2017-07-21 19:03:38,867:DEBUG:certbot.main:certbot version: 0.14.2 2017-07-21 19:03:38,868:DEBUG:certbot.main:Arguments: ['--duplicate', '--apache', '--cert-name', 'www.xxxx.com', '-d', 'www.xxxx.com', '-d', 'xxxx.com'] 2017-07-21 19:03:38,868:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2017-07-21 19:03:38,878:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache 2017-07-21 19:03:38,878:DEBUG:certbot.cli:Default Detector is Namespace(account=, agree_dev_preview=None, allow_subset_of_names=, apache=True, apache_challenge_location=, apache_ctl=, apache_dismod=, apache_enmod=, apache_handle_modules=, apache_handle_sites=, apache_init_script=, apache_le_vhost_ext=, apache_logs_root=, apache_server_root=, apache_vhost_root=, authenticator='apache', break_my_certs=, cert_path=, certname='www.xxxx.com', chain_path=, checkpoints=, config_dir=, config_file=None, configurator=, csr=, debug=, debug_challenges=, dialog=None, domains='xxxx.com', dry_run=, duplicate=True, eff_email=, email=, expand=, force_interactive=, fullchain_path=, func=, hsts=, http01_port=, ifaces=, init=, installer='apache', key_path=, logs_dir=, manual=, manual_auth_hook=, manual_cleanup_hook=, manual_public_ip_logging_ok=, must_staple=, nginx=, no_bootstrap=, no_self_upgrade=, no_verify_ssl=, noninteractive_mode=, num=, os_packages_only=, post_hook=, pre_hook=, pref_challs=, prepare=, quiet=, reason=, redirect=, register_unsafely_without_email=, reinstall=, renew_by_default=, renew_hook=, renew_with_new_domains=, rsa_key_size=, server=, staging=, standalone=, standalone_supported_challenges=, staple=, strict_permissions=, text_mode=, tls_sni_01_port=, tos=, uir=, update_registration=, user_agent=, validate_hooks=, verb='certonly', verbose_count=, webroot=, webroot_map=, webroot_path=, work_dir=) 2017-07-21 19:03:38,883:DEBUG:certbot.log:Root logging level set at 20 2017-07-21 19:03:38,883:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2017-07-21 19:03:38,884:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache 2017-07-21 19:03:38,953:DEBUG:certbot_apache.configurator:Apache version is 2.4.18 2017-07-21 19:03:39,664:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache Description: Apache Web Server plugin - Beta Interfaces: IAuthenticator, IInstaller, IPlugin Entry point: apache = certbot_apache.configurator:ApacheConfigurator Initialized: Prep: True 2017-07-21 19:03:39,665:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache Description: Apache Web Server plugin - Beta Interfaces: IAuthenticator, IInstaller, IPlugin Entry point: apache = certbot_apache.configurator:ApacheConfigurator Initialized: Prep: True 2017-07-21 19:03:39,665:DEBUG:certbot.plugins.selection:Selected authenticator and installer 2017-07-21 19:03:39,669:DEBUG:certbot.main:Picked account: )>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/9634010', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'), 1b5c50d841e013c721b96e7d2df36467, Meta(creation_host=u'svr3.wahotechnologies.com', creation_dt=datetime.datetime(2017, 2, 15, 18, 19, 3, tzinfo=)))> 2017-07-21 19:03:39,670:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. 2017-07-21 19:03:39,695:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org 2017-07-21 19:03:39,957:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 352 2017-07-21 19:03:39,958:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Content-Type: application/json Content-Length: 352 Boulder-Request-Id: _fbKYK34sPnXdETlNH2DaBNSNLHl_csN49K1xNt0DJA Replay-Nonce: HUmnnKGisb_hljG7rG82rWUFLIeIQJN_xNdPuYwUT6M X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Fri, 21 Jul 2017 19:03:39 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 21 Jul 2017 19:03:39 GMT Connection: keep-alive { "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change", "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz", "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert", "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg", "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert" } 2017-07-21 19:03:39,958:INFO:certbot.main:Obtaining a new certificate 2017-07-21 19:03:39,959:DEBUG:acme.client:Requesting fresh nonce 2017-07-21 19:03:39,959:DEBUG:acme.client:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. 2017-07-21 19:03:40,042:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "HEAD /acme/new-authz HTTP/1.1" 405 0 2017-07-21 19:03:40,043:DEBUG:acme.client:Received response: HTTP 405 Server: nginx Content-Type: application/problem+json Content-Length: 91 Allow: POST Boulder-Request-Id: YotxjqpC8r0_Ct4opUPpPTc4_LEYGfIsC5IBGEBGBro Replay-Nonce: ougL2RJEvXmnTHeOZ9Vt5AGFpj_PX75RbKsvOD5kA5s Expires: Fri, 21 Jul 2017 19:03:40 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 21 Jul 2017 19:03:40 GMT Connection: keep-alive 2017-07-21 19:03:40,043:DEBUG:acme.client:Storing nonce: ougL2RJEvXmnTHeOZ9Vt5AGFpj_PX75RbKsvOD5kA5s 2017-07-21 19:03:40,043:DEBUG:acme.client:JWS payload: { "identifier": { "type": "dns", "value": "www.xxxx.com" }, "resource": "new-authz" } 2017-07-21 19:03:40,047:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz: { "header": { "alg": "RS256", "jwk": { "e": "AQAB", "kty": "RSA", "n": "tEkorgZRvd5QjIEzGs4zZbaN9M8wO2TARaKPpKw6WXnlAtETdm-qH4p3bHRzIjk0S524qOGwVhGfMVOHjkd5BSMAaMZJRTARVT0QmUsWDfkNFBx3pllqrGrbZygXQhcAExbRIB8D4PFzX-aqs1EHE1TOqJQkskwcu5d0jzk1uNkY9wP7D7geVzQM6tDq3_PuFR42GBxoxRJdfMYBR1KnYyUFcTpFwLXPr619EWEYqD947rWYZUvUIvPxb5etrSKCsFwqCPfWjgWWo2cIkdVOPSuLc_MtGuyjvdd267JdpyX5sFvPucn2lc6r0dTOSwAe5LHg1IyilGk3kaNczTN8WQ" } }, "protected": "eyJub25jZSI6ICJvdWdMMlJKRXZYbW5USGVPWjlWdDVBR0Zwal9QWDc1UmJLc3ZPRDVrQTVzIn0", "payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAid3d3LnRyaWNrbXlpZGVhLmNvbSIKICB9LCAKICAicmVzb3VyY2UiOiAibmV3LWF1dGh6Igp9", "signature": "cguSoQPk_cmqYO05cK-qAiEg66RZ_6HPFxmCuJwpHKILg4haepyckPCdSyQZu1oXQ5m25rrCmYep9K2AHjXgNpo6Sz_l7BYU7Sg12Mt6M06Y4TiGRtRdgnPp_sbA7XF160NEhsGW8yyZJOAJkhm3xBZ_qdmZsbj5LMDpO7riVEojCOD9whEbW_os8GxOODfNaUlNoiFsqPwkYP1RvgI-GqW8h4tvBSQVk78GdGL5HzoNTllrgVKSoocvorrI-33YzOCmrrwMq8mTrweKGlx6uTeD6ARZicaLoDvGTlfqHSZuqortojCdUl5G5miuCdSUztSTzfaLK4y6NttvJUJ4Rw" } 2017-07-21 19:03:40,478:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 1007 2017-07-21 19:03:40,480:DEBUG:acme.client:Received response: HTTP 201 Server: nginx Content-Type: application/json Content-Length: 1007 Boulder-Request-Id: muLPUP-UicihOSFpkvK-DfVTFvQQguybI5N2pVkO5D8 Boulder-Requester: 9634010 Link: ;rel="next" Location: https://acme-v01.api.letsencrypt.org/acme/authz/g5evJt4P1YOa683uUwe8Ju1frAC0YlaOch9cPxll31c Replay-Nonce: 0Mp6_6taKV0Gz69v4oI8kuRK9xzQ1lcqIEUeOEDc5lI X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Fri, 21 Jul 2017 19:03:40 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 21 Jul 2017 19:03:40 GMT Connection: keep-alive { "identifier": { "type": "dns", "value": "www.xxxx.com" }, "status": "pending", "expires": "2017-07-28T19:03:40.275232851Z", "challenges": [ { "type": "dns-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/g5evJt4P1YOa683uUwe8Ju1frAC0YlaOch9cPxll31c/1589765758", "token": "i1oSdMGKwmwMw3CXHS5omH1Mv9l8GY3trb-CQaTlgAo" }, { "type": "http-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/g5evJt4P1YOa683uUwe8Ju1frAC0YlaOch9cPxll31c/1589765759", "token": "oT22zxIczUAmTVeFUuVQxD1LJioD4O97gzuy8Hs5RDQ" }, { "type": "tls-sni-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/g5evJt4P1YOa683uUwe8Ju1frAC0YlaOch9cPxll31c/1589765766", "token": "_aaI5J-RjmcrbUbXLxVhTYV46cMfev0iPCPt9i-x_IM" } ], "combinations": [ [ 2 ], [ 1 ], [ 0 ] ] } 2017-07-21 19:03:40,480:DEBUG:acme.client:Storing nonce: 0Mp6_6taKV0Gz69v4oI8kuRK9xzQ1lcqIEUeOEDc5lI 2017-07-21 19:03:40,481:DEBUG:acme.client:JWS payload: { "identifier": { "type": "dns", "value": "xxxx.com" }, "resource": "new-authz" } 2017-07-21 19:03:40,483:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz: { "header": { "alg": "RS256", "jwk": { "e": "AQAB", "kty": "RSA", "n": "tEkorgZRvd5QjIEzGs4zZbaN9M8wO2TARaKPpKw6WXnlAtETdm-qH4p3bHRzIjk0S524qOGwVhGfMVOHjkd5BSMAaMZJRTARVT0QmUsWDfkNFBx3pllqrGrbZygXQhcAExbRIB8D4PFzX-aqs1EHE1TOqJQkskwcu5d0jzk1uNkY9wP7D7geVzQM6tDq3_PuFR42GBxoxRJdfMYBR1KnYyUFcTpFwLXPr619EWEYqD947rWYZUvUIvPxb5etrSKCsFwqCPfWjgWWo2cIkdVOPSuLc_MtGuyjvdd267JdpyX5sFvPucn2lc6r0dTOSwAe5LHg1IyilGk3kaNczTN8WQ" } }, "protected": "eyJub25jZSI6ICIwTXA2XzZ0YUtWMEd6Njl2NG9JOGt1Uks5eHpRMWxjcUlFVWVPRURjNWxJIn0", "payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAidHJpY2tteWlkZWEuY29tIgogIH0sIAogICJyZXNvdXJjZSI6ICJuZXctYXV0aHoiCn0", "signature": "LK8BIVUT-34ME_ozerHmKUMvkMP1-QRgifAXrbNMuHYNVlzoxekjcnUVslUHFKTQxgkVW20NJw1byPOBZ3Ybv0AymTQ4_H88hlg2MjO68k93sSXlbBSeIiqgoHW432iNVAgaS4q6yDM1hkfF25dbRaLQ-uwO5IyI3UJNHeR1HqZ_-4PLpwCndg9e4rbUGZ-XOsJ3-HveCS5y29KUsTnR7KtCfPs91_GDqAdWwAviTAuN8l0KQYa5H7a6WnsD-zw5xYJPkOGta8ro-fAn5ZTO1mz2vqbm4sO3I91cj08lPCbWm4tOjJwOLbCA7hFtMpLdQCBMsFz9kqnimhn3lPrOuw" } 2017-07-21 19:03:40,831:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 1003 2017-07-21 19:03:40,832:DEBUG:acme.client:Received response: HTTP 201 Server: nginx Content-Type: application/json Content-Length: 1003 Boulder-Request-Id: x6-NWEjUwvC0aaMt32oLXHDrjncm4FC0vWIG0g1_LCg Boulder-Requester: 9634010 Link: ;rel="next" Location: https://acme-v01.api.letsencrypt.org/acme/authz/GNr3GlhxpZRQ2Eb_1T4NRrQbXoYxOxa2adyfqrqnI5M Replay-Nonce: MUlE-j1qijxeHL23FPN26E4yc03w-SIqS1Nm6UeA1jI X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Fri, 21 Jul 2017 19:03:40 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 21 Jul 2017 19:03:40 GMT Connection: keep-alive { "identifier": { "type": "dns", "value": "xxxx.com" }, "status": "pending", "expires": "2017-07-28T19:03:40.628541337Z", "challenges": [ { "type": "tls-sni-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GNr3GlhxpZRQ2Eb_1T4NRrQbXoYxOxa2adyfqrqnI5M/1589765800", "token": "i541bj2V9HN6L6Tm22C_UaTfYg8ItnF4tqVmXNjNQ9k" }, { "type": "dns-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GNr3GlhxpZRQ2Eb_1T4NRrQbXoYxOxa2adyfqrqnI5M/1589765805", "token": "La5ZOgjcrvo29SvKwMLWcjLw_Fz_zNpIiug4BRhsL_4" }, { "type": "http-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GNr3GlhxpZRQ2Eb_1T4NRrQbXoYxOxa2adyfqrqnI5M/1589765807", "token": "5J_cq37P6vF8SxHnn1wyiqNuEji78jJBGWwCG4ydYXo" } ], "combinations": [ [ 2 ], [ 0 ], [ 1 ] ] } 2017-07-21 19:03:40,833:DEBUG:acme.client:Storing nonce: MUlE-j1qijxeHL23FPN26E4yc03w-SIqS1Nm6UeA1jI 2017-07-21 19:03:40,833:INFO:certbot.auth_handler:Performing the following challenges: 2017-07-21 19:03:40,833:INFO:certbot.auth_handler:tls-sni-01 challenge for www.xxxx.com 2017-07-21 19:03:40,834:INFO:certbot.auth_handler:tls-sni-01 challenge for xxxx.com 2017-07-21 19:03:41,129:DEBUG:certbot_apache.tls_sni_01:Adding Include /etc/apache2/le_tls_sni_01_cert_challenge.conf to /files/etc/apache2/apache2.conf 2017-07-21 19:03:41,129:DEBUG:certbot_apache.tls_sni_01:writing a config file with text: ServerName 95fa5578ac77d4bf7314013ddd72d4a5.8f1539a260cfca35f0c418f7fa7d896a.acme.invalid UseCanonicalName on SSLStrictSNIVHostCheck on LimitRequestBody 1048576 Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /var/lib/letsencrypt/_aaI5J-RjmcrbUbXLxVhTYV46cMfev0iPCPt9i-x_IM.crt SSLCertificateKeyFile /var/lib/letsencrypt/_aaI5J-RjmcrbUbXLxVhTYV46cMfev0iPCPt9i-x_IM.pem DocumentRoot /var/lib/letsencrypt/tls_sni_01_page/ ServerName e85d94f24809cbd6945511bfcd088a60.8c4eac433a8f4349e182e15e83b7e999.acme.invalid UseCanonicalName on SSLStrictSNIVHostCheck on LimitRequestBody 1048576 Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /var/lib/letsencrypt/i541bj2V9HN6L6Tm22C_UaTfYg8ItnF4tqVmXNjNQ9k.crt SSLCertificateKeyFile /var/lib/letsencrypt/i541bj2V9HN6L6Tm22C_UaTfYg8ItnF4tqVmXNjNQ9k.pem DocumentRoot /var/lib/letsencrypt/tls_sni_01_page/ 2017-07-21 19:03:41,148:DEBUG:certbot.reverter:Creating backup of /etc/apache2/apache2.conf 2017-07-21 19:03:44,299:INFO:certbot.auth_handler:Waiting for verification... 2017-07-21 19:03:44,300:DEBUG:acme.client:JWS payload: { "keyAuthorization": "_aaI5J-RjmcrbUbXLxVhTYV46cMfev0iPCPt9i-x_IM.a9sTa2MixlC15BEZS78u1iceC3_BICHsueTW4n3BD5w", "type": "tls-sni-01", "resource": "challenge" } 2017-07-21 19:03:44,304:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/g5evJt4P1YOa683uUwe8Ju1frAC0YlaOch9cPxll31c/1589765766: { "header": { "alg": "RS256", "jwk": { "e": "AQAB", "kty": "RSA", "n": "tEkorgZRvd5QjIEzGs4zZbaN9M8wO2TARaKPpKw6WXnlAtETdm-qH4p3bHRzIjk0S524qOGwVhGfMVOHjkd5BSMAaMZJRTARVT0QmUsWDfkNFBx3pllqrGrbZygXQhcAExbRIB8D4PFzX-aqs1EHE1TOqJQkskwcu5d0jzk1uNkY9wP7D7geVzQM6tDq3_PuFR42GBxoxRJdfMYBR1KnYyUFcTpFwLXPr619EWEYqD947rWYZUvUIvPxb5etrSKCsFwqCPfWjgWWo2cIkdVOPSuLc_MtGuyjvdd267JdpyX5sFvPucn2lc6r0dTOSwAe5LHg1IyilGk3kaNczTN8WQ" } }, "protected": "eyJub25jZSI6ICJNVWxFLWoxcWlqeGVITDIzRlBOMjZFNHljMDN3LVNJcVMxTm02VWVBMWpJIn0", "payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIl9hYUk1Si1Sam1jcmJVYlhMeFZoVFlWNDZjTWZldjBpUENQdDlpLXhfSU0uYTlzVGEyTWl4bEMxNUJFWlM3OHUxaWNlQzNfQklDSHN1ZVRXNG4zQkQ1dyIsIAogICJ0eXBlIjogInRscy1zbmktMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9", "signature": "WMM9J2QMyGKuXwsBHbCHZ8J9Xcw9t-dnVIzY9ruY6MSg2uiHuth7sOBCmIxLRunN_sbLyzrWL7WV4CLbudCXvyyqVpX96Tznb5-6VobW-uchx6WiFuT3EMQ_4HVP8lcHi-IHmT3VjompP2bINgG3h0_t8G92pbBZrhHukKxv17WdHBPR34v6m9AH8aroVGQR0JBb5vmoi5oWUke58LAUDEkAPD6NsDEnfz4t2ZMFpsbApyH3EpfAyOaMlrEw6J8i1p9A9r6OQQYMYWcFSA0PFG9gSC2MEkbjQXY7CLnKworrOY7gGkPEyl9A4F6vmNPE2C_bSJjKmUhv_dE6pEO-7g" } 2017-07-21 19:03:44,873:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/challenge/g5evJt4P1YOa683uUwe8Ju1frAC0YlaOch9cPxll31c/1589765766 HTTP/1.1" 202 339 2017-07-21 19:03:44,873:DEBUG:acme.client:Received response: HTTP 202 Server: nginx Content-Type: application/json Content-Length: 339 Boulder-Request-Id: 42AE4tAFmTaV-VXIUzNRQA5ylb36T_zIp6vjrNjRXNo Boulder-Requester: 9634010 Link: ;rel="up" Location: https://acme-v01.api.letsencrypt.org/acme/challenge/g5evJt4P1YOa683uUwe8Ju1frAC0YlaOch9cPxll31c/1589765766 Replay-Nonce: -9zhJc6kAhn4WQr_TntGHxo-m9_1bQYHxgomLnO8D8Q Expires: Fri, 21 Jul 2017 19:03:44 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 21 Jul 2017 19:03:44 GMT Connection: keep-alive { "type": "tls-sni-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/g5evJt4P1YOa683uUwe8Ju1frAC0YlaOch9cPxll31c/1589765766", "token": "_aaI5J-RjmcrbUbXLxVhTYV46cMfev0iPCPt9i-x_IM", "keyAuthorization": "_aaI5J-RjmcrbUbXLxVhTYV46cMfev0iPCPt9i-x_IM.a9sTa2MixlC15BEZS78u1iceC3_BICHsueTW4n3BD5w" } 2017-07-21 19:03:44,874:DEBUG:acme.client:Storing nonce: -9zhJc6kAhn4WQr_TntGHxo-m9_1bQYHxgomLnO8D8Q 2017-07-21 19:03:44,874:DEBUG:acme.client:JWS payload: { "keyAuthorization": "i541bj2V9HN6L6Tm22C_UaTfYg8ItnF4tqVmXNjNQ9k.a9sTa2MixlC15BEZS78u1iceC3_BICHsueTW4n3BD5w", "type": "tls-sni-01", "resource": "challenge" } 2017-07-21 19:03:44,876:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/GNr3GlhxpZRQ2Eb_1T4NRrQbXoYxOxa2adyfqrqnI5M/1589765800: { "header": { "alg": "RS256", "jwk": { "e": "AQAB", "kty": "RSA", "n": "tEkorgZRvd5QjIEzGs4zZbaN9M8wO2TARaKPpKw6WXnlAtETdm-qH4p3bHRzIjk0S524qOGwVhGfMVOHjkd5BSMAaMZJRTARVT0QmUsWDfkNFBx3pllqrGrbZygXQhcAExbRIB8D4PFzX-aqs1EHE1TOqJQkskwcu5d0jzk1uNkY9wP7D7geVzQM6tDq3_PuFR42GBxoxRJdfMYBR1KnYyUFcTpFwLXPr619EWEYqD947rWYZUvUIvPxb5etrSKCsFwqCPfWjgWWo2cIkdVOPSuLc_MtGuyjvdd267JdpyX5sFvPucn2lc6r0dTOSwAe5LHg1IyilGk3kaNczTN8WQ" } }, "protected": "eyJub25jZSI6ICItOXpoSmM2a0FobjRXUXJfVG50R0h4by1tOV8xYlFZSHhnb21Mbk84RDhRIn0", "payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogImk1NDFiajJWOUhONkw2VG0yMkNfVWFUZllnOEl0bkY0dHFWbVhOak5ROWsuYTlzVGEyTWl4bEMxNUJFWlM3OHUxaWNlQzNfQklDSHN1ZVRXNG4zQkQ1dyIsIAogICJ0eXBlIjogInRscy1zbmktMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9", "signature": "NpVxrcl_XAoVRcQLe2-I4FxMkOU3JzwZ88TQ6l6SThB_XfzVNppnfOU7w-AhqMT_cnngq8VkYUqSFYCMc1Qi-SYkx4iso_lns3ftY7p1rspba8BAER_c-LnMuyMdPkDDVgi-xM-kDMV5t8B-FjNhJaTKyx44kAN2omkuimRcSgxfgDTCDgULxLO5iF2SJ1e9uiR9NMMMsqzEK3YRBO9etxlDsS3258U5UdAjg25hGYW5ln_3Tr2jn_2ptNrMNp36TgV73vIODqjJhG8sOalHQIneXSD9GmNkuQ9I46ny8RNtzd06y7oknNZyx43TkQeNT_0RYIFf_iV7-YzGmpwdcQ" } 2017-07-21 19:03:45,312:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/challenge/GNr3GlhxpZRQ2Eb_1T4NRrQbXoYxOxa2adyfqrqnI5M/1589765800 HTTP/1.1" 202 339 2017-07-21 19:03:45,313:DEBUG:acme.client:Received response: HTTP 202 Server: nginx Content-Type: application/json Content-Length: 339 Boulder-Request-Id: jQ7bUfeLbC0HlC9IFPMIwgbbZKRHZjmoX7G9CXoE3Pg Boulder-Requester: 9634010 Link: ;rel="up" Location: https://acme-v01.api.letsencrypt.org/acme/challenge/GNr3GlhxpZRQ2Eb_1T4NRrQbXoYxOxa2adyfqrqnI5M/1589765800 Replay-Nonce: QmPlgNKL3GinNcxAJQHB6TxyQzcm0Y_gJy5hEYbkF7A Expires: Fri, 21 Jul 2017 19:03:45 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 21 Jul 2017 19:03:45 GMT Connection: keep-alive { "type": "tls-sni-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GNr3GlhxpZRQ2Eb_1T4NRrQbXoYxOxa2adyfqrqnI5M/1589765800", "token": "i541bj2V9HN6L6Tm22C_UaTfYg8ItnF4tqVmXNjNQ9k", "keyAuthorization": "i541bj2V9HN6L6Tm22C_UaTfYg8ItnF4tqVmXNjNQ9k.a9sTa2MixlC15BEZS78u1iceC3_BICHsueTW4n3BD5w" } 2017-07-21 19:03:45,313:DEBUG:acme.client:Storing nonce: QmPlgNKL3GinNcxAJQHB6TxyQzcm0Y_gJy5hEYbkF7A 2017-07-21 19:03:48,316:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/GNr3GlhxpZRQ2Eb_1T4NRrQbXoYxOxa2adyfqrqnI5M. 2017-07-21 19:03:48,560:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /acme/authz/GNr3GlhxpZRQ2Eb_1T4NRrQbXoYxOxa2adyfqrqnI5M HTTP/1.1" 200 1832 2017-07-21 19:03:48,561:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Content-Type: application/json Content-Length: 1832 Boulder-Request-Id: _cr8vqAsJKAAapl4vao4PepTWP03L-tHuTvTgJP9YX8 Link: ;rel="next" Replay-Nonce: p0nSxnODA-2MA03iJaJUaM4AlX_fa_fa_246slzMMSA X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Fri, 21 Jul 2017 19:03:48 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 21 Jul 2017 19:03:48 GMT Connection: keep-alive { "identifier": { "type": "dns", "value": "xxxx.com" }, "status": "invalid", "expires": "2017-07-28T19:03:40Z", "challenges": [ { "type": "tls-sni-01", "status": "invalid", "error": { "type": "urn:acme:error:unauthorized", "detail": "Incorrect validation certificate for tls-sni-01 challenge. Requested e85d94f24809cbd6945511bfcd088a60.8c4eac433a8f4349e182e15e83b7e999.acme.invalid from [[MyIpv6]]:443. Received 1 certificate(s), first certificate had names \"*.yyyy.com, yyyy.com\"", "status": 403 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GNr3GlhxpZRQ2Eb_1T4NRrQbXoYxOxa2adyfqrqnI5M/1589765800", "token": "i541bj2V9HN6L6Tm22C_UaTfYg8ItnF4tqVmXNjNQ9k", "keyAuthorization": "i541bj2V9HN6L6Tm22C_UaTfYg8ItnF4tqVmXNjNQ9k.a9sTa2MixlC15BEZS78u1iceC3_BICHsueTW4n3BD5w", "validationRecord": [ { "hostname": "xxxx.com", "port": "443", "addressesResolved": [ "[MyIpv4]", "[MyIpv6]" ], "addressUsed": "[MyIpv6]", "addressesTried": [] } ] }, { "type": "dns-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GNr3GlhxpZRQ2Eb_1T4NRrQbXoYxOxa2adyfqrqnI5M/1589765805", "token": "La5ZOgjcrvo29SvKwMLWcjLw_Fz_zNpIiug4BRhsL_4" }, { "type": "http-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GNr3GlhxpZRQ2Eb_1T4NRrQbXoYxOxa2adyfqrqnI5M/1589765807", "token": "5J_cq37P6vF8SxHnn1wyiqNuEji78jJBGWwCG4ydYXo" } ], "combinations": [ [ 2 ], [ 0 ], [ 1 ] ] } 2017-07-21 19:03:48,562:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/g5evJt4P1YOa683uUwe8Ju1frAC0YlaOch9cPxll31c. 2017-07-21 19:03:48,726:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /acme/authz/g5evJt4P1YOa683uUwe8Ju1frAC0YlaOch9cPxll31c HTTP/1.1" 200 1840 2017-07-21 19:03:48,727:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Content-Type: application/json Content-Length: 1840 Boulder-Request-Id: ka9m1WvOHwMemvcYccmg-70P4zB-VqHzqMFWbo8uV9k Link: ;rel="next" Replay-Nonce: klGi-TGpz4czqCrFzd3fFpsTmWf1cWQxlzn0cdhiZ8c X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Fri, 21 Jul 2017 19:03:48 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 21 Jul 2017 19:03:48 GMT Connection: keep-alive { "identifier": { "type": "dns", "value": "www.xxxx.com" }, "status": "invalid", "expires": "2017-07-28T19:03:40Z", "challenges": [ { "type": "dns-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/g5evJt4P1YOa683uUwe8Ju1frAC0YlaOch9cPxll31c/1589765758", "token": "i1oSdMGKwmwMw3CXHS5omH1Mv9l8GY3trb-CQaTlgAo" }, { "type": "http-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/g5evJt4P1YOa683uUwe8Ju1frAC0YlaOch9cPxll31c/1589765759", "token": "oT22zxIczUAmTVeFUuVQxD1LJioD4O97gzuy8Hs5RDQ" }, { "type": "tls-sni-01", "status": "invalid", "error": { "type": "urn:acme:error:unauthorized", "detail": "Incorrect validation certificate for tls-sni-01 challenge. Requested 95fa5578ac77d4bf7314013ddd72d4a5.8f1539a260cfca35f0c418f7fa7d896a.acme.invalid from [[MyIpv6]]:443. Received 1 certificate(s), first certificate had names \"*.yyyy.com, yyyy.com\"", "status": 403 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/g5evJt4P1YOa683uUwe8Ju1frAC0YlaOch9cPxll31c/1589765766", "token": "_aaI5J-RjmcrbUbXLxVhTYV46cMfev0iPCPt9i-x_IM", "keyAuthorization": "_aaI5J-RjmcrbUbXLxVhTYV46cMfev0iPCPt9i-x_IM.a9sTa2MixlC15BEZS78u1iceC3_BICHsueTW4n3BD5w", "validationRecord": [ { "hostname": "www.xxxx.com", "port": "443", "addressesResolved": [ "[MyIpv4]", "[MyIpv6]" ], "addressUsed": "[MyIpv6]", "addressesTried": [] } ] } ], "combinations": [ [ 2 ], [ 1 ], [ 0 ] ] } 2017-07-21 19:03:48,728:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server: Domain: xxxx.com Type: unauthorized Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested e85d94f24809cbd6945511bfcd088a60.8c4eac433a8f4349e182e15e83b7e999.acme.invalid from [[MyIpv6]]:443. Received 1 certificate(s), first certificate had names "*.yyyy.com, yyyy.com" Domain: www.xxxx.com Type: unauthorized Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested 95fa5578ac77d4bf7314013ddd72d4a5.8f1539a260cfca35f0c418f7fa7d896a.acme.invalid from [[MyIpv6]]:443. Received 1 certificate(s), first certificate had names "*.yyyy.com, yyyy.com" To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. 2017-07-21 19:03:48,728:INFO:certbot.auth_handler:Cleaning up challenges 2017-07-21 19:03:48,960:DEBUG:certbot.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 11, in load_entry_point('certbot==0.14.2', 'console_scripts', 'certbot')() File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 742, in main return config.func(config, plugins) File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 682, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 82, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 344, in obtain_and_enroll_certificate certr, chain, key, _ = self.obtain_certificate(domains) File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 313, in obtain_certificate self.config.allow_subset_of_names) File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 81, in get_authorizations self._respond(resp, best_effort) File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 138, in _respond self._poll_challenges(chall_update, best_effort) File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 202, in _poll_challenges raise errors.FailedChallenges(all_failed_achalls) FailedChallenges: Failed authorization procedure. xxxx.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested e85d94f24809cbd6945511bfcd088a60.8c4eac433a8f4349e182e15e83b7e999.acme.invalid from [[MyIpv6]]:443. Received 1 certificate(s), first certificate had names "*.yyyy.com, yyyy.com", www.xxxx.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 95fa5578ac77d4bf7314013ddd72d4a5.8f1539a260cfca35f0c418f7fa7d896a.acme.invalid from [[MyIpv6]]:443. Received 1 certificate(s), first certificate had names "*.yyyy.com, yyyy.com"