search

jlesage / docker-nginx-proxy-manager

Docker container for Nginx Proxy Manager
MIT License
766 stars 171 forks source link

SSL Error #184

Open FreshImmuc opened 3 years ago

FreshImmuc commented 3 years ago

Hello. I got this error when I tried to generate a new SSL certificate

Error: Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-39" --agree-tos --email "corysor12@gmail.com" --preferred-challenges "dns,http" --domains "go.arialclient.com" 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for go.arialclient.com
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain go.arialclient.com
http-01 challenge for go.arialclient.com
Cleaning up challenges
Some challenges have failed.

    at ChildProcess.exithandler (child_process.js:308:12)
    at ChildProcess.emit (events.js:314:20)
    at maybeClose (internal/child_process.js:1051:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)

How do I fix this? Or what failed exactly? I contacted Let's encrypt and they said its proxy manager's fault. I changed some permissions for folders on my Server. Maybe its cause of that? Also if so, how can I grant the docker container of NPM root access?

jlesage commented 3 years ago

Can you look at log/letsencrypt/letsencrypt.log, under the directory you mapped to /config, for more details ?

stavros-k commented 3 years ago

With the latest image 2.9.2 upstream and v1.15.0 here.

On docker logs after startup i got

[5/10/2021] [5:14:26 PM] [SSL ] › ✖ error Error: Command failed: /opt/certbot/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation

Challenge failed for domain www.DEDUCTEDDOMAIN.me

Failed to renew certificate npm-92 with error: Some challenges have failed.

All renewals failed. The following certificates could not be renewed:

/etc/letsencrypt/live/npm-92/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

at ChildProcess.exithandler (child_process.js:308:12)
at ChildProcess.emit (events.js:314:20)
at maybeClose (internal/child_process.js:1022:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)

with certbot renew i got

2021-05-10 17:16:50,522:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/npm-93.conf
2021-05-10 17:16:50,528:WARNING:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-93.conf (cert: npm-93) produced an unexpected error: 'Namespace' object has no attribute 'dns_cloudflare_credentials'. Skipping.
2021-05-10 17:16:50,528:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 448, in handle_renewal_request
    renewal_candidate = _reconstitute(lineage_config, renewal_file)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 90, in _reconstitute
    _restore_plugin_configs(config, renewalparams)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 158, in _restore_plugin_configs
    if config_item.startswith(plugin_prefix + "_") and not cli.set_by_cli(config_item):
  File "/usr/lib/python3.8/site-packages/certbot/_internal/cli/__init__.py", line 458, in set_by_cli
    if not isinstance(getattr(detector, var), _Default):
AttributeError: 'Namespace' object has no attribute 'dns_cloudflare_credentials'

After doing pip3 install certbot-dns-cloudflare

pip3 install certbot-dns-cloudflare
WARNING: The directory '/config/xdg/cache/pip' or its parent directory is not owned or is not writable by the current user. The cache has been disabled. Check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
Collecting certbot-dns-cloudflare
  Downloading certbot_dns_cloudflare-1.15.0-py2.py3-none-any.whl (11 kB)
Requirement already satisfied: zope.interface in /usr/lib/python3.8/site-packages (from certbot-dns-cloudflare) (5.4.0)
Requirement already satisfied: acme>=0.29.0 in /usr/lib/python3.8/site-packages (from certbot-dns-cloudflare) (1.15.0)
Requirement already satisfied: certbot>=1.1.0 in /usr/lib/python3.8/site-packages (from certbot-dns-cloudflare) (1.15.0)
Requirement already satisfied: setuptools>=39.0.1 in /usr/lib/python3.8/site-packages (from certbot-dns-cloudflare) (47.0.0)
Collecting cloudflare>=1.5.1
  Downloading cloudflare-2.8.15.tar.gz (70 kB)
     |████████████████████████████████| 70 kB 959 kB/s 
Requirement already satisfied: pyrfc3339 in /usr/lib/python3.8/site-packages (from acme>=0.29.0->certbot-dns-cloudflare) (1.1)
Requirement already satisfied: requests>=2.6.0 in /usr/lib/python3.8/site-packages (from acme>=0.29.0->certbot-dns-cloudflare) (2.23.0)
Requirement already satisfied: cryptography>=2.1.4 in /usr/lib/python3.8/site-packages (from acme>=0.29.0->certbot-dns-cloudflare) (3.4.7)
Requirement already satisfied: PyOpenSSL>=17.3.0 in /usr/lib/python3.8/site-packages (from acme>=0.29.0->certbot-dns-cloudflare) (20.0.1)
Requirement already satisfied: pytz in /usr/lib/python3.8/site-packages (from acme>=0.29.0->certbot-dns-cloudflare) (2021.1)
Requirement already satisfied: requests-toolbelt>=0.3.0 in /usr/lib/python3.8/site-packages (from acme>=0.29.0->certbot-dns-cloudflare) (0.9.1)
Requirement already satisfied: josepy>=1.1.0 in /usr/lib/python3.8/site-packages (from acme>=0.29.0->certbot-dns-cloudflare) (1.8.0)
Requirement already satisfied: ConfigArgParse>=0.9.3 in /usr/lib/python3.8/site-packages (from certbot>=1.1.0->certbot-dns-cloudflare) (1.4)
Requirement already satisfied: parsedatetime>=2.4 in /usr/lib/python3.8/site-packages (from certbot>=1.1.0->certbot-dns-cloudflare) (2.6)
Requirement already satisfied: configobj>=5.0.6 in /usr/lib/python3.8/site-packages (from certbot>=1.1.0->certbot-dns-cloudflare) (5.0.6)
Requirement already satisfied: zope.component in /usr/lib/python3.8/site-packages (from certbot>=1.1.0->certbot-dns-cloudflare) (5.0.0)
Requirement already satisfied: distro>=1.0.1 in /usr/lib/python3.8/site-packages (from certbot>=1.1.0->certbot-dns-cloudflare) (1.5.0)
Collecting pyyaml
  Downloading PyYAML-5.4.1.tar.gz (175 kB)
     |████████████████████████████████| 175 kB 1.9 MB/s 
  Installing build dependencies ... done
  Getting requirements to build wheel ... done
    Preparing wheel metadata ... done
Collecting jsonlines
  Downloading jsonlines-2.0.0-py3-none-any.whl (6.3 kB)
Collecting beautifulsoup4
  Downloading beautifulsoup4-4.9.3-py3-none-any.whl (115 kB)
     |████████████████████████████████| 115 kB 9.4 MB/s 
Requirement already satisfied: chardet<4,>=3.0.2 in /usr/lib/python3.8/site-packages (from requests>=2.6.0->acme>=0.29.0->certbot-dns-cloudflare) (3.0.4)
Requirement already satisfied: idna<3,>=2.5 in /usr/lib/python3.8/site-packages (from requests>=2.6.0->acme>=0.29.0->certbot-dns-cloudflare) (2.9)
Requirement already satisfied: urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1 in /usr/lib/python3.8/site-packages (from requests>=2.6.0->acme>=0.29.0->certbot-dns-cloudflare) (1.25.9)
Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python3.8/site-packages (from requests>=2.6.0->acme>=0.29.0->certbot-dns-cloudflare) (2020.4.5.1)
Requirement already satisfied: cffi>=1.12 in /usr/lib/python3.8/site-packages (from cryptography>=2.1.4->acme>=0.29.0->certbot-dns-cloudflare) (1.14.5)
Requirement already satisfied: six>=1.5.2 in /usr/lib/python3.8/site-packages (from PyOpenSSL>=17.3.0->acme>=0.29.0->certbot-dns-cloudflare) (1.15.0)
Requirement already satisfied: zope.event in /usr/lib/python3.8/site-packages (from zope.component->certbot>=1.1.0->certbot-dns-cloudflare) (4.5.0)
Requirement already satisfied: zope.hookable>=4.2.0 in /usr/lib/python3.8/site-packages (from zope.component->certbot>=1.1.0->certbot-dns-cloudflare) (5.0.1)
Collecting soupsieve>1.2; python_version >= "3.0"
  Downloading soupsieve-2.2.1-py3-none-any.whl (33 kB)
Requirement already satisfied: pycparser in /usr/lib/python3.8/site-packages (from cffi>=1.12->cryptography>=2.1.4->acme>=0.29.0->certbot-dns-cloudflare) (2.20)
Using legacy setup.py install for cloudflare, since package 'wheel' is not installed.
Building wheels for collected packages: pyyaml
  Building wheel for pyyaml (PEP 517) ... done
  Created wheel for pyyaml: filename=PyYAML-5.4.1-cp38-cp38-linux_x86_64.whl size=45641 sha256=32ec8fd83f4465c8dafbe941ba83bf98a1c99f0d27dc997f00e3feb826a92f2b
  Stored in directory: /tmp/pip-ephem-wheel-cache-56lp3pyo/wheels/dd/c5/1d/5d7436173d3efd4a14dcb510eb0b29525ecb6b0e41489e716e
Successfully built pyyaml
Installing collected packages: pyyaml, jsonlines, soupsieve, beautifulsoup4, cloudflare, certbot-dns-cloudflare
    Running setup.py install for cloudflare ... done
Successfully installed beautifulsoup4-4.9.3 certbot-dns-cloudflare-1.15.0 cloudflare-2.8.15 jsonlines-2.0.0 pyyaml-5.4.1 soupsieve-2.2.1

and certbot renew again, it successfully renew the expiring certs.

Processing /etc/letsencrypt/renewal/npm-92.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator dns-cloudflare, Installer None
Renewing an existing certificate for www.DEDUCTEDDOMAIN.me
Performing the following challenges:
dns-01 challenge for www.DEDUCTEDDOMAIN.me
Waiting 10 seconds for DNS changes to propagate
Waiting for verification...
Cleaning up challenges
FreshImmuc commented 3 years ago

Can you look at log/letsencrypt/letsencrypt.log, under the directory you mapped to /config, for more details ?

Okay so I dont really know where this config folder is... I searched the npm folder and the etc folder but didnt find it... maybe you can tell me exactly where it is. nvm heres a screenshot from the docker logs: image

I hope this helps. If not, then please help me find the config and log folder haha. Sorry for that

FreshImmuc commented 3 years ago

With the latest image 2.9.2 upstream and v1.15.0 here.

On docker logs after startup i got

[5/10/2021] [5:14:26 PM] [SSL ] › ✖ error Error: Command failed: /opt/certbot/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation

Challenge failed for domain www.DEDUCTEDDOMAIN.me

Failed to renew certificate npm-92 with error: Some challenges have failed.

All renewals failed. The following certificates could not be renewed:

/etc/letsencrypt/live/npm-92/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

at ChildProcess.exithandler (child_process.js:308:12)
at ChildProcess.emit (events.js:314:20)
at maybeClose (internal/child_process.js:1022:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)

with certbot renew i got

2021-05-10 17:16:50,522:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/npm-93.conf
2021-05-10 17:16:50,528:WARNING:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/npm-93.conf (cert: npm-93) produced an unexpected error: 'Namespace' object has no attribute 'dns_cloudflare_credentials'. Skipping.
2021-05-10 17:16:50,528:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 448, in handle_renewal_request
    renewal_candidate = _reconstitute(lineage_config, renewal_file)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 90, in _reconstitute
    _restore_plugin_configs(config, renewalparams)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 158, in _restore_plugin_configs
    if config_item.startswith(plugin_prefix + "_") and not cli.set_by_cli(config_item):
  File "/usr/lib/python3.8/site-packages/certbot/_internal/cli/__init__.py", line 458, in set_by_cli
    if not isinstance(getattr(detector, var), _Default):
AttributeError: 'Namespace' object has no attribute 'dns_cloudflare_credentials'

After doing pip3 install certbot-dns-cloudflare

pip3 install certbot-dns-cloudflare
WARNING: The directory '/config/xdg/cache/pip' or its parent directory is not owned or is not writable by the current user. The cache has been disabled. Check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
Collecting certbot-dns-cloudflare
  Downloading certbot_dns_cloudflare-1.15.0-py2.py3-none-any.whl (11 kB)
Requirement already satisfied: zope.interface in /usr/lib/python3.8/site-packages (from certbot-dns-cloudflare) (5.4.0)
Requirement already satisfied: acme>=0.29.0 in /usr/lib/python3.8/site-packages (from certbot-dns-cloudflare) (1.15.0)
Requirement already satisfied: certbot>=1.1.0 in /usr/lib/python3.8/site-packages (from certbot-dns-cloudflare) (1.15.0)
Requirement already satisfied: setuptools>=39.0.1 in /usr/lib/python3.8/site-packages (from certbot-dns-cloudflare) (47.0.0)
Collecting cloudflare>=1.5.1
  Downloading cloudflare-2.8.15.tar.gz (70 kB)
     |████████████████████████████████| 70 kB 959 kB/s 
Requirement already satisfied: pyrfc3339 in /usr/lib/python3.8/site-packages (from acme>=0.29.0->certbot-dns-cloudflare) (1.1)
Requirement already satisfied: requests>=2.6.0 in /usr/lib/python3.8/site-packages (from acme>=0.29.0->certbot-dns-cloudflare) (2.23.0)
Requirement already satisfied: cryptography>=2.1.4 in /usr/lib/python3.8/site-packages (from acme>=0.29.0->certbot-dns-cloudflare) (3.4.7)
Requirement already satisfied: PyOpenSSL>=17.3.0 in /usr/lib/python3.8/site-packages (from acme>=0.29.0->certbot-dns-cloudflare) (20.0.1)
Requirement already satisfied: pytz in /usr/lib/python3.8/site-packages (from acme>=0.29.0->certbot-dns-cloudflare) (2021.1)
Requirement already satisfied: requests-toolbelt>=0.3.0 in /usr/lib/python3.8/site-packages (from acme>=0.29.0->certbot-dns-cloudflare) (0.9.1)
Requirement already satisfied: josepy>=1.1.0 in /usr/lib/python3.8/site-packages (from acme>=0.29.0->certbot-dns-cloudflare) (1.8.0)
Requirement already satisfied: ConfigArgParse>=0.9.3 in /usr/lib/python3.8/site-packages (from certbot>=1.1.0->certbot-dns-cloudflare) (1.4)
Requirement already satisfied: parsedatetime>=2.4 in /usr/lib/python3.8/site-packages (from certbot>=1.1.0->certbot-dns-cloudflare) (2.6)
Requirement already satisfied: configobj>=5.0.6 in /usr/lib/python3.8/site-packages (from certbot>=1.1.0->certbot-dns-cloudflare) (5.0.6)
Requirement already satisfied: zope.component in /usr/lib/python3.8/site-packages (from certbot>=1.1.0->certbot-dns-cloudflare) (5.0.0)
Requirement already satisfied: distro>=1.0.1 in /usr/lib/python3.8/site-packages (from certbot>=1.1.0->certbot-dns-cloudflare) (1.5.0)
Collecting pyyaml
  Downloading PyYAML-5.4.1.tar.gz (175 kB)
     |████████████████████████████████| 175 kB 1.9 MB/s 
  Installing build dependencies ... done
  Getting requirements to build wheel ... done
    Preparing wheel metadata ... done
Collecting jsonlines
  Downloading jsonlines-2.0.0-py3-none-any.whl (6.3 kB)
Collecting beautifulsoup4
  Downloading beautifulsoup4-4.9.3-py3-none-any.whl (115 kB)
     |████████████████████████████████| 115 kB 9.4 MB/s 
Requirement already satisfied: chardet<4,>=3.0.2 in /usr/lib/python3.8/site-packages (from requests>=2.6.0->acme>=0.29.0->certbot-dns-cloudflare) (3.0.4)
Requirement already satisfied: idna<3,>=2.5 in /usr/lib/python3.8/site-packages (from requests>=2.6.0->acme>=0.29.0->certbot-dns-cloudflare) (2.9)
Requirement already satisfied: urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1 in /usr/lib/python3.8/site-packages (from requests>=2.6.0->acme>=0.29.0->certbot-dns-cloudflare) (1.25.9)
Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python3.8/site-packages (from requests>=2.6.0->acme>=0.29.0->certbot-dns-cloudflare) (2020.4.5.1)
Requirement already satisfied: cffi>=1.12 in /usr/lib/python3.8/site-packages (from cryptography>=2.1.4->acme>=0.29.0->certbot-dns-cloudflare) (1.14.5)
Requirement already satisfied: six>=1.5.2 in /usr/lib/python3.8/site-packages (from PyOpenSSL>=17.3.0->acme>=0.29.0->certbot-dns-cloudflare) (1.15.0)
Requirement already satisfied: zope.event in /usr/lib/python3.8/site-packages (from zope.component->certbot>=1.1.0->certbot-dns-cloudflare) (4.5.0)
Requirement already satisfied: zope.hookable>=4.2.0 in /usr/lib/python3.8/site-packages (from zope.component->certbot>=1.1.0->certbot-dns-cloudflare) (5.0.1)
Collecting soupsieve>1.2; python_version >= "3.0"
  Downloading soupsieve-2.2.1-py3-none-any.whl (33 kB)
Requirement already satisfied: pycparser in /usr/lib/python3.8/site-packages (from cffi>=1.12->cryptography>=2.1.4->acme>=0.29.0->certbot-dns-cloudflare) (2.20)
Using legacy setup.py install for cloudflare, since package 'wheel' is not installed.
Building wheels for collected packages: pyyaml
  Building wheel for pyyaml (PEP 517) ... done
  Created wheel for pyyaml: filename=PyYAML-5.4.1-cp38-cp38-linux_x86_64.whl size=45641 sha256=32ec8fd83f4465c8dafbe941ba83bf98a1c99f0d27dc997f00e3feb826a92f2b
  Stored in directory: /tmp/pip-ephem-wheel-cache-56lp3pyo/wheels/dd/c5/1d/5d7436173d3efd4a14dcb510eb0b29525ecb6b0e41489e716e
Successfully built pyyaml
Installing collected packages: pyyaml, jsonlines, soupsieve, beautifulsoup4, cloudflare, certbot-dns-cloudflare
    Running setup.py install for cloudflare ... done
Successfully installed beautifulsoup4-4.9.3 certbot-dns-cloudflare-1.15.0 cloudflare-2.8.15 jsonlines-2.0.0 pyyaml-5.4.1 soupsieve-2.2.1

and certbot renew again, it successfully renew the expiring certs.

Processing /etc/letsencrypt/renewal/npm-92.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator dns-cloudflare, Installer None
Renewing an existing certificate for www.DEDUCTEDDOMAIN.me
Performing the following challenges:
dns-01 challenge for www.DEDUCTEDDOMAIN.me
Waiting 10 seconds for DNS changes to propagate
Waiting for verification...
Cleaning up challenges

what is this exactly and how can this help me? I dont have Python3 Installed. If you meant that I should run this python command , Ill try it tomorrow if jlesage cant help me. Thanks anyways and ill let you know if it worked or not.

stavros-k commented 3 years ago

what is this exactly and how can this help me? I dont have Python3 Installed. If you meant that I should run this python command , Ill try it tomorrow if jlesage cant help me. Thanks anyways and ill let you know if it worked or not.

pip3 it should be installed inside the container, but it shouldn't have the need to do any terminal work for the app to work.

The above was just some troubleshooting

jlesage commented 3 years ago

@FreshImmuc, when you created your container, did you configured a mapping for /config ? /config is the folder inside the container that should be mapped to a folder on the host. If you can login to the container, the same file can be found at /config/log/letsencrypt/letsencrypt.log.

jlesage commented 3 years ago

@stavros-k, I think packages required for certbot plugins should be installed during startup. Did you see any error in container log that would indicate that not all packages have been installed ?

stavros-k commented 3 years ago

@stavros-k, I think packages required for certbot plugins should be installed during startup. Did you see any error in container log that would indicate that not all packages have been installed ?

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-app-niceness.sh: executing...
[cont-init.d] 00-app-niceness.sh: exited 0.
[cont-init.d] 00-app-script.sh: executing...
[cont-init.d] 00-app-script.sh: exited 0.
[cont-init.d] 00-app-user-map.sh: executing...
[cont-init.d] 00-app-user-map.sh: exited 0.
[cont-init.d] 00-clean-logmonitor-states.sh: executing...
[cont-init.d] 00-clean-logmonitor-states.sh: exited 0.
[cont-init.d] 00-clean-tmp-dir.sh: executing...
[cont-init.d] 00-clean-tmp-dir.sh: exited 0.
[cont-init.d] 00-set-app-deps.sh: executing...
[cont-init.d] 00-set-app-deps.sh: exited 0.
[cont-init.d] 00-set-home.sh: executing...
[cont-init.d] 00-set-home.sh: exited 0.
[cont-init.d] 00-take-config-ownership.sh: executing...
[cont-init.d] 00-take-config-ownership.sh: exited 0.
[cont-init.d] 00-xdg-runtime-dir.sh: executing...
[cont-init.d] 00-xdg-runtime-dir.sh: exited 0.
[cont-init.d] 90-db-upgrade.sh: executing...
[cont-init.d] 90-db-upgrade.sh: exited 0.
[cont-init.d] nginx-proxy-manager.sh: executing...
❯ Enabling IPV6 in hosts: /etc/nginx/conf.d
❯ /etc/nginx/conf.d/default.conf
❯ /etc/nginx/conf.d/include/assets.conf
❯ /etc/nginx/conf.d/include/block-exploits.conf
❯ /etc/nginx/conf.d/include/force-ssl.conf
❯ /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
❯ /etc/nginx/conf.d/include/proxy.conf
❯ /etc/nginx/conf.d/include/ssl-ciphers.conf
❯ /etc/nginx/conf.d/production.conf
❯ Enabling IPV6 in hosts: /config/nginx
❯ /config/nginx/default_host/site.conf
❯ /config/nginx/proxy_host/3.conf
❯ /config/nginx/proxy_host/9.conf
❯ /config/nginx/proxy_host/4.conf
❯ /config/nginx/proxy_host/1.conf
❯ /config/nginx/proxy_host/24.conf
❯ /config/nginx/proxy_host/6.conf
❯ /config/nginx/proxy_host/7.conf
❯ /config/nginx/proxy_host/5.conf
❯ /config/nginx/proxy_host/13.conf
❯ /config/nginx/proxy_host/27.conf
❯ /config/nginx/proxy_host/28.conf
❯ /config/nginx/proxy_host/20.conf
❯ /config/nginx/proxy_host/23.conf
❯ /config/nginx/proxy_host/18.conf
❯ /config/nginx/proxy_host/32.conf
❯ /config/nginx/proxy_host/15.conf
❯ /config/nginx/proxy_host/26.conf
❯ /config/nginx/proxy_host/19.conf
❯ /config/nginx/proxy_host/2.conf
❯ /config/nginx/ip_ranges.conf
❯ /config/nginx/resolvers.conf
chown: /config/log/nginx/nginx: No such file or directory
chown: /config/letsencrypt/live/npm-41/cert.pem: No such file or directory
chown: /config/letsencrypt/live/npm-41/privkey.pem: No such file or directory
chown: /config/letsencrypt/live/npm-41/chain.pem: No such file or directory
chown: /config/letsencrypt/live/npm-41/fullchain.pem: No such file or directory
[cont-init.d] nginx-proxy-manager.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] starting s6-fdholderd...
[services.d] starting logmonitor...
[services.d] starting statusmonitor...
[logmonitor] no file to monitor: disabling service...
[statusmonitor] no file to monitor: disabling service...
[services.d] starting cert_cleanup...
[services.d] starting logrotate...
[services.d] starting nginx...
[services.d] starting app...
[cert_cleanup] starting...
[logrotate] starting...
[nginx] starting...
[app] starting Nginx Proxy Manager...
[services.d] done.

Nothing out of the ordinary .

FreshImmuc commented 3 years ago

@jlesage I am really new to docker so I think you meant the volumes. My docker-compose file is this:

version: "3"
services:
  app:
    image: jc21/nginx-proxy-manager:latest
    restart: always
    ports:
      - 80:80
      - 81:81
      - 443:443
    volumes:
      - ./config.json:/app/config/production.json
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    depends_on:
      - db
    environment:
    # if you want pretty colors in your docker logs:
    - FORCE_COLOR=1
  db:
    image: mariadb:latest
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: "npm"
      MYSQL_DATABASE: "npm"
      MYSQL_USER: "npm"
      MYSQL_PASSWORD: "npm"
    volumes:
      - ./data/mysql:/var/lib/mysql

I followed a Tutorial on YT maybe it teached it wrong. But if this is the same as the docker logs then we basicanlly dont need it right?

FreshImmuc commented 3 years ago

@jlesage and this is the directory where NPM is installed

image

stavros-k commented 3 years ago 
image: jc21/nginx-proxy-manager:latest

You are using a different image.... https://github.com/jc21/nginx-proxy-manager/

FreshImmuc commented 3 years ago 
image: jc21/nginx-proxy-manager:latest

You are using a different image.... https://github.com/jc21/nginx-proxy-manager/

its the same imgage. isnt it?

stavros-k commented 3 years ago

its the same imgage. isnt it?

The underlying app, yes. The docker image, no

FreshImmuc commented 3 years ago

its the same imgage. isnt it?

The underlying app, yes. The docker image, no

but it works and this cant be the reason for the error cause it worked already in the past

stavros-k commented 3 years ago

its the same imgage. isnt it?

The underlying app, yes. The docker image, no

but it works and this cant be the reason for the error cause it worked already in the past

Being different image, means that this image here can have different installed packages than the one you are using. That means that jleasage can't troubleshoot his image by looking on a problem of another image.

All i'm trying to say, is to open an issue on github of the image you are using.

jlesage commented 3 years ago

@stavros-k, could you try the latest image to see if it helps ? If it doesn't, can you try to remove /config/.local from the container and restart it ?

stavros-k commented 3 years ago

Unfortunately still having this problem :/ Here is the detailed steps i did.

jlesage commented 3 years ago

If instead of doing pip3 install certbot-dns-cloudflare you do pip3 install certbot-dns-cloudflare==1.8.0, is it still working ? You need to re-create the container to remove the previous certbot-dns-cloudflare installation.

stavros-k commented 3 years ago

If instead of doing pip3 install certbot-dns-cloudflare you do pip3 install certbot-dns-cloudflare==1.8.0, is it still working ? You need to re-create the container to remove the previous certbot-dns-cloudflare installation.

Re created container, (tested certbot renew and failed), did pip3 install certbot-dns-cloudflare==1.8.0 and certbot renew again. It works.

jlesage commented 3 years ago

Thanks for this test.

So I'm not sure if we are looking at the right thing. Invoking cerbot from the shell is not the same thing as when it is invoked by Nginx Proxy Manager.

Can you try to renew the cert from NPM ? Once you get the failure, look at /config/log/letsencrypt/letsencrypt.log for more details.

stavros-k commented 3 years ago

Re-created container, from NPM i didn't got any errors, and docker logs show 

The following certificates are not due for renewal yet:
/etc/letsencrypt/live/npm-94/fullchain.pem expires on 2021-08-13 (skipped)
No renewals were attempted`

So i guess it parses ok. But i can confirm 100% once i have a cert that needs renewal

StevenJonSmith commented 3 years ago

Hi, I am trying to create a new certificate for a new subdomain and I am also having the same issue. It seems that Nginx Proxy Manager can't root the request to the right folder, or can't create the file (I am guessing).

Here is my log:

2021-06-06 20:34:05,263:DEBUG:certbot._internal.main:certbot version: 1.15.0
2021-06-06 20:34:05,263:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2021-06-06 20:34:05,263:DEBUG:certbot._internal.main:Arguments: ['--non-interactive', '--config', '/etc/letsencrypt.ini', '--cert-name', 'npm-17', '--agree-tos', '--email', 'myemail@me.com', '--preferred-challenges', 'dns,http', '--domains', 'doggycam.dyndns.com']
2021-06-06 20:34:05,263:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-06-06 20:34:05,286:DEBUG:certbot._internal.log:Root logging level set at 20
2021-06-06 20:34:05,286:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-06-06 20:34:05,287:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2021-06-06 20:34:05,289:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f875edb7160>
Prep: True
2021-06-06 20:34:05,290:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f875edb7160> and installer None
2021-06-06 20:34:05,290:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-06-06 20:34:05,294:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/111378874', new_authzr_uri=None, terms_of_service=None), 3f26eb5343b19d90c2565e82e78c100d, Meta(creation_dt=datetime.datetime(2021, 2, 1, 15, 10, 43, tzinfo=<UTC>), creation_host='f611b0364e2c', register_to_eff=None))>
2021-06-06 20:34:05,294:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-06-06 20:34:05,295:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-06-06 20:34:05,859:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-06-06 20:34:05,861:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 06 Jun 2021 20:34:05 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "QVpGSav-f3E": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-06-06 20:34:05,862:DEBUG:certbot.display.util:Notifying user: Requesting a certificate for doggycam.dyndns.com
2021-06-06 20:34:06,017:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0002_key-certbot.pem
2021-06-06 20:34:06,018:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0002_csr-certbot.pem
2021-06-06 20:34:06,019:DEBUG:acme.client:Requesting fresh nonce
2021-06-06 20:34:06,019:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-06-06 20:34:06,154:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-06-06 20:34:06,156:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 06 Jun 2021 20:34:06 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 01034TjIRGSyvKWtSxBeD8zsjOU2GW8Kk3osTC2gXVM77M4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2021-06-06 20:34:06,156:DEBUG:acme.client:Storing nonce: 01034TjIRGSyvKWtSxBeD8zsjOU2GW8Kk3osTC2gXVM77M4
2021-06-06 20:34:06,157:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "doggycam.dyndns.com"\n    }\n  ]\n}'
2021-06-06 20:34:06,162:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTExMzc4ODc0IiwgIm5vbmNlIjogIjAxMDM0VGpJUkdTeXZLV3RTeEJlRDh6c2pPVTJHVzhLazNvc1RDMmdYVk03N000IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "MH0Y0k9hB5IYoCZjXA3lIETgA6JVdOLXZ807e3WywI_Zb7Y_i504aMNlt6FrVhSEK8ZHlbJ4mUN4-Snqq0vncXQR05X_BTdK7Oa_1FAp1bHsiTisejRHVkbEY6B5-kAMtKP8YICfQ3BvdXN1ZZa72mqM-No2tuy0fPiIKLCcAQHoTEmSFGRryFv8DD_rPR0-xklgeugBeS18oxTOO97wUqStW3-Il7vViAQa0N49Q8ib5yExSs9F6Z7I4o6a_0eWNWcCvvZlzaYEmKvoTTtG3tXioOOXxyGLUd7zZ6ZD1LBJB6f7nOmveH7Arni0770uvVYL3IlVWlwn7OU5jdEMIA",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImRvZ2d5Y2FtLjdhYmxvc3NvbWxhbmUuZGRucy5tcyIKICAgIH0KICBdCn0"
}
2021-06-06 20:34:06,328:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 353
2021-06-06 20:34:06,329:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sun, 06 Jun 2021 20:34:06 GMT
Content-Type: application/json
Content-Length: 353
Connection: keep-alive
Boulder-Requester: 111378874
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/111378874/10218477106
Replay-Nonce: 0103rA1KMY9L1nzh71GeN5hScx8mCkhnO2I_mnRCNFWkSxY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-06-13T20:34:06Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "doggycam.dyndns.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/13764388515"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/111378874/10218477106"
}
2021-06-06 20:34:06,330:DEBUG:acme.client:Storing nonce: 0103rA1KMY9L1nzh71GeN5hScx8mCkhnO2I_mnRCNFWkSxY
2021-06-06 20:34:06,331:DEBUG:acme.client:JWS payload:
b''
2021-06-06 20:34:06,335:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/13764388515:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTExMzc4ODc0IiwgIm5vbmNlIjogIjAxMDNyQTFLTVk5TDFuemg3MUdlTjVoU2N4OG1Da2huTzJJX21uUkNORldrU3hZIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzc2NDM4ODUxNSJ9",
  "signature": "eZUg5sZA4aOiUNPkjEJ2rsJasrPG0d-FF7d8nTVRETcclDrjpVPh0Pya_WKo_EcXUl78WiFYPCFlc156vw1zbg064vA6f-ehhgWuaD8httTyaOSBkxf7RoRyTH4622sOQHJkO7W-NHFyWfFzoYnD1F0TuhPj7sXH4FsOwSaHWdtuyFnutSMVfexuQ3p9IsduOrtXTNiRCK4WSBPnvDxzMemwkKlCQamdp9LzREut1iuf1ad0UBAIhMGCqFhGCOuvmEVTH90m1UNB7KcPlViIc7VccaztLW3be33lBlhErL8ByRIC9Dt44c8HoSz4Y4cIqfAF1Vl7SmVefpCKFll00g",
  "payload": ""
}
2021-06-06 20:34:06,474:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13764388515 HTTP/1.1" 200 811
2021-06-06 20:34:06,475:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 06 Jun 2021 20:34:06 GMT
Content-Type: application/json
Content-Length: 811
Connection: keep-alive
Boulder-Requester: 111378874
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 01037wwNIh_z7LWvMx3158QEUZ9juLu6NS7dS_DqtxD0-eE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "doggycam.dyndns.com"
  },
  "status": "pending",
  "expires": "2021-06-13T20:34:06Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/18EXvw",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/qCyd3Q",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/8cFVKA",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    }
  ]
}
2021-06-06 20:34:06,476:DEBUG:acme.client:Storing nonce: 01037wwNIh_z7LWvMx3158QEUZ9juLu6NS7dS_DqtxD0-eE
2021-06-06 20:34:06,478:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-06-06 20:34:06,478:INFO:certbot._internal.auth_handler:http-01 challenge for doggycam.dyndns.com
2021-06-06 20:34:06,479:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2021-06-06 20:34:06,480:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2021-06-06 20:34:06,483:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38
2021-06-06 20:34:06,484:INFO:certbot._internal.auth_handler:Waiting for verification...
2021-06-06 20:34:06,485:DEBUG:acme.client:JWS payload:
b'{}'
2021-06-06 20:34:06,489:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/18EXvw:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTExMzc4ODc0IiwgIm5vbmNlIjogIjAxMDM3d3dOSWhfejdMV3ZNeDMxNThRRVVaOWp1THU2TlM3ZFNfRHF0eEQwLWVFIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xMzc2NDM4ODUxNS8xOEVYdncifQ",
  "signature": "zIJQC08iiplfqyQBvhwTrzzAOXcZuk1I1YSnteQz6bx4OYlwUF6xiD-rfskWmxbdKd_60_RpMijwIaedpe8KyRvK5dNvCocP_sUztzLu7ZY5hABju8Zu1XZI5oNwRBpEs84xGaRpdbmBDIi0lh_owCiVMjV-bU-ALiIGdErXAqwZ1AvEzQ-uVCIpwiVMSolh1qXwsdHSrq2P9UtUlPcIW0QaRbSy41dotArXzwEPvYCkAdPGgfqiCxC5YDHfHtQwoL0HfnOII8mU_KW3PGLQwg4xux6MghM2lRgQh58795OJDmt_ySPZNtYop--tgRTSVAJwSYOka7MH9amtRHlllA",
  "payload": "e30"
}
2021-06-06 20:34:06,646:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/13764388515/18EXvw HTTP/1.1" 200 186
2021-06-06 20:34:06,647:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 06 Jun 2021 20:34:06 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 111378874
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/13764388515>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/18EXvw
Replay-Nonce: 0104DWu08kOA0WkMutc-fdUIjy5qEVrxHcg5WW5FN49eMgQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/18EXvw",
  "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
}
2021-06-06 20:34:06,647:DEBUG:acme.client:Storing nonce: 0104DWu08kOA0WkMutc-fdUIjy5qEVrxHcg5WW5FN49eMgQ
2021-06-06 20:34:07,650:DEBUG:acme.client:JWS payload:
b''
2021-06-06 20:34:07,654:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/13764388515:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTExMzc4ODc0IiwgIm5vbmNlIjogIjAxMDREV3UwOGtPQTBXa011dGMtZmRVSWp5NXFFVnJ4SGNnNVdXNUZONDllTWdRIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzc2NDM4ODUxNSJ9",
  "signature": "KXostv_Yt9oku4HW9XEAh7wFhwtYjHMFFNpMFCyHfxBjBUhQHFnEavK1zR6JvzAqzO22VW3DQ5kSM7Oll54fPTbyqhlBdkb1VJBOHnFvU6alAaWjB0wyd_lfK6McHXEN9MVCV2H28w3l7gpM52bWo6L9ZrVjauXq9zGACPt-G4Av0uDr-uw1SEmOGLhDXNEm2Ywl0e_HpooVHi3DNP-3iiKL26zwmii4Vo12f8m9t4vwIgqHTbf3eV46zRHypN0_zvhkyZbDSx1Blz-O_BWW4ykUnOoxF9talr6nF8JVsdZyLXdv1_FBvDhuFgOtM_TnxigcUyujs5TRQGdTRD92mw",
  "payload": ""
}
2021-06-06 20:34:07,808:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13764388515 HTTP/1.1" 200 811
2021-06-06 20:34:07,809:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 06 Jun 2021 20:34:07 GMT
Content-Type: application/json
Content-Length: 811
Connection: keep-alive
Boulder-Requester: 111378874
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104GA1nGLEj29S9dA0fmZe8kJqhp4dGAu-xUZs9gAQnwfw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "doggycam.dyndns.com"
  },
  "status": "pending",
  "expires": "2021-06-13T20:34:06Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/18EXvw",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/qCyd3Q",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/8cFVKA",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    }
  ]
}
2021-06-06 20:34:07,810:DEBUG:acme.client:Storing nonce: 0104GA1nGLEj29S9dA0fmZe8kJqhp4dGAu-xUZs9gAQnwfw
2021-06-06 20:34:10,815:DEBUG:acme.client:JWS payload:
b''
2021-06-06 20:34:10,819:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/13764388515:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTExMzc4ODc0IiwgIm5vbmNlIjogIjAxMDRHQTFuR0xFajI5UzlkQTBmbVplOGtKcWhwNGRHQXUteFVaczlnQVFud2Z3IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzc2NDM4ODUxNSJ9",
  "signature": "hB3qFtUCF_bZxsA-8EucJeeRHbClxuzwd4OBK-T_-1MCtDdy8uVxJcqZqLUwZ8JCUFMHLCLfxfB-F3c5W1p_XyqoJ4EVuVAv8HM00v08OdNut0j4G0ZybuYj9mGJOARGO_aa4Unm24xR2pNAU4dlkHsQP2V1B2OsEyCs15s5cuoT9RY4AJHq8GDjARKs1IIOB2X0w7R8oXh0BFum8cF0c2_HGs70ufO60vXaD5LutKqfGp_mjNaRofxQncRyUVqubITajh0vue5xCjjJfJGe3DPsZ7xzbefRdNm_i_GkTJR1x2yYAytfbR97o8jBMzkrYtH7kHTdNvMfKs_rtoiOZA",
  "payload": ""
}
2021-06-06 20:34:10,973:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13764388515 HTTP/1.1" 200 811
2021-06-06 20:34:10,974:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 06 Jun 2021 20:34:10 GMT
Content-Type: application/json
Content-Length: 811
Connection: keep-alive
Boulder-Requester: 111378874
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103aXlrAdYBAFD7Rz3kFXXEHA3CY8KshVBPP_z2MXng9KU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "doggycam.dyndns.com"
  },
  "status": "pending",
  "expires": "2021-06-13T20:34:06Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/18EXvw",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/qCyd3Q",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/8cFVKA",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    }
  ]
}
2021-06-06 20:34:10,975:DEBUG:acme.client:Storing nonce: 0103aXlrAdYBAFD7Rz3kFXXEHA3CY8KshVBPP_z2MXng9KU
2021-06-06 20:34:13,980:DEBUG:acme.client:JWS payload:
b''
2021-06-06 20:34:13,985:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/13764388515:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTExMzc4ODc0IiwgIm5vbmNlIjogIjAxMDNhWGxyQWRZQkFGRDdSejNrRlhYRUhBM0NZOEtzaFZCUFBfejJNWG5nOUtVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzc2NDM4ODUxNSJ9",
  "signature": "X1_fXj5VRdT5PgO9OSrgYaxJQ-m7R_aAWheW6GzB5Qu3R7t7bjCWBs8lKqVs0EbDAJqgm3JrcBB324Vuas6-sLWgHuzcJ7PHLI0KyLfbCGYNDI39cPc92MdO4lUz909YiG8M944r-KKbSns4aGz7lN2lNdFYm6ZzRng6Re0NiYaJObS96x1WlPD6R8GkGr4W9YsLUUpX7Q8XoeqF4EprFneLcmiMYT8MN5XrnttNUReZkPkxZDchAbsnFILFQTn12boLSvIM705LvGlgl9BqKjc6VTrvUSCKlrVbAWPtephn2t0gweWJIdxBqx0TA-WIXaqD362dnCy1XyV0QLlZxw",
  "payload": ""
}
2021-06-06 20:34:14,124:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13764388515 HTTP/1.1" 200 811
2021-06-06 20:34:14,126:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 06 Jun 2021 20:34:14 GMT
Content-Type: application/json
Content-Length: 811
Connection: keep-alive
Boulder-Requester: 111378874
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104TXb5rOiCurmDDf526EJEqx746-3B6fDKxg3EeFX3n8I
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "doggycam.dyndns.com"
  },
  "status": "pending",
  "expires": "2021-06-13T20:34:06Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/18EXvw",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/qCyd3Q",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/8cFVKA",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    }
  ]
}
2021-06-06 20:34:14,126:DEBUG:acme.client:Storing nonce: 0104TXb5rOiCurmDDf526EJEqx746-3B6fDKxg3EeFX3n8I
2021-06-06 20:34:17,131:DEBUG:acme.client:JWS payload:
b''
2021-06-06 20:34:17,135:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/13764388515:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTExMzc4ODc0IiwgIm5vbmNlIjogIjAxMDRUWGI1ck9pQ3VybUREZjUyNkVKRXF4NzQ2LTNCNmZES3hnM0VlRlgzbjhJIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzc2NDM4ODUxNSJ9",
  "signature": "Cv8CXEME-RWrYwvLsTpNu2S7_Fk3dXJ9AzUF-Tp8xJfGv9F-H5McgAAz2xhSw0Q0crbN7ioKJUzBy99UbkQUPOkXHpJZ-meImHLNAo-ZG09s06creReUlRA6a4OAsmWmd0yy443rJgcIGsBGqXqBUNBokIXdXYFs37Hv2xT6-Idqx5TycVYbgAarMJps58eeZ8A7PBsR1tdO9_9D348lbnbEmHEfiOqgWoZrkGdKg0ljPsJbEJvlK60xsoDF7Cp27w9MKrWbzHW38qYvm-lEswPRassAVK94xkZrQs58ieNEMIkkq6UTLsIYBBuVcdfHKOlXuZYxFigRuxhjxauggw",
  "payload": ""
}
2021-06-06 20:34:17,273:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13764388515 HTTP/1.1" 200 811
2021-06-06 20:34:17,275:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 06 Jun 2021 20:34:17 GMT
Content-Type: application/json
Content-Length: 811
Connection: keep-alive
Boulder-Requester: 111378874
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103bkyz8nHhotKD4yCAifL-r-uP5YBHN3BqO-EG7iqfcFk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "doggycam.dyndns.com"
  },
  "status": "pending",
  "expires": "2021-06-13T20:34:06Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/18EXvw",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/qCyd3Q",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/8cFVKA",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    }
  ]
}
2021-06-06 20:34:17,275:DEBUG:acme.client:Storing nonce: 0103bkyz8nHhotKD4yCAifL-r-uP5YBHN3BqO-EG7iqfcFk
2021-06-06 20:34:20,280:DEBUG:acme.client:JWS payload:
b''
2021-06-06 20:34:20,285:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/13764388515:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTExMzc4ODc0IiwgIm5vbmNlIjogIjAxMDNia3l6OG5IaG90S0Q0eUNBaWZMLXItdVA1WUJITjNCcU8tRUc3aXFmY0ZrIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzc2NDM4ODUxNSJ9",
  "signature": "o0XEm7wyoZGqsspIEtnwMi0YhBM4vVMgADBLB5QAW6hQS3gZe_hlRIW7_uYFHONVxztDoSb0M7XWlFNMdQONDebYffD9LY4qxj7Jujy3Nawzpx10uDJ8u9uVKhg6MXwLUC4MltNdEu6huRU-x-3oEw7FCCI29YoqU2UGColfQ9UHLAe2D3ovwIwsTBMfbyJlaXU4GisnWYsK3gEZk9JyinBpKncZxkwLwwKdPlipq4h8L5Kcg3xnbtAj73F_jGQi-HKT13ImGmmzV2RKkxXPvB4nkJr09OKmLR2XpBXVVs5k49kBTnqkXj20omYQTx_KeNdISqBKDMvOZQcyfu5pEQ",
  "payload": ""
}
2021-06-06 20:34:20,420:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13764388515 HTTP/1.1" 200 811
2021-06-06 20:34:20,422:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 06 Jun 2021 20:34:20 GMT
Content-Type: application/json
Content-Length: 811
Connection: keep-alive
Boulder-Requester: 111378874
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104chbnJeJvbZGbhDyriusvaoK1jBJHm1iG-y1g7bw6yd4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "doggycam.dyndns.com"
  },
  "status": "pending",
  "expires": "2021-06-13T20:34:06Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/18EXvw",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/qCyd3Q",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/8cFVKA",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    }
  ]
}
2021-06-06 20:34:20,422:DEBUG:acme.client:Storing nonce: 0104chbnJeJvbZGbhDyriusvaoK1jBJHm1iG-y1g7bw6yd4
2021-06-06 20:34:23,427:DEBUG:acme.client:JWS payload:
b''
2021-06-06 20:34:23,431:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/13764388515:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTExMzc4ODc0IiwgIm5vbmNlIjogIjAxMDRjaGJuSmVKdmJaR2JoRHlyaXVzdmFvSzFqQkpIbTFpRy15MWc3Ync2eWQ0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzc2NDM4ODUxNSJ9",
  "signature": "Oh7RF5J0aMXrdNYFAX1Nk5E3jlOuJDjffZdkfhnWzATaDHP_u5MaFiniXxXBljs7yLATzs8tNhOpVOp3xKeE34SxRDk5wdsIbmTuWk_6LOq-qWr9Nr3C-0DThIbwVaJ45Klw32a6-wGLmyiaIS6kPNISPy0Bg7oRtuhR6XmIDewxs7FiSfKqvnFFX6XKKeBT3tDij1mTyod-JO-NoGM3djVjT8bo6jLkPk-D46Vp8-90fPnS7Pjm4uBfzUhGNCYvdrjPYSQdLHG_rTEO_BKAOdBxzSHxVCfyhLplurMaerRJmFNWTBtP8TM18Yo3IPsZw6P8gS0sH7GfVEl1Hm3VkA",
  "payload": ""
}
2021-06-06 20:34:23,566:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13764388515 HTTP/1.1" 200 811
2021-06-06 20:34:23,567:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 06 Jun 2021 20:34:23 GMT
Content-Type: application/json
Content-Length: 811
Connection: keep-alive
Boulder-Requester: 111378874
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103LmqjLdmq84FN-SfKnlXG6AcLTzl7NGnKSPtPLJ3QbxU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "doggycam.dyndns.com"
  },
  "status": "pending",
  "expires": "2021-06-13T20:34:06Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/18EXvw",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/qCyd3Q",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/8cFVKA",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    }
  ]
}
2021-06-06 20:34:23,568:DEBUG:acme.client:Storing nonce: 0103LmqjLdmq84FN-SfKnlXG6AcLTzl7NGnKSPtPLJ3QbxU
2021-06-06 20:34:26,573:DEBUG:acme.client:JWS payload:
b''
2021-06-06 20:34:26,578:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/13764388515:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTExMzc4ODc0IiwgIm5vbmNlIjogIjAxMDNMbXFqTGRtcTg0Rk4tU2ZLbmxYRzZBY0xUemw3TkduS1NQdFBMSjNRYnhVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzc2NDM4ODUxNSJ9",
  "signature": "x_uMC7MzPe2qocelgQ7FI3PISkxTR3dWRhuMgtqp4cYZ7DNdX8k7kIC8Ny9Y5SB9AugS4vdtcFUor54OwBJuUQ-s9IV4OBWPiSwrnCjao-ImOVZKJ9PKZthZMtnbE1JDNcI6BSDPVVVx4tPK0hruEJyRbnn01qT0mnHowi1j-aeDCKBBjVDe612xR8_LYn6zQdHBATnpPYrGVSHS1UubPPkwZjWN6eQFzai-8WIs8NYTSigK2jy-8oBR4ovWwEiETQjVxAlX5jM2B9S-iYCYsJQM8N96WocSeVyFNF2Z4XCBkrgghAjb2-WtLUojgQI1G3YO_uLHDj7EgHXrmhm0ww",
  "payload": ""
}
2021-06-06 20:34:26,713:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13764388515 HTTP/1.1" 200 811
2021-06-06 20:34:26,715:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 06 Jun 2021 20:34:26 GMT
Content-Type: application/json
Content-Length: 811
Connection: keep-alive
Boulder-Requester: 111378874
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 01038lVVJ3SHP3YlsD8JaDnBkzAbdF3uZwwembg9uGNNrbE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "doggycam.dyndns.com"
  },
  "status": "pending",
  "expires": "2021-06-13T20:34:06Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/18EXvw",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/qCyd3Q",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/8cFVKA",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    }
  ]
}
2021-06-06 20:34:26,715:DEBUG:acme.client:Storing nonce: 01038lVVJ3SHP3YlsD8JaDnBkzAbdF3uZwwembg9uGNNrbE
2021-06-06 20:34:29,720:DEBUG:acme.client:JWS payload:
b''
2021-06-06 20:34:29,725:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/13764388515:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTExMzc4ODc0IiwgIm5vbmNlIjogIjAxMDM4bFZWSjNTSFAzWWxzRDhKYURuQmt6QWJkRjN1Wnd3ZW1iZzl1R05OcmJFIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzc2NDM4ODUxNSJ9",
  "signature": "KQoN6awslzIqmHKeU9SyMNP19tP7Zp6hHmuAI67Geu8CQl9NMpWYGairaFclXXoUDgrVk0hVn_D3bfOhaqrtCspK9odnrFsVB_f7R_QRQ09b3Z2EDGuhgvchbDdMKX5RhaPPrxmZ0BrPLIyCe9vsNMLOAGNgWIJEeCBXEmJ-iKYQVL1J22zeOZfvoS-6eWs28TLnZNunH48QsBcgp_B-9eJ0-SC9rN8TaHcHFHzzpYBbjQuZaajj0nIFGpf4M3nYWc4eeYMuwoMFlwfYnPqQN6QkG577Oa8CJ14IHG9LojJFgsIj6X8m1DS4M4GDaIxjtxuL34GUwo9jsFjBZL29dA",
  "payload": ""
}
2021-06-06 20:34:29,861:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13764388515 HTTP/1.1" 200 811
2021-06-06 20:34:29,862:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 06 Jun 2021 20:34:29 GMT
Content-Type: application/json
Content-Length: 811
Connection: keep-alive
Boulder-Requester: 111378874
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 01038UwgdYFhYpK_NwYkaoYC45dqzI6ZAe29xvR3l4iIq88
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "doggycam.dyndns.com"
  },
  "status": "pending",
  "expires": "2021-06-13T20:34:06Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/18EXvw",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/qCyd3Q",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/8cFVKA",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    }
  ]
}
2021-06-06 20:34:29,863:DEBUG:acme.client:Storing nonce: 01038UwgdYFhYpK_NwYkaoYC45dqzI6ZAe29xvR3l4iIq88
2021-06-06 20:34:32,868:DEBUG:acme.client:JWS payload:
b''
2021-06-06 20:34:32,873:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/13764388515:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTExMzc4ODc0IiwgIm5vbmNlIjogIjAxMDM4VXdnZFlGaFlwS19Od1lrYW9ZQzQ1ZHF6STZaQWUyOXh2UjNsNGlJcTg4IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzc2NDM4ODUxNSJ9",
  "signature": "hRTCyUYYPS4vtERnBPntGa3qYTYHgORDoFn-ECZ5nJSxziK0pXkEPYH-a9FXG3GQXb6WIpGhcLVW383wx4DXJtLclbuel6NuiwdFmGRKGRGN8qcSySRDyblrVAmNEZAhYYtd_7Jhh1DR1yhfeMDHh4FNpo-yd4F7iMWDhPS168KC5eRkk-yuSCDE_NOUr-O0r1vOCltQ1Y_qUueeb_KJNO0A65jabjStlqieMt-TiWXCwWNRAyNf-Fa3iiiwpgFTxTZvL59VfqIJ20WTE-n7CLTDWOaGRRZrrpkoUQ2a_wgxosB0OArC6pL2iXTjEPA--kBL0-U9r-oil18sZHBGSg",
  "payload": ""
}
2021-06-06 20:34:33,009:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13764388515 HTTP/1.1" 200 811
2021-06-06 20:34:33,010:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 06 Jun 2021 20:34:32 GMT
Content-Type: application/json
Content-Length: 811
Connection: keep-alive
Boulder-Requester: 111378874
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103Z72fDCYLKpmaUP-sprxYYBJp_rvQXUuA_3p74FrBUEo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "doggycam.dyndns.com"
  },
  "status": "pending",
  "expires": "2021-06-13T20:34:06Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/18EXvw",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/qCyd3Q",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/8cFVKA",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    }
  ]
}
2021-06-06 20:34:33,011:DEBUG:acme.client:Storing nonce: 0103Z72fDCYLKpmaUP-sprxYYBJp_rvQXUuA_3p74FrBUEo
2021-06-06 20:34:36,015:DEBUG:acme.client:JWS payload:
b''
2021-06-06 20:34:36,020:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/13764388515:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTExMzc4ODc0IiwgIm5vbmNlIjogIjAxMDNaNzJmRENZTEtwbWFVUC1zcHJ4WVlCSnBfcnZRWFV1QV8zcDc0RnJCVUVvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzc2NDM4ODUxNSJ9",
  "signature": "qX6lLS9XNlquyrvL3s7KvwcDVq2j6FYhmOqDoru7SgL-1mJDQ0MZq85d91QQg-JYFDo9IBmfNRJmBO2adrkYwLZzhzlQiz97VwLvpcHs9dg6pKGcREU0S4QLoQaxgroLZviOgGTNM85jK6Tp2D1hSu0DaWBj4SYsjwLDLPfFBDrqc6nLoMYizuQkkV5awIGXT1sdGD0zj5gfuTsFip_syljYaucqjDu_bHG2Z2KHTnKISRX3ihAbYAChyyuzIaolb0RSfv0A6zIhuECN9J4UuX-OiLkei6RUZ76Ls1OmzE1LkuFMLaPfNH258kvOauEq84G2OvEIcLZfKAaNpyEjyg",
  "payload": ""
}
2021-06-06 20:34:36,155:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13764388515 HTTP/1.1" 200 811
2021-06-06 20:34:36,156:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 06 Jun 2021 20:34:36 GMT
Content-Type: application/json
Content-Length: 811
Connection: keep-alive
Boulder-Requester: 111378874
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103xrYQC3QfGgzR1AZlZEFLtAmGFwF01rgzYe4v9a7Sr8I
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "doggycam.dyndns.com"
  },
  "status": "pending",
  "expires": "2021-06-13T20:34:06Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/18EXvw",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/qCyd3Q",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/8cFVKA",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38"
    }
  ]
}
2021-06-06 20:34:36,157:DEBUG:acme.client:Storing nonce: 0103xrYQC3QfGgzR1AZlZEFLtAmGFwF01rgzYe4v9a7Sr8I
2021-06-06 20:34:39,161:DEBUG:acme.client:JWS payload:
b''
2021-06-06 20:34:39,166:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/13764388515:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTExMzc4ODc0IiwgIm5vbmNlIjogIjAxMDN4cllRQzNRZkdnelIxQVpsWkVGTHRBbUdGd0YwMXJnelllNHY5YTdTcjhJIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzc2NDM4ODUxNSJ9",
  "signature": "WhAc-2wc-0oxJO3J_KuQOkdLpomi4haBvqKMgG0YGySHl8ILMtmT58rpFLIdp8E-_NIcfUQ2DfK_n9NBPS08faTS3peyRsKJHktTESqfuk-06fAJNjVTXlRMEM4-KWKLo0yBaD4Fqs6oCeQP8PwnpOT_9yg2Dedma-Touv0WAzv4BI5CCnZZoeuCcD8yH205u9hOby1J0hze_50I4Yfx49jqYbKsTSSBEIWp3H5p2B9ssUWOIK0lo7mufenB7G9v29ypSjCwDf9-kE6qjGBTavCwUUaKCWM3g-kFSrdDlXJIFDqCVIq96Eg-_eao82_5b1CJdknSic_ip7PVjSwlxw",
  "payload": ""
}
2021-06-06 20:34:39,302:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13764388515 HTTP/1.1" 200 623
2021-06-06 20:34:39,303:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 06 Jun 2021 20:34:39 GMT
Content-Type: application/json
Content-Length: 623
Connection: keep-alive
Boulder-Requester: 111378874
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0103xwGFIwbjfjoNPwd33cneFBacPg4sEbjR3Yi41frLBU8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "doggycam.dyndns.com"
  },
  "status": "invalid",
  "expires": "2021-06-13T20:34:06Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "DNS problem: query timed out looking up A for doggycam.dyndns.com",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13764388515/18EXvw",
      "token": "sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38",
      "validated": "2021-06-06T20:34:06Z"
    }
  ]
}
2021-06-06 20:34:39,304:DEBUG:acme.client:Storing nonce: 0103xwGFIwbjfjoNPwd33cneFBacPg4sEbjR3Yi41frLBU8
2021-06-06 20:34:39,305:WARNING:certbot._internal.auth_handler:Challenge failed for domain doggycam.dyndns.com
2021-06-06 20:34:39,305:INFO:certbot._internal.auth_handler:http-01 challenge for doggycam.dyndns.com
2021-06-06 20:34:39,306:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:

Domain: doggycam.dyndns.com
Type:   dns
Detail: DNS problem: query timed out looking up A for doggycam.dyndns.com
2021-06-06 20:34:39,307:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 179, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2021-06-06 20:34:39,307:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-06-06 20:34:39,308:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-06-06 20:34:39,308:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/sQNmgi6wGO4gL4KhkdfGEZ9hpic-qq0MmkFnNQG0n38
2021-06-06 20:34:39,309:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2021-06-06 20:34:39,310:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/usr/lib/python3.8/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1435, in main
    return config.func(config, plugins)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1304, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 140, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 444, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 424, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 179, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-06-06 20:34:39,313:ERROR:certbot._internal.log:Some challenges have failed.
stavros-k commented 3 years ago

Re-created container, from NPM i didn't got any errors, and docker logs show

The following certificates are not due for renewal yet:
/etc/letsencrypt/live/npm-94/fullchain.pem expires on 2021-08-13 (skipped)
No renewals were attempted`

So i guess it parses ok. But i can confirm 100% once i have a cert that needs renewal

Even automatic renewals have failed. After installing via pip, and restarting docker, automatic still failed.

[6/21/2021] [6:15:38 PM] [SSL ] › ✖ error Error: Command failed: /opt/certbot/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation

Challenge failed for domain collabora.domain.me

Failed to renew certificate npm-76 with error: Some challenges have failed.

Challenge failed for domain cctv.domain.me

Failed to renew certificate npm-87 with error: Some challenges have failed.

Challenge failed for domain test.domain.me

Failed to renew certificate npm-89 with error: Some challenges have failed.

Challenge failed for domain vpn.domain.me

Failed to renew certificate npm-91 with error: Some challenges have failed.

The following renewals failed:

/etc/letsencrypt/live/npm-76/fullchain.pem (failure)
/etc/letsencrypt/live/npm-87/fullchain.pem (failure)
/etc/letsencrypt/live/npm-89/fullchain.pem (failure)
/etc/letsencrypt/live/npm-91/fullchain.pem (failure)
4 renew failure(s), 0 parse failure(s)

at ChildProcess.exithandler (child_process.js:308:12)
at ChildProcess.emit (events.js:314:20)
at maybeClose (internal/child_process.js:1022:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)

after pip with certbot renew it works.

StevenJonSmith commented 3 years ago

Tried the pip certbot install and still getting an error, all be it a different one regarding permissions to write to the log.

Error: Command failed: /opt/certbot/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-24" --agree-tos --email "email@me.com" --preferred-challenges "dns,http" --domains "doggycam.dyndns.com" 
The following error was encountered:
[Errno 13] Permission denied: '/var/log/letsencrypt/letsencrypt.log'
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.

    at ChildProcess.exithandler (child_process.js:308:12)
    at ChildProcess.emit (events.js:314:20)
    at maybeClose (internal/child_process.js:1022:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)

EDIT: I restarted the docker container and it could write to the log file again, I got the same output as I have previously posted.

jlesage commented 3 years ago

@StevenJonSmith, are you sure your DNS name is properly configured ? This is what I see in the logs:

Detail: DNS problem: query timed out looking up A for doggycam.dyndns.com
jlesage commented 3 years ago

@stavros-k, do you have the logs when the automatic renew attempted by NPM was done ?

stavros-k commented 3 years ago

@stavros-k, do you have the logs when the automatic renew attempted by NPM was done ?

Docker logs is what i posted above, if you need logs from the container itself, which logs are you interested into? If they are not auto deleted, I should have them

jlesage commented 3 years ago

Sorry, I was talking about /var/log/letsencrypt/letsencrypt.log in the container. The file is rotated, so yes you should still have it.

stavros-k commented 3 years ago

Relevant errors: 

2021-06-21 12:24:52,243:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2021-06-21 12:24:52,243:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/npm-75/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-76/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-87/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-89/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-91/fullchain.pem (failure)
2021-06-21 12:24:52,243:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-06-21 12:24:52,243:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/usr/lib/python3.8/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1435, in main
    return config.func(config, plugins)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1328, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 506, in handle_renewal_request
    raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format(
certbot.errors.Error: 5 renew failure(s), 0 parse failure(s)
2021-06-21 12:24:52,244:ERROR:certbot._internal.log:5 renew failure(s), 0 parse failure(s)

The following error might not be much relevant anyway.

Domain: collabora.DOMAIN.me
Type:   connection
Detail: Fetching http://collabora.DOMAIN.me/.well-known/acme-challenge/7yITh-dAFelimmfYj_awGx2mTZ4n08Wv43K4YjS5k3E: Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2021-06-21 11:25:22,794:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 179, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2021-06-21 11:25:22,794:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-06-21 11:25:22,795:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-06-21 11:25:22,795:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/7yITh-dAFelimmfYj_awGx2mTZ4n08Wv43K4YjS5k3E
2021-06-21 11:25:22,796:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2021-06-21 11:25:22,797:ERROR:certbot._internal.renewal:Failed to renew certificate npm-76 with error: Some challenges have failed.
2021-06-21 11:25:22,797:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 481, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1245, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 129, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 341, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 424, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 179, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

The log files either they would have NO tracebacks, or they would have both of the above. With the 1st only appear on the end of the file once, and the 2nd many times in the file.

jlesage commented 3 years ago

Detail: Fetching http://collabora.DOMAIN.me/.well-known/acme-challenge/7yITh-dAFelimmfYj_awGx2mTZ4n08Wv43K4YjS5k3E: Timeout during connect (likely firewall problem)

Are the failed certificates associated to a DNS provider ?

stavros-k commented 3 years ago

Yes, all are with cloudflare dns

jlesage commented 3 years ago

Then I'm not sure that we are looking at the right thing. The provided logs are showing that HTTP challenge has failed...

stavros-k commented 3 years ago

Yea, that puzzled me too, i have NO http challenges defined. And all works after installing the certbot-dns-cloudflare package. I don't "really" because it's only 1 time per 3 months.