2018-08-31 18:20:03,989:DEBUG:certbot.main:certbot version: 0.26.1
2018-08-31 18:20:03,989:DEBUG:certbot.main:Arguments: []
2018-08-31 18:20:03,989:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-08-31 18:20:04,010:DEBUG:certbot.log:Root logging level set at 20
2018-08-31 18:20:04,011:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-08-31 18:20:04,026:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7f0644dd4650> and installer <certbot.cli._Default object at 0x7f0644dd4650>
2018-08-31 18:20:04,037:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2018-08-27 12:34:26 UTC.
2018-08-31 18:20:04,038:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2018-08-31 18:20:04,038:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2018-08-31 18:20:04,318:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f0644dd8d90>
Prep: True
2018-08-31 18:20:04,319:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f0644dd8d90>
Prep: True
2018-08-31 18:20:04,319:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7f0644dd8d90> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7f0644dd8d90>
2018-08-31 18:20:04,319:INFO:certbot.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2018-08-31 18:20:04,346:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=u'valid', terms_of_service_agreed=None, agreement=u'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf', only_return_existing=None, contact=(u'mailto:trekkie@nomorestars.com',), key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f0647c04bd0>)>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/35382979', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'), f0662deaff2bf5a8cbe721dccb6dea39, Meta(creation_host=u'centos-s-2vcpu-4gb-nyc1-01', creation_dt=datetime.datetime(2018, 5, 22, 17, 19, 54, tzinfo=<UTC>)))>
2018-08-31 18:20:04,348:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2018-08-31 18:20:04,352:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2018-08-31 18:20:04,493:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 658
2018-08-31 18:20:04,493:DEBUG:acme.client:Received response:
HTTP 200
content-length: 658
expires: Fri, 31 Aug 2018 18:20:04 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Fri, 31 Aug 2018 18:20:04 GMT
x-frame-options: DENY
content-type: application/json
{
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
"wlc1qGAQfPc": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
2018-08-31 18:20:04,494:INFO:certbot.main:Renewing an existing certificate
2018-08-31 18:20:04,743:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0030_key-certbot.pem
2018-08-31 18:20:04,745:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0030_csr-certbot.pem
2018-08-31 18:20:04,746:DEBUG:acme.client:Requesting fresh nonce
2018-08-31 18:20:04,746:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-order.
2018-08-31 18:20:04,852:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-order HTTP/1.1" 405 0
2018-08-31 18:20:04,852:DEBUG:acme.client:Received response:
HTTP 405
content-length: 103
pragma: no-cache
expires: Fri, 31 Aug 2018 18:20:04 GMT
server: nginx
connection: keep-alive
allow: POST
cache-control: max-age=0, no-cache, no-store
date: Fri, 31 Aug 2018 18:20:04 GMT
content-type: application/problem+json
replay-nonce: Gn_u849akYIN0pR1YsYmY-CpyDhssj3u7dcMNXy8z5k
2018-08-31 18:20:04,853:DEBUG:acme.client:Storing nonce: Gn_u849akYIN0pR1YsYmY-CpyDhssj3u7dcMNXy8z5k
2018-08-31 18:20:04,853:DEBUG:acme.client:JWS payload:
{
"status": "pending",
"identifiers": [
{
"type": "dns",
"value": "nomorestars.com"
},
{
"type": "dns",
"value": "pod.nomorestars.com"
},
{
"type": "dns",
"value": "www.nomorestars.com"
}
],
"resource": "new-order"
}
2018-08-31 18:20:04,855:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJub25jZSI6ICJHbl91ODQ5YWtZSU4wcFIxWXNZbVktQ3B5RGhzc2ozdTdkY01OWHk4ejVrIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNTM4Mjk3OSIsICJhbGciOiAiUlMyNTYifQ",
"payload": "ewogICJzdGF0dXMiOiAicGVuZGluZyIsIAogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICJub21vcmVzdGFycy5jb20iCiAgICB9LCAKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICJwb2Qubm9tb3Jlc3RhcnMuY29tIgogICAgfSwgCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsIAogICAgICAidmFsdWUiOiAid3d3Lm5vbW9yZXN0YXJzLmNvbSIKICAgIH0KICBdLCAKICAicmVzb3VyY2UiOiAibmV3LW9yZGVyIgp9",
"signature": "b3LAU9zOvEP207sQBORBZ8gNw9gGDcvBwHuZqZY4vbxntW5t7k2OFjW7B-FyIzpD0d9f34-8Nlf3OM0BB5kajVPj4jwLOnkZy2Wo8JOMJNuVMP85Grxe8tsYXNdsyrsebiykvbWG42HJh2zXGAhkjnxuDT35PQnCVva3AklrbRIZeUM_7epSBxmSFyjMpiy0KyUmsAnCp5hHRvfOSLAAeG8X9FN-vhSuMobwAqSFP6JSTP6lg1eTZ1nZbBHdBVaZlyq790A3-ScZ-xwPi2DS5sYehiEG-ZnL5H3x5QzBCU8nO8zJUYJ6z-5e_XvoIdRAk_F0rQ5ur4yBFXLT-qHapQ"
}
2018-08-31 18:20:05,024:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-order HTTP/1.1" 201 713
2018-08-31 18:20:05,025:DEBUG:acme.client:Received response:
HTTP 201
content-length: 713
expires: Fri, 31 Aug 2018 18:20:05 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
location: https://acme-v02.api.letsencrypt.org/acme/order/35382979/52700468
pragma: no-cache
boulder-requester: 35382979
date: Fri, 31 Aug 2018 18:20:05 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: n-emiJ_ClSehtDLhDoQRU83eeS1SWeyZdJ6VIrJ1gc0
{
"status": "pending",
"expires": "2018-09-07T18:20:04.922572069Z",
"identifiers": [
{
"type": "dns",
"value": "nomorestars.com"
},
{
"type": "dns",
"value": "pod.nomorestars.com"
},
{
"type": "dns",
"value": "www.nomorestars.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/n9ZDeLeMaYpUdSwvTaa13R_dqduXekEHjDWAG191Uv8",
"https://acme-v02.api.letsencrypt.org/acme/authz/vMr7zg1e4s-pcTRD6oH2O7sZAWnY97VKjMT_tbblZww",
"https://acme-v02.api.letsencrypt.org/acme/authz/t2e7ibA0c5Uoc27IzAdxPXfx2B2sS6gTKk-2kkfG45w"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/35382979/52700468"
}
2018-08-31 18:20:05,025:DEBUG:acme.client:Storing nonce: n-emiJ_ClSehtDLhDoQRU83eeS1SWeyZdJ6VIrJ1gc0
2018-08-31 18:20:05,025:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/authz/n9ZDeLeMaYpUdSwvTaa13R_dqduXekEHjDWAG191Uv8.
2018-08-31 18:20:05,150:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/n9ZDeLeMaYpUdSwvTaa13R_dqduXekEHjDWAG191Uv8 HTTP/1.1" 200 1159
2018-08-31 18:20:05,150:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1159
expires: Fri, 31 Aug 2018 18:20:05 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Fri, 31 Aug 2018 18:20:05 GMT
x-frame-options: DENY
content-type: application/json
{
"identifier": {
"type": "dns",
"value": "nomorestars.com"
},
"status": "pending",
"expires": "2018-09-07T18:20:04Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/n9ZDeLeMaYpUdSwvTaa13R_dqduXekEHjDWAG191Uv8/6939141515",
"token": "oZYxeckwuT6WXPj8yCh0JoGb8kBPOudZCKae33CrtRk"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/n9ZDeLeMaYpUdSwvTaa13R_dqduXekEHjDWAG191Uv8/6939141516",
"token": "s_AtHMh3q6Ul3cmCg3ewOhn88GDUZv_Ogovx99MFbJ8"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/n9ZDeLeMaYpUdSwvTaa13R_dqduXekEHjDWAG191Uv8/6939141520",
"token": "eVQob6fzzO7YrIiOQOxRC36kqkH9YMGnswVquO3oCkc"
},
{
"type": "tls-sni-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/n9ZDeLeMaYpUdSwvTaa13R_dqduXekEHjDWAG191Uv8/6939141523",
"token": "7fZBUpY2hH_fwM-RaBBjnAOrxS0lpMBJB6CMIhdskbg"
}
]
}
2018-08-31 18:20:05,151:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/authz/vMr7zg1e4s-pcTRD6oH2O7sZAWnY97VKjMT_tbblZww.
2018-08-31 18:20:05,281:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/vMr7zg1e4s-pcTRD6oH2O7sZAWnY97VKjMT_tbblZww HTTP/1.1" 200 1163
2018-08-31 18:20:05,281:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1163
expires: Fri, 31 Aug 2018 18:20:05 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Fri, 31 Aug 2018 18:20:05 GMT
x-frame-options: DENY
content-type: application/json
{
"identifier": {
"type": "dns",
"value": "pod.nomorestars.com"
},
"status": "pending",
"expires": "2018-09-07T18:20:04Z",
"challenges": [
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/vMr7zg1e4s-pcTRD6oH2O7sZAWnY97VKjMT_tbblZww/6939141535",
"token": "dGK1ABltFSh3y7f5vCAOH6CQWNQTQXrQWq9KAmVGJXQ"
},
{
"type": "tls-sni-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/vMr7zg1e4s-pcTRD6oH2O7sZAWnY97VKjMT_tbblZww/6939141539",
"token": "ZDCwscp83jDD2UtCIRDGSJoUXyKKrWBfz3ak_sCZLpk"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/vMr7zg1e4s-pcTRD6oH2O7sZAWnY97VKjMT_tbblZww/6939141542",
"token": "ia-0Hb7tpMki03043bV8x0oV4loC8H64SrYNb8TLIP0"
},
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/vMr7zg1e4s-pcTRD6oH2O7sZAWnY97VKjMT_tbblZww/6939141544",
"token": "Ox75tCdLS10_388zAVgst899hiG5ap0pJ_rUOQmUnG0"
}
]
}
2018-08-31 18:20:05,282:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/authz/t2e7ibA0c5Uoc27IzAdxPXfx2B2sS6gTKk-2kkfG45w.
2018-08-31 18:20:05,398:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/t2e7ibA0c5Uoc27IzAdxPXfx2B2sS6gTKk-2kkfG45w HTTP/1.1" 200 1163
2018-08-31 18:20:05,400:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1163
expires: Fri, 31 Aug 2018 18:20:05 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Fri, 31 Aug 2018 18:20:05 GMT
x-frame-options: DENY
content-type: application/json
{
"identifier": {
"type": "dns",
"value": "www.nomorestars.com"
},
"status": "pending",
"expires": "2018-09-07T18:20:04Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/t2e7ibA0c5Uoc27IzAdxPXfx2B2sS6gTKk-2kkfG45w/6939141546",
"token": "iulaMa7w_u0wcVMNn59m8tKJ-KK3yLnJF1zMgdLfEHU"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/t2e7ibA0c5Uoc27IzAdxPXfx2B2sS6gTKk-2kkfG45w/6939141547",
"token": "FLCrqpe1wCUmnQYWsIYxN-aGhtAW-JUtTkbh3OZe-dM"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/t2e7ibA0c5Uoc27IzAdxPXfx2B2sS6gTKk-2kkfG45w/6939141549",
"token": "uCWd0P8mfxotOpf5b44rD3U_XR7T5U1SX7qW6TeETNY"
},
{
"type": "tls-sni-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/t2e7ibA0c5Uoc27IzAdxPXfx2B2sS6gTKk-2kkfG45w/6939141552",
"token": "U8RHBZRKV1lrSYMNA4GL7Wee2-z2R3vx5LmuRUL77Lk"
}
]
}
2018-08-31 18:20:05,401:INFO:certbot.auth_handler:Performing the following challenges:
2018-08-31 18:20:05,401:INFO:certbot.auth_handler:tls-sni-01 challenge for nomorestars.com
2018-08-31 18:20:05,402:INFO:certbot.auth_handler:tls-sni-01 challenge for pod.nomorestars.com
2018-08-31 18:20:05,402:INFO:certbot.auth_handler:tls-sni-01 challenge for www.nomorestars.com
2018-08-31 18:20:05,652:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
2018-08-31 18:20:05,652:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/www
2018-08-31 18:20:05,652:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
2018-08-31 18:20:05,653:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/pod
2018-08-31 18:20:05,654:DEBUG:certbot_nginx.parser:Writing nginx conf tree to /etc/nginx/nginx.conf:
user nginx;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
}
http {
include /etc/letsencrypt/le_tls_sni_01_cert_challenge.conf;
server_names_hash_bucket_size 128;
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
server_tokens off;
client_max_body_size 8192k;
client_header_timeout 10;
client_body_timeout 10;
keepalive_timeout 10 10;
send_timeout 10;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-streams;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
# gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_min_length 1100;
# gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml application/x-font-ttf font/opentype application/vnd.ms-fontobject;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols TLSv1.2;
#ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
# ssl_trusted_certificate /etc/letsencrypt/live/nomorestars.com/chain.pem;
ssl_trusted_certificate /etc/letsencrypt/live/nomorestars.com/fullchain.pem;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
2018-08-31 18:20:06,673:INFO:certbot.auth_handler:Waiting for verification...
2018-08-31 18:20:06,674:DEBUG:acme.client:JWS payload:
{
"keyAuthorization": "7fZBUpY2hH_fwM-RaBBjnAOrxS0lpMBJB6CMIhdskbg.ty3HZX2QaciC7h3pTGzMydNn2zivn4Y8h3y73Suc-6o",
"type": "tls-sni-01",
"resource": "challenge"
}
2018-08-31 18:20:06,677:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/challenge/n9ZDeLeMaYpUdSwvTaa13R_dqduXekEHjDWAG191Uv8/6939141523:
{
"protected": "eyJub25jZSI6ICJuLWVtaUpfQ2xTZWh0RExoRG9RUlU4M2VlUzFTV2V5WmRKNlZJckoxZ2MwIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvbjlaRGVMZU1hWXBVZFN3dlRhYTEzUl9kcWR1WGVrRUhqRFdBRzE5MVV2OC82OTM5MTQxNTIzIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9yZWcvMzUzODI5NzkiLCAiYWxnIjogIlJTMjU2In0",
"payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIjdmWkJVcFkyaEhfZndNLVJhQkJqbkFPcnhTMGxwTUJKQjZDTUloZHNrYmcudHkzSFpYMlFhY2lDN2gzcFRHek15ZE5uMnppdm40WThoM3k3M1N1Yy02byIsIAogICJ0eXBlIjogInRscy1zbmktMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
"signature": "DeQZf3TkFsAQDIUxTIOSM3oQDHuLasKYEjhIGI449RMiTNK52banuYF8KepYkDEuYDJN9iLPmDKcSoTFCkbidsl_4gRxaLk1BvpaHtXRvwDnN2yIhx6xPNPaZN209jf-og9rYjYKtPoquZNra_bmdIBkiMEG9RRCByYNlf1IKr9qA0AD14AcoJDx7lYZgOWuLD2kyMRXMzk0GUMnQcq5kmJ1JuLzrr5RmF74PFqkD7N0tDA0KiFO3pCo4HUJJO35VRYnxjYwuQ5aZViWYx1aQJ567m1d_AONb516NTR-Mq7r8WILq4jbWTKAk3nS94PndMKyg3Nfm8JZRmAE8QXSGQ"
}
2018-08-31 18:20:06,862:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/n9ZDeLeMaYpUdSwvTaa13R_dqduXekEHjDWAG191Uv8/6939141523 HTTP/1.1" 200 226
2018-08-31 18:20:06,863:DEBUG:acme.client:Received response:
HTTP 200
content-length: 226
expires: Fri, 31 Aug 2018 18:20:06 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/acme/authz/n9ZDeLeMaYpUdSwvTaa13R_dqduXekEHjDWAG191Uv8>;rel="nofollow"
location: https://acme-v02.api.letsencrypt.org/acme/challenge/n9ZDeLeMaYpUdSwvTaa13R_dqduXekEHjDWAG191Uv8/6939141523
pragma: no-cache
boulder-requester: 35382979
date: Fri, 31 Aug 2018 18:20:06 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: OESjYFmO1XCiTYB9ArSjP6cBRQ1bu3BVYTLtO4txxiM
{
"type": "tls-sni-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/n9ZDeLeMaYpUdSwvTaa13R_dqduXekEHjDWAG191Uv8/6939141523",
"token": "7fZBUpY2hH_fwM-RaBBjnAOrxS0lpMBJB6CMIhdskbg"
}
2018-08-31 18:20:06,863:DEBUG:acme.client:Storing nonce: OESjYFmO1XCiTYB9ArSjP6cBRQ1bu3BVYTLtO4txxiM
2018-08-31 18:20:06,863:DEBUG:acme.client:JWS payload:
{
"keyAuthorization": "ZDCwscp83jDD2UtCIRDGSJoUXyKKrWBfz3ak_sCZLpk.ty3HZX2QaciC7h3pTGzMydNn2zivn4Y8h3y73Suc-6o",
"type": "tls-sni-01",
"resource": "challenge"
}
2018-08-31 18:20:06,865:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/challenge/vMr7zg1e4s-pcTRD6oH2O7sZAWnY97VKjMT_tbblZww/6939141539:
{
"protected": "eyJub25jZSI6ICJPRVNqWUZtTzFYQ2lUWUI5QXJTalA2Y0JSUTFidTNCVllUTHRPNHR4eGlNIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2Uvdk1yN3pnMWU0cy1wY1RSRDZvSDJPN3NaQVduWTk3VktqTVRfdGJibFp3dy82OTM5MTQxNTM5IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9yZWcvMzUzODI5NzkiLCAiYWxnIjogIlJTMjU2In0",
"payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIlpEQ3dzY3A4M2pERDJVdENJUkRHU0pvVVh5S0tyV0JmejNha19zQ1pMcGsudHkzSFpYMlFhY2lDN2gzcFRHek15ZE5uMnppdm40WThoM3k3M1N1Yy02byIsIAogICJ0eXBlIjogInRscy1zbmktMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
"signature": "eQOYMxm6CgXp3HY6jDCjcpVycZIHBhxXqI6oxEAJDvOe58XSGJOYhxX3z2RR-xdeoJMLiJI3n2mcj-_1lFfL_xplMyPR8oiIhKRLJBtN4KK6KJBNE7puWYS_ii3NQET3QjIyxH3QBJAlVVWwXqnT1bss2FLKvFCk1O3GKeBfYz71rHQ7LlcCCbv2MoFKUDWw4lRzFROus-soRDw18VAyYwifESPrraALDeZepM8rG_AMIq8CZEGUkcOR5BYR1kSMKVy2-EisNYOAVy-t7eMuQZ3QXIHO1S7dEIF_HHlahtLFOMw1o0PXkn_atiozbAQDOLcbcggz7L64uqTqgLiVpQ"
}
2018-08-31 18:20:07,004:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/vMr7zg1e4s-pcTRD6oH2O7sZAWnY97VKjMT_tbblZww/6939141539 HTTP/1.1" 200 226
2018-08-31 18:20:07,004:DEBUG:acme.client:Received response:
HTTP 200
content-length: 226
expires: Fri, 31 Aug 2018 18:20:07 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/acme/authz/vMr7zg1e4s-pcTRD6oH2O7sZAWnY97VKjMT_tbblZww>;rel="nofollow"
location: https://acme-v02.api.letsencrypt.org/acme/challenge/vMr7zg1e4s-pcTRD6oH2O7sZAWnY97VKjMT_tbblZww/6939141539
pragma: no-cache
boulder-requester: 35382979
date: Fri, 31 Aug 2018 18:20:07 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: Yf-9N9znjhV0I0GzM7voQhHivC6T3mrwyUu6M5ncPw4
{
"type": "tls-sni-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/vMr7zg1e4s-pcTRD6oH2O7sZAWnY97VKjMT_tbblZww/6939141539",
"token": "ZDCwscp83jDD2UtCIRDGSJoUXyKKrWBfz3ak_sCZLpk"
}
2018-08-31 18:20:07,005:DEBUG:acme.client:Storing nonce: Yf-9N9znjhV0I0GzM7voQhHivC6T3mrwyUu6M5ncPw4
2018-08-31 18:20:07,005:DEBUG:acme.client:JWS payload:
{
"keyAuthorization": "U8RHBZRKV1lrSYMNA4GL7Wee2-z2R3vx5LmuRUL77Lk.ty3HZX2QaciC7h3pTGzMydNn2zivn4Y8h3y73Suc-6o",
"type": "tls-sni-01",
"resource": "challenge"
}
2018-08-31 18:20:07,007:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/challenge/t2e7ibA0c5Uoc27IzAdxPXfx2B2sS6gTKk-2kkfG45w/6939141552:
{
"protected": "eyJub25jZSI6ICJZZi05Tjl6bmpoVjBJMEd6TTd2b1FoSGl2QzZUM21yd3lVdTZNNW5jUHc0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvdDJlN2liQTBjNVVvYzI3SXpBZHhQWGZ4MkIyc1M2Z1RLay0ya2tmRzQ1dy82OTM5MTQxNTUyIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9yZWcvMzUzODI5NzkiLCAiYWxnIjogIlJTMjU2In0",
"payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIlU4UkhCWlJLVjFsclNZTU5BNEdMN1dlZTItejJSM3Z4NUxtdVJVTDc3TGsudHkzSFpYMlFhY2lDN2gzcFRHek15ZE5uMnppdm40WThoM3k3M1N1Yy02byIsIAogICJ0eXBlIjogInRscy1zbmktMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
"signature": "YOhkHROgSBnriyQb_McWfFEhNxdgpDieyetffGU256V9U1sF7veoqAlwptHMcXf0MZg7yKFRAdZCHC3zDCfJ8AoZ_dLFko6ANgpE4NZpfC0yUFI0zPbHOc6LZaFfOQHCKMJlFUr9zlbT-6KOKDeeJ5f7yv1tmqOqi9lPWjt6lxmvCxxQfI9A5SVLCOVAbyh27GwxUs9yovks-7WEMtpHhIxtSLzAmPezPY36tkciGAeBAWkf3GUYlFrrv-UeOaZ3bIYmr5VhkAQ9Fqz70tYb-IpCDpV0DfKKg0IF8ATBKH05CYOGrEvmfMLm_CmunLqoBRmhYiYmfEkbxq9Xryu-vw"
}
2018-08-31 18:20:07,154:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/t2e7ibA0c5Uoc27IzAdxPXfx2B2sS6gTKk-2kkfG45w/6939141552 HTTP/1.1" 200 226
2018-08-31 18:20:07,155:DEBUG:acme.client:Received response:
HTTP 200
content-length: 226
expires: Fri, 31 Aug 2018 18:20:07 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/acme/authz/t2e7ibA0c5Uoc27IzAdxPXfx2B2sS6gTKk-2kkfG45w>;rel="nofollow"
location: https://acme-v02.api.letsencrypt.org/acme/challenge/t2e7ibA0c5Uoc27IzAdxPXfx2B2sS6gTKk-2kkfG45w/6939141552
pragma: no-cache
boulder-requester: 35382979
date: Fri, 31 Aug 2018 18:20:07 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: ExuLjgZZfA3gbOSSaKRwGD4PHq1JCSe4t791WG6afRs
{
"type": "tls-sni-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/t2e7ibA0c5Uoc27IzAdxPXfx2B2sS6gTKk-2kkfG45w/6939141552",
"token": "U8RHBZRKV1lrSYMNA4GL7Wee2-z2R3vx5LmuRUL77Lk"
}
2018-08-31 18:20:07,155:DEBUG:acme.client:Storing nonce: ExuLjgZZfA3gbOSSaKRwGD4PHq1JCSe4t791WG6afRs
2018-08-31 18:20:10,158:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/authz/n9ZDeLeMaYpUdSwvTaa13R_dqduXekEHjDWAG191Uv8.
2018-08-31 18:20:10,276:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/n9ZDeLeMaYpUdSwvTaa13R_dqduXekEHjDWAG191Uv8 HTTP/1.1" 200 1885
2018-08-31 18:20:10,277:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1885
expires: Fri, 31 Aug 2018 18:20:10 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Fri, 31 Aug 2018 18:20:10 GMT
x-frame-options: DENY
content-type: application/json
{
"identifier": {
"type": "dns",
"value": "nomorestars.com"
},
"status": "invalid",
"expires": "2018-09-07T18:20:04Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/n9ZDeLeMaYpUdSwvTaa13R_dqduXekEHjDWAG191Uv8/6939141515",
"token": "oZYxeckwuT6WXPj8yCh0JoGb8kBPOudZCKae33CrtRk"
},
{
"type": "tls-alpn-01",
"status": "invalid",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/n9ZDeLeMaYpUdSwvTaa13R_dqduXekEHjDWAG191Uv8/6939141516",
"token": "s_AtHMh3q6Ul3cmCg3ewOhn88GDUZv_Ogovx99MFbJ8"
},
{
"type": "dns-01",
"status": "invalid",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/n9ZDeLeMaYpUdSwvTaa13R_dqduXekEHjDWAG191Uv8/6939141520",
"token": "eVQob6fzzO7YrIiOQOxRC36kqkH9YMGnswVquO3oCkc"
},
{
"type": "tls-sni-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Incorrect validation certificate for tls-sni-01 challenge. Requested 16795acb9b91312d2b5673874c9ba2f7.a75ad1ee8132610f7848c44b5f29c6d4.acme.invalid from [2604:a880:400:d1::78b:7001]:443. Received 2 certificate(s), first certificate had names \"nomorestars.com, pod.nomorestars.com, www.nomorestars.com\"",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/n9ZDeLeMaYpUdSwvTaa13R_dqduXekEHjDWAG191Uv8/6939141523",
"token": "7fZBUpY2hH_fwM-RaBBjnAOrxS0lpMBJB6CMIhdskbg",
"validationRecord": [
{
"hostname": "nomorestars.com",
"port": "443",
"addressesResolved": [
"206.189.255.48",
"2604:a880:400:d1::78b:7001"
],
"addressUsed": "2604:a880:400:d1::78b:7001"
}
]
}
]
}
2018-08-31 18:20:10,279:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/authz/vMr7zg1e4s-pcTRD6oH2O7sZAWnY97VKjMT_tbblZww.
2018-08-31 18:20:10,409:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/vMr7zg1e4s-pcTRD6oH2O7sZAWnY97VKjMT_tbblZww HTTP/1.1" 200 1893
2018-08-31 18:20:10,409:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1893
expires: Fri, 31 Aug 2018 18:20:10 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Fri, 31 Aug 2018 18:20:10 GMT
x-frame-options: DENY
content-type: application/json
{
"identifier": {
"type": "dns",
"value": "pod.nomorestars.com"
},
"status": "invalid",
"expires": "2018-09-07T18:20:04Z",
"challenges": [
{
"type": "tls-alpn-01",
"status": "invalid",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/vMr7zg1e4s-pcTRD6oH2O7sZAWnY97VKjMT_tbblZww/6939141535",
"token": "dGK1ABltFSh3y7f5vCAOH6CQWNQTQXrQWq9KAmVGJXQ"
},
{
"type": "tls-sni-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Incorrect validation certificate for tls-sni-01 challenge. Requested 4316355dbb9224101f79bd40510f0d74.6023a18851c00d6bfa8a3cdd45cf702d.acme.invalid from [2604:a880:400:d1::78b:7001]:443. Received 2 certificate(s), first certificate had names \"nomorestars.com, pod.nomorestars.com, www.nomorestars.com\"",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/vMr7zg1e4s-pcTRD6oH2O7sZAWnY97VKjMT_tbblZww/6939141539",
"token": "ZDCwscp83jDD2UtCIRDGSJoUXyKKrWBfz3ak_sCZLpk",
"validationRecord": [
{
"hostname": "pod.nomorestars.com",
"port": "443",
"addressesResolved": [
"206.189.255.48",
"2604:a880:400:d1::78b:7001"
],
"addressUsed": "2604:a880:400:d1::78b:7001"
}
]
},
{
"type": "dns-01",
"status": "invalid",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/vMr7zg1e4s-pcTRD6oH2O7sZAWnY97VKjMT_tbblZww/6939141542",
"token": "ia-0Hb7tpMki03043bV8x0oV4loC8H64SrYNb8TLIP0"
},
{
"type": "http-01",
"status": "invalid",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/vMr7zg1e4s-pcTRD6oH2O7sZAWnY97VKjMT_tbblZww/6939141544",
"token": "Ox75tCdLS10_388zAVgst899hiG5ap0pJ_rUOQmUnG0"
}
]
}
2018-08-31 18:20:10,410:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/authz/t2e7ibA0c5Uoc27IzAdxPXfx2B2sS6gTKk-2kkfG45w.
2018-08-31 18:20:10,518:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/t2e7ibA0c5Uoc27IzAdxPXfx2B2sS6gTKk-2kkfG45w HTTP/1.1" 200 1893
2018-08-31 18:20:10,519:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1893
expires: Fri, 31 Aug 2018 18:20:10 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Fri, 31 Aug 2018 18:20:10 GMT
x-frame-options: DENY
content-type: application/json
{
"identifier": {
"type": "dns",
"value": "www.nomorestars.com"
},
"status": "invalid",
"expires": "2018-09-07T18:20:04Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/t2e7ibA0c5Uoc27IzAdxPXfx2B2sS6gTKk-2kkfG45w/6939141546",
"token": "iulaMa7w_u0wcVMNn59m8tKJ-KK3yLnJF1zMgdLfEHU"
},
{
"type": "tls-alpn-01",
"status": "invalid",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/t2e7ibA0c5Uoc27IzAdxPXfx2B2sS6gTKk-2kkfG45w/6939141547",
"token": "FLCrqpe1wCUmnQYWsIYxN-aGhtAW-JUtTkbh3OZe-dM"
},
{
"type": "dns-01",
"status": "invalid",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/t2e7ibA0c5Uoc27IzAdxPXfx2B2sS6gTKk-2kkfG45w/6939141549",
"token": "uCWd0P8mfxotOpf5b44rD3U_XR7T5U1SX7qW6TeETNY"
},
{
"type": "tls-sni-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Incorrect validation certificate for tls-sni-01 challenge. Requested ce42ea5ad1a07c5ee69b4904e5abc9d7.37ebfd4dfede4bca4229c97c32e7d792.acme.invalid from [2604:a880:400:d1::78b:7001]:443. Received 2 certificate(s), first certificate had names \"nomorestars.com, pod.nomorestars.com, www.nomorestars.com\"",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/t2e7ibA0c5Uoc27IzAdxPXfx2B2sS6gTKk-2kkfG45w/6939141552",
"token": "U8RHBZRKV1lrSYMNA4GL7Wee2-z2R3vx5LmuRUL77Lk",
"validationRecord": [
{
"hostname": "www.nomorestars.com",
"port": "443",
"addressesResolved": [
"206.189.255.48",
"2604:a880:400:d1::78b:7001"
],
"addressUsed": "2604:a880:400:d1::78b:7001"
}
]
}
]
}
2018-08-31 18:20:10,520:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: www.nomorestars.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested ce42ea5ad1a07c5ee69b4904e5abc9d7.37ebfd4dfede4bca4229c97c32e7d792.acme.invalid from [2604:a880:400:d1::78b:7001]:443. Received 2 certificate(s), first certificate had names "nomorestars.com, pod.nomorestars.com, www.nomorestars.com"
Domain: pod.nomorestars.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested 4316355dbb9224101f79bd40510f0d74.6023a18851c00d6bfa8a3cdd45cf702d.acme.invalid from [2604:a880:400:d1::78b:7001]:443. Received 2 certificate(s), first certificate had names "nomorestars.com, pod.nomorestars.com, www.nomorestars.com"
Domain: nomorestars.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested 16795acb9b91312d2b5673874c9ba2f7.a75ad1ee8132610f7848c44b5f29c6d4.acme.invalid from [2604:a880:400:d1::78b:7001]:443. Received 2 certificate(s), first certificate had names "nomorestars.com, pod.nomorestars.com, www.nomorestars.com"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2018-08-31 18:20:10,521:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 155, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 226, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. www.nomorestars.com (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested ce42ea5ad1a07c5ee69b4904e5abc9d7.37ebfd4dfede4bca4229c97c32e7d792.acme.invalid from [2604:a880:400:d1::78b:7001]:443. Received 2 certificate(s), first certificate had names "nomorestars.com, pod.nomorestars.com, www.nomorestars.com", pod.nomorestars.com (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 4316355dbb9224101f79bd40510f0d74.6023a18851c00d6bfa8a3cdd45cf702d.acme.invalid from [2604:a880:400:d1::78b:7001]:443. Received 2 certificate(s), first certificate had names "nomorestars.com, pod.nomorestars.com, www.nomorestars.com", nomorestars.com (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 16795acb9b91312d2b5673874c9ba2f7.a75ad1ee8132610f7848c44b5f29c6d4.acme.invalid from [2604:a880:400:d1::78b:7001]:443. Received 2 certificate(s), first certificate had names "nomorestars.com, pod.nomorestars.com, www.nomorestars.com"
2018-08-31 18:20:10,521:DEBUG:certbot.error_handler:Calling registered functions
2018-08-31 18:20:10,521:INFO:certbot.auth_handler:Cleaning up challenges
2018-08-31 18:20:11,771:WARNING:certbot.renewal:Attempting to renew cert (nomorestars.com) from /etc/letsencrypt/renewal/nomorestars.com.conf produced an unexpected error: Failed authorization procedure. www.nomorestars.com (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested ce42ea5ad1a07c5ee69b4904e5abc9d7.37ebfd4dfede4bca4229c97c32e7d792.acme.invalid from [2604:a880:400:d1::78b:7001]:443. Received 2 certificate(s), first certificate had names "nomorestars.com, pod.nomorestars.com, www.nomorestars.com", pod.nomorestars.com (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 4316355dbb9224101f79bd40510f0d74.6023a18851c00d6bfa8a3cdd45cf702d.acme.invalid from [2604:a880:400:d1::78b:7001]:443. Received 2 certificate(s), first certificate had names "nomorestars.com, pod.nomorestars.com, www.nomorestars.com", nomorestars.com (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 16795acb9b91312d2b5673874c9ba2f7.a75ad1ee8132610f7848c44b5f29c6d4.acme.invalid from [2604:a880:400:d1::78b:7001]:443. Received 2 certificate(s), first certificate had names "nomorestars.com, pod.nomorestars.com, www.nomorestars.com". Skipping.
2018-08-31 18:20:11,774:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/certbot/renewal.py", line 430, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1197, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 115, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python2.7/site-packages/certbot/renewal.py", line 305, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 334, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 370, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 155, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 226, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. www.nomorestars.com (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested ce42ea5ad1a07c5ee69b4904e5abc9d7.37ebfd4dfede4bca4229c97c32e7d792.acme.invalid from [2604:a880:400:d1::78b:7001]:443. Received 2 certificate(s), first certificate had names "nomorestars.com, pod.nomorestars.com, www.nomorestars.com", pod.nomorestars.com (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 4316355dbb9224101f79bd40510f0d74.6023a18851c00d6bfa8a3cdd45cf702d.acme.invalid from [2604:a880:400:d1::78b:7001]:443. Received 2 certificate(s), first certificate had names "nomorestars.com, pod.nomorestars.com, www.nomorestars.com", nomorestars.com (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 16795acb9b91312d2b5673874c9ba2f7.a75ad1ee8132610f7848c44b5f29c6d4.acme.invalid from [2604:a880:400:d1::78b:7001]:443. Received 2 certificate(s), first certificate had names "nomorestars.com, pod.nomorestars.com, www.nomorestars.com"
2018-08-31 18:20:11,784:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2018-08-27 13:27:41 UTC.
2018-08-31 18:20:11,784:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2018-08-31 18:20:11,785:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2018-08-31 18:20:12,049:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f0644510550>
Prep: True
2018-08-31 18:20:12,050:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f0644510550>
Prep: True
2018-08-31 18:20:12,050:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7f0644510550> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7f0644510550>
2018-08-31 18:20:12,051:INFO:certbot.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2018-08-31 18:20:12,054:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=u'valid', terms_of_service_agreed=None, agreement=u'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf', only_return_existing=None, contact=(u'mailto:trekkie@nomorestars.com',), key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f0644510b10>)>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/35382979', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'), f0662deaff2bf5a8cbe721dccb6dea39, Meta(creation_host=u'centos-s-2vcpu-4gb-nyc1-01', creation_dt=datetime.datetime(2018, 5, 22, 17, 19, 54, tzinfo=<UTC>)))>
2018-08-31 18:20:12,055:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2018-08-31 18:20:12,056:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2018-08-31 18:20:12,200:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 658
2018-08-31 18:20:12,200:DEBUG:acme.client:Received response:
HTTP 200
content-length: 658
expires: Fri, 31 Aug 2018 18:20:12 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Fri, 31 Aug 2018 18:20:12 GMT
x-frame-options: DENY
content-type: application/json
{
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
"zbC-AezkX1I": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
2018-08-31 18:20:12,201:INFO:certbot.main:Renewing an existing certificate
2018-08-31 18:20:12,484:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0031_key-certbot.pem
2018-08-31 18:20:12,487:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0031_csr-certbot.pem
2018-08-31 18:20:12,487:DEBUG:acme.client:Requesting fresh nonce
2018-08-31 18:20:12,487:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-order.
2018-08-31 18:20:12,585:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-order HTTP/1.1" 405 0
2018-08-31 18:20:12,586:DEBUG:acme.client:Received response:
HTTP 405
content-length: 103
pragma: no-cache
expires: Fri, 31 Aug 2018 18:20:12 GMT
server: nginx
connection: keep-alive
allow: POST
cache-control: max-age=0, no-cache, no-store
date: Fri, 31 Aug 2018 18:20:12 GMT
content-type: application/problem+json
replay-nonce: KQSsgu7gJaaHyWd7FWWOZZClZdnMykuQG9KuxgmQ594
2018-08-31 18:20:12,586:DEBUG:acme.client:Storing nonce: KQSsgu7gJaaHyWd7FWWOZZClZdnMykuQG9KuxgmQ594
2018-08-31 18:20:12,586:DEBUG:acme.client:JWS payload:
{
"status": "pending",
"identifiers": [
{
"type": "dns",
"value": "pod.nomorestars.com"
}
],
"resource": "new-order"
}
2018-08-31 18:20:12,588:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJub25jZSI6ICJLUVNzZ3U3Z0phYUh5V2Q3RldXT1paQ2xaZG5NeWt1UUc5S3V4Z21RNTk0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8zNTM4Mjk3OSIsICJhbGciOiAiUlMyNTYifQ",
"payload": "ewogICJzdGF0dXMiOiAicGVuZGluZyIsIAogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICJwb2Qubm9tb3Jlc3RhcnMuY29tIgogICAgfQogIF0sIAogICJyZXNvdXJjZSI6ICJuZXctb3JkZXIiCn0",
"signature": "il0DHhjaktYqELBAarQlQLtq6z821HWH9l5O9ybvJrzFu97rWuuIeJimHVMTTIIyp5lGX0NFO6J_5FsiQmwG5wDNRvg7ndK6gLIZiyOZDgnLT3UeMVT83navzPhEo1HhR1a_YrD3Q3vvRf4IDcRcU_-SFOzj50D0-gifUXP3W0W4htxWvl80_WtHTlJJd8N5bWDnX6F5HQ295Cza25RrP9_QVYHq3ulD33wNgJ46PZmc50d5h_5RSRIQBR3Rre-QrqlSKjV9ARV1rn5_CxDTN13ca7o9vSem59MSQUB3M699hmQiMNsBR8Qnc4cO1VVjCn8KqZUmNSUzBioZLqnWaQ"
}
2018-08-31 18:20:12,744:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-order HTTP/1.1" 201 377
2018-08-31 18:20:12,745:DEBUG:acme.client:Received response:
HTTP 201
content-length: 377
expires: Fri, 31 Aug 2018 18:20:12 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
location: https://acme-v02.api.letsencrypt.org/acme/order/35382979/52700585
pragma: no-cache
boulder-requester: 35382979
date: Fri, 31 Aug 2018 18:20:12 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: kvoqWjt4mE59w-ViN8k3tinsrw99E6zoAExXVHXgrfg
{
"status": "pending",
"expires": "2018-09-07T18:20:12.642318707Z",
"identifiers": [
{
"type": "dns",
"value": "pod.nomorestars.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/BbdJy7r_dV2ckvaiYYHujs8xOd4vnmdotjHwEuGIaeE"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/35382979/52700585"
}
2018-08-31 18:20:12,745:DEBUG:acme.client:Storing nonce: kvoqWjt4mE59w-ViN8k3tinsrw99E6zoAExXVHXgrfg
2018-08-31 18:20:12,746:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/authz/BbdJy7r_dV2ckvaiYYHujs8xOd4vnmdotjHwEuGIaeE.
2018-08-31 18:20:12,869:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/BbdJy7r_dV2ckvaiYYHujs8xOd4vnmdotjHwEuGIaeE HTTP/1.1" 200 1163
2018-08-31 18:20:12,869:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1163
expires: Fri, 31 Aug 2018 18:20:12 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Fri, 31 Aug 2018 18:20:12 GMT
x-frame-options: DENY
content-type: application/json
{
"identifier": {
"type": "dns",
"value": "pod.nomorestars.com"
},
"status": "pending",
"expires": "2018-09-07T18:20:12Z",
"challenges": [
{
"type": "tls-sni-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/BbdJy7r_dV2ckvaiYYHujs8xOd4vnmdotjHwEuGIaeE/6939147361",
"token": "cM5HrZiyfyPvOLKgbq9HD8FZ4J_Z-aH2Lc6GXSTFCAM"
},
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/BbdJy7r_dV2ckvaiYYHujs8xOd4vnmdotjHwEuGIaeE/6939147362",
"token": "1lHAF4teMlOKax-6RbYBsX-1Py8VCFpfFjjIKHg4D2U"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/BbdJy7r_dV2ckvaiYYHujs8xOd4vnmdotjHwEuGIaeE/6939147363",
"token": "dYNdjjP7Qx2W9Df0lR22_InE7DBNJdLzgZi3hrx7vfQ"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/BbdJy7r_dV2ckvaiYYHujs8xOd4vnmdotjHwEuGIaeE/6939147364",
"token": "rKfbdByewNvYoRatSqOVqd9NBkURxyiF9NGLHVueEUA"
}
]
}
2018-08-31 18:20:12,871:INFO:certbot.auth_handler:Performing the following challenges:
2018-08-31 18:20:12,871:INFO:certbot.auth_handler:tls-sni-01 challenge for pod.nomorestars.com
2018-08-31 18:20:13,015:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
2018-08-31 18:20:13,016:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/www
2018-08-31 18:20:13,016:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
2018-08-31 18:20:13,016:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/pod
2018-08-31 18:20:13,018:DEBUG:certbot_nginx.parser:Writing nginx conf tree to /etc/nginx/nginx.conf:
user nginx;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
}
http {
include /etc/letsencrypt/le_tls_sni_01_cert_challenge.conf;
server_names_hash_bucket_size 128;
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
server_tokens off;
client_max_body_size 8192k;
client_header_timeout 10;
client_body_timeout 10;
keepalive_timeout 10 10;
send_timeout 10;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-streams;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
# gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_min_length 1100;
# gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml application/x-font-ttf font/opentype application/vnd.ms-fontobject;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols TLSv1.2;
#ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
# ssl_trusted_certificate /etc/letsencrypt/live/nomorestars.com/chain.pem;
ssl_trusted_certificate /etc/letsencrypt/live/nomorestars.com/fullchain.pem;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
2018-08-31 18:20:14,044:INFO:certbot.auth_handler:Waiting for verification...
2018-08-31 18:20:14,045:DEBUG:acme.client:JWS payload:
{
"keyAuthorization": "cM5HrZiyfyPvOLKgbq9HD8FZ4J_Z-aH2Lc6GXSTFCAM.ty3HZX2QaciC7h3pTGzMydNn2zivn4Y8h3y73Suc-6o",
"type": "tls-sni-01",
"resource": "challenge"
}
2018-08-31 18:20:14,047:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/challenge/BbdJy7r_dV2ckvaiYYHujs8xOd4vnmdotjHwEuGIaeE/6939147361:
{
"protected": "eyJub25jZSI6ICJrdm9xV2p0NG1FNTl3LVZpTjhrM3RpbnNydzk5RTZ6b0FFeFhWSFhncmZnIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvQmJkSnk3cl9kVjJja3ZhaVlZSHVqczh4T2Q0dm5tZG90akh3RXVHSWFlRS82OTM5MTQ3MzYxIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9yZWcvMzUzODI5NzkiLCAiYWxnIjogIlJTMjU2In0",
"payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogImNNNUhyWml5ZnlQdk9MS2dicTlIRDhGWjRKX1otYUgyTGM2R1hTVEZDQU0udHkzSFpYMlFhY2lDN2gzcFRHek15ZE5uMnppdm40WThoM3k3M1N1Yy02byIsIAogICJ0eXBlIjogInRscy1zbmktMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
"signature": "gdq8LO_cU3YKOCYvZxLx1L1hdq6Ew3V9ij9GQyfaAFrCIaei81TP0M5sISZcZ16VKK9odPSJYX7EGE4MbR-dpcibbaAYePRa7Dr3cin8K0qB5K16nJ8zctRbLir8hr45TMeM4uR1yiAhg4EOaaQYGTGD1qyjqCRxi6BhPIY2mVU_STSbvZF0z29ygU2Y-40Ya1urDZqugnjuEJImjfO9AW59t92DQdLBe9EeQDq-dV7KactlcYY3fOTZW2JZWYGmcJlH8EQkkpW8BPh5HFt4Jd-DSiNiBhKLACJ3q-ipHBNVRDfjjAwVQzsUXd9wnRmHMUMAzkSsq6hh-Wj3x02Sjg"
}
2018-08-31 18:20:14,227:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/BbdJy7r_dV2ckvaiYYHujs8xOd4vnmdotjHwEuGIaeE/6939147361 HTTP/1.1" 200 226
2018-08-31 18:20:14,228:DEBUG:acme.client:Received response:
HTTP 200
content-length: 226
expires: Fri, 31 Aug 2018 18:20:14 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/acme/authz/BbdJy7r_dV2ckvaiYYHujs8xOd4vnmdotjHwEuGIaeE>;rel="nofollow"
location: https://acme-v02.api.letsencrypt.org/acme/challenge/BbdJy7r_dV2ckvaiYYHujs8xOd4vnmdotjHwEuGIaeE/6939147361
pragma: no-cache
boulder-requester: 35382979
date: Fri, 31 Aug 2018 18:20:14 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: TQ-koyDYq2cVTL61Qb4PzK5YaIMwxdqyLo3gPhJeVu4
{
"type": "tls-sni-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/BbdJy7r_dV2ckvaiYYHujs8xOd4vnmdotjHwEuGIaeE/6939147361",
"token": "cM5HrZiyfyPvOLKgbq9HD8FZ4J_Z-aH2Lc6GXSTFCAM"
}
2018-08-31 18:20:14,228:DEBUG:acme.client:Storing nonce: TQ-koyDYq2cVTL61Qb4PzK5YaIMwxdqyLo3gPhJeVu4
2018-08-31 18:20:17,231:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/acme/authz/BbdJy7r_dV2ckvaiYYHujs8xOd4vnmdotjHwEuGIaeE.
2018-08-31 18:20:17,367:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/BbdJy7r_dV2ckvaiYYHujs8xOd4vnmdotjHwEuGIaeE HTTP/1.1" 200 1893
2018-08-31 18:20:17,369:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1893
expires: Fri, 31 Aug 2018 18:20:17 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Fri, 31 Aug 2018 18:20:17 GMT
x-frame-options: DENY
content-type: application/json
{
"identifier": {
"type": "dns",
"value": "pod.nomorestars.com"
},
"status": "invalid",
"expires": "2018-09-07T18:20:12Z",
"challenges": [
{
"type": "tls-sni-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Incorrect validation certificate for tls-sni-01 challenge. Requested f402dc630cdf283828fcad396ae9cc3d.0cd9a6af809e30500f5f91ad4176769a.acme.invalid from [2604:a880:400:d1::78b:7001]:443. Received 2 certificate(s), first certificate had names \"nomorestars.com, pod.nomorestars.com, www.nomorestars.com\"",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/BbdJy7r_dV2ckvaiYYHujs8xOd4vnmdotjHwEuGIaeE/6939147361",
"token": "cM5HrZiyfyPvOLKgbq9HD8FZ4J_Z-aH2Lc6GXSTFCAM",
"validationRecord": [
{
"hostname": "pod.nomorestars.com",
"port": "443",
"addressesResolved": [
"206.189.255.48",
"2604:a880:400:d1::78b:7001"
],
"addressUsed": "2604:a880:400:d1::78b:7001"
}
]
},
{
"type": "http-01",
"status": "invalid",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/BbdJy7r_dV2ckvaiYYHujs8xOd4vnmdotjHwEuGIaeE/6939147362",
"token": "1lHAF4teMlOKax-6RbYBsX-1Py8VCFpfFjjIKHg4D2U"
},
{
"type": "tls-alpn-01",
"status": "invalid",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/BbdJy7r_dV2ckvaiYYHujs8xOd4vnmdotjHwEuGIaeE/6939147363",
"token": "dYNdjjP7Qx2W9Df0lR22_InE7DBNJdLzgZi3hrx7vfQ"
},
{
"type": "dns-01",
"status": "invalid",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/BbdJy7r_dV2ckvaiYYHujs8xOd4vnmdotjHwEuGIaeE/6939147364",
"token": "rKfbdByewNvYoRatSqOVqd9NBkURxyiF9NGLHVueEUA"
}
]
}
2018-08-31 18:20:17,371:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: pod.nomorestars.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested f402dc630cdf283828fcad396ae9cc3d.0cd9a6af809e30500f5f91ad4176769a.acme.invalid from [2604:a880:400:d1::78b:7001]:443. Received 2 certificate(s), first certificate had names "nomorestars.com, pod.nomorestars.com, www.nomorestars.com"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2018-08-31 18:20:17,371:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 155, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 226, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. pod.nomorestars.com (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested f402dc630cdf283828fcad396ae9cc3d.0cd9a6af809e30500f5f91ad4176769a.acme.invalid from [2604:a880:400:d1::78b:7001]:443. Received 2 certificate(s), first certificate had names "nomorestars.com, pod.nomorestars.com, www.nomorestars.com"
2018-08-31 18:20:17,371:DEBUG:certbot.error_handler:Calling registered functions
2018-08-31 18:20:17,371:INFO:certbot.auth_handler:Cleaning up challenges
2018-08-31 18:20:18,669:WARNING:certbot.renewal:Attempting to renew cert (pod.nomorestars.com) from /etc/letsencrypt/renewal/pod.nomorestars.com.conf produced an unexpected error: Failed authorization procedure. pod.nomorestars.com (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested f402dc630cdf283828fcad396ae9cc3d.0cd9a6af809e30500f5f91ad4176769a.acme.invalid from [2604:a880:400:d1::78b:7001]:443. Received 2 certificate(s), first certificate had names "nomorestars.com, pod.nomorestars.com, www.nomorestars.com". Skipping.
2018-08-31 18:20:18,670:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/certbot/renewal.py", line 430, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1197, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 115, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python2.7/site-packages/certbot/renewal.py", line 305, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 334, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 370, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 155, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 226, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. pod.nomorestars.com (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested f402dc630cdf283828fcad396ae9cc3d.0cd9a6af809e30500f5f91ad4176769a.acme.invalid from [2604:a880:400:d1::78b:7001]:443. Received 2 certificate(s), first certificate had names "nomorestars.com, pod.nomorestars.com, www.nomorestars.com"
2018-08-31 18:20:18,670:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2018-08-31 18:20:18,671:ERROR:certbot.renewal: /etc/letsencrypt/live/nomorestars.com/fullchain.pem (failure)
/etc/letsencrypt/live/pod.nomorestars.com/fullchain.pem (failure)
2018-08-31 18:20:18,672:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 9, in <module>
load_entry_point('certbot==0.26.1', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1364, in main
return config.func(config, plugins)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1276, in renew
renewal.handle_renewal_request(config)
File "/usr/lib/python2.7/site-packages/certbot/renewal.py", line 455, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 2 renew failure(s), 0 parse failure(s)