2017-08-13 05:43:59,471:DEBUG:certbot.main:certbot version: 0.17.0 2017-08-13 05:43:59,471:DEBUG:certbot.main:Arguments: ['--apache'] 2017-08-13 05:43:59,471:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2017-08-13 05:43:59,506:DEBUG:certbot.log:Root logging level set at 20 2017-08-13 05:43:59,506:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2017-08-13 05:43:59,507:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache 2017-08-13 05:43:59,970:DEBUG:certbot_apache.configurator:Apache version is 2.4.6 2017-08-13 05:44:09,747:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache Description: Apache Web Server plugin - Beta Interfaces: IAuthenticator, IInstaller, IPlugin Entry point: apache = certbot_apache.configurator:ApacheConfigurator Initialized: Prep: True 2017-08-13 05:44:09,748:DEBUG:certbot.plugins.selection:Selected authenticator and installer 2017-08-13 05:44:09,755:DEBUG:certbot.main:Picked account: )>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/19769927', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'), ecf03156fa1a6a7fd43fbf2ee764b0cf, Meta(creation_host=u'mail-aachen.de', creation_dt=datetime.datetime(2017, 8, 10, 4, 27, 54, tzinfo=)))> 2017-08-13 05:44:09,756:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. 2017-08-13 05:44:09,764:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org 2017-08-13 05:44:10,026:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 460 2017-08-13 05:44:10,027:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Content-Type: application/json Content-Length: 460 Boulder-Request-Id: IwtlUQdOxnXCP18PrZClXdQKm9eFt0LB1ilUmXWTi00 Replay-Nonce: Q1jN730_lNqF7zM6b55csmIDgbT2_vg34RpD5w3NBNI X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sun, 13 Aug 2017 05:44:10 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 13 Aug 2017 05:44:10 GMT Connection: keep-alive { "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change", "meta": { "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf" }, "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz", "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert", "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg", "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert" } 2017-08-13 05:44:10,036:DEBUG:certbot.util:Not suggesting name "lists.*" 2017-08-13 05:44:10,036:DEBUG:certbot.util:lists.* contains an invalid character. Valid characters are A-Z, a-z, 0-9, ., and -. 2017-08-13 05:44:10,036:DEBUG:certbot.util:Not suggesting name "lists" 2017-08-13 05:44:10,036:DEBUG:certbot.util:lists needs at least two labels 2017-08-13 05:44:10,036:DEBUG:certbot.util:Not suggesting name "horde.webmail.*" 2017-08-13 05:44:10,036:DEBUG:certbot.util:horde.webmail.* contains an invalid character. Valid characters are A-Z, a-z, 0-9, ., and -. 2017-08-13 05:44:10,037:DEBUG:certbot.util:Not suggesting name "default" 2017-08-13 05:44:10,037:DEBUG:certbot.util:default needs at least two labels 2017-08-13 05:44:10,037:DEBUG:certbot.util:Not suggesting name "default-2001_8d8_848_5800__35_c5a2" 2017-08-13 05:44:10,037:DEBUG:certbot.util:default-2001_8d8_848_5800__35_c5a2 contains an invalid character. Valid characters are A-Z, a-z, 0-9, ., and -. 2017-08-13 05:44:10,038:DEBUG:certbot.util:Not suggesting name "default-82_165_142_137" 2017-08-13 05:44:10,038:DEBUG:certbot.util:default-82_165_142_137 contains an invalid character. Valid characters are A-Z, a-z, 0-9, ., and -. 2017-08-13 05:44:21,508:INFO:certbot.main:Obtaining a new certificate 2017-08-13 05:44:21,509:DEBUG:acme.client:Requesting fresh nonce 2017-08-13 05:44:21,509:DEBUG:acme.client:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. 2017-08-13 05:44:21,708:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "HEAD /acme/new-authz HTTP/1.1" 405 0 2017-08-13 05:44:21,709:DEBUG:acme.client:Received response: HTTP 405 Server: nginx Content-Type: application/problem+json Content-Length: 91 Allow: POST Boulder-Request-Id: UjbRSrC5ZLC1_iTZR2lptmQZjceMyCKnANpHJYqqGLQ Replay-Nonce: kTTZBX1u9UeHLcaAdQRVzNeh7L0e1AYfvDQ3UXwIzuM Expires: Sun, 13 Aug 2017 05:44:21 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 13 Aug 2017 05:44:21 GMT Connection: keep-alive 2017-08-13 05:44:21,710:DEBUG:acme.client:Storing nonce: kTTZBX1u9UeHLcaAdQRVzNeh7L0e1AYfvDQ3UXwIzuM 2017-08-13 05:44:21,710:DEBUG:acme.client:JWS payload: { "identifier": { "type": "dns", "value": "www.mail-aachen.de" }, "resource": "new-authz" } 2017-08-13 05:44:21,715:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz: { "protected": "eyJub25jZSI6ICJrVFRaQlgxdTlVZUhMY2FBZFFSVnpOZWg3TDBlMUFZZnZEUTNVWHdJenVNIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAid3F6SlFBZ0ZocFFGQWU2STE3OXdYRThXQU80bFA0RzZ2SktGck9JeDhhVTBUU01LdDcxb3JIQm9Sejg2NklCR0xmSHFzOVh1ZFc4eDRtcU5FMlg0Z1Mwc3U2WUMzcUxhd2lUUUw3cVo2TXJkN2VqcjlEQjVLZzExbjBKU25zNk9UQldKRHpWSzNOaGFISjdSY1FqWndvWGdqRnEyMHVVdnJNdW84Q1lwY1NQSG15M1laRWtQcHdCNzdNa05tX0Zqdzh3R0VlSVRLeFh5SjFPNThBbmhacUhEYklXUms2M0pSRVJlbEdmNWN0d1JDTVVIZGwzQnk3dGVHeW54MHFOeHFYLUtvSGFLQ3kwZXc2REVpWkpfZFQ4WVBLTkZ4V0NBbV9EWXgxbWttUC1ENERLdW9XVTlhaF9XcWVDQU5fd3daTHI4SzExNnpqMGppLThFMzlfTE93In19", "payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAid3d3Lm1haWwtYWFjaGVuLmRlIgogIH0sIAogICJyZXNvdXJjZSI6ICJuZXctYXV0aHoiCn0", "signature": "ClwV5EYwNTs43RBkiDVgi8WRiJpw7G7fOOm0GsPtXS235_PEjnY7miTRbQBK5tGEaeJxHPLAQdcu0_3-PccQHun6IfDDJJdqhWqQOnMj7jSjNqIBasHhL3WE6YcO0D8LY_a_MCDhFtVX7Rd_VSCfP3UFE1GjJ1aBXjLbt2qJFQTIsCZR456Ht0DCnqnSJ1en1Tg2WBl18iplle6m4YrSSuDq5EsmqNercdGbL6u11PlxsYBRDsaJUg8liBWJNBLky8I_Of3bCSOOeGapjTmWTJwlPsjVY0oHnt_h6CfoFPnuzsQ4tgqNnIJmV0X449fLli8qQu_PcQk6ay6mzFcQlw" } 2017-08-13 05:44:22,242:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 1006 2017-08-13 05:44:22,244:DEBUG:acme.client:Received response: HTTP 201 Server: nginx Content-Type: application/json Content-Length: 1006 Boulder-Request-Id: xTu-e0EibUuVqNESsNeiacFcCRlJLFcyDC2WltpWXc0 Boulder-Requester: 19769927 Link: ;rel="next" Location: https://acme-v01.api.letsencrypt.org/acme/authz/hmuZwJ5tAF_Z-G40Obx-kc0tahH4tioTgN35sARG46Y Replay-Nonce: sKXp-L_8SvTInn-Psda1ZUSh5wVRfTgft46ijD1cbxw X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sun, 13 Aug 2017 05:44:22 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 13 Aug 2017 05:44:22 GMT Connection: keep-alive { "identifier": { "type": "dns", "value": "www.mail-aachen.de" }, "status": "pending", "expires": "2017-08-20T05:44:21.968917191Z", "challenges": [ { "type": "http-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/hmuZwJ5tAF_Z-G40Obx-kc0tahH4tioTgN35sARG46Y/1740245345", "token": "tTvnYe_TAO-Rq5VqxJL9RuU0vfXHIhMaF-NZuVW4WOU" }, { "type": "dns-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/hmuZwJ5tAF_Z-G40Obx-kc0tahH4tioTgN35sARG46Y/1740245346", "token": "ftmhbbral_uKjLLynQqMxE2wCAhirieN17Q2RpaWLRs" }, { "type": "tls-sni-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/hmuZwJ5tAF_Z-G40Obx-kc0tahH4tioTgN35sARG46Y/1740245347", "token": "f08SGQjdjaTzK0tJZR48HTT6SnerSCHAtJwVACLDrys" } ], "combinations": [ [ 0 ], [ 1 ], [ 2 ] ] } 2017-08-13 05:44:22,244:DEBUG:acme.client:Storing nonce: sKXp-L_8SvTInn-Psda1ZUSh5wVRfTgft46ijD1cbxw 2017-08-13 05:44:22,245:DEBUG:acme.client:JWS payload: { "identifier": { "type": "dns", "value": "mail-aachen.de" }, "resource": "new-authz" } 2017-08-13 05:44:22,250:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz: { "protected": "eyJub25jZSI6ICJzS1hwLUxfOFN2VElubi1Qc2RhMVpVU2g1d1ZSZlRnZnQ0NmlqRDFjYnh3IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAid3F6SlFBZ0ZocFFGQWU2STE3OXdYRThXQU80bFA0RzZ2SktGck9JeDhhVTBUU01LdDcxb3JIQm9Sejg2NklCR0xmSHFzOVh1ZFc4eDRtcU5FMlg0Z1Mwc3U2WUMzcUxhd2lUUUw3cVo2TXJkN2VqcjlEQjVLZzExbjBKU25zNk9UQldKRHpWSzNOaGFISjdSY1FqWndvWGdqRnEyMHVVdnJNdW84Q1lwY1NQSG15M1laRWtQcHdCNzdNa05tX0Zqdzh3R0VlSVRLeFh5SjFPNThBbmhacUhEYklXUms2M0pSRVJlbEdmNWN0d1JDTVVIZGwzQnk3dGVHeW54MHFOeHFYLUtvSGFLQ3kwZXc2REVpWkpfZFQ4WVBLTkZ4V0NBbV9EWXgxbWttUC1ENERLdW9XVTlhaF9XcWVDQU5fd3daTHI4SzExNnpqMGppLThFMzlfTE93In19", "payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAibWFpbC1hYWNoZW4uZGUiCiAgfSwgCiAgInJlc291cmNlIjogIm5ldy1hdXRoeiIKfQ", "signature": "WUEE0yL9hRTUBKAWrRAC-gxm8CvaHgdiXvfUbnUuoUIszbnlxn628DP6gRgT85VOSNQfSFj8zMYp7NiHxPgeS5kUSqfDm3suUfc9mhKely0cp1R_Xba0qq0N8vmiVTW0oX9Px3OVNJJmqy9BNOlmhcZyHUQzZSd1L6_dKWwQhaou9wOIfsowIpADgLUu0NXnXRAKbuLXkoqincca98UoJzIpFarw_HBC1XQrI9q9KgS_5h5iYo0Icg0ATgrD-8mq_-ut4YVyWm3RCLXnTdq8TLIPOSU9IZ2V1fQYcoF3js8Zz09Z2du1qheSt0aznp8fM6vdc-IwmwDWjezCi87Krw" } 2017-08-13 05:44:22,778:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 1002 2017-08-13 05:44:22,779:DEBUG:acme.client:Received response: HTTP 201 Server: nginx Content-Type: application/json Content-Length: 1002 Boulder-Request-Id: t8GbS80G2_GcqZyT1c437EHZTtp0yypQJmlY_Pi9AAs Boulder-Requester: 19769927 Link: ;rel="next" Location: https://acme-v01.api.letsencrypt.org/acme/authz/XGPjCNoUjYCNeDsKSLsi82RppeO7ZmncyDOP_tQt-aE Replay-Nonce: z3N6sBMlXQzBsB0RsnduryFJDMT8DvRUiJYRR_yB2fE X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sun, 13 Aug 2017 05:44:22 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 13 Aug 2017 05:44:22 GMT Connection: keep-alive { "identifier": { "type": "dns", "value": "mail-aachen.de" }, "status": "pending", "expires": "2017-08-20T05:44:22.504327648Z", "challenges": [ { "type": "http-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/XGPjCNoUjYCNeDsKSLsi82RppeO7ZmncyDOP_tQt-aE/1740245369", "token": "p-0BAzlv_eFBUhwLn5prfzVM3MoAbZvmJJtostEcoxs" }, { "type": "dns-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/XGPjCNoUjYCNeDsKSLsi82RppeO7ZmncyDOP_tQt-aE/1740245370", "token": "fKKZU9cq7pDPPPlxVQd8d5nSu4sCtPEH55sJyjflYk8" }, { "type": "tls-sni-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/XGPjCNoUjYCNeDsKSLsi82RppeO7ZmncyDOP_tQt-aE/1740245371", "token": "T1TuWwoDROBKy9iya_lrhwGyfDeS8BOksp6XmPN0yzY" } ], "combinations": [ [ 1 ], [ 0 ], [ 2 ] ] } 2017-08-13 05:44:22,780:DEBUG:acme.client:Storing nonce: z3N6sBMlXQzBsB0RsnduryFJDMT8DvRUiJYRR_yB2fE 2017-08-13 05:44:22,781:INFO:certbot.auth_handler:Performing the following challenges: 2017-08-13 05:44:22,781:INFO:certbot.auth_handler:tls-sni-01 challenge for www.mail-aachen.de 2017-08-13 05:44:22,781:INFO:certbot.auth_handler:tls-sni-01 challenge for mail-aachen.de 2017-08-13 05:44:25,556:DEBUG:certbot_apache.tls_sni_01:Adding Include /etc/httpd/conf.d/le_tls_sni_01_cert_challenge.conf to /files/etc/httpd/conf/httpd.conf 2017-08-13 05:44:25,557:DEBUG:certbot_apache.tls_sni_01:writing a config file with text: ServerName 6a62f9bb10642c6a7eb3dfb91f6c7b49.7deb03c50478e369ea3bc679b6eecf46.acme.invalid UseCanonicalName on SSLStrictSNIVHostCheck on LimitRequestBody 1048576 Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /var/lib/letsencrypt/f08SGQjdjaTzK0tJZR48HTT6SnerSCHAtJwVACLDrys.crt SSLCertificateKeyFile /var/lib/letsencrypt/f08SGQjdjaTzK0tJZR48HTT6SnerSCHAtJwVACLDrys.pem DocumentRoot /var/lib/letsencrypt/tls_sni_01_page/ ServerName 1a8d5f8ddb4d096082ddf8b42db682f0.782e0fe06c5ee04557b43516f0ac0b8d.acme.invalid UseCanonicalName on SSLStrictSNIVHostCheck on LimitRequestBody 1048576 Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /var/lib/letsencrypt/T1TuWwoDROBKy9iya_lrhwGyfDeS8BOksp6XmPN0yzY.crt SSLCertificateKeyFile /var/lib/letsencrypt/T1TuWwoDROBKy9iya_lrhwGyfDeS8BOksp6XmPN0yzY.pem DocumentRoot /var/lib/letsencrypt/tls_sni_01_page/ 2017-08-13 05:44:25,635:DEBUG:certbot.reverter:Creating backup of /etc/httpd/conf/httpd.conf 2017-08-13 05:44:29,706:INFO:certbot.auth_handler:Waiting for verification... 2017-08-13 05:44:29,707:DEBUG:acme.client:JWS payload: { "keyAuthorization": "f08SGQjdjaTzK0tJZR48HTT6SnerSCHAtJwVACLDrys.KpcUOzW5PaS5m5A8Itw4yuyu3ut1TRxn8D8XqEOBSvw", "type": "tls-sni-01", "resource": "challenge" } 2017-08-13 05:44:29,712:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/hmuZwJ5tAF_Z-G40Obx-kc0tahH4tioTgN35sARG46Y/1740245347: { "protected": "eyJub25jZSI6ICJ6M042c0JNbFhRekJzQjBSc25kdXJ5RkpETVQ4RHZSVWlKWVJSX3lCMmZFIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAid3F6SlFBZ0ZocFFGQWU2STE3OXdYRThXQU80bFA0RzZ2SktGck9JeDhhVTBUU01LdDcxb3JIQm9Sejg2NklCR0xmSHFzOVh1ZFc4eDRtcU5FMlg0Z1Mwc3U2WUMzcUxhd2lUUUw3cVo2TXJkN2VqcjlEQjVLZzExbjBKU25zNk9UQldKRHpWSzNOaGFISjdSY1FqWndvWGdqRnEyMHVVdnJNdW84Q1lwY1NQSG15M1laRWtQcHdCNzdNa05tX0Zqdzh3R0VlSVRLeFh5SjFPNThBbmhacUhEYklXUms2M0pSRVJlbEdmNWN0d1JDTVVIZGwzQnk3dGVHeW54MHFOeHFYLUtvSGFLQ3kwZXc2REVpWkpfZFQ4WVBLTkZ4V0NBbV9EWXgxbWttUC1ENERLdW9XVTlhaF9XcWVDQU5fd3daTHI4SzExNnpqMGppLThFMzlfTE93In19", "payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogImYwOFNHUWpkamFUekswdEpaUjQ4SFRUNlNuZXJTQ0hBdEp3VkFDTERyeXMuS3BjVU96VzVQYVM1bTVBOEl0dzR5dXl1M3V0MVRSeG44RDhYcUVPQlN2dyIsIAogICJ0eXBlIjogInRscy1zbmktMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9", "signature": "NwukTqEhXMU-J6kIzbFUDnpe7klEd8z2uxLM3xcTykI-rOX5Z8zSM9AHM_ekT5BV4Q7J1wcxmv6zHkhFvwOVT3Klg-nkH50cC7yFHKfN52rTlU0pDvDP9f38MqmqwFaeCWvV0O9H7oCDDDKkx8TR7YnMf2HY5KQtPZk-3YAIt5f2RxDJlPG6C5T1jMYw6dMuveTdl9zdMLyJNKr_lVW8pW28Hf-trOApZjlk-HkB0MZeCJf5-GFwvEw0VsK7hE34QVUctmnszVHiJZOeW_yw2FXd0I96BhoBQyoHJLCx_E8X-0NQ5c3gcR_VooFajwQnB2EOY5RVHQGoUkCcu2waTA" } 2017-08-13 05:44:30,252:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/challenge/hmuZwJ5tAF_Z-G40Obx-kc0tahH4tioTgN35sARG46Y/1740245347 HTTP/1.1" 202 339 2017-08-13 05:44:30,253:DEBUG:acme.client:Received response: HTTP 202 Server: nginx Content-Type: application/json Content-Length: 339 Boulder-Request-Id: RzBonoENyohZI3S_iQxvrPxvyv-0f0OcSoDJPe68f2E Boulder-Requester: 19769927 Link: ;rel="up" Location: https://acme-v01.api.letsencrypt.org/acme/challenge/hmuZwJ5tAF_Z-G40Obx-kc0tahH4tioTgN35sARG46Y/1740245347 Replay-Nonce: MUrH1MmtkESyn6SmL9l3oAANbpDbCUsHjcB0RuBxYn4 Expires: Sun, 13 Aug 2017 05:44:30 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 13 Aug 2017 05:44:30 GMT Connection: keep-alive { "type": "tls-sni-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/hmuZwJ5tAF_Z-G40Obx-kc0tahH4tioTgN35sARG46Y/1740245347", "token": "f08SGQjdjaTzK0tJZR48HTT6SnerSCHAtJwVACLDrys", "keyAuthorization": "f08SGQjdjaTzK0tJZR48HTT6SnerSCHAtJwVACLDrys.KpcUOzW5PaS5m5A8Itw4yuyu3ut1TRxn8D8XqEOBSvw" } 2017-08-13 05:44:30,253:DEBUG:acme.client:Storing nonce: MUrH1MmtkESyn6SmL9l3oAANbpDbCUsHjcB0RuBxYn4 2017-08-13 05:44:30,254:DEBUG:acme.client:JWS payload: { "keyAuthorization": "T1TuWwoDROBKy9iya_lrhwGyfDeS8BOksp6XmPN0yzY.KpcUOzW5PaS5m5A8Itw4yuyu3ut1TRxn8D8XqEOBSvw", "type": "tls-sni-01", "resource": "challenge" } 2017-08-13 05:44:30,259:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/XGPjCNoUjYCNeDsKSLsi82RppeO7ZmncyDOP_tQt-aE/1740245371: { "protected": "eyJub25jZSI6ICJNVXJIMU1tdGtFU3luNlNtTDlsM29BQU5icERiQ1VzSGpjQjBSdUJ4WW40IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAid3F6SlFBZ0ZocFFGQWU2STE3OXdYRThXQU80bFA0RzZ2SktGck9JeDhhVTBUU01LdDcxb3JIQm9Sejg2NklCR0xmSHFzOVh1ZFc4eDRtcU5FMlg0Z1Mwc3U2WUMzcUxhd2lUUUw3cVo2TXJkN2VqcjlEQjVLZzExbjBKU25zNk9UQldKRHpWSzNOaGFISjdSY1FqWndvWGdqRnEyMHVVdnJNdW84Q1lwY1NQSG15M1laRWtQcHdCNzdNa05tX0Zqdzh3R0VlSVRLeFh5SjFPNThBbmhacUhEYklXUms2M0pSRVJlbEdmNWN0d1JDTVVIZGwzQnk3dGVHeW54MHFOeHFYLUtvSGFLQ3kwZXc2REVpWkpfZFQ4WVBLTkZ4V0NBbV9EWXgxbWttUC1ENERLdW9XVTlhaF9XcWVDQU5fd3daTHI4SzExNnpqMGppLThFMzlfTE93In19", "payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIlQxVHVXd29EUk9CS3k5aXlhX2xyaHdHeWZEZVM4Qk9rc3A2WG1QTjB5elkuS3BjVU96VzVQYVM1bTVBOEl0dzR5dXl1M3V0MVRSeG44RDhYcUVPQlN2dyIsIAogICJ0eXBlIjogInRscy1zbmktMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9", "signature": "cz7digKNdscZHO-vJNv3lm_Rm_3GSoq017y7dnx9X6KDXZ-Pcl_SnFvxjYK4tsdbi286PIEkz16BhyRBmjWUfkhWEPymvnTxwqozunvp1NtB-58rScRpU_NYZ6v_bPrtT8JC0OE5t9N1rWdFUnQmL4i_ilN_ycCHcMODKl9sGljlWnULS6EUVNZbV3RKqPa80E6yleTDF1bry9BCESP5AqWRzyeue8WooU_qeIPg-OOn41uLeCnEXtdmz0XHbzIEGoHMNGDenfR0yK0HBRArUMedS4bwpVuJUge0AArynZoS4IdY71QoTNELBtcC6WqX6y7ztwhqLLFofJP9fI3Piw" } 2017-08-13 05:44:30,860:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/challenge/XGPjCNoUjYCNeDsKSLsi82RppeO7ZmncyDOP_tQt-aE/1740245371 HTTP/1.1" 202 339 2017-08-13 05:44:30,861:DEBUG:acme.client:Received response: HTTP 202 Server: nginx Content-Type: application/json Content-Length: 339 Boulder-Request-Id: oT1P8ncCYtUrucU-Cno3RHQK1HoaJQKekhgKNHGBo5M Boulder-Requester: 19769927 Link: ;rel="up" Location: https://acme-v01.api.letsencrypt.org/acme/challenge/XGPjCNoUjYCNeDsKSLsi82RppeO7ZmncyDOP_tQt-aE/1740245371 Replay-Nonce: M5xJrqPD1Y19dOG3ykn5ozL7YL1hjBiENKG-9bvpSVA Expires: Sun, 13 Aug 2017 05:44:30 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 13 Aug 2017 05:44:30 GMT Connection: keep-alive { "type": "tls-sni-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/XGPjCNoUjYCNeDsKSLsi82RppeO7ZmncyDOP_tQt-aE/1740245371", "token": "T1TuWwoDROBKy9iya_lrhwGyfDeS8BOksp6XmPN0yzY", "keyAuthorization": "T1TuWwoDROBKy9iya_lrhwGyfDeS8BOksp6XmPN0yzY.KpcUOzW5PaS5m5A8Itw4yuyu3ut1TRxn8D8XqEOBSvw" } 2017-08-13 05:44:30,861:DEBUG:acme.client:Storing nonce: M5xJrqPD1Y19dOG3ykn5ozL7YL1hjBiENKG-9bvpSVA 2017-08-13 05:44:33,865:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/XGPjCNoUjYCNeDsKSLsi82RppeO7ZmncyDOP_tQt-aE. 2017-08-13 05:44:34,217:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /acme/authz/XGPjCNoUjYCNeDsKSLsi82RppeO7ZmncyDOP_tQt-aE HTTP/1.1" 200 1831 2017-08-13 05:44:34,218:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Content-Type: application/json Content-Length: 1831 Boulder-Request-Id: OebaUIDgpUhXtcLFGfusWBrwvLUO51x16LRm1o6Wguc Link: ;rel="next" Replay-Nonce: GxWAdbx4DZNYcHJikWFk943FGcuBiz_6M6SOqTfMpFo X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sun, 13 Aug 2017 05:44:34 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 13 Aug 2017 05:44:34 GMT Connection: keep-alive { "identifier": { "type": "dns", "value": "mail-aachen.de" }, "status": "invalid", "expires": "2017-08-20T05:44:22Z", "challenges": [ { "type": "http-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/XGPjCNoUjYCNeDsKSLsi82RppeO7ZmncyDOP_tQt-aE/1740245369", "token": "p-0BAzlv_eFBUhwLn5prfzVM3MoAbZvmJJtostEcoxs" }, { "type": "dns-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/XGPjCNoUjYCNeDsKSLsi82RppeO7ZmncyDOP_tQt-aE/1740245370", "token": "fKKZU9cq7pDPPPlxVQd8d5nSu4sCtPEH55sJyjflYk8" }, { "type": "tls-sni-01", "status": "invalid", "error": { "type": "urn:acme:error:unauthorized", "detail": "Incorrect validation certificate for tls-sni-01 challenge. Requested 1a8d5f8ddb4d096082ddf8b42db682f0.782e0fe06c5ee04557b43516f0ac0b8d.acme.invalid from [2001:8d8:848:5800::35:c5a2]:443. Received 1 certificate(s), first certificate had names \"mail-aachen.de, www.mail-aachen.de\"", "status": 403 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/XGPjCNoUjYCNeDsKSLsi82RppeO7ZmncyDOP_tQt-aE/1740245371", "token": "T1TuWwoDROBKy9iya_lrhwGyfDeS8BOksp6XmPN0yzY", "keyAuthorization": "T1TuWwoDROBKy9iya_lrhwGyfDeS8BOksp6XmPN0yzY.KpcUOzW5PaS5m5A8Itw4yuyu3ut1TRxn8D8XqEOBSvw", "validationRecord": [ { "hostname": "mail-aachen.de", "port": "443", "addressesResolved": [ "82.165.142.137", "2001:8d8:848:5800::35:c5a2" ], "addressUsed": "2001:8d8:848:5800::35:c5a2", "addressesTried": [] } ] } ], "combinations": [ [ 1 ], [ 0 ], [ 2 ] ] } 2017-08-13 05:44:34,222:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/hmuZwJ5tAF_Z-G40Obx-kc0tahH4tioTgN35sARG46Y. 2017-08-13 05:44:34,576:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /acme/authz/hmuZwJ5tAF_Z-G40Obx-kc0tahH4tioTgN35sARG46Y HTTP/1.1" 200 1839 2017-08-13 05:44:34,577:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Content-Type: application/json Content-Length: 1839 Boulder-Request-Id: ScJG2KN53CT7feVgeBwTnpFYcQ0mbYW8ScVUFNSmuNs Link: ;rel="next" Replay-Nonce: hiEAZeFdD9HxsX-ifjp90oLRIccVgftulTsybrhZL-w X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sun, 13 Aug 2017 05:44:34 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 13 Aug 2017 05:44:34 GMT Connection: keep-alive { "identifier": { "type": "dns", "value": "www.mail-aachen.de" }, "status": "invalid", "expires": "2017-08-20T05:44:21Z", "challenges": [ { "type": "http-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/hmuZwJ5tAF_Z-G40Obx-kc0tahH4tioTgN35sARG46Y/1740245345", "token": "tTvnYe_TAO-Rq5VqxJL9RuU0vfXHIhMaF-NZuVW4WOU" }, { "type": "dns-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/hmuZwJ5tAF_Z-G40Obx-kc0tahH4tioTgN35sARG46Y/1740245346", "token": "ftmhbbral_uKjLLynQqMxE2wCAhirieN17Q2RpaWLRs" }, { "type": "tls-sni-01", "status": "invalid", "error": { "type": "urn:acme:error:unauthorized", "detail": "Incorrect validation certificate for tls-sni-01 challenge. Requested 6a62f9bb10642c6a7eb3dfb91f6c7b49.7deb03c50478e369ea3bc679b6eecf46.acme.invalid from [2001:8d8:848:5800::35:c5a2]:443. Received 1 certificate(s), first certificate had names \"mail-aachen.de, www.mail-aachen.de\"", "status": 403 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/hmuZwJ5tAF_Z-G40Obx-kc0tahH4tioTgN35sARG46Y/1740245347", "token": "f08SGQjdjaTzK0tJZR48HTT6SnerSCHAtJwVACLDrys", "keyAuthorization": "f08SGQjdjaTzK0tJZR48HTT6SnerSCHAtJwVACLDrys.KpcUOzW5PaS5m5A8Itw4yuyu3ut1TRxn8D8XqEOBSvw", "validationRecord": [ { "hostname": "www.mail-aachen.de", "port": "443", "addressesResolved": [ "82.165.142.137", "2001:8d8:848:5800::35:c5a2" ], "addressUsed": "2001:8d8:848:5800::35:c5a2", "addressesTried": [] } ] } ], "combinations": [ [ 0 ], [ 1 ], [ 2 ] ] } 2017-08-13 05:44:34,579:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server: Domain: mail-aachen.de Type: unauthorized Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested 1a8d5f8ddb4d096082ddf8b42db682f0.782e0fe06c5ee04557b43516f0ac0b8d.acme.invalid from [2001:8d8:848:5800::35:c5a2]:443. Received 1 certificate(s), first certificate had names "mail-aachen.de, www.mail-aachen.de" Domain: www.mail-aachen.de Type: unauthorized Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested 6a62f9bb10642c6a7eb3dfb91f6c7b49.7deb03c50478e369ea3bc679b6eecf46.acme.invalid from [2001:8d8:848:5800::35:c5a2]:443. Received 1 certificate(s), first certificate had names "mail-aachen.de, www.mail-aachen.de" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. 2017-08-13 05:44:34,579:INFO:certbot.auth_handler:Cleaning up challenges 2017-08-13 05:44:36,456:DEBUG:certbot.log:Exiting abnormally: Traceback (most recent call last): File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in sys.exit(main()) File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 753, in main return config.func(config, plugins) File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 606, in run certname, lineage) File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 82, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/client.py", line 357, in obtain_and_enroll_certificate certr, chain, key, _ = self.obtain_certificate(domains) File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/client.py", line 318, in obtain_certificate self.config.allow_subset_of_names) File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/auth_handler.py", line 81, in get_authorizations self._respond(resp, best_effort) File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/auth_handler.py", line 138, in _respond self._poll_challenges(chall_update, best_effort) File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/auth_handler.py", line 202, in _poll_challenges raise errors.FailedChallenges(all_failed_achalls) FailedChallenges: Failed authorization procedure. mail-aachen.de (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 1a8d5f8ddb4d096082ddf8b42db682f0.782e0fe06c5ee04557b43516f0ac0b8d.acme.invalid from [2001:8d8:848:5800::35:c5a2]:443. Received 1 certificate(s), first certificate had names "mail-aachen.de, www.mail-aachen.de", www.mail-aachen.de (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 6a62f9bb10642c6a7eb3dfb91f6c7b49.7deb03c50478e369ea3bc679b6eecf46.acme.invalid from [2001:8d8:848:5800::35:c5a2]:443. Received 1 certificate(s), first certificate had names "mail-aachen.de, www.mail-aachen.de"