Hey i try to create a cert for a subdomain but it says always WARNING - Could not verify domain blog.example.de, so excluding it from letsencrypt request. (changed adress to example) The Site is available and a cname in my dns is already set but it not work i enabled also le skip check but not work if i try to add subdomain in ispconfig there comes also that my root domain also cannot verify but there is also an le cert from 01.11.2018 Code: WARNING - /usr/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v02.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected] --domains blog.example.de --domains www.blog.example.de --webroot-path /usr/local/ispconfig/interface/acme Code: WARNING - Let's Encrypt SSL Cert for: blog.example.de could not be issued. Thanks
now i cant create a cert for any domain i have on my server (root domain or subdomain) Code: Domain: blog.example.de Type: unauthorized Detail: Invalid response from http://blog.example.de/.well-known/acme-challenge/-kvvqeWQ9zzsfzBxhyKlpp2gY1QxUb96XjNbiAh98Og: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.15.4</ce" Domain: www.blog.example.de Type: unauthorized Detail: Invalid response from http://www.blog.example.de/.well-known/acme-challenge/krsPRqyxg9TZ2dcgTz2oJja_fillVJT80Oo4HbN799U: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.15.4</ce"
Are you sure that you want to get an ssl cert for www.blog.example.de and not blog.example.de? Set auto subdomain to none in the subdomain.
Code: /usr/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v02.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected] --domains example.de --webroot-path /usr/local/ispconfig/interface/acme Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for example.de Using the webroot path /usr/local/ispconfig/interface/acme for all unmatched domains. Waiting for verification... Cleaning up challenges Failed authorization procedure. example.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.de/.well-known/acme-challenge/lXJ9zGjloaA5ReeGQqPr2VxPC49OrW_c9XYPdq1B2mo: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.15.4</ce" IMPORTANT NOTES: - The following errors were reported by the server: Domain: example.de Type: unauthorized Detail: Invalid response from http://example.de/.well-known/acme-challenge/lXJ9zGjloaA5ReeGQqPr2VxPC49OrW_c9XYPdq1B2mo: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.15.4</ce" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
Code: 2018-11-20 10:13:01,877:DEBUG:certbot.main:certbot version: 0.23.0 2018-11-20 10:13:01,877:DEBUG:certbot.main:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', '[email protected]', '--domains', 'blog.samfreaks.de', '--webroot-path', '/usr/local/ispconfig/interface/acme'] 2018-11-20 10:13:01,878:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2018-11-20 10:13:01,883:DEBUG:certbot.log:Root logging level set at 20 2018-11-20 10:13:01,884:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2018-11-20 10:13:01,884:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None 2018-11-20 10:13:01,884:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot Description: Place files in webroot directory Interfaces: IAuthenticator, IPlugin Entry point: webroot = certbot.plugins.webroot:Authenticator Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f5a095a0f60> Prep: True 2018-11-20 10:13:01,885:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f5a095a0f60> and installer None 2018-11-20 10:13:01,885:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None 2018-11-20 10:13:01,889:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f5a0853b9b0>)>), contact=('mailto:[email protected]',), agreement=None, status='valid', terms_of_service_agreed=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/44791664', new_authzr_uri=None, terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'), f84482c897ff641016ba9ce0eb69c0fc, Meta(creation_dt=datetime.datetime(2018, 10, 30, 17, 6, 6, tzinfo=<UTC>), creation_host='mail.ktmsecure.de'))> 2018-11-20 10:13:01,890:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. 2018-11-20 10:13:01,891:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org 2018-11-20 10:13:02,074:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658 2018-11-20 10:13:02,075:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Content-Type: application/json Content-Length: 658 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Tue, 20 Nov 2018 09:13:02 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 20 Nov 2018 09:13:02 GMT Connection: keep-alive b'{\n "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",\n "lIfgUX9KchY": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",\n "meta": {\n "caaIdentities": [\n "letsencrypt.org"\n ],\n "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",\n "website": "https://letsencrypt.org"\n },\n "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",\n "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",\n "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",\n "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"\n}' 2018-11-20 10:13:02,079:INFO:certbot.main:Obtaining a new certificate 2018-11-20 10:13:02,529:DEBUG:certbot.crypto_util:Generating key (4096 bits): /etc/letsencrypt/keys/0029_key-certbot.pem 2018-11-20 10:13:02,536:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0029_csr-certbot.pem 2018-11-20 10:13:02,537:DEBUG:acme.client:Requesting fresh nonce 2018-11-20 10:13:02,537:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-order. 2018-11-20 10:13:02,697:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-order HTTP/1.1" 405 0 2018-11-20 10:13:02,698:DEBUG:acme.client:Received response: HTTP 405 Server: nginx Content-Type: application/problem+json Content-Length: 103 Allow: POST Replay-Nonce: 2UvjkwGjxJA5U6_4nHiVpUu7boJqiGu_5o35EddBHN4 Expires: Tue, 20 Nov 2018 09:13:02 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 20 Nov 2018 09:13:02 GMT Connection: keep-alive b'' 2018-11-20 10:13:02,698:DEBUG:acme.client:Storing nonce: 2UvjkwGjxJA5U6_4nHiVpUu7boJqiGu_5o35EddBHN4 2018-11-20 10:13:02,698:DEBUG:acme.client:JWS payload: b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "blog.samfreaks.de"\n }\n ],\n "status": "pending",\n "resource": "new-order"\n}' 2018-11-20 10:13:02,709:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDQ3OTE2NjQiLCAibm9uY2UiOiAiMlV2amt3R2p4SkE1VTZfNG5IaVZwVXU3Ym9KcWlHdV81bzM1RWRkQkhONCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0", "signature": "mIrclzKe-07ZvkhZf6GUHoRWsEKLACPLwkBAwK3SQTIB7-qpzEFFE43PCOOc1y6ZlyDrujD7HC_-ciYteoW2Qye02YffuIXF1m7mUOIMTk0sgJOxSHylLpvDv7PDO4YE0CtzeNXHI31xsOML2uXjJUo64cN2qpmuie6MzTotMO5WSDZK5Ogpms2CLXJrl0URgF_cjq1n01d_kuWm8z5CYQHbFHfQXjW5F6Su3ahY1U6eKwJTiPTOml__M2u-iChERZg2nk4B0bunpUWfmDj-R4k-X9JgccuHv2kAAPXG10K0fS56QdmCOukS8yyYq1LKlcYDhYyDV3Xfkupm5mkxPOeSNN_9r5Kgi5njVILmahbQbEu2XF6hnkvP96_s7oDs0LnR74coh_dp3h2vfYk2SnR2xowOSMSHQz2q_o8N3g6UpjPgdjbo0dJoWdZqcXxp38F9nSoySyny10oZY33pQXhSmzmSd7p5EXceVb-1wgea_EFVSuYFbM1xhzilNx306m2zCTVfz40oh9szy2YgioyTNh9HitDrauQTBAD6w9uoRb6cuOvY2sRNvhRqAhY8VZ5HLKmZ3fg7hvBhlFYjw1flM4YUyFqpVTV1JGJSQZo3XS90mRcGreVF_Usm8ZBhicgTlFyZezMo1tFfAFizTuUpGH6oLrqALms-kt_EjYM", "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImJsb2cuc2FtZnJlYWtzLmRlIgogICAgfQogIF0sCiAgInN0YXR1cyI6ICJwZW5kaW5nIiwKICAicmVzb3VyY2UiOiAibmV3LW9yZGVyIgp9" } 2018-11-20 10:13:02,949:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 376 2018-11-20 10:13:02,949:DEBUG:acme.client:Received response: HTTP 201 Server: nginx Content-Type: application/json Content-Length: 376 Boulder-Requester: 44791664 Location: https://acme-v02.api.letsencrypt.org/acme/order/44791664/183451111 Replay-Nonce: ZHWw7n0J4BHkK-Ms_17G8ywyDpD8V_JI3nPw0BrMYpo X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Tue, 20 Nov 2018 09:13:02 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 20 Nov 2018 09:13:02 GMT Connection: keep-alive
Code: b'{\n "status": "pending",\n "expires": "2018-11-27T09:13:02.833862517Z",\n "identifiers": [\n {\n "type": "dns",\n "value": "blog.samfreaks.de"\n }\n ],\n "authorizations": [\n "https://acme-v02.api.letsencrypt.org/acme/authz/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY"\n ],\n "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/44791664/183451111"\n}' 2018-11-20 10:13:02,949:DEBUG:acme.client:Storing nonce: ZHWw7n0J4BHkK-Ms_17G8ywyDpD8V_JI3nPw0BrMYpo 2018-11-20 10:13:02,949:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/authz/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY. 2018-11-20 10:13:03,121:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /acme/authz/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY HTTP/1.1" 200 909 2018-11-20 10:13:03,122:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Content-Type: application/json Content-Length: 909 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Tue, 20 Nov 2018 09:13:03 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 20 Nov 2018 09:13:03 GMT Connection: keep-alive b'{\n "identifier": {\n "type": "dns",\n "value": "blog.samfreaks.de"\n },\n "status": "pending",\n "expires": "2018-11-27T09:13:02Z",\n "challenges": [\n {\n "type": "tls-alpn-01",\n "status": "pending",\n "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576162",\n "token": "TT4M5rAYSPY46P1hqsE4IfGDPdFS98o6Nez_ZujfUEo"\n },\n {\n "type": "dns-01",\n "status": "pending",\n "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576164",\n "token": "B541dZyLHg3_Cweq8f-kSR2r-_gDBAbkKYoeFoM7_a0"\n },\n {\n "type": "http-01",\n "status": "pending",\n "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576166",\n "token": "dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U"\n }\n ]\n}' 2018-11-20 10:13:03,122:DEBUG:acme.challenges:tls-alpn-01 was not recognized, full message: {'type': 'tls-alpn-01', 'status': 'pending', 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576162', 'token': 'TT4M5rAYSPY46P1hqsE4IfGDPdFS98o6Nez_ZujfUEo'} 2018-11-20 10:13:03,123:INFO:certbot.auth_handler:Performing the following challenges: 2018-11-20 10:13:03,123:INFO:certbot.auth_handler:http-01 challenge for blog.samfreaks.de 2018-11-20 10:13:03,123:INFO:certbot.plugins.webroot:Using the webroot path /usr/local/ispconfig/interface/acme for all unmatched domains. 2018-11-20 10:13:03,124:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /usr/local/ispconfig/interface/acme/.well-known/acme-challenge 2018-11-20 10:13:03,133:DEBUG:certbot.plugins.webroot:Attempting to save validation to /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U 2018-11-20 10:13:03,134:INFO:certbot.auth_handler:Waiting for verification... 2018-11-20 10:13:03,134:DEBUG:acme.client:JWS payload: b'{\n "resource": "challenge",\n "keyAuthorization": "dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U.XHsPKxUXdIo9po79sguoWOu-9BkbWVh1ShHripRsdgw",\n "type": "http-01"\n}' 2018-11-20 10:13:03,141:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576166: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDQ3OTE2NjQiLCAibm9uY2UiOiAiWkhXdzduMEo0QkhrSy1Nc18xN0c4eXd5RHBEOFZfSkkzblB3MEJyTVlwbyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlLy1ES1NYOFlRZnE2ekxFWC1RY0piTTBKR2FBd05PbExVVUUwQTFrTFBCRVkvOTQ2OTU3NjE2NiJ9", "signature": "au7kO9Khr5vyNtvaxtHb93xyYpfd7eHvGWNo7LpyqqL8Gwsbck_Nd2WjKvj9MBfRc33d-4FZqp-A-kPse8OZcvF3gGrmjCvU7YuzrDIYoojJ5nIS5D3-L_RQ4l6GzLQvGKmk-IvemxPctZLZzc3YlZgJ-DpBD8iq6aNDwk_ll-DAy4JP4Ps5MxU5sf7wEtr4kc6f4DYqdY34PqsxU7gznb6c9-CdxsYX42X4IyGkDOdaDLVR3em65v0YT2Lo-1KQGjjndCLf_w447fhhYKKq7O-aGkeRL0vetdUpfyZROlsinVo5RqRW0mB8CYojpQn0uHHNcbR2v9rNr-HV6Ywim4oCY9r4sP7C5frdirdtoSpdQfpeRDBY9i02x0Tt7zV9VWA1DFcWYCz0QJf38ngIIcrCw5JsANFGHrxXEh876lqHbftFXxvkopJ2u-tTG1v7MBHbRtUlobTNsGMfqT9R3zOzv7YoEDZGPnczXGihwbd7ljrskm7dB87J67jRYNw-nWsVl6YCh5WV7sQYI8v--MQZ4vEaSTR7kup4ZzQyg2OILyEzMfI34Z9qkYvRrITaRNwY8cnYnSsGmt8mN2YLpNdmYt5HEf-YS_EY0-imoNMdtHwKejEM2uZjjzbe7KnhpGJT6UImkSGiz0NVtnQc7xTacZUGw87v7-x0_pq012c", "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJrZXlBdXRob3JpemF0aW9uIjogImRGWWtBMk90OXU1QmdGZ1dzeGZheXhKdU5IUktnNHRZQzUxNF93MGNZMVUuWEhzUEt4VVhkSW85cG83OXNndW9XT3UtOUJrYldWaDFTaEhyaXBSc2RndyIsCiAgInR5cGUiOiAiaHR0cC0wMSIKfQ" } 2018-11-20 10:13:03,319:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576166 HTTP/1.1" 200 223 2018-11-20 10:13:03,320:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Content-Type: application/json Content-Length: 223 Boulder-Requester: 44791664 Link: <https://acme-v02.api.letsencrypt.org/acme/authz/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY>;rel="up" Location: https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576166 Replay-Nonce: e3JQUzVziMC4QTLZCcOokuj8dk9BLNsElskQxJCG_0k X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Tue, 20 Nov 2018 09:13:03 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 20 Nov 2018 09:13:03 GMT Connection: keep-alive
Code: b'{\n "type": "http-01",\n "status": "pending",\n "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576166",\n "token": "dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U"\n}' 2018-11-20 10:13:03,320:DEBUG:acme.client:Storing nonce: e3JQUzVziMC4QTLZCcOokuj8dk9BLNsElskQxJCG_0k 2018-11-20 10:13:06,324:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/authz/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY. 2018-11-20 10:13:06,489:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /acme/authz/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY HTTP/1.1" 200 1825 2018-11-20 10:13:06,490:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Content-Type: application/json Content-Length: 1825 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Tue, 20 Nov 2018 09:13:06 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 20 Nov 2018 09:13:06 GMT Connection: keep-alive b'{\n "identifier": {\n "type": "dns",\n "value": "blog.samfreaks.de"\n },\n "status": "invalid",\n "expires": "2018-11-27T09:13:02Z",\n "challenges": [\n {\n "type": "tls-alpn-01",\n "status": "invalid",\n "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576162",\n "token": "TT4M5rAYSPY46P1hqsE4IfGDPdFS98o6Nez_ZujfUEo"\n },\n {\n "type": "dns-01",\n "status": "invalid",\n "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576164",\n "token": "B541dZyLHg3_Cweq8f-kSR2r-_gDBAbkKYoeFoM7_a0"\n },\n {\n "type": "http-01",\n "status": "invalid",\n "error": {\n "type": "urn:ietf:params:acme:error:unauthorized",\n "detail": "Invalid response from http://blog.samfreaks.de/.well-known/acme-challenge/dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U: \\"\\u003chtml\\u003e\\\\r\\\\n\\u003chead\\u003e\\u003ctitle\\u003e404 Not Found\\u003c/title\\u003e\\u003c/head\\u003e\\\\r\\\\n\\u003cbody\\u003e\\\\r\\\\n\\u003ccenter\\u003e\\u003ch1\\u003e404 Not Found\\u003c/h1\\u003e\\u003c/center\\u003e\\\\r\\\\n\\u003chr\\u003e\\u003ccenter\\u003enginx/1.15.4\\u003c/ce\\"",\n "status": 403\n },\n "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576166",\n "token": "dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U",\n "validationRecord": [\n {\n "url": "http://blog.example.de/.well-known/acme-challenge/dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U",\n "hostname": "blog.example.de",\n "port": "80",\n "addressesResolved": [\n "5.9.113.39",\n "2a01:4f8:162:542e::2"\n ],\n "addressUsed": "2a01:4f8:162:542e::2"\n }\n ]\n }\n ]\n}' 2018-11-20 10:13:06,491:DEBUG:acme.challenges:tls-alpn-01 was not recognized, full message: {'type': 'tls-alpn-01', 'status': 'invalid', 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/-DKSX8YQfq6zLEX-QcJbM0JGaAwNOlLUUE0A1kLPBEY/9469576162', 'token': 'TT4M5rAYSPY46P1hqsE4IfGDPdFS98o6Nez_ZujfUEo'} 2018-11-20 10:13:06,493:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server: Domain: blog.example.de Type: unauthorized Detail: Invalid response from http://blog.example.de/.well-known/acme-challenge/dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.15.4</ce" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. 2018-11-20 10:13:06,494:DEBUG:certbot.error_handler:Encountered exception: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 80, in handle_authorizations self._respond(aauthzrs, resp, best_effort) File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 153, in _respond self._poll_challenges(aauthzrs, chall_update, best_effort) File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 224, in _poll_challenges raise errors.FailedChallenges(all_failed_achalls) certbot.errors.FailedChallenges: Failed authorization procedure. blog.example.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blog.example.de/.well-known/acme-challenge/dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.15.4</ce" 2018-11-20 10:13:06,494:DEBUG:certbot.error_handler:Calling registered functions 2018-11-20 10:13:06,494:INFO:certbot.auth_handler:Cleaning up challenges 2018-11-20 10:13:06,495:DEBUG:certbot.plugins.webroot:Removing /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U 2018-11-20 10:13:06,495:DEBUG:certbot.plugins.webroot:All challenges cleaned up 2018-11-20 10:13:06,496:DEBUG:certbot.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/letsencrypt", line 11, in <module> load_entry_point('certbot==0.23.0', 'console_scripts', 'certbot')() File "/usr/lib/python3/dist-packages/certbot/main.py", line 1266, in main return config.func(config, plugins) File "/usr/lib/python3/dist-packages/certbot/main.py", line 1157, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) File "/usr/lib/python3/dist-packages/certbot/main.py", line 118, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/usr/lib/python3/dist-packages/certbot/client.py", line 350, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) File "/usr/lib/python3/dist-packages/certbot/client.py", line 294, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/usr/lib/python3/dist-packages/certbot/client.py", line 330, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, best_effort) File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 80, in handle_authorizations self._respond(aauthzrs, resp, best_effort) File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 153, in _respond self._poll_challenges(aauthzrs, chall_update, best_effort) File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 224, in _poll_challenges raise errors.FailedChallenges(all_failed_achalls) certbot.errors.FailedChallenges: Failed authorization procedure. blog.example.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blog.example.de/.well-known/acme-challenge/dFYkA2Ot9u5BgFgWsxfayxJuNHRKg4tYC514_w0cY1U: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.15.4</ce"
@till i removed the aaaa record for my domain and now it works wit letsencrypt but i need this aaaa record for sending mails over ipv6 and ipv4 what can i do that this works?
Can your server use IPv6 traffic and is the AAAA record correct for your server? Is the AAAA record available from the name server LE uses?
