM2MCJ9", "signature": "KuR1aKzJGf4jvwu4ClO4Bny5RY1k4mEz6V0ChlrTM4MQqIvNBvfUmcmtDouB5LpqKHrATajzIaAPQEudRYL6ejulTu7dTwarHocfEFz_E8BRLluXW2MJS98XZ3Z6XbqJljAvhjYXLz4ZunI54d-P-qYOab4cnYIte5VSoeyHB0_F-rF9SHq_6gMgsFRfXCFG7yBA90Rq8mdk2_YO5SsocMC_vqAk93hOlYI69ZvObhAYv-JWyy42ihiN2LZOUuHFBrVcKPHzbRFRZDKBm3MGsq0kdGNLMPWeLTu98ammD3ZhdnhnDaKQvhgWKj9grnoEOnwO4_iXaMEmydNaK19H7jJ_kyubXboUzScjdnm2GwHHy--6iTDnJI0j2326_1ZnYsUtFohFAx_VqQVz9OcE8HgA9A53BaFWCaWGTAFZ_5F2MjBuazlZ6NCAytBpwvUjumCL4CAOpS8ZWD80YlceZbEvSW9kylkwIWz_YQhHrVwt28ar0lqGobt0xsj_VdP9lbWABTT_HTqd6SQJoD4THDWQcwCtkZY5_pMIdokbFLRtATWes7L6BXlVi9XqxLGkTQAI8rJVDgPTi-FqGg1l1kYTI6WTdUxjBEFXr3RdeYEhFnlCGV2fxwrBmAxY1EtOpRQpbWOblrcQeCO3bZgViTaS-GdsXKoWSU3xDHDTSL8", "payload": "" } 2021-12-30 17:56:52,086:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/63424898360 HTTP/1.1" 200 647 2021-12-30 17:56:52,088:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 30 Dec 2021 15:56:46 GMT Content-Type: application/json Content-Length: 647 Connection: keep-alive Boulder-Requester: 342644180 Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index" Replay-Nonce: 0001A5p8fciop8F3JHZiKYxQ1i7_ptoD31kLEhKk2gbmTTo X-Frame-Options: DENY Strict-Transport-Security: max-age=604800
{ "identifier": { "type": "dns", "value": "emby.xxx.eu" }, "status": "invalid", "expires": "2022-01-06T15:56:28Z", "challenges": [ { "type": "dns-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "Incorrect TXT record \"5XghN8fYl7tXkRKp5o2rwSjmbm4yuL026zjnSabX_zU\" found at _acme-challenge.emby.xxx.eu", "status": 403 }, "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/63424898360/Ox_VPA", "token": "6qHnPhKnCVrZrFkOyLAnHB0N2xheur9HTA5-6ky-OMM", "validated": "2021-12-30T15:56:44Z" } ] } 2021-12-30 17:56:52,088:DEBUG:acme.client:Storing nonce: 0001A5p8fciop8F3JHZiKYxQ1i7_ptoD31kLEhKk2gbmTTo 2021-12-30 17:56:52,089:INFO:certbot._internal.auth_handler:Challenge failed for domain emby.xxx.eu 2021-12-30 17:56:52,089:INFO:certbot._internal.auth_handler:dns-01 challenge for emby.xxx.eu 2021-12-30 17:56:52,090:DEBUG:certbot._internal.display.obj:Notifying user: Certbot failed to authenticate some domains (authenticator: dns-desec). The Certificate Authority reported these problems: Domain: emby.xxx.eu Type: unauthorized Detail: Incorrect TXT record "5XghN8fYl7tXkRKp5o2rwSjmbm4yuL026zjnSabX_zU" found at _acme-challenge.emby.xxx.eu
Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-desec. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-desec-propagation-seconds (currently 15 seconds).
2021-12-30 17:56:52,090:DEBUG:certbot._internal.error_handler:Encountered exception: Traceback (most recent call last): File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations self._poll_authorizations(authzrs, max_retries, best_effort) File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed.
2021-12-30 17:56:52,091:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-12-30 17:56:52,091:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-12-30 17:56:52,092:DEBUG:certbot_dns_desec.dns_desec:Authenticator._cleanup: emby.xxx.eu, _acme-challenge.emby.xxx.eu, OUN-ZJNHYToHZEFt3BrRSh--XwIgRHVbYps8I9OhNrw
2021-12-30 17:56:52,092:DEBUG:certbot_dns_desec.dns_desec:creating _DesecConfigClient
2021-12-30 17:56:52,095:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): desec.io:443
2021-12-30 17:56:52,281:DEBUG:urllib3.connectionpool:https://desec.io:443 "GET /api/v1//domains/?owns_qname=_acme-challenge.emby.xxx.eu HTTP/1.1" 200 163
2021-12-30 17:56:52,322:DEBUG:urllib3.connectionpool:https://desec.io:443 "GET /api/v1//domains/xxx.eu/rrsets/_acme-challenge.emby/TXT HTTP/1.1" 301 0
2021-12-30 17:56:52,411:DEBUG:urllib3.connectionpool:https://desec.io:443 "GET /api/v1/domains/xxx.eu/rrsets/_acme-challenge.emby/TXT/ HTTP/1.1" 200 312
2021-12-30 17:56:52,619:DEBUG:urllib3.connectionpool:https://desec.io:443 "PUT /api/v1//domains/xxx.eu/rrsets/ HTTP/1.1" 200 264
2021-12-30 17:56:52,623:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in
emvidi
commented
2 years ago 
emvidi
commented
2 years ago I should mention that I was able to generate the certificate after manually deleting the challenge before running certbot.
nils-wisiol
commented
2 years ago I can't find any of the TXT records shown in the screenshots in the logs, and the record in the log doesn't show in the screenshot, so I assume the records in the screenshot stem from ealier/later runs of certbot. Also, the log indicates that the deletion of the TXT records was successful ("17:56:52,619 ... PUT ... rrsets/ ... 200").
Hence I believe your reported issue results from a combination of two separate issues:
Both issues are addressed in #9 which I plan to release in one or two weeks.
Of course, I can't prove that it worked by chance after you removed the other TXT records, but if you find the time to try it out after the release that'd greatly appreciated.
emvidi
commented
2 years ago Thank you very much for looking into this issue. Yes you are right, I had to delete the old TXT records for me to be able to create the certs. The ones in the last image are the ones that resulted from the last successful certs creation. They are still there, meaning that they do not get deleted at the moment. I did not know about the API rate limits, I will read again the docs.
I will try the new version as soon as you release it.
„Guten Rutsch!" for desec.io team.
peterthomassen
commented
2 years ago
- deSEC's API rate limits block removal of TXT records (the last or so request fails due to the rate limit and won't be repeated)
If this was the case, the log should show a 429 error response.
emvidi
commented
2 years ago 2021-12-30 18:08:21,214:DEBUG:certbot._internal.main:certbot version: 1.21.0
2021-12-30 18:08:21,214:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2021-12-30 18:08:21,214:DEBUG:certbot._internal.main:Arguments: ['--manual-cleanup-hook', '/etc/letsencrypt/renewal-hooks/deploy/emby.xxx.eu_deploy.sh', '--authenticator', 'dns-desec', '--dns-desec-credentials', '/etc/letsencrypt/.secrets/emby.xxx.eu.ini', '--dns-desec-propagation-seconds', '60', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '--agree-tos', '--rsa-key-size', '4096', '--email', 'xxx@xx.xx', '-d', 'emby.xxx.eu']
2021-12-30 18:08:21,214:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#certbot-dns-desec:dns-desec,PluginEntryPoint#dns-desec,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-12-30 18:08:21,222:DEBUG:certbot._internal.log:Root logging level set at 30
2021-12-30 18:08:21,223:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-desec and installer None
2021-12-30 18:08:21,225:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * dns-desec
Description: Obtain certificates using a DNS TXT record (if you are using deSEC.io for DNS).
Interfaces: Authenticator, Plugin
Entry point: dns-desec = certbot_dns_desec.dns_desec:Authenticator
Initialized: <certbot_dns_desec.dns_desec.Authenticator object at 0x7f64d08b6290>
Prep: True
2021-12-30 18:08:21,226:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_desec.dns_desec.Authenticator object at 0x7f64d08b6290> and installer None
2021-12-30 18:08:21,226:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator dns-desec, Installer None
2021-12-30 18:08:21,246:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/342644180', new_authzr_uri=None, terms_of_service=None), 8fc76e2fa3fe2257ac640b1c10c4295b, Meta(creation_dt=datetime.datetime(2021, 12, 30, 15, 56, 1, tzinfo=
{ "GsvHvZYXBFk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" } 2021-12-30 18:08:21,992:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for emby.xxx.eu 2021-12-30 18:08:23,681:DEBUG:certbot.crypto_util:Generating RSA key (4096 bits): /etc/letsencrypt/keys/0005_key-certbot.pem 2021-12-30 18:08:23,687:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0005_csr-certbot.pem 2021-12-30 18:08:23,688:DEBUG:acme.client:Requesting fresh nonce 2021-12-30 18:08:23,688:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce. 2021-12-30 18:08:23,860:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0 2021-12-30 18:08:23,861:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 30 Dec 2021 16:08:17 GMT Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index" Replay-Nonce: 0102RGBq3lqJkeG02ji6UYnKcJPYCvkOx6Gg_eBbuM6jrVA X-Frame-Options: DENY Strict-Transport-Security: max-age=604800
2021-12-30 18:08:23,862:DEBUG:acme.client:Storing nonce: 0102RGBq3lqJkeG02ji6UYnKcJPYCvkOx6Gg_eBbuM6jrVA 2021-12-30 18:08:23,862:DEBUG:acme.client:JWS payload: b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "emby.xxx.eu"\n }\n ]\n}' 2021-12-30 18:08:23,879:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzQyNjQ0MTgwIiwgIm5vbmNlIjogIjAxMDJSR0JxM2xxSmtlRzAyamk2VVluS2NKUFlDdmtPeDZHZ19lQmJ1TTZqclZBIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ", "signature": "pLVKtfgc25-i_61ukQSlreI1oLSbGK8677EyY3A80LALS5sPYSq3gDABnSD-knO5SiiwUStb7GuUb35Fs7wwfaB4qRz5-hA2QX6M9N_M37yFzQeuvYw_OlEVPAZlguqGyt0gMCQ9OhoJIkkKi60v8e6-puShSVQqa5JfDO3FK_iQgFvgfkfSGnogNG9ECrxqy2squKEsVEmigihKYKqFA5hC7XKKTAFpfZQTn64f8BJIkNpi7dgk-CRW0UP_yIBm-fLyK7SG9Tr_qY6rfOFRQWgiYNOM8jfVMutfI9RLKOqrExc_ogvxRCzMk9rV1ygPrZxfOPnNenVFKG4rDGoON9Gg-zUDyxwAghgqcclHBu4L0UxxhaGsuU8vO2SYUsgMa_E1_Js9sDuyjM8d8p6RZRfWfJXUJKH3PV9iQiYXfMDbTpGgH8ZQR1xYSrtwJ9lzVayRtOPDZdtoG9Qhfs39W0E8u5PrX50xV_RCF_GGVwJetJC2SzCzxmgEDWJK2PeYxlsnzOcqADNtgVszHaY_noM8kemI-MLxYZRPteKz7DeRwbGecGG2eccfHkenqzae39xNj1Z2xhINXYlxi4R_n49ZLMzddWHJQUvpQLq3xtNLuavy4EnmnW3hIGy6tGBdUk0qw2ncYXzF4mH2N7XZe9KwXvKiNL9UPsFpPnDbxmY", "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImVtYnkuZW12aWRpLmV1IgogICAgfQogIF0KfQ" } 2021-12-30 18:08:24,157:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 429 201 2021-12-30 18:08:24,157:DEBUG:acme.client:Received response: HTTP 429 Server: nginx Date: Thu, 30 Dec 2021 16:08:18 GMT Content-Type: application/problem+json Content-Length: 201 Connection: keep-alive Boulder-Requester: 342644180 Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index" Replay-Nonce: 0101N0XHBQu-jA8O6WMoZA1kwFu_Pz5QWtD9dhZfYa5sR4g
{
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
"status": 429
}
2021-12-30 18:08:24,157:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in
emvidi
commented
2 years ago to many failed attempts resulted in 429 from le
nils-wisiol
commented
2 years ago deSEC certbot plugin has been released and automatically throttles requests according to API limits. Be advised that, depending on how many requests certbot makes for you, this could mean that certbot runs for over one hour.
With the new version, you should be able to get the certificates. If not, please reopen this issue. Thanks!
emvidi
commented
2 years ago Just tested the new version of the plugin and it still does not delete the challenge TXT record.
emvidi
commented
2 years ago 2022-01-09 20:20:15,395:DEBUG:certbot._internal.main:certbot version: 1.21.0
2022-01-09 20:20:15,395:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2022-01-09 20:20:15,395:DEBUG:certbot._internal.main:Arguments: ['--authenticator', 'dns-desec', '--dns-desec-credentials', '/etc/letsencrypt/.secrets/ds1.xxx.eu.ini', '--dns-desec-propagation-seconds', '60', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '--agree-tos', '--rsa-key-size', '4096', '--email', 'xxx@xxx.xx', '-d', 'ds1.xxx.eu']
2022-01-09 20:20:15,395:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#certbot-dns-desec:dns-desec,PluginEntryPoint#dns-desec,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-01-09 20:20:15,405:DEBUG:certbot._internal.log:Root logging level set at 30
2022-01-09 20:20:15,405:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-desec and installer None
2022-01-09 20:20:15,408:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * dns-desec
Description: Obtain certificates using a DNS TXT record (if you are using deSEC.io for DNS).
Interfaces: Authenticator, Plugin
Entry point: dns-desec = certbot_dns_desec.dns_desec:Authenticator
Initialized: <certbot_dns_desec.dns_desec.Authenticator object at 0x7ffa4699e800>
Prep: True
2022-01-09 20:20:15,408:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_desec.dns_desec.Authenticator object at 0x7ffa4699e800> and installer None
2022-01-09 20:20:15,408:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator dns-desec, Installer None
2022-01-09 20:20:15,429:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/342644180', new_authzr_uri=None, terms_of_service=None), 8fc76e2fa3fe2257ac640b1c10c4295b, Meta(creation_dt=datetime.datetime(2021, 12, 30, 15, 56, 1, tzinfo=
{ "PE8EPGLAb5g": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" } 2022-01-09 20:20:15,923:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for ds1.xxx.eu 2022-01-09 20:20:16,384:DEBUG:certbot.crypto_util:Generating RSA key (4096 bits): /etc/letsencrypt/keys/0012_key-certbot.pem 2022-01-09 20:20:16,390:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0012_csr-certbot.pem 2022-01-09 20:20:16,390:DEBUG:acme.client:Requesting fresh nonce 2022-01-09 20:20:16,390:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce. 2022-01-09 20:20:16,548:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0 2022-01-09 20:20:16,549:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sun, 09 Jan 2022 18:20:06 GMT Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index" Replay-Nonce: 0102vN-kJquDX7MSIZjnUdEdJfZfsVqddXHci3u23M4zdTE X-Frame-Options: DENY Strict-Transport-Security: max-age=604800
2022-01-09 20:20:16,550:DEBUG:acme.client:Storing nonce: 0102vN-kJquDX7MSIZjnUdEdJfZfsVqddXHci3u23M4zdTE 2022-01-09 20:20:16,550:DEBUG:acme.client:JWS payload: b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "ds1.xxx.eu"\n }\n ]\n}' 2022-01-09 20:20:16,570:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzQyNjQ0MTgwIiwgIm5vbmNlIjogIjAxMDJ2Ti1rSnF1RFg3TVNJWmpuVWRFZEpmWmZzVnFkZFhIY2kzdTIzTTR6ZFRFIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ", "signature": "BdluYR42_2EL2vizHZMX8pq9I6lhlMdQQn6m2pydotzxuwAHuU66B24sMMInUgJ-6lcfC7UJFs9F5YyPnvgRJcvREjwVO6eCYIBazQgJ3z2nSieW1HjVDx3fbFu7uJF_Y7b_Sb70bcg8DtimuKYpK3Q9LQONnuv0F4FxNjhMIRziLxSu2d1EPqWQ4gxFTHZ0ZVRU8Z84K939ogFFuBmxyAvLjMiODeCtkM0R8hkYciSwfXx0A2LafnIamFvs_tz0XCI0ehIxVhD5_I_66EFrzLuNAjdWgAc75nORwbjTlSjnvOkhIWVBJdQ4tN0-q88Oq5asFbNevrNOXmDZhlZV__C_t1vO81Lmlh2U5taeFGL0ebB5QKbwkkDQXzW2-KKoRQfqNIHWs1VX95bqm-Dx0WUx02T7_MAyrPE9LmfqvQJY4-3YtnYJw_z0VwcGVlejPDYG0yMA4ci1FgLMXCHSNlfz7k-xdTpt8T22yi97hI0afcUuPJ2jtk2lGGwG9c3ovhhrr0ULDLiI_qIuZ8xIgrdIUkrgQ1g4XSEy2oMsze8ZRcxSZrEkUvjGKb8LeL4RjxUc3xxk4LR0_Y9IlESw0XajmX87L8VdUCyqIrd4tjG71wYmf3dcALht6WKo30YC3z4oS8tR7f0f3b3AeLaBT6ya0nscT4o5WHvIwXlEK4s", "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImRzMS5lbXZpZGkuZXUiCiAgICB9CiAgXQp9" } 2022-01-09 20:20:16,962:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 336 2022-01-09 20:20:16,964:DEBUG:acme.client:Received response: HTTP 201 Server: nginx Date: Sun, 09 Jan 2022 18:20:07 GMT Content-Type: application/json Content-Length: 336 Connection: keep-alive Boulder-Requester: 342644180 Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index" Location: https://acme-v02.api.letsencrypt.org/acme/order/342644180/54010853650 Replay-Nonce: 0101IzW9GZH0SzZP1Xzf3eHlgiJBwkx8ofFiepFi9xbQwXU X-Frame-Options: DENY Strict-Transport-Security: max-age=604800
{ "status": "pending", "expires": "2022-01-16T18:20:06Z", "identifiers": [ { "type": "dns", "value": "ds1.xxx.eu" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz-v3/66613272770" ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/342644180/54010853650" } 2022-01-09 20:20:16,964:DEBUG:acme.client:Storing nonce: 0101IzW9GZH0SzZP1Xzf3eHlgiJBwkx8ofFiepFi9xbQwXU 2022-01-09 20:20:16,965:DEBUG:acme.client:JWS payload: b'' 2022-01-09 20:20:16,982:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/66613272770: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzQyNjQ0MTgwIiwgIm5vbmNlIjogIjAxMDFJelc5R1pIMFN6WlAxWHpmM2VIbGdpSkJ3a3g4b2ZGaWVwRmk5eGJRd1hVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My82NjYxMzI3Mjc3MCJ9", "signature": "x15q9QCy9YVgQzVyWu2LBiscbEuSoq1ej3GAbJxy1Mlf5NvnCmdgrs25t2HfVV7ARcbbAP21hdB62RM5xhtrGC8d-aal0EeVG12n4oyliQMv8dCkHtL6Wx5A-Gz8YOPDuDs62grAnB3SpdXfNFT-4nMoRiE2A5JFsQAN3noUbxsPZEZbE8WMlCMKZMiLH3C2wGpmSIWL3yBEeFTEu73D1WZaMNmBda3o0LtdUoAboWQxwi6bKC9995RlLFJCHiuM_-ZowaO22nq3yMDAEOHGwdXX5nYQql9rkm116naipMysAQov6knQOGXIk7mbXNb9qno9HLP7d4A9RkxbaewaLYXnWNuOasUKSUxn6UqOJ9DFJUI5iU1orr9N6CkksqCoui2Y1vDWoMTAay3w81zrXVRBh0_kb8nQ6G1CkaGCC3z2SrzNv48HKxBEbb-xEZnB8d04CspKj-d4lUx9HmNvTxdV3SyrybfoFWvWxBcWPS2zNOSVqIPGPPMNBymWG5fzEsohVlP23eAVNrsdZ84JRbvEGBgEOAs1_s9bsrRxL7F1UViXNdGIr87MyVedFsBQcOxvdCGenCs2RrjTndmSwYeUeYbASq42DIn7IidtUkcE6wdoMVWSN5eiHg9Ni2-NSm4PUOA9SSoPhCHaA4K76eYbe7fBo8wQt7_ASMUfrKA", "payload": "" } 2022-01-09 20:20:17,164:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/66613272770 HTTP/1.1" 200 794 2022-01-09 20:20:17,164:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sun, 09 Jan 2022 18:20:07 GMT Content-Type: application/json Content-Length: 794 Connection: keep-alive Boulder-Requester: 342644180 Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index" Replay-Nonce: 0101glKDxth7Nn_560CVoc1oSPADR5eurv5sSL7VFTX6lJM X-Frame-Options: DENY Strict-Transport-Security: max-age=604800
{ "identifier": { "type": "dns", "value": "ds1.xxx.eu" }, "status": "pending", "expires": "2022-01-16T18:20:06Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/66613272770/al1MOA", "token": "eHYQokx6WWAQidfgtPf8x4ERW8npr0oTVvLGdNn_Pf8" }, { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/66613272770/wtbkFA", "token": "eHYQokx6WWAQidfgtPf8x4ERW8npr0oTVvLGdNn_Pf8" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/66613272770/e2tm4g", "token": "eHYQokx6WWAQidfgtPf8x4ERW8npr0oTVvLGdNn_Pf8" } ] } 2022-01-09 20:20:17,164:DEBUG:acme.client:Storing nonce: 0101glKDxth7Nn_560CVoc1oSPADR5eurv5sSL7VFTX6lJM 2022-01-09 20:20:17,165:INFO:certbot._internal.auth_handler:Performing the following challenges: 2022-01-09 20:20:17,165:INFO:certbot._internal.auth_handler:dns-01 challenge for ds1.xxx.eu 2022-01-09 20:20:17,165:DEBUG:certbot_dns_desec.dns_desec:Authenticator._perform: ds1.xxx.eu, _acme-challenge.ds1.xxx.eu, TAtK125CNyPZjS9mVqyCJynGSAl-52mx1cytIjJtAcA 2022-01-09 20:20:17,166:DEBUG:certbot_dns_desec.dns_desec:creating _DesecConfigClient 2022-01-09 20:20:17,167:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): desec.io:443 2022-01-09 20:20:17,462:DEBUG:urllib3.connectionpool:https://desec.io:443 "GET /api/v1/domains/?owns_qname=_acme-challenge.ds1.xxx.eu HTTP/1.1" 200 163 2022-01-09 20:20:17,538:DEBUG:urllib3.connectionpool:https://desec.io:443 "GET /api/v1/domains/xxx.eu/rrsets/_acme-challenge.ds1/TXT/ HTTP/1.1" 404 23 2022-01-09 20:20:17,688:DEBUG:urllib3.connectionpool:https://desec.io:443 "PUT /api/v1/domains/xxx.eu/rrsets/ HTTP/1.1" 200 262 2022-01-09 20:20:17,692:DEBUG:certbot._internal.display.obj:Notifying user: Waiting 60 seconds for DNS changes to propagate 2022-01-09 20:21:17,749:DEBUG:acme.client:JWS payload: b'{}' 2022-01-09 20:21:17,766:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/66613272770/wtbkFA: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzQyNjQ0MTgwIiwgIm5vbmNlIjogIjAxMDFnbEtEeHRoN05uXzU2MENWb2Mxb1NQQURSNWV1cnY1c1NMN1ZGVFg2bEpNIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My82NjYxMzI3Mjc3MC93dGJrRkEifQ", "signature": "DcGgIcYj0nHOgmow9-co034rpWHAUvDuIkAcmAS8hQm1rUD2bfUDGllvXmIcLpvBL1bdBSQMcjYfcsNFPGhVsg5j-QkRnpuup6Z48JNiWaxsEU402FhUgO5XzG_xPgyG3XXnnXbv0DcsVFaSGB9Vk6FGeJZK7yb976Qqt_uQCjzbSkHfjdkEGvyUrCW0VgHIZYa5by8-kcXqLdzr2yVaORsmMa-G0TWPAuQS_LvSimeUFEdOvifNTkORHrGvQtjSN9W-MN6AJRX5KXw7VjLQaIo5x4vBqAuIuT8SCNWZnh3Bz3_SGpHn-2COjdCFVoyPczZDwooh173CDX9Iu5h6Cmu5WC3pijjcQ587VO8JO0lbk3RTOKW8b3sqyqrXTfnXIwebC_wDAjuqPz5PzVxYh7CYbTiJTz_F3btmVvxgCUDGtX94d2iP0SXi9rxhh-SHFKWWsywv5B3DP_M1Ya9uUMHRF5IgN-VbwDKk_2ouF3nQW8z6xcHf9NcBstUVf9DqbhNr2UvZuRYu6if1uG1BPAcsyLbN_S6aXb-uoUNDv8v5F4qtNojOmTpIGSqzlptPZA7CXCBXoK4trydjivCwfyQmSkKrr7JqmGYSHCnPWM8HyStoAwRNz9ctf1fMJy_45f0MNnTd7WSEGZT8P6JHM3WO0zZzYOTrv7pjeyL2PjI", "payload": "e30" } 2022-01-09 20:21:17,969:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/66613272770/wtbkFA HTTP/1.1" 200 185 2022-01-09 20:21:17,971:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sun, 09 Jan 2022 18:21:08 GMT Content-Type: application/json Content-Length: 185 Connection: keep-alive Boulder-Requester: 342644180 Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz-v3/66613272770;rel="up" Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/66613272770/wtbkFA Replay-Nonce: 0102VNm5T991XHeIZInBdT8C494kml69br92MB-HHVhHFbE X-Frame-Options: DENY Strict-Transport-Security: max-age=604800
{ "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/66613272770/wtbkFA", "token": "eHYQokx6WWAQidfgtPf8x4ERW8npr0oTVvLGdNn_Pf8" } 2022-01-09 20:21:17,971:DEBUG:acme.client:Storing nonce: 0102VNm5T991XHeIZInBdT8C494kml69br92MB-HHVhHFbE 2022-01-09 20:21:17,972:INFO:certbot._internal.auth_handler:Waiting for verification... 2022-01-09 20:21:18,974:DEBUG:acme.client:JWS payload: b'' 2022-01-09 20:21:18,992:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/66613272770: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzQyNjQ0MTgwIiwgIm5vbmNlIjogIjAxMDJWTm01VDk5MVhIZUlaSW5CZFQ4QzQ5NGttbDY5YnI5Mk1CLUhIVmhIRmJFIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My82NjYxMzI3Mjc3MCJ9", "signature": "tbVD22fQ79X1w-j4vkAae7N1R-gZGlI3WDH_c-lCMQc_paAkm7pO9DDUDXH5uv7jZTa4v9Gw6XRAv1MsdsBSOG9Tt8pBIHfdBriCJ_NvCJ_6iioqZQOBKmBsqiBas3lEBnNg3if6Uy_SwTGppG88pXlbBsqYLhbb7EmCjwdK1S9MStnp04FY03DAkqs7y8M24Auf9L9GCzU-GM3m2ia4drx9keknoFmZ-AEjU8uKVEQjyhK2CuqQy0lVivtl3zjvuNijE9bg-5P43yMTUjml-86IvUGRaddxjgsV7-mcmpRRMVC0z5xPJghMUIJbjVD6VD10Q4FRH1wSL4sFdg_P_k4xQnmxMpFs5pHWP_6VY84uQEEda4k3m-Ai9Fkn9dNywTcV5H4nC2sw5wuX8sFlWN1vwt0Ahg0j0iYge_HiFVoll2jxQ3kpyDtWVLxCZzlxf7R1t-flo67kE1Ax59g-YLViNVGgmKlLM6eFYKhQ0jSqrJ-bwYWKuTr38BGOhGids4SMVJ42UotsNwqjn8q87KJhd8k3ouCb2WGSKdPkdY4f4cLmOx0qtk4qxrNiAxfbnlCP4gTd89pvB02bypYjGFw86XnfS5MBgiryWtmde9n6JuodBv60N7-1mcKrDBXlpbpSo4oKpOVLzb6vAuOGZTo5Kl6kwAZLx4IG3yOQg", "payload": "" } 2022-01-09 20:21:19,183:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/66613272770 HTTP/1.1" 200 500 2022-01-09 20:21:19,184:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sun, 09 Jan 2022 18:21:09 GMT Content-Type: application/json Content-Length: 500 Connection: keep-alive Boulder-Requester: 342644180 Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index" Replay-Nonce: 01017OnvNrdFlTAk4F_oWPIrUn2uTmBrAQJEl5n3DlddX2g X-Frame-Options: DENY Strict-Transport-Security: max-age=604800
{ "identifier": { "type": "dns", "value": "ds1.xxx.eu" }, "status": "valid", "expires": "2022-02-08T18:21:08Z", "challenges": [ { "type": "dns-01", "status": "valid", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/66613272770/wtbkFA", "token": "eHYQokx6WWAQidfgtPf8x4ERW8npr0oTVvLGdNn_Pf8", "validationRecord": [ { "hostname": "ds1.xxx.eu" } ], "validated": "2022-01-09T18:21:08Z" } ] } 2022-01-09 20:21:19,184:DEBUG:acme.client:Storing nonce: 01017OnvNrdFlTAk4F_oWPIrUn2uTmBrAQJEl5n3DlddX2g 2022-01-09 20:21:19,185:DEBUG:certbot._internal.error_handler:Calling registered functions 2022-01-09 20:21:19,186:INFO:certbot._internal.auth_handler:Cleaning up challenges 2022-01-09 20:21:19,187:DEBUG:certbot_dns_desec.dns_desec:Authenticator._cleanup: ds1.xxx.eu, _acme-challenge.ds1.xxx.eu, TAtK125CNyPZjS9mVqyCJynGSAl-52mx1cytIjJtAcA 2022-01-09 20:21:19,187:DEBUG:certbot_dns_desec.dns_desec:creating _DesecConfigClient 2022-01-09 20:21:19,190:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): desec.io:443 2022-01-09 20:21:19,385:DEBUG:urllib3.connectionpool:https://desec.io:443 "GET /api/v1/domains/?owns_qname=_acme-challenge.ds1.xxx.eu HTTP/1.1" 200 163 2022-01-09 20:21:19,529:DEBUG:urllib3.connectionpool:https://desec.io:443 "GET /api/v1/domains/xxx.eu/rrsets/_acme-challenge.ds1/TXT/ HTTP/1.1" 200 260 2022-01-09 20:21:19,700:DEBUG:urllib3.connectionpool:https://desec.io:443 "PUT /api/v1/domains/xxx.eu/rrsets/ HTTP/1.1" 200 262 2022-01-09 20:21:19,702:DEBUG:certbot._internal.client:CSR: CSR(file='/etc/letsencrypt/csr/0012_csr-certbot.pem', data=b'-----BEGIN CERTIFICATE REQUEST-----\nMIIEcDCCAlgCAQIwADCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMAR\ngQ4fhA3x4Aul7bj0fEkbnGyZDES0v0FRD0IvpWrf793iRrn7XmgaoYDoykyfWg+M\nzGg3728HV/9EFTl4KhW2+QSgrZzEEGWe4Lc8w9RSIO4Bf6+SDUwe6r3AxtqkvMiQ\nZjyAmnQDqwWcjqoP1y4aoTDKEV6WE36fxtKYOLNxKQlssRPMpstV4sAF27BQK3rj\n8VrMdRgj3A23GZBAKto1hc5//bgUGqx1Bamxux7/GopBP66Y+awFCAstIOF0VPcf\nLKtPTljqVkaoLkQ/SIkSljECBIkjFIgYBVVGbiR/1Hu+VG8nwhysjixnfkSXn8fq\niRd4C3ptbG+O7Yx6r3E53BfMOcatAXrBQhXNklK51NyjwhZzW6euTt5airgoQ3om\nlZ9PQFhPp7kskInEAt+TVicW4hmP090J/flOpePRW9I3h4IS5hL+uymrthLaiVPZ\no3eoDxJulhLdr1rcrxS3M4YCeegkMjyeWgtqlDtK98R37W3QBgHYAY52mVBEJvON\n2rxELDgNKjf+nX6y4Y+xj6cVOw3qA9V20plvKc3m68TjIBBpEzrUrnYUZbyNsWvb\n5F25J5jwibujcMzca5oemfYPo5FgFoyTYE+yhRjDCmf6Vo6sTJrikPDGS8iBBYJc\nc/HG970yV3GWtI/Bfp+OvJ1wQA1LGa2ghYltO3j1AgMBAAGgKzApBgkqhkiG9w0B\nCQ4xHDAaMBgGA1UdEQQRMA+CDWRzMS5lbXZpZGkuZXUwDQYJKoZIhvcNAQELBQAD\nggIBAJvRtV76e8YFV7HVMq0qUJpVHiJ1mAsidZ5a8IPImT4TtxycHK7906RjdDxr\nhNWYEt0PAUcbS/2lVzSZR3wSi+7Iex0rdBgmXhCqgJYTtwxWIMlgYOVjEBb25qaY\n/RC6liQX9b7o9M+EUhciplZvY8OauygnqC3L74iIcKwVrxYUWIMgIfv7y9mT0Cln\nYbsfjx6gRf63GIU52Yp3jtR8l2KNYvvX+LRApD6NHZZxqf8CJtFOWN3iTFqRUEs9\n3wZgDy8MuJ6FctgE0HAK7pbFHS/WGVahLzyk7WWPQSi9/gXDogXXipcyNuYqylod\n/6Jf65UJmNLXLAES+PHBnOe6CMc928l3gcWWJyxlJygcH7bAZ3wccXnCCVNJbobJ\n0GDp3Bq2vGbo8eP1MJv7BGZEBlq4O2HpIjc93LOGcpWU7MdP0E6IJ/Kvbj9eMzmk\nY32Eqwt30iiK/3Dc75rJ8gx1BwtzaQ6J+rYXKHaeTCQO773BUmGPxsHP24muVLQ0\nxcQZoieDBWl6wSMQ2edY15jEXQNhjMJmqkX8f0GuKUHnjaTR6bOw+jPpUf+0jji/\nlf0puEH49iPvjBKVqS2FOq6MN8qKHVPNdWVu6r3a02Ezq8cmbMOxxpMQddT6qWix\nTyv42Ssh9wegSY7bzMRWCBlmlk+Z90pXUR7gp7PDM1fr+yjX\n-----END CERTIFICATE REQUEST-----\n', form='pem') 2022-01-09 20:21:19,702:DEBUG:acme.client:JWS payload: b'{\n "csr": "MIIEcDCCAlgCAQIwADCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMARgQ4fhA3x4Aul7bj0fEkbnGyZDES0v0FRD0IvpWrf793iRrn7XmgaoYDoykyfWg-MzGg3728HV_9EFTl4KhW2-QSgrZzEEGWe4Lc8w9RSIO4Bf6-SDUwe6r3AxtqkvMiQZjyAmnQDqwWcjqoP1y4aoTDKEV6WE36fxtKYOLNxKQlssRPMpstV4sAF27BQK3rj8VrMdRgj3A23GZBAKto1hc5__bgUGqx1Bamxux7_GopBP66Y-awFCAstIOF0VPcfLKtPTljqVkaoLkQ_SIkSljECBIkjFIgYBVVGbiR_1Hu-VG8nwhysjixnfkSXn8fqiRd4C3ptbG-O7Yx6r3E53BfMOcatAXrBQhXNklK51NyjwhZzW6euTt5airgoQ3omlZ9PQFhPp7kskInEAt-TVicW4hmP090J_flOpePRW9I3h4IS5hL-uymrthLaiVPZo3eoDxJulhLdr1rcrxS3M4YCeegkMjyeWgtqlDtK98R37W3QBgHYAY52mVBEJvON2rxELDgNKjf-nX6y4Y-xj6cVOw3qA9V20plvKc3m68TjIBBpEzrUrnYUZbyNsWvb5F25J5jwibujcMzca5oemfYPo5FgFoyTYE-yhRjDCmf6Vo6sTJrikPDGS8iBBYJcc_HG970yV3GWtI_Bfp-OvJ1wQA1LGa2ghYltO3j1AgMBAAGgKzApBgkqhkiG9w0BCQ4xHDAaMBgGA1UdEQQRMA-CDWRzMS5lbXZpZGkuZXUwDQYJKoZIhvcNAQELBQADggIBAJvRtV76e8YFV7HVMq0qUJpVHiJ1mAsidZ5a8IPImT4TtxycHK7906RjdDxrhNWYEt0PAUcbS_2lVzSZR3wSi-7Iex0rdBgmXhCqgJYTtwxWIMlgYOVjEBb25qaY_RC6liQX9b7o9M-EUhciplZvY8OauygnqC3L74iIcKwVrxYUWIMgIfv7y9mT0ClnYbsfjx6gRf63GIU52Yp3jtR8l2KNYvvX-LRApD6NHZZxqf8CJtFOWN3iTFqRUEs93wZgDy8MuJ6FctgE0HAK7pbFHS_WGVahLzyk7WWPQSi9_gXDogXXipcyNuYqylod_6Jf65UJmNLXLAES-PHBnOe6CMc928l3gcWWJyxlJygcH7bAZ3wccXnCCVNJbobJ0GDp3Bq2vGbo8eP1MJv7BGZEBlq4O2HpIjc93LOGcpWU7MdP0E6IJ_Kvbj9eMzmkY32Eqwt30iiK_3Dc75rJ8gx1BwtzaQ6J-rYXKHaeTCQO773BUmGPxsHP24muVLQ0xcQZoieDBWl6wSMQ2edY15jEXQNhjMJmqkX8f0GuKUHnjaTR6bOw-jPpUf-0jji_lf0puEH49iPvjBKVqS2FOq6MN8qKHVPNdWVu6r3a02Ezq8cmbMOxxpMQddT6qWixTyv42Ssh9wegSY7bzMRWCBlmlk-Z90pXUR7gp7PDM1fr-yjX"\n}' 2022-01-09 20:21:19,707:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/finalize/342644180/54010853650: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzQyNjQ0MTgwIiwgIm5vbmNlIjogIjAxMDE3T252TnJkRmxUQWs0Rl9vV1BJclVuMnVUbUJyQVFKRWw1bjNEbGRkWDJnIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9maW5hbGl6ZS8zNDI2NDQxODAvNTQwMTA4NTM2NTAifQ", "signature": "FIKvumqdCxW2nryYiPTCKoBEHqUp5WnYKr9dK88I9e6rj1nlCkz5HTAZqORl3yIqx7ZH05PzxPi9LWceos7dVzLmcveRKbWXARpcGGjvt-H8nCstfk8ZF3mlK64UMdMz3Ni9bY8bbDbN24vtpK0GixdQddFDkKXnX2c1y0cmI7xtIoNH_az5FBxx8Ob2y4TgwDgZw3uafa-_OUYiLM1qt0W-bsT_HPB-zD4YRhGUbAfA2XgJyAuOR7BJ3fo2rWnhlK3aquQLjctEMgoRDkAJnAcHgdb5xs9TkmOYkbePej8Qccxo5Gxm2fHU4M6G2gbWSDxWjLRIBStESpZ6hYVtam-qU_JYxA1LXoZXlZslgY86-ujjDGZOzomDpqVjGP8b5iBPXUeeIkpXS1RlJbMAPy6XwlEyu9QYiZwvYDFpdS4B58GtnTUwJk_u7ZxU3vkLMoQjHVANTo0S4JqcSpZJklaHREJUNSNluWDYmGoWYV8KIlTrbhr5DUfCWCToCHHbNOBQEqULTjQBCX0sex93-so-flJX64GlzEpqZoGMktetqfVMZXvJ7m2LgwWL7HslxeWVTok0E_YldZzbreJVQ3tgts7dr95865Y50XpnKcexsVkvNgTJc3n_ONgUYKCmDLaPpyKdygPT4q25kqD2E2XoDz4J-h2RMxmQaYdprpg", "payload": "ewogICJjc3IiOiAiTUlJRWNEQ0NBbGdDQVFJd0FEQ0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQU1BUmdRNGZoQTN4NEF1bDdiajBmRWtibkd5WkRFUzB2MEZSRDBJdnBXcmY3OTNpUnJuN1htZ2FvWURveWt5ZldnLU16R2czNzI4SFZfOUVGVGw0S2hXMi1RU2dyWnpFRUdXZTRMYzh3OVJTSU80QmY2LVNEVXdlNnIzQXh0cWt2TWlRWmp5QW1uUURxd1djanFvUDF5NGFvVERLRVY2V0UzNmZ4dEtZT0xOeEtRbHNzUlBNcHN0VjRzQUYyN0JRSzNyajhWck1kUmdqM0EyM0daQkFLdG8xaGM1X19iZ1VHcXgxQmFteHV4N19Hb3BCUDY2WS1hd0ZDQXN0SU9GMFZQY2ZMS3RQVGxqcVZrYW9Ma1FfU0lrU2xqRUNCSWtqRklnWUJWVkdiaVJfMUh1LVZHOG53aHlzaml4bmZrU1huOGZxaVJkNEMzcHRiRy1PN1l4NnIzRTUzQmZNT2NhdEFYckJRaFhOa2xLNTFOeWp3aFp6VzZldVR0NWFpcmdvUTNvbWxaOVBRRmhQcDdrc2tJbkVBdC1UVmljVzRobVAwOTBKX2ZsT3BlUFJXOUkzaDRJUzVoTC11eW1ydGhMYWlWUFpvM2VvRHhKdWxoTGRyMXJjcnhTM000WUNlZWdrTWp5ZVdndHFsRHRLOThSMzdXM1FCZ0hZQVk1Mm1WQkVKdk9OMnJ4RUxEZ05LamYtblg2eTRZLXhqNmNWT3czcUE5VjIwcGx2S2MzbTY4VGpJQkJwRXpyVXJuWVVaYnlOc1d2YjVGMjVKNWp3aWJ1amNNemNhNW9lbWZZUG81RmdGb3lUWUUteWhSakRDbWY2Vm82c1RKcmlrUERHUzhpQkJZSmNjX0hHOTcweVYzR1d0SV9CZnAtT3ZKMXdRQTFMR2EyZ2hZbHRPM2oxQWdNQkFBR2dLekFwQmdrcWhraUc5dzBCQ1E0eEhEQWFNQmdHQTFVZEVRUVJNQS1DRFdSek1TNWxiWFpwWkdrdVpYVXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnSUJBSnZSdFY3NmU4WUZWN0hWTXEwcVVKcFZIaUoxbUFzaWRaNWE4SVBJbVQ0VHR4eWNISzc5MDZSamREeHJoTldZRXQwUEFVY2JTXzJsVnpTWlIzd1NpLTdJZXgwcmRCZ21YaENxZ0pZVHR3eFdJTWxnWU9WakVCYjI1cWFZX1JDNmxpUVg5YjdvOU0tRVVoY2lwbFp2WThPYXV5Z25xQzNMNzRpSWNLd1ZyeFlVV0lNZ0lmdjd5OW1UMENsbllic2ZqeDZnUmY2M0dJVTUyWXAzanRSOGwyS05ZdnZYLUxSQXBENk5IWlp4cWY4Q0p0Rk9XTjNpVEZxUlVFczkzd1pnRHk4TXVKNkZjdGdFMEhBSzdwYkZIU19XR1ZhaEx6eWs3V1dQUVNpOV9nWERvZ1hYaXBjeU51WXF5bG9kXzZKZjY1VUptTkxYTEFFUy1QSEJuT2U2Q01jOTI4bDNnY1dXSnl4bEp5Z2NIN2JBWjN3Y2NYbkNDVk5KYm9iSjBHRHAzQnEydkdibzhlUDFNSnY3QkdaRUJscTRPMkhwSWpjOTNMT0djcFdVN01kUDBFNklKX0t2Ymo5ZU16bWtZMzJFcXd0MzBpaUtfM0RjNzVySjhneDFCd3R6YVE2Si1yWVhLSGFlVENRTzc3M0JVbUdQeHNIUDI0bXVWTFEweGNRWm9pZURCV2w2d1NNUTJlZFkxNWpFWFFOaGpNSm1xa1g4ZjBHdUtVSG5qYVRSNmJPdy1qUHBVZi0wamppX2xmMHB1RUg0OWlQdmpCS1ZxUzJGT3E2TU44cUtIVlBOZFdWdTZyM2EwMkV6cThjbWJNT3h4cE1RZGRUNnFXaXhUeXY0MlNzaDl3ZWdTWTdiek1SV0NCbG1say1aOTBwWFVSN2dwN1BETTFmci15algiCn0" } 2022-01-09 20:21:20,580:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/finalize/342644180/54010853650 HTTP/1.1" 200 438 2022-01-09 20:21:20,581:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sun, 09 Jan 2022 18:21:10 GMT Content-Type: application/json Content-Length: 438 Connection: keep-alive Boulder-Requester: 342644180 Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index" Location: https://acme-v02.api.letsencrypt.org/acme/order/342644180/54010853650 Replay-Nonce: 0102MM0powvjHvlgNh_CH_QQDCOHD1pRs0i2RTU-P5XCAvU X-Frame-Options: DENY Strict-Transport-Security: max-age=604800
{ "status": "valid", "expires": "2022-01-16T18:20:06Z", "identifiers": [ { "type": "dns", "value": "ds1.xxx.eu" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz-v3/66613272770" ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/342644180/54010853650", "certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/040119ab3deece5b1d167d82dec2af7f03e9" } 2022-01-09 20:21:20,582:DEBUG:acme.client:Storing nonce: 0102MM0powvjHvlgNh_CH_QQDCOHD1pRs0i2RTU-P5XCAvU 2022-01-09 20:21:21,583:DEBUG:acme.client:JWS payload: b'' 2022-01-09 20:21:21,601:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/order/342644180/54010853650: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzQyNjQ0MTgwIiwgIm5vbmNlIjogIjAxMDJNTTBwb3d2akh2bGdOaF9DSF9RUURDT0hEMXBSczBpMlJUVS1QNVhDQXZVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9vcmRlci8zNDI2NDQxODAvNTQwMTA4NTM2NTAifQ", "signature": "BNNCGrOOq-q6qqUtYIIuaCQIh_18koZEWl2vYl9iwwrWNMx13j8l5maE-rZmv009cRZwatPdD-bWvB10x7gfi2H7mDEZgBFl8jgDTrOOThvFANVzHfLZHZe8lxgylFv8COx_aWvSArxdXaiBL-pLm0zvA0TFCgIb5KAN5JCfuoAK_lejN_qzgbUqAP2rHlnDBSV4Q-XHpLP5a0Ccawns3Fevr0qIBO3G0knDaRP1pXKGGo1rUCGt4I1HmLuPm1fAIuRzTl96rtyAriuHpNol7W6gjnGs0xG__F_3WfPg1rXeSzHya295yMz0M-ko_fyGGWhlPSxAXlq2s2szUZfanDA2G0d0Px0lZ0a2kS1727J_0nEOffInmhOy6cIvsUzMs-G9BDmNW-fhzkdGx-Z5egS6TPVS29u7N1GuS-9twA2P1NfTrRGCztPJYrjV_cmvd1CeFP9nq9AsY4ulHh9Fpf1b7CI3kxpl5rnkNfLp3trXJudw5uxMJicG56e5kpzKIebj4MYdxtxAotHJyhYuHvI38zlNmbRcpWJIwXYykUIQ4apAC8k-2msrktf7NMtOMSGaWi3lqpO9F5dlXXPtPRbNUuMDCTlxca_RzVV60BwHt6PI87uQZZwPHBhjvIS3-QT2qJWb3PAD67w1T5AUyDSl-5p7y1vwLUsh__T6DLM", "payload": "" } 2022-01-09 20:21:21,832:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/order/342644180/54010853650 HTTP/1.1" 200 438 2022-01-09 20:21:21,833:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sun, 09 Jan 2022 18:21:11 GMT Content-Type: application/json Content-Length: 438 Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index" Replay-Nonce: 0101i_B5QjXpWmYrA46SmSqCQ6ZEirboq0AfSTs8SWHSl9A X-Frame-Options: DENY Strict-Transport-Security: max-age=604800
{ "status": "valid", "expires": "2022-01-16T18:20:06Z", "identifiers": [ { "type": "dns", "value": "ds1.xxx.eu" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz-v3/66613272770" ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/342644180/54010853650", "certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/040119ab3deece5b1d167d82dec2af7f03e9" } 2022-01-09 20:21:21,834:DEBUG:acme.client:Storing nonce: 0101i_B5QjXpWmYrA46SmSqCQ6ZEirboq0AfSTs8SWHSl9A 2022-01-09 20:21:21,835:DEBUG:acme.client:JWS payload: b'' 2022-01-09 20:21:21,853:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/cert/040119ab3deece5b1d167d82dec2af7f03e9: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzQyNjQ0MTgwIiwgIm5vbmNlIjogIjAxMDFpX0I1UWpYcFdtWXJBNDZTbVNxQ1E2WkVpcmJvcTBBZlNUczhTV0hTbDlBIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jZXJ0LzA0MDExOWFiM2RlZWNlNWIxZDE2N2Q4MmRlYzJhZjdmMDNlOSJ9", "signature": "YnR-3WSjtPSZ1_J6hbButDQOUsUMZrC1liQUxvXR8_wGoQ1MO6hTL0ngyt4yTfsnHnxWoJfo5u40VEr6PJ8aYtOrEDii6wsHcY3cSC1L0-TcI_GAuUVOAOKJgSH0Glq-EYqIk2UDxgKiWw17J5yEND1ZkfofYXznha-9ReB4OGCCAnpzn5mksrOBio5o0AkGb6YvAh1ixR6RKqtWDzJZW1ctCjJHfMRcF8lWvIxpZFTsZoB2sITS3O0eveivZzXoZ5jODuGCfUTnV-ENKhB5nT3WYHBTXKNcSTKmt3GJcHy1Pm7JcsaBm_7Nquf49R44wICz0vOv7AlYiDbpRTb2x60ZWucVKR4BMYhfYthpuhQ5myS5r75wAZe7wFsUVv5AgMMvvJG25IRB57Ox2x-8iiFTLm4xImGF4cNwY0fxsQrtBkvrQ3Jv5NG_IiKfSTZYnzUZU1KHWdM6xnxoAF4MOQtCzg9vB6RZW7Pfjvrvdv9qz6tMd-hdkowyU4TAhc28gAPpcTx4-mJ4_PZ0Poq7c4e_8rMT265jNupjqI43hycqdwqxuqK5c_TwaLp_g_x_kIwXA0bMUVATFPsNcodFuDQiHw4w3JEi4V0-epM-c-D-U7XIaSSHmInvVVnaW3m0lFo774ENXC8y4ZrOGjO_6AHB51E-pTlVr5Y3CPgjbY8", "payload": "" } 2022-01-09 20:21:22,029:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/cert/040119ab3deece5b1d167d82dec2af7f03e9 HTTP/1.1" 200 5938 2022-01-09 20:21:22,030:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Sun, 09 Jan 2022 18:21:12 GMT Content-Type: application/pem-certificate-chain Content-Length: 5938 Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/cert/040119ab3deece5b1d167d82dec2af7f03e9/1;rel="alternate" Replay-Nonce: 0101qouSZG4Khag3kTgNYCIs-Gz0xDK7UXSAcThbndm8j-Y X-Frame-Options: DENY Strict-Transport-Security: max-age=604800
-----BEGIN CERTIFICATE----- MIIGITCCBQmgAwIBAgISBAEZqz3uzlsdFn2C3sKvfwPpMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMjAxMDkxNzIxMTBaFw0yMjA0MDkxNzIxMDlaMBgxFjAUBgNVBAMT DWRzMS5lbXZpZGkuZXUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDA EYEOH4QN8eALpe249HxJG5xsmQxEtL9BUQ9CL6Vq3+/d4ka5+15oGqGA6MpMn1oP jMxoN+9vB1f/RBU5eCoVtvkEoK2cxBBlnuC3PMPUUiDuAX+vkg1MHuq9wMbapLzI kGY8gJp0A6sFnI6qD9cuGqEwyhFelhN+n8bSmDizcSkJbLETzKbLVeLABduwUCt6 4/FazHUYI9wNtxmQQCraNYXOf/24FBqsdQWpsbse/xqKQT+umPmsBQgLLSDhdFT3 HyyrT05Y6lZGqC5EP0iJEpYxAgSJIxSIGAVVRm4kf9R7vlRvJ8IcrI4sZ35El5/H 6okXeAt6bWxvju2Meq9xOdwXzDnGrQF6wUIVzZJSudTco8IWc1unrk7eWoq4KEN6 JpWfT0BYT6e5LJCJxALfk1YnFuIZj9PdCf35TqXj0VvSN4eCEuYS/rspq7YS2olT 2aN3qA8SbpYS3a9a3K8UtzOGAnnoJDI8nloLapQ7SvfEd+1t0AYB2AGOdplQRCbz jdq8RCw4DSo3/p1+suGPsY+nFTsN6gPVdtKZbynN5uvE4yAQaRM61K52FGW8jbFr 2+RduSeY8Im7o3DM3GuaHpn2D6ORYBaMk2BPsoUYwwpn+laOrEya4pDwxkvIgQWC XHPxxve9MldxlrSPwX6fjrydcEANSxmtoIWJbTt49QIDAQABo4ICSTCCAkUwDgYD VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV HRMBAf8EAjAAMB0GA1UdDgQWBBRRlUso3OLkCm7tw8JJeEObNNM+YTAfBgNVHSME GDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYB BQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDov L3IzLmkubGVuY3Iub3JnLzAYBgNVHREEETAPgg1kczEuZW12aWRpLmV1MEwGA1Ud IARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0 dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDx AHcAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAF+QBKjWwAABAMA SDBGAiEA+IgkMc84qa2sEpPXR3doim/Tijilay2FuZr0gAuGbhgCIQCdfF+aYb24 BgwTz5Am3LIkj8oy8PYMiQuHZ/ByfmaAPwB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZ AsEAKQaNsgiaN9kTAAABfkASo5MAAAQDAEcwRQIhAOZMHCPznMjSK+pIzNAP7yAy MaWWrs6TtrKhkb0TH2HXAiA1BB6/jPU4WFaqd/freMU6n+QO4qFcU1LmtZYbH5Dj tjANBgkqhkiG9w0BAQsFAAOCAQEAUxJzMvwaCamy3Au+tKAtpZjNDn+AcxXdUz0f ylv3Ea+4Ob6OgHQ04pvgx8H1N8MyoboLz7w6QvWV3doIOfUNpycyK7SCM9VpHVYA Vt6wwYg2/AeysYAQSTmhnXgG0sihlL8cfyc2a017R2S6vdVyxzKH2hY80/l4jMVJ SkFYmRVzQs6uAkoyKlcb3yb0jjX8kKgu70WqvQnLCzS9Bo52ktTM2g9iqAa7kiKD 5H/y5gsM/y+/bT4+Qsw7ndHT+jKdiChab8bj+qc21dObQvOOXcJ8tTdJcBCwGZ3z 8EvzNlIDehyooB68J/z31RIZZtK4cpeVbT2ZjsR/Uz7eMd4OBg== -----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG /kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4 avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2 yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX nLRbwHOoq7hHwg== -----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK 4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5 bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4 FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1 c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx +tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC 5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW 9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5 -----END CERTIFICATE-----
2022-01-09 20:21:22,030:DEBUG:acme.client:Storing nonce: 0101qouSZG4Khag3kTgNYCIs-Gz0xDK7UXSAcThbndm8j-Y 2022-01-09 20:21:22,035:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/archive/ds1.xxx.eu. 2022-01-09 20:21:22,036:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/live/ds1.xxx.eu. 2022-01-09 20:21:22,037:DEBUG:certbot._internal.storage:Writing certificate to /etc/letsencrypt/live/ds1.xxx.eu/cert.pem. 2022-01-09 20:21:22,037:DEBUG:certbot._internal.storage:Writing private key to /etc/letsencrypt/live/ds1.xxx.eu/privkey.pem. 2022-01-09 20:21:22,038:DEBUG:certbot._internal.storage:Writing chain to /etc/letsencrypt/live/ds1.xxx.eu/chain.pem. 2022-01-09 20:21:22,038:DEBUG:certbot._internal.storage:Writing full chain to /etc/letsencrypt/live/ds1.xxx.eu/fullchain.pem. 2022-01-09 20:21:22,038:DEBUG:certbot._internal.storage:Writing README to /etc/letsencrypt/live/ds1.xxx.eu/README. 2022-01-09 20:21:22,093:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-desec and installer <certbot._internal.cli.cli_utils._Default object at 0x7ffa468004f0> 2022-01-09 20:21:22,093:DEBUG:certbot._internal.cli:Var server=https://acme-v02.api.letsencrypt.org/directory (set by user). 2022-01-09 20:21:22,093:DEBUG:certbot._internal.cli:Var account={'server'} (set by user). 2022-01-09 20:21:22,093:DEBUG:certbot._internal.cli:Var rsa_key_size=4096 (set by user). 2022-01-09 20:21:22,093:DEBUG:certbot._internal.cli:Var server=https://acme-v02.api.letsencrypt.org/directory (set by user). 2022-01-09 20:21:22,093:DEBUG:certbot._internal.cli:Var authenticator=dns-desec (set by user). 2022-01-09 20:21:22,093:DEBUG:certbot._internal.cli:Var dns_desec_propagation_seconds=60 (set by user). 2022-01-09 20:21:22,093:DEBUG:certbot._internal.cli:Var dns_desec_credentials=/etc/letsencrypt/.secrets/ds1.xxx.eu.ini (set by user). 2022-01-09 20:21:22,094:DEBUG:certbot._internal.storage:Writing new config /etc/letsencrypt/renewal/ds1.xxx.eu.conf. 2022-01-09 20:21:22,095:DEBUG:certbot._internal.display.obj:Notifying user: Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/ds1.xxx.eu/fullchain.pem Key is saved at: /etc/letsencrypt/live/ds1.xxx.eu/privkey.pem This certificate expires on 2022-04-09. These files will be updated when the certificate renews. 2022-01-09 20:21:22,095:DEBUG:certbot._internal.display.obj:Notifying user: NEXT STEPS: 2022-01-09 20:21:22,095:DEBUG:certbot._internal.display.obj:Notifying user: - The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions. 2022-01-09 20:21:22,096:DEBUG:certbot._internal.display.obj:Notifying user: If you like Certbot, please consider supporting our work by:
nils-wisiol
commented
2 years ago Thanks for all the details! I can confirm the problem as follows:
After the creation of the TXT record
2022-01-09 20:20:17,688:DEBUG:urllib3.connectionpool:https://desec.io:443 "PUT /api/v1/domains/xxx.eu/rrsets/ HTTP/1.1" 200 262Your log shows that the plugin has been instructed to remove the TXT record,
2022-01-09 20:21:19,186:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-01-09 20:21:19,187:DEBUG:certbot_dns_desec.dns_desec:Authenticator._cleanup: ds1.xxx.eu, _acme-challenge.ds1.xxx.eu, TAtK125CNyPZjS9mVqyCJynGSAl-52mx1cytIjJtAcA
2022-01-09 20:21:19,187:DEBUG:certbot_dns_desec.dns_desec:creating _DesecConfigClientand that HTTP reqeusts to the API were successfully made:
2022-01-09 20:21:19,190:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): desec.io:443
2022-01-09 20:21:19,385:DEBUG:urllib3.connectionpool:https://desec.io:443 "GET /api/v1/domains/?owns_qname=_acme-challenge.ds1.xxx.eu HTTP/1.1" 200 163
2022-01-09 20:21:19,529:DEBUG:urllib3.connectionpool:https://desec.io:443 "GET /api/v1/domains/xxx.eu/rrsets/_acme-challenge.ds1/TXT/ HTTP/1.1" 200 260
2022-01-09 20:21:19,700:DEBUG:urllib3.connectionpool:https://desec.io:443 "PUT /api/v1/domains/xxx.eu/rrsets/ HTTP/1.1" 200 262I'll look into why the record wasn't removed properly. It appears that the payload of the request that is meant to remove the record just doesn't instruct the API to do any actual removal.
emvidi
commented
2 years ago Thank you Nils for reopening the issue and taking the time to explain the log.
nils-wisiol
commented
2 years ago I've confirmed the bug and am addressing it in #12 .
Thanks for your patient reporting!
Hi there,
first of all thank you for the work on this project. After switching from using acme.sh to this plugin, I had to reinstall recently the os and certbot. As I was forced to recreate the certificate again, the request was rejected with wrong text challenge error. After investigating a bit, I have noticed that the challenge text does not get removed after a certificate creation, resulting in a loop of wrong text challenge. Is this intended so or is a bug?
sudo certbot certonly --authenticator dns-desec --dns-desec-credentials /etc/letsencrypt/.secrets/domain.ini --dns-desec-propagation-seconds 60 --server https://acme-v02.api.letsencrypt.org/directory --agree-tos --rsa-key-size 4096 --email some@email.me -d 'sub.domain.eu'