search

virtualmin / virtualmin-gpl

Virtualmin web hosting control panel for Webmin
https://www.virtualmin.com
GNU General Public License v3.0
313 stars 97 forks source link

Server Transfer - Wildcard SSL Problem #418

Open unsalkorkmaz opened 2 years ago

unsalkorkmaz commented 2 years ago

changed domain name to example.com only.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for example.com
dns-01 challenge for example.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. example.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up TXT for _acme-challenge.example.com - the domain's nameservers may be malfunctioning, example.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up TXT for _acme-challenge.example.com - the domain's nameservers may be malfunctioning
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: example.com
   Type:   None
   Detail: DNS problem: SERVFAIL looking up TXT for
   _acme-challenge.example.com - the domain's nameservers may be
   malfunctioning

   Domain: example.com
   Type:   None
   Detail: DNS problem: SERVFAIL looking up TXT for
   _acme-challenge.example.com - the domain's nameservers may be
   malfunctioning

letsencrypt.log:

2022-07-15 21:25:11,918:DEBUG:certbot.main:certbot version: 0.31.0
2022-07-15 21:25:11,919:DEBUG:certbot.main:Arguments: ['--manual', '-d', 'example.com', '-d', '*.example.com', '--preferred-challenges=dns', '--manual-auth-hook', '/etc/webmin/webmin/letsencrypt-dns.pl', '--manual-cleanup-hook', '/etc/webmin/webmin/letsencrypt-cleanup.pl', '--duplicate', '--force-renewal', '--manual-public-ip-logging-ok', '--non-interactive', '--agree-tos', '--config', '/tmp/.webmin/518347_7463_2_letsencrypt.cgi', '--rsa-key-size', '2048', '--cert-name', 'example.com']
2022-07-15 21:25:11,919:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-07-15 21:25:11,923:DEBUG:certbot.log:Root logging level set at 20
2022-07-15 21:25:11,923:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2022-07-15 21:25:11,924:DEBUG:certbot.plugins.selection:Requested authenticator manual and installer None
2022-07-15 21:25:11,924:DEBUG:certbot.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: IAuthenticator, IPlugin
Entry point: manual = certbot.plugins.manual:Authenticator
Initialized: <certbot.plugins.manual.Authenticator object at 0x7fcdea936d30>
Prep: True
2022-07-15 21:25:11,924:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.manual.Authenticator object at 0x7fcdea936d30> and installer None
2022-07-15 21:25:11,924:INFO:certbot.plugins.selection:Plugins selected: Authenticator manual, Installer None
2022-07-15 21:25:11,926:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/632979756', new_authzr_uri=None, terms_of_service=None), e5052d0161d7b134761a14982ce887e8, Meta(creation_dt=datetime.datetime(2022, 7, 15, 16, 13, 35, tzinfo=<UTC>), creation_host='ns1.kork.dev'))>
2022-07-15 21:25:11,926:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-07-15 21:25:11,927:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-07-15 21:25:13,401:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2022-07-15 21:25:13,402:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 15 Jul 2022 18:25:13 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "S2Df6icdzhY": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2022-07-15 21:25:13,402:INFO:certbot.main:Obtaining a new certificate
2022-07-15 21:25:13,485:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0013_key-certbot.pem
2022-07-15 21:25:13,486:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0013_csr-certbot.pem
2022-07-15 21:25:13,486:DEBUG:acme.client:Requesting fresh nonce
2022-07-15 21:25:13,486:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2022-07-15 21:25:13,649:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-07-15 21:25:13,650:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 15 Jul 2022 18:25:13 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 01024vePUiGladlgXwNknKqJCFBZf-TrGaPV49VHzAmzyow
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2022-07-15 21:25:13,650:DEBUG:acme.client:Storing nonce: 01024vePUiGladlgXwNknKqJCFBZf-TrGaPV49VHzAmzyow
2022-07-15 21:25:13,651:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "example.com"\n    },\n    {\n      "type": "dns",\n      "value": "*.example.com"\n    }\n  ]\n}'
2022-07-15 21:25:13,654:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjMyOTc5NzU2IiwgIm5vbmNlIjogIjAxMDI0dmVQVWlHbGFkbGdYd05rbktxSkNGQlpmLVRyR2FQVjQ5Vkh6QW16eW93IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "WKXxn8da5Qc9UjTfisRHTvEmNAOHU98i3-Hp-dbX3JYguZC1tJrBBgjGlACZ_zVm8VmoCoa3obFoc_ZzEVhOMtdj0PFwWP4bAzG4Gc9CjkFA-Ly-fLD6-pwTIYmsHwHcErnn3nK7GPo5_KWq3HkJXvCd_gRDUhtTQH2J4_eKEKFtdHVqWqgUGj7FOcFgH5dlDdBwz7BOgZH1s43TmNBUcaxOUBWAVZEDOqyPHnuPEARtyyO4nP2tTOalhc0BmSG95xgqq3XmUiVyAsn_1GFkQ_DpUzY5IEpk0-wFPtzMcJZRLIKVa0F38F3igeRQjMsiBvgbgj9PufN_pif2cy5mRQ",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInllcmxlc2tlLm5ldCIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICIqLnllcmxlc2tlLm5ldCIKICAgIH0KICBdCn0"
}
2022-07-15 21:25:14,143:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 474
2022-07-15 21:25:14,143:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 15 Jul 2022 18:25:14 GMT
Content-Type: application/json
Content-Length: 474
Connection: keep-alive
Boulder-Requester: 632979756
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/632979756/107058292446
Replay-Nonce: 01020ZeprLajDRsnJAeHqVZrKbD_dNvDrigSNQScMCHWvaY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2022-07-22T18:25:13Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.example.com"
    },
    {
      "type": "dns",
      "value": "example.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/130905334506",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/130905334516"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/632979756/107058292446"
}
2022-07-15 21:25:14,143:DEBUG:acme.client:Storing nonce: 01020ZeprLajDRsnJAeHqVZrKbD_dNvDrigSNQScMCHWvaY
2022-07-15 21:25:14,144:DEBUG:acme.client:JWS payload:
b''
2022-07-15 21:25:14,144:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/130905334506:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjMyOTc5NzU2IiwgIm5vbmNlIjogIjAxMDIwWmVwckxhakRSc25KQWVIcVZacktiRF9kTnZEcmlnU05RU2NNQ0hXdmFZIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzA5MDUzMzQ1MDYifQ",
  "signature": "WYjjonTXX2LxlFyfZNK2rDI5BS4B9apbY6XN0UKjsj9Z92aRFXBnVV5XA62H41U7paoqkamQhK7in7weQRbO6uRJ2AhN1TIDYaGtQn-9GUPh7dm0cJGVK2bAPL-Ejwz31dRz4POBz9ZTTMNg4H1m7JA4F5nrYLeWTr8IsFEd6Hr1TngrFtDrnOLuvZdWOFD126v2taR67SgNSUJD65poWIHyyRDrmvPfPZ2NBqA_JGHdv9vJ2b76mpX33dxqg1CEH2L44PyNk4rTLJ9oI0R0O-kjVbPQRZaBvAJOscrGnVvNLRrKHblsyn6L_yg5kM7gmyvkcetENR_7zqe2a5oZjw",
  "payload": ""
}
2022-07-15 21:25:14,340:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/130905334506 HTTP/1.1" 200 386
2022-07-15 21:25:14,341:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 15 Jul 2022 18:25:14 GMT
Content-Type: application/json
Content-Length: 386
Connection: keep-alive
Boulder-Requester: 632979756
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102qx8dpcdiuv8OmyD_R4Pgb-VteiNS4JzjTY1FRUJIiX8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "example.com"
  },
  "status": "pending",
  "expires": "2022-07-22T18:25:13Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/130905334506/4z1K6g",
      "token": "OBFxkrfpuJAcBsQGPjkU7G2GYL8ToTWY93-EZRbZ3JA"
    }
  ],
  "wildcard": true
}
2022-07-15 21:25:14,341:DEBUG:acme.client:Storing nonce: 0102qx8dpcdiuv8OmyD_R4Pgb-VteiNS4JzjTY1FRUJIiX8
2022-07-15 21:25:14,342:DEBUG:acme.client:JWS payload:
b''
2022-07-15 21:25:14,345:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/130905334516:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjMyOTc5NzU2IiwgIm5vbmNlIjogIjAxMDJxeDhkcGNkaXV2OE9teURfUjRQZ2ItVnRlaU5TNEp6alRZMUZSVUpJaVg4IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzA5MDUzMzQ1MTYifQ",
  "signature": "sTqoII0lIoAhTB6C_StvOoXxMaXSCyDVzc9VvnRBRP4pN7iVsWKAiWgM26KV2DzpBSrzXu5Bj8l4fgbPJG4LOg7PSNQuPfnrTFDFLHgqHkEYrCCzGFZdjzrn1t3EUiSO-Wyh8gXfBX31jjleMMSGDh-kcDZX1bAeZVuVss9QE9W5eIdsrJJKgHTfEQHvqIIrI_vEXwl-8L53GZDedtAsUTTcxKRlmVlquFnXfbQ0Zu2jz6Si6DFaosvetRzNOzqdMNedxJLIxNLQR6C0SkC_oLDzd1gTsXpUoTzF9hnfiXRRicOXo6qALb5iBaDJop6BAgL5ecKlUdOABCufnUVs_A",
  "payload": ""
}
2022-07-15 21:25:14,540:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/130905334516 HTTP/1.1" 200 796
2022-07-15 21:25:14,540:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 15 Jul 2022 18:25:14 GMT
Content-Type: application/json
Content-Length: 796
Connection: keep-alive
Boulder-Requester: 632979756
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101h1zoSgWqmPawsvm_D2J7L-B3pwRk4jftAlWZjED9y8g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "example.com"
  },
  "status": "pending",
  "expires": "2022-07-22T18:25:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/130905334516/sNh6CA",
      "token": "H_13Isu0lIuMleR0gjpnDx-QMOxXEoj40p1Us6wEjZ4"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/130905334516/sFlueQ",
      "token": "H_13Isu0lIuMleR0gjpnDx-QMOxXEoj40p1Us6wEjZ4"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/130905334516/3r8STA",
      "token": "H_13Isu0lIuMleR0gjpnDx-QMOxXEoj40p1Us6wEjZ4"
    }
  ]
}
2022-07-15 21:25:14,540:DEBUG:acme.client:Storing nonce: 0101h1zoSgWqmPawsvm_D2J7L-B3pwRk4jftAlWZjED9y8g
2022-07-15 21:25:14,540:INFO:certbot.auth_handler:Performing the following challenges:
2022-07-15 21:25:14,540:INFO:certbot.auth_handler:dns-01 challenge for example.com
2022-07-15 21:25:14,540:INFO:certbot.auth_handler:dns-01 challenge for example.com
2022-07-15 21:25:37,578:INFO:certbot.auth_handler:Waiting for verification...
2022-07-15 21:25:37,579:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "challenge",\n  "type": "dns-01"\n}'
2022-07-15 21:25:37,580:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/130905334506/4z1K6g:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjMyOTc5NzU2IiwgIm5vbmNlIjogIjAxMDFoMXpvU2dXcW1QYXdzdm1fRDJKN0wtQjNwd1JrNGpmdEFsV1pqRUQ5eThnIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xMzA5MDUzMzQ1MDYvNHoxSzZnIn0",
  "signature": "pEZzbI1J7x7hM0u9TU2qNHblN_-XPOAGvjBrm3m3jTXDIJ_XdQRgM3BHr0WxlS7QCd_PFwTvdjVwdgAKhF_Z6lcp_9BhSEKfLjoR6L9hArV0ILF_h1-aSSSzFTOEzeGKGFt5kSLoZ62OqE4hETVlh2TJkudFm8Z6d1E9DHFeK5RUp_3V9ydukwAshFAsoMUYEHQbqkHND3pPz5Q3pBK15GoHh7lZqqIz4xAu_tEKdq9Yw6MEaSdcRVq9OIgipbUyEimmcqUDjDOqKF31dhlrfFi3rLKAVePtHPa6womkYrkjMrGM5JMF2vXFqHEM0CsI_vaz4YqzvqUTqwLXj4mR5w",
  "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImRucy0wMSIKfQ"
}
2022-07-15 21:25:37,790:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/130905334506/4z1K6g HTTP/1.1" 200 186
2022-07-15 21:25:37,790:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 15 Jul 2022 18:25:37 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 632979756
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/130905334506>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/130905334506/4z1K6g
Replay-Nonce: 0101hEEF8XxcuoOyNxl-PQRQmYbFcS_YU4r7Y_8cpdoPSJg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/130905334506/4z1K6g",
  "token": "OBFxkrfpuJAcBsQGPjkU7G2GYL8ToTWY93-EZRbZ3JA"
}
2022-07-15 21:25:37,790:DEBUG:acme.client:Storing nonce: 0101hEEF8XxcuoOyNxl-PQRQmYbFcS_YU4r7Y_8cpdoPSJg
2022-07-15 21:25:37,790:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "challenge",\n  "type": "dns-01"\n}'
2022-07-15 21:25:37,791:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/130905334516/sFlueQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjMyOTc5NzU2IiwgIm5vbmNlIjogIjAxMDFoRUVGOFh4Y3VvT3lOeGwtUFFSUW1ZYkZjU19ZVTRyN1lfOGNwZG9QU0pnIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xMzA5MDUzMzQ1MTYvc0ZsdWVRIn0",
  "signature": "pYiZMdlZbam5DaLOkiv3FdSbK5EUAhs2D72bmzp_jed9-qulPt5BNMi-8BGwr8Oi9CRq-ZhPFqLRIV8zhn60CpWHO_m2EQkTpIQm70OoLS__dTTvBdH8M4eAtU1mdZmgUQRAWyoCQAULSJkijS5A4hGCpqBack8zrU5aSGIfDQJvGbvy3HOkkCJcVlpzqS-AwR0LzriJC0YVJ8QsuSHbx5GdLlL87lToU0HtCLpQnyk5gvxGsWwO3DktQTgsG7mMqmRoxVAfEUHm4KHokScdgyGzTSFdBHLdWaoTfsdarKW_ldAu2nH79xw3GWU3qzUBioeSGtgiw69axNiQG_oCuw",
  "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImRucy0wMSIKfQ"
}
2022-07-15 21:25:37,999:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/130905334516/sFlueQ HTTP/1.1" 200 186
2022-07-15 21:25:38,000:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 15 Jul 2022 18:25:37 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 632979756
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/130905334516>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/130905334516/sFlueQ
Replay-Nonce: 0101690M6SCv3Rpiok21mybPH4jN741caIo8bJovJpH5IyE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/130905334516/sFlueQ",
  "token": "H_13Isu0lIuMleR0gjpnDx-QMOxXEoj40p1Us6wEjZ4"
}
2022-07-15 21:25:38,000:DEBUG:acme.client:Storing nonce: 0101690M6SCv3Rpiok21mybPH4jN741caIo8bJovJpH5IyE
2022-07-15 21:25:41,004:DEBUG:acme.client:JWS payload:
b''
2022-07-15 21:25:41,005:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/130905334506:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjMyOTc5NzU2IiwgIm5vbmNlIjogIjAxMDE2OTBNNlNDdjNScGlvazIxbXliUEg0ak43NDFjYUlvOGJKb3ZKcEg1SXlFIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzA5MDUzMzQ1MDYifQ",
  "signature": "ZbYfsJKZrziz9W3jVs95J9Zu1d8fdjEPkdPj9w3I3S_beEanDvmtqWje8sUqiR4gPbkopgcfTg8yMe5pIbKykLaP4ltxkkm_eOEAW211Od2ReBL1jo6JCBhpbv3XWhYTk4os0j7EKUhEjxOFcqvgQVJ8B8pIjh7YAE-vdAF_qfR3KQDaD2wa8YlpRolb6WasLk4wy50zNpMWmeXc3cWhAMzptA3HuewUL-yN8RTHX0_hK7lczDnC7liHMlzimBxbMilKiSwyvnIP9PtEEBUC8EmZwp6YDJbP6T9i1e7UVtWzihrdhrAHBXgfpDKCzXh6iUwYOia1TEBkR9X4egkxZA",
  "payload": ""
}
2022-07-15 21:25:41,187:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/130905334506 HTTP/1.1" 200 386
2022-07-15 21:25:41,187:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 15 Jul 2022 18:25:41 GMT
Content-Type: application/json
Content-Length: 386
Connection: keep-alive
Boulder-Requester: 632979756
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102T_ZekhYWYbLt1QAb5MAPRiUMlaXuAA7gTYCQp99LVNI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "example.com"
  },
  "status": "pending",
  "expires": "2022-07-22T18:25:13Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/130905334506/4z1K6g",
      "token": "OBFxkrfpuJAcBsQGPjkU7G2GYL8ToTWY93-EZRbZ3JA"
    }
  ],
  "wildcard": true
}
2022-07-15 21:25:41,187:DEBUG:acme.client:Storing nonce: 0102T_ZekhYWYbLt1QAb5MAPRiUMlaXuAA7gTYCQp99LVNI
2022-07-15 21:25:41,188:DEBUG:acme.client:JWS payload:
b''
2022-07-15 21:25:41,189:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/130905334516:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjMyOTc5NzU2IiwgIm5vbmNlIjogIjAxMDJUX1pla2hZV1liTHQxUUFiNU1BUFJpVU1sYVh1QUE3Z1RZQ1FwOTlMVk5JIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzA5MDUzMzQ1MTYifQ",
  "signature": "ipcTypXgDc2JPv9Eq9BEUTkYTTz2HaStamKzsj4Y2PCVd-XN5cPGZiZei3s2EFEi4DYzDeoTXQSj9_JlFPnm4DWztCVSJNLICE7rJdEVcxD6NQgg-7yd90oMx4a9WUboJWt6dFbR9PN5uZzfa6x8hjOENVAxC6-U0SkaQT6zsfCBc3Zv_hYIPID1H7ki2xdq1RJ-GKXLjDAA6DlXC07FesqpXu3MQNoMxEnBYuo5qTO8ZB_WTkOCRzADP3Cl5YCwYfwcUJMgjOy6MVPwFglFmehkUnSeb_9kKKTIqAVpjcSmlmlRw6AxW5CIvG9IVmfje9xPwuKv31p0AtXRBQ4SaA",
  "payload": ""
}
2022-07-15 21:25:41,366:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/130905334516 HTTP/1.1" 200 796
2022-07-15 21:25:41,367:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 15 Jul 2022 18:25:41 GMT
Content-Type: application/json
Content-Length: 796
Connection: keep-alive
Boulder-Requester: 632979756
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101SwJFmVhZsa1pSOzCwOngcsgbrm2bQzBajjixlC_7QH0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "example.com"
  },
  "status": "pending",
  "expires": "2022-07-22T18:25:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/130905334516/sNh6CA",
      "token": "H_13Isu0lIuMleR0gjpnDx-QMOxXEoj40p1Us6wEjZ4"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/130905334516/sFlueQ",
      "token": "H_13Isu0lIuMleR0gjpnDx-QMOxXEoj40p1Us6wEjZ4"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/130905334516/3r8STA",
      "token": "H_13Isu0lIuMleR0gjpnDx-QMOxXEoj40p1Us6wEjZ4"
    }
  ]
}
2022-07-15 21:25:41,367:DEBUG:acme.client:Storing nonce: 0101SwJFmVhZsa1pSOzCwOngcsgbrm2bQzBajjixlC_7QH0
2022-07-15 21:25:44,371:DEBUG:acme.client:JWS payload:
b''
2022-07-15 21:25:44,375:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/130905334506:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjMyOTc5NzU2IiwgIm5vbmNlIjogIjAxMDFTd0pGbVZoWnNhMXBTT3pDd09uZ2NzZ2JybTJiUXpCYWpqaXhsQ183UUgwIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzA5MDUzMzQ1MDYifQ",
  "signature": "jmX6t0DJBD01GDtubtPWlK8d-oWXrjIlV6LSdHxhg2HTwKFmi1Pqd4VxywElJJi-yrjKnOTKW6NLfNO9JgswT9L7RgUtMXjL9waopso3U6o4GjifABMTqsH90paFpTH_PfD333lZFtsdG3kEAVDPe1MdFaBIM5SiPsoDuKJP0SQl1KCyjhXA7Teje09JkybiLofXSD902fso3t8FS3tqw-bVE96GO7VwU55woM2M6ThNDsy2n8pthtiSEu2koDidr3xnhv4jzBmWwZPxPJ3z1O2UfYzYyHTNhdXMiA-EKUiHACmCcON3CLTlFtvmerJI0649vOV-xhkyLQm69sldeg",
  "payload": ""
}
2022-07-15 21:25:44,569:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/130905334506 HTTP/1.1" 200 667
2022-07-15 21:25:44,569:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 15 Jul 2022 18:25:44 GMT
Content-Type: application/json
Content-Length: 667
Connection: keep-alive
Boulder-Requester: 632979756
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101kpW9DmzlvqQkCC2dM4rOhTNcys3_QAZ9uJDYjylk7aI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "example.com"
  },
  "status": "invalid",
  "expires": "2022-07-22T18:25:13Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "DNS problem: SERVFAIL looking up TXT for _acme-challenge.example.com - the domain's nameservers may be malfunctioning",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/130905334506/4z1K6g",
      "token": "OBFxkrfpuJAcBsQGPjkU7G2GYL8ToTWY93-EZRbZ3JA",
      "validated": "2022-07-15T18:25:37Z"
    }
  ],
  "wildcard": true
}
2022-07-15 21:25:44,570:DEBUG:acme.client:Storing nonce: 0101kpW9DmzlvqQkCC2dM4rOhTNcys3_QAZ9uJDYjylk7aI
2022-07-15 21:25:44,571:DEBUG:acme.client:JWS payload:
b''
2022-07-15 21:25:44,574:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/130905334516:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjMyOTc5NzU2IiwgIm5vbmNlIjogIjAxMDFrcFc5RG16bHZxUWtDQzJkTTRyT2hUTmN5czNfUUFaOXVKRFlqeWxrN2FJIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzA5MDUzMzQ1MTYifQ",
  "signature": "RpYH60bTTbE1I0XsAflkUNPGRb6K7_znhpKobybsum_11EV44S37pPp_yN4v3DA8EBuxhKDWuz8HenhD6HFmBPKVAlaqIDWX3oLbJBVy6WvKC4cCOcKKZ92sisKz7BqJKDEgYeJUM9jBANnyN2owGAkfFVUdEOB2-wxbUIiGqSuji1HJBNIgZPsoO7cyqUKiDueeoSP8jYR_6PUIpYO0dlv6PxhZAdqGu9EwiqPKfRNqh1zivtmQ9de0oQ1gSO3V0YgjxtiM9CsIpHIWnjIbwVUOMOkQ3HdNP-5KQQv5ueaN4YQlSHdroflK2F7meS3pSAUDBNyhcnV7K8bE1CStow",
  "payload": ""
}
2022-07-15 21:25:44,755:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/130905334516 HTTP/1.1" 200 647
2022-07-15 21:25:44,756:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 15 Jul 2022 18:25:44 GMT
Content-Type: application/json
Content-Length: 647
Connection: keep-alive
Boulder-Requester: 632979756
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102J8CBY21LUV6mmD2DJzxcawt5j7jLETvwgtED4T21B9w
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "example.com"
  },
  "status": "invalid",
  "expires": "2022-07-22T18:25:13Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "DNS problem: SERVFAIL looking up TXT for _acme-challenge.example.com - the domain's nameservers may be malfunctioning",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/130905334516/sFlueQ",
      "token": "H_13Isu0lIuMleR0gjpnDx-QMOxXEoj40p1Us6wEjZ4",
      "validated": "2022-07-15T18:25:37Z"
    }
  ]
}
2022-07-15 21:25:44,756:DEBUG:acme.client:Storing nonce: 0102J8CBY21LUV6mmD2DJzxcawt5j7jLETvwgtED4T21B9w
2022-07-15 21:25:44,758:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: example.com
Type:   None
Detail: DNS problem: SERVFAIL looking up TXT for _acme-challenge.example.com - the domain's nameservers may be malfunctioning

Domain: example.com
Type:   None
Detail: DNS problem: SERVFAIL looking up TXT for _acme-challenge.example.com - the domain's nameservers may be malfunctioning
2022-07-15 21:25:44,759:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. example.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up TXT for _acme-challenge.example.com - the domain's nameservers may be malfunctioning, example.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up TXT for _acme-challenge.example.com - the domain's nameservers may be malfunctioning

2022-07-15 21:25:44,759:DEBUG:certbot.error_handler:Calling registered functions
2022-07-15 21:25:44,759:INFO:certbot.auth_handler:Cleaning up challenges
2022-07-15 21:25:48,062:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/letsencrypt", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1250, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 410, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. example.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up TXT for _acme-challenge.example.com - the domain's nameservers may be malfunctioning, example.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up TXT for _acme-challenge.example.com - the domain's nameservers may be malfunctioning
unsalkorkmaz commented 2 years ago

I found the solution: First; You have to modify your DNSSEC records in your registrar.. for example Google; Screen Shot 2022-07-15 at 21 49 20

Second; Redirect all requests to SSL site becomes a problem. Disabling worked for me.

And dont forget to wait a hour or so. You can check your domain in https://unboundtest.com/ if u see NOERROR status, its ok

unsalkorkmaz commented 2 years ago

1 more thing I saw, domain registrars doesn't work properly sometimes, even Google as domain registrar. You may need to update your DNSSEC multiple times even you enter records correct. At least I had to do 2-3 times for a .biz domain.