rinatrix.com
I ran this command:
I'm following a tutorial to create a dockerized django-react-postgres-nginx program and putting it on an AWS EC2 instance (
Docker-Compose for Django and React with Nginx reverse-proxy and Let’s encrypt certificate | React and Django Tutorial
). The instance works and the app works. I am trying to get a certificate with
sudo ./init-letsencrypt.sh
Before all the outputs... I tried a bunch of other people suggestions from this website, including enabeling IPv6 on AWS (didn't help).
It produced this output:
##
#Downloading
recommended TLS parameters ...
##
#Creating
dummy certificate for
rinatrix.com
...
/snap/docker/2343/lib/python3.6/site-packages/paramiko/transport.py:33: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography and will be removed in a future release.
from cryptography.hazmat.backends import default_backend
Creating app_certbot_run ... done
Generating a RSA private key
.........................+++++
...+++++
writing new private key to '/etc/letsencrypt/live/rinatrix.com/privkey.pem'
##
#Starting
nginx ...
/snap/docker/2343/lib/python3.6/site-packages/paramiko/transport.py:33: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography and will be removed in a future release.
from cryptography.hazmat.backends import default_backend
Recreating app_db_1 ... done
Recreating app_backend_1 ... done
Recreating app_nginx_1 ... done
##
#Deleting
dummy certificate for
rinatrix.com
...
/snap/docker/2343/lib/python3.6/site-packages/paramiko/transport.py:33: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography and will be removed in a future release.
from cryptography.hazmat.backends import default_backend
Creating app_certbot_run ... done
##
#Requesting
Let's Encrypt certificate for
rinatrix.com
...
/snap/docker/2343/lib/python3.6/site-packages/paramiko/transport.py:33: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography and will be removed in a future release.
from cryptography.hazmat.backends import default_backend
Creating app_certbot_run ... done
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
An unexpected error occurred:
requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='
acme-staging-v02.api.letsencrypt.org
', port=443): Max retries exceeded with url: /directory (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f3a35fcb910>, 'Connection to
acme-staging-v02.api.letsencrypt.org
timed out. (connect timeout=45)'))
Ask for help or search for solutions at
https://community.letsencrypt.org
. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
ERROR: 1
##
#Reloading
nginx ...
/snap/docker/2343/lib/python3.6/site-packages/paramiko/transport.py:33: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography and will be removed in a future release.
from cryptography.hazmat.backends import default_backend
2023/03/01 03:53:42 [emerg] 30#30: cannot load certificate "/etc/letsencrypt/live/rinatrix.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/rinatrix.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/rinatrix.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/rinatrix.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
/var/log/letsencrypt/letsencrypt.log
023-03-01 03:28:14,944:DEBUG:urllib3.connectionpool:
http://localhost
:None "GET /v2/connections?sna>
2023-03-01 03:28:15,194:DEBUG:certbot._internal.main:certbot version: 2.3.0
2023-03-01 03:28:15,194:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot>
2023-03-01 03:28:15,194:DEBUG:certbot._internal.main:Arguments: ['--preconfigured-renewal']
2023-03-01 03:28:15,194:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntr>
2023-03-01 03:28:15,209:DEBUG:certbot._internal.log:Root logging level set at 30
2023-03-01 03:28:15,211:DEBUG:certbot._internal.display.obj:Notifying user: No certificates found.
nginx settings (default.conf)
server {
listen 80;
server_name rinatrix.com;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
location / {
return 301 https://$host$request_uri;
server {
listen 443 ssl;
server_name rinatrix.com;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/rinatrix.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/rinatrix.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
client_max_body_size 20M;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
location /api {
try_files $uri @proxy_api;
location /djangoadmin {
try_files $uri @proxy_api;
location /rest-auth {
try_files $uri @proxy_api;
location /api-auth {
try_files $uri @proxy_api;
# location /admin {
# try_files $uri @proxy_api;
# }
location @proxy_api {
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://backend:8000;
location /django_static/ {
autoindex on;
alias /app/backend/nabuconnect/django_static/;
My web server is (include version):
The operating system my web server runs on is (include version):
Ubuntu 22.04.1 LTS (GNU/Linux 5.15.0-1028-aws x86_64)
My hosting provider, if applicable, is:
This might be what I put above. Apologies.
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.3.0
a call that someone else had asked someone for before
echo | openssl s_client -connect acme-v02.api.letsencrypt.org:443 -servername acme-v02.api.letsencrypt.org | head
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = acme-v02.api.letsencrypt.org
verify return:1
CONNECTED(00000003)
Certificate chain
0 s:CN = acme-v02.api.letsencrypt.org
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Dec 31 18:46:12 2022 GMT; NotAfter: Mar 31 18:46:11 2023 GMT
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
ANother one someone asked for
curl -I https://acme-staging-v02.api.letsencrypt.org/directory 1
HTTP/2 200
server: nginx
date: Wed, 01 Mar 2023 02:51:29 GMT
content-type: application/json
content-length: 830
cache-control: public, max-age=0, no-cache
replay-nonce: 8F05dUwO77RKfWonpF1v2XMGIUEXo-yk3aJgVhFc1GK7g24
x-frame-options: DENY
strict-transport-security: max-age=604800
curl -LIv4
curl -LIv4 https://acme-v02.api.letsencrypt.org/
Trying 172.65.32.248:443...
Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
TLSv1.0 (OUT), TLS header, Certificate Status (22):
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.2 (IN), TLS header, Certificate Status (22):
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS header, Finished (20):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Certificate (11):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, CERT verify (15):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Finished (20):
TLSv1.2 (OUT), TLS header, Finished (20):
TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.3 (OUT), TLS handshake, Finished (20):
SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
ALPN, server accepted to use h2
Server certificate:
subject: CN=acme-v02.api.letsencrypt.org
start date: Feb 28 22:32:51 2023 GMT
expire date: May 29 22:32:50 2023 GMT
subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
issuer: C=US; O=Let's Encrypt; CN=R3
SSL certificate verify ok.
Using HTTP2, server supports multiplexing
Connection state changed (HTTP/2 confirmed)
Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
Using Stream ID: 1 (easy handle 0x559d8434c550)
TLSv1.2 (OUT), TLS header, Supplemental data (23):
HEAD / HTTP/2
Host: acme-v02.api.letsencrypt.org
user-agent: curl/7.81.0
accept: /
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
old SSL session ID is stale, removing
TLSv1.2 (IN), TLS header, Supplemental data (23):
Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 200
HTTP/2 200
< server: nginx
server: nginx
< date: Wed, 01 Mar 2023 04:47:28 GMT
date: Wed, 01 Mar 2023 04:47:28 GMT
< content-type: text/html
content-type: text/html
< content-length: 1540
content-length: 1540
< last-modified: Thu, 23 Jun 2022 21:25:45 GMT
last-modified: Thu, 23 Jun 2022 21:25:45 GMT
< etag: "62b4da59-604"
etag: "62b4da59-604"
< x-frame-options: DENY
x-frame-options: DENY
< strict-transport-security: max-age=604800
strict-transport-security: max-age=604800
Connection #0 to host acme-v02.api.letsencrypt.org left intact
curl curl -LIv6
curl -LIv6 https://acme-v02.api.letsencrypt.org/
Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443...
connect to 2606:4700:60:0:f53d:5624:85c7:3a2c port 443 failed: Connection timed out
Failed to connect to acme-v02.api.letsencrypt.org port 443 after 130939 ms: Connection timed out
Closing connection 0
curl: (28) Failed to connect to acme-v02.api.letsencrypt.org port 443 after 130939 ms: Connection timed out
natrix:
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/rinatrix.com/fullchain.pem":
fopen:No such file
Why is that in your config?:
natrix:
ssl_certificate /etc/letsencrypt/live/rinatrix.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/rinatrix.com/privkey.pem;
Are you in the right container?
What shows?:
certbot certificates
I'm starting to doubt:
natrix:
The instance works and the app works.
You must have a working HTTP site before you can use HTTP-01 authentication to obtain a cert for it.
certbot certificats says there are no certificates.
I included those .pem because they were in the tutorial.
You're right about the working. I realized it was on my host that it worked without an issue but not AWS. I changed it to development, removed the certbot service, and now if I curlt localhost --> it gives the homepage httml although it doesn't work in a web browser. I installed nginx outside of the contianer and it put up the nginx welcome page for rinatrix.com so the DNS appears to be ok.
I guess I got to get this working. Any idea what might be causing this issue where it works locally on AWS but not thogh a browser?
natrix:
I installed nginx outside of the contianer and it put up the nginx welcome page for rinatrix.com so the DNS appears to be ok.
I guess I got to get this working. Any idea what might be causing this issue where it works locally on AWS but not thogh a browser?
I see none of it working:
curl -Ii http://rinatrix.com/
curl: (56) Recv failure: Connection reset by peer
curl -Ii http://www.rinatrix.com/
curl: (6) Could not resolve host: www.rinatrix.com
Presently I am seeing this:
$ nmap -Pn rinatrix.com
Starting Nmap 7.80 ( https://nmap.org ) at 2023-03-01 22:04 UTC
Nmap scan report for rinatrix.com (3.138.94.177)
Host is up (0.082s latency).
rDNS record for 3.138.94.177: ec2-3-138-94-177.us-east-2.compute.amazonaws.com
Not shown: 997 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp closed https
8000/tcp closed http-alt
Nmap done: 1 IP address (1 host up) scanned in 9.36 seconds
$ nmap -Pn www.rinatrix.com
Starting Nmap 7.80 ( https://nmap.org ) at 2023-03-01 22:04 UTC
Nmap scan report for www.rinatrix.com (3.138.94.177)
Host is up (0.054s latency).
rDNS record for 3.138.94.177: ec2-3-138-94-177.us-east-2.compute.amazonaws.com
Not shown: 997 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp closed https
8000/tcp closed http-alt
Nmap done: 1 IP address (1 host up) scanned in 8.00 seconds
$ curl -Ii http://rinatrix.com/.well-known/acme-challenge/sometestfile HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Mar 2023 22:08:23 GMT
Content-Type: text/html
Content-Length: 2289
Last-Modified: Wed, 01 Mar 2023 22:03:42 GMT
Connection: keep-alive
ETag: "63ffcbbe-8f1"
Accept-Ranges: bytes
$ curl -Ii http://www.rinatrix.com/.well-known/acme-challenge/sometestfile HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Mar 2023 22:08:28 GMT
Content-Type: text/html
Content-Length: 2289
Last-Modified: Wed, 01 Mar 2023 22:03:42 GMT
Connection: keep-alive
ETag: "63ffcbbe-8f1"
Accept-Ranges: bytes
Ok so now the HTTP works. The problem now is when I try to get my staging certificates, I get an error.
My new nginx default.conf is as follows (I commented out the .pem lines as seen in a different forum here).
server {
listen 80;
# listen [::]:80;
server_name rinatrix.com www.rinatrix.com;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
location / {
return 301 https://$host$request_uri;
server {
listen 443 ssl;
# listen [::]:443 ssl http2;
server_name rinatrix.com www.rinatrix.com;
server_tokens off;
# ssl_certificate /etc/letsencrypt/live/rinatrix.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/rinatrix.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
client_max_body_size 20M;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
location /api {
try_files $uri @proxy_api;
location /djangoadmin {
try_files $uri @proxy_api;
rewrite ^([^.]*[^/])$ $1/ permanent;
location /rest-auth {
try_files $uri @proxy_api;
location /api-auth {
try_files $uri @proxy_api;
# location /admin {
# try_files $uri @proxy_api;
# }
location @proxy_api {
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://backend:8000;
location /django_static/ {
autoindex on;
alias /app/backend/nabuconnect/django_static/;
When I run sudo ./init-letsencrypt.sh I get:
Existing data found for rinatrix.com. Continue and replace existing certificate? (y/N) y
### Creating dummy certificate for rinatrix.com ...
Creating app_certbot_run ... done
Generating a RSA private key
....+++++
.................................................................................+++++
writing new private key to '/etc/letsencrypt/live/rinatrix.com/privkey.pem'
-----
### Starting nginx ...
Recreating app_db_1 ... done
Recreating app_backend_1 ... done
Recreating app_nginx_1 ... done
### Deleting dummy certificate for rinatrix.com ...
Creating app_certbot_run ... done
### Requesting Let's Encrypt certificate for rinatrix.com ...
Creating app_certbot_run ... done
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for rinatrix.com and www.rinatrix.com
Performing the following challenges:
http-01 challenge for rinatrix.com
http-01 challenge for www.rinatrix.com
Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification...
Challenge failed for domain rinatrix.com
Challenge failed for domain www.rinatrix.com
http-01 challenge for rinatrix.com
http-01 challenge for www.rinatrix.com
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: rinatrix.com
Type: unauthorized
Detail: 3.138.94.177: Invalid response from http://rinatrix.com/.well-known/acme-challenge/6N1oPwiDwUaIYQkVNj9lT8OelXfeBv8VwJ-Nk6TzUFk: "<!doctype html><html lang=\"en\"><head><meta charset=\"utf-8\"/><link rel=\"icon\" href=\"/nabu_short.png\"/><meta name=\"viewport\" conte"
Domain: www.rinatrix.com
Type: unauthorized
Detail: 3.138.94.177: Invalid response from http://www.rinatrix.com/.well-known/acme-challenge/rxSPnWiZaMDPNbiv8Sr09mfitA8b7Qhip5fjEgqTmD8: "<!doctype html><html lang=\"en\"><head><meta charset=\"utf-8\"/><link rel=\"icon\" href=\"/nabu_short.png\"/><meta name=\"viewport\" conte"
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
ERROR: 1
### Reloading nginx ...
2023/03/02 22:31:01 [notice] 29#29: signal process started
The nginx log:
nginx_1 | 18.217.136.52 - - [02/Mar/2023:22:30:58 +0000] "GET /.well-known/acme-challenge/6N1oPwiDwUaIYQkVNj9lT8OelXfeBv8VwJ-Nk6TzUFk HTTP/1.1" 200 2289 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
nginx_1 | 18.217.136.52 - - [02/Mar/2023:22:30:58 +0000] "GET /.well-known/acme-challenge/rxSPnWiZaMDPNbiv8Sr09mfitA8b7Qhip5fjEgqTmD8 HTTP/1.1" 200 2289 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
nginx_1 | 34.221.246.20 - - [02/Mar/2023:22:30:58 +0000] "GET /.well-known/acme-challenge/6N1oPwiDwUaIYQkVNj9lT8OelXfeBv8VwJ-Nk6TzUFk HTTP/1.1" 200 2289 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
nginx_1 | 23.178.112.106 - - [02/Mar/2023:22:30:58 +0000] "GET /.well-known/acme-challenge/6N1oPwiDwUaIYQkVNj9lT8OelXfeBv8VwJ-Nk6TzUFk HTTP/1.1" 200 2289 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
nginx_1 | 23.178.112.107 - - [02/Mar/2023:22:30:58 +0000] "GET /.well-known/acme-challenge/rxSPnWiZaMDPNbiv8Sr09mfitA8b7Qhip5fjEgqTmD8 HTTP/1.1" 200 2289 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
nginx_1 | 34.221.246.20 - - [02/Mar/2023:22:30:58 +0000] "GET /.well-known/acme-challenge/rxSPnWiZaMDPNbiv8Sr09mfitA8b7Qhip5fjEgqTmD8 HTTP/1.1" 200 2289 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
nginx_1 | 2023/03/02 22:31:02 [notice] 1#1: signal 1 (SIGHUP) received from 29, reconfiguring
nginx_1 | 2023/03/02 22:31:02 [notice] 1#1: reconfiguring
nginx_1 | 2023/03/02 22:31:02 [notice] 1#1: using the "epoll" event method
nginx_1 | 2023/03/02 22:31:02 [notice] 1#1: start worker processes
nginx_1 | 2023/03/02 22:31:02 [notice] 1#1: start worker process 35
nginx_1 | 2023/03/02 22:31:02 [notice] 28#28: gracefully shutting down
nginx_1 | 2023/03/02 22:31:02 [notice] 28#28: exiting
nginx_1 | 2023/03/02 22:31:02 [notice] 28#28: exit
nginx_1 | 2023/03/02 22:31:02 [notice] 1#1: signal 17 (SIGCHLD) received from 28
nginx_1 | 2023/03/02 22:31:02 [notice] 1#1: worker process 28 exited with code 0
nginx_1 | 2023/03/02 22:31:02 [notice] 1#1: signal 29 (SIGIO) received
/var/log/letsencrypt/letsencrypt.log is empty.
I put 'Test-File' in the container at /var/www/certbot/
http://rinatrix.com/.well-known/acme-challenge/Test-File
When I go to it it just shows my javascrip site.
I have the site up in detached mode so you all can see.
I put 'Test-File' in the container at /var/www/certbot/
http://rinatrix.com/.well-known/acme-challenge/Test-File
Here is what I see with curl
$ curl -Ii http://rinatrix.com/.well-known/acme-challenge/Test-File
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 22:46:30 GMT
Content-Type: text/html
Content-Length: 2289
Last-Modified: Wed, 01 Mar 2023 22:03:42 GMT
Connection: keep-alive
ETag: "63ffcbbe-8f1"
Accept-Ranges: bytes
This nginx configuration is not the one that is actually running.
If it was, then visiting the domain should result in a 301 redirect, right?
Instead, we see your website:
$ curl -i rinatrix.com
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Mar 2023 23:42:42 GMT
Content-Type: text/html
Content-Length: 2289
Last-Modified: Wed, 01 Mar 2023 22:03:42 GMT
Connection: keep-alive
ETag: "63ffcbbe-8f1"
Accept-Ranges: bytes
<!doctype html><html lang="en">...snip...
So the effective nginx configuration is different to the one you've posted.
So I see what my issue was, I was loading the wrong folder. Now it's set to use those nginx settings.
Currently what I get is:
ubuntu@ip-172-31-38-5:~/app$ sudo ./init-letsencrypt.sh
Existing data found for rinatrix.com. Continue and replace existing certificate? (y/N) y
### Creating dummy certificate for rinatrix.com ...
Creating app_certbot_run ... done
Generating a RSA private key
.............+++++
...................................+++++
writing new private key to '/etc/letsencrypt/live/rinatrix.com/privkey.pem'
-----
### Starting nginx ...
Recreating app_db_1 ... done
Recreating app_backend_1 ... done
Recreating app_nginx_1 ... done
### Deleting dummy certificate for rinatrix.com ...
Creating app_certbot_run ... done
### Requesting Let's Encrypt certificate for rinatrix.com ...
Creating app_certbot_run ... done
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for rinatrix.com and www.rinatrix.com
Performing the following challenges:
http-01 challenge for rinatrix.com
http-01 challenge for www.rinatrix.com
Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification...
Challenge failed for domain rinatrix.com
Challenge failed for domain www.rinatrix.com
http-01 challenge for rinatrix.com
http-01 challenge for www.rinatrix.com
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: rinatrix.com
Type: connection
Detail: 3.138.94.177: Fetching http://rinatrix.com/.well-known/acme-challenge/UDa0ndOx0wD4DACuhn4ClBoxQi6cSMMgD7Qy1Ww44-I: Connection refused
Domain: www.rinatrix.com
Type: connection
Detail: 3.138.94.177: Fetching http://www.rinatrix.com/.well-known/acme-challenge/ggfpMVMcIFuITfPTIC3KkaEe1Lrqy_3tZ9cVR9foSYg: Connection refused
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
ERROR: 1
### Reloading nginx ...
nginx_1 | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
nginx_1 | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
nginx_1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
nginx_1 | 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
nginx_1 | 10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf differs from the packaged version
nginx_1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
nginx_1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
nginx_1 | /docker-entrypoint.sh: Configuration complete; ready for start up
nginx_1 | 2023/03/03 02:17:40 [emerg] 1#1: no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/conf.d/default.conf:16
nginx_1 | nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/conf.d/default.conf:16
app_nginx_1 exited with code 1
/var/log/letsencrypt/letsencrypt.log doesn't exist
certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No certificates found.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Now nginx just keeps restarting becasue what appears to me, it cannot find a certificate. I honestly don't know what to do to try to fix this.
I did just try commenting out the 443 server part and I get.
ubuntu@ip-172-31-38-5:~/app$ curl -i rinatrix.com
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 03 Mar 2023 02:30:37 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://rinatrix.com/
<head><title>301 Moved Permanently</title></head>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
I don't know if it helps but hopefully it can help give some pointers.
ssl_certificate /etc/letsencrypt/live/rinatrix.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/rinatrix.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
client_max_body_size 20M;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
location /api {
try_files $uri @proxy_api;
location /djangoadmin {
try_files $uri @proxy_api;
rewrite ^([^.]*[^/])$ $1/ permanent;
location /rest-auth {
try_files $uri @proxy_api;
location /api-auth {
try_files $uri @proxy_api;
# location /admin {
# try_files $uri @proxy_api;
# }
location @proxy_api {
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://backend:8000;
location /django_static/ {
autoindex on;
alias /app/backend/nabuconnect/django_static/;
Output from sudo ./init-letsencrypt.sh
ubuntu@ip-172-31-38-5:~/app$ sudo ./init-letsencrypt.sh
Existing data found for rinatrix.com. Continue and replace existing certificate? (y/N) y
### Creating dummy certificate for rinatrix.com ...
Creating app_certbot_run ... done
Generating a RSA private key
..+++++
.........................+++++
writing new private key to '/etc/letsencrypt/live/rinatrix.com/privkey.pem'
-----
### Starting nginx ...
Recreating app_db_1 ... done
Recreating app_backend_1 ... done
Recreating app_nginx_1 ... done
### Deleting dummy certificate for rinatrix.com ...
Creating app_certbot_run ... done
### Requesting Let's Encrypt certificate for rinatrix.com ...
Creating app_certbot_run ... done
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for rinatrix.com and www.rinatrix.com
Performing the following challenges:
http-01 challenge for rinatrix.com
http-01 challenge for www.rinatrix.com
Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification...
Challenge failed for domain rinatrix.com
Challenge failed for domain www.rinatrix.com
http-01 challenge for rinatrix.com
http-01 challenge for www.rinatrix.com
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: rinatrix.com
Type: connection
Detail: 3.138.94.177: Fetching http://rinatrix.com/.well-known/acme-challenge/vcvRRZazjfStfJtJHfZINpW9uHcvEyWVE3A2MkBVRis: Connection refused
Domain: www.rinatrix.com
Type: connection
Detail: 3.138.94.177: Fetching http://www.rinatrix.com/.well-known/acme-challenge/xT9k4h4cSqd2iX8EAHtxmR9BlsfJzRHuJcI5iJJ8I1M: Connection refused
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
ERROR: 1
### Reloading nginx ...
nginx output
nginx_1 | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
nginx_1 | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
nginx_1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
nginx_1 | 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
nginx_1 | 10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf differs from the packaged version
nginx_1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
nginx_1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
nginx_1 | /docker-entrypoint.sh: Configuration complete; ready for start up
nginx_1 | 2023/03/03 02:41:18 [emerg] 1#1: open() "/etc/letsencrypt/options-ssl-nginx.conf" failed (2: No such file or directory) in /etc/nginx/conf.d/default.conf:24
nginx_1 | nginx: [emerg] open() "/etc/letsencrypt/options-ssl-nginx.conf" failed (2: No such file or directory) in /etc/nginx/conf.d/default.conf:24
app_nginx_1 exited with code 1
ssl_certificate /etc/letsencrypt/live/rinatrix.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/rinatrix.com/privkey.pem;
# include /etc/letsencrypt/options-ssl-nginx.conf;
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
client_max_body_size 20M;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
location /api {
try_files $uri @proxy_api;
location /djangoadmin {
try_files $uri @proxy_api;
rewrite ^([^.]*[^/])$ $1/ permanent;
location /rest-auth {
try_files $uri @proxy_api;
location /api-auth {
try_files $uri @proxy_api;
# location /admin {
# try_files $uri @proxy_api;
# }
location @proxy_api {
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://backend:8000;
location /django_static/ {
autoindex on;
alias /app/backend/nabuconnect/django_static/;
nginx_1 | 10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf differs from the packaged version
nginx_1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
nginx_1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
nginx_1 | /docker-entrypoint.sh: Configuration complete; ready for start up
nginx_1 | 2023/03/03 02:47:44 [emerg] 1#1: cannot load certificate "/etc/letsencrypt/live/rinatrix.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/rinatrix.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx_1 | nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/rinatrix.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/rinatrix.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
app_nginx_1 exited with code 1
ubuntu@ip-172-31-38-5:~/app$ sudo ./init-letsencrypt.sh
Existing data found for rinatrix.com. Continue and replace existing certificate? (y/N) y
### Creating dummy certificate for rinatrix.com ...
Creating app_certbot_run ... done
Generating a RSA private key
..+++++
.............+++++
writing new private key to '/etc/letsencrypt/live/rinatrix.com/privkey.pem'
-----
### Starting nginx ...
Recreating app_db_1 ... done
Recreating app_backend_1 ... done
Recreating app_nginx_1 ... done
### Deleting dummy certificate for rinatrix.com ...
Creating app_certbot_run ... done
### Requesting Let's Encrypt certificate for rinatrix.com ...
Creating app_certbot_run ... done
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for rinatrix.com and www.rinatrix.com
Performing the following challenges:
http-01 challenge for rinatrix.com
http-01 challenge for www.rinatrix.com
Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification...
Challenge failed for domain rinatrix.com
Challenge failed for domain www.rinatrix.com
http-01 challenge for rinatrix.com
http-01 challenge for www.rinatrix.com
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: rinatrix.com
Type: connection
Detail: 3.138.94.177: Fetching http://rinatrix.com/.well-known/acme-challenge/Xdz0PJ8YzAMOBABDEgG6g7YRmfPeSSEag8IIUZHDxrw: Connection refused
Domain: www.rinatrix.com
Type: connection
Detail: 3.138.94.177: Fetching http://www.rinatrix.com/.well-known/acme-challenge/_WTbBQdNE_ckLo2h9uab9iNvVQaufVC_dGHAG48c4tc: Connection refused
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
ERROR: 1
### Reloading nginx ...
OCI runtime exec failed: exec failed: cannot exec in a stopped container: unknown
So I just figured out how to get into the contianer and run the command to request the certificate in staging... it failed. But now I checked the log in the container and this is what I found. Hopefully it will make sense to you.
/opt/certbot # cat /var/log/letsencrypt/letsencrypt.log
2023-03-03 04:24:20,465:DEBUG:certbot._internal.main:certbot version: 2.3.0
2023-03-03 04:24:20,466:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/local/bin/certbot
2023-03-03 04:24:20,466:DEBUG:certbot._internal.main:Arguments: ['--webroot', '-w', '/var/www/certbot', '--email', '[email protected]', '--agree-tos', '--no-eff-email', '--staging', '-d', 'rinatrix.com', '-d', 'www.rinatrix.com']
2023-03-03 04:24:20,466:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-03-03 04:24:20,482:DEBUG:certbot._internal.log:Root logging level set at 30
2023-03-03 04:24:20,485:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2023-03-03 04:24:20,488:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A seperate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7fb6f2d63e20>
Prep: True
2023-03-03 04:24:20,488:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7fb6f2d63e20> and installer None
2023-03-03 04:24:20,488:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2023-03-03 04:24:21,036:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/91062074', new_authzr_uri=None, terms_of_service=None), 03d4e5e03e377ee84364ff6182129902, Meta(creation_dt=datetime.datetime(2023, 3, 2, 21, 51, 58, tzinfo=<UTC>), creation_host='f0c13cf0ee90', register_to_eff=None))>
2023-03-03 04:24:21,037:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2023-03-03 04:24:21,042:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2023-03-03 04:24:21,260:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 830
2023-03-03 04:24:21,260:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Mar 2023 04:24:21 GMT
Content-Type: application/json
Content-Length: 830
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"kq-NvzVz3yo": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"meta": {
"caaIdentities": [
"letsencrypt.org"
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org/docs/staging-environment/"
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/get/draft-ietf-acme-ari-00/renewalInfo/",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
2023-03-03 04:24:21,261:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for rinatrix.com and www.rinatrix.com
2023-03-03 04:24:21,283:DEBUG:acme.client:Requesting fresh nonce
2023-03-03 04:24:21,283:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2023-03-03 04:24:21,328:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2023-03-03 04:24:21,329:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Mar 2023 04:24:21 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: A272PvMWRNGZAi54aMYSzk-74tzJhnCudZy2GeBBFVYq-_g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2023-03-03 04:24:21,329:DEBUG:acme.client:Storing nonce: A272PvMWRNGZAi54aMYSzk-74tzJhnCudZy2GeBBFVYq-_g
2023-03-03 04:24:21,329:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "rinatrix.com"\n },\n {\n "type": "dns",\n "value": "www.rinatrix.com"\n }\n ]\n}'
2023-03-03 04:24:21,344:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85MTA2MjA3NCIsICJub25jZSI6ICJBMjcyUHZNV1JOR1pBaTU0YU1ZU3prLTc0dHpKaG5DdWRaeTJHZUJCRlZZcS1fZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "YXPgJxSroLOwnnhvcXFKOH3Q7G7qNYeAU5qlvnwKBGN29jYkLEZt4nMwQp9hN5uUEJMM0lTVTedE4XoF_4R_XpW6L3YklVX0wUe7xPY-DeqD_4SM9yI9jX3WlT60KcgZnozK9hWusWeaw8NVzaytmbF9GChD9N2cjy9Tu4G12tLtrn4hwqexlgJaFfSCbUdIcT-25_OtZ1KXGUFMA9BtAytUlsNHQDhMp-gR3rkpO-HQj4Yj4r3qH_S7k1odSQZeA033wlW3Jlr3U8zGweXIQ_iNflh3VYHewt_80B1DGslRgL3PEWUz8YqjdZ-V1cc53vETrehYe2EDUOskdF0pmuGaR0rgC6lfoh6rOiHmU19f-i8y2jl1yH4vWZ6sjyCawoFJJN_pq4qzSh-lNARfuLSgL_JnGKgZqLwTsnY6ZpG_Vr5NELQO0ZAErYInyEGf9yRdBxLUFaRtX0KmPZLuF5nQkpa-nVMHxC3r60sDxiWOMxYap8I3Epet62RGJIGxpydGtfsF-cXwX0d2vuC8N1NzD12UCAgGAr_FVx7tdnmdOzAwpVeSJ2eJEese131WKk3INvQ2nE5GcAy6Rga3sYp4ZpNNae9fn456Apvg-Y1q9Vop-V-z4dYjCto4MGaR4iOVUpMwjc8o7PRQbTx9qyiznO0UB7glbfFXqDEB3no",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInJpbmF0cml4LmNvbSIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJ3d3cucmluYXRyaXguY29tIgogICAgfQogIF0KfQ"
2023-03-03 04:24:21,419:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 493
2023-03-03 04:24:21,420:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 03 Mar 2023 04:24:21 GMT
Content-Type: application/json
Content-Length: 493
Connection: keep-alive
Boulder-Requester: 91062074
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/91062074/7527152074
Replay-Nonce: B37ChrFMXV9zxLNA8_-eYQ0r-sCHab584DOz2gWwOaXP5VA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
"status": "pending",
"expires": "2023-03-10T04:24:21Z",
"identifiers": [
"type": "dns",
"value": "rinatrix.com"
"type": "dns",
"value": "www.rinatrix.com"
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/5578342814",
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/5578342824"
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/91062074/7527152074"
2023-03-03 04:24:21,420:DEBUG:acme.client:Storing nonce: B37ChrFMXV9zxLNA8_-eYQ0r-sCHab584DOz2gWwOaXP5VA
2023-03-03 04:24:21,420:DEBUG:acme.client:JWS payload:
2023-03-03 04:24:21,430:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/5578342814:
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85MTA2MjA3NCIsICJub25jZSI6ICJCMzdDaHJGTVhWOXp4TE5BOF8tZVlRMHItc0NIYWI1ODRET3oyZ1d3T2FYUDVWQSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My81NTc4MzQyODE0In0",
"signature": "sTb28AqRSqP2LGVVUq9PbaMz5IOoWlJAMdwx7fms0E-Q8JKmRPqyniL0Faz1Lt_zUgImKS2J2WWYDZJB4-MN8PK2HbC3gAIsUvgUdSBP4ow5PqFkgkOF45hltBotOnrWzpD22i2ZcBYETjX37mL-6YrX0DXggJUBrg0PnXlSAU1Nnfeo7t0pURV7_U4sMvGU9KsL_iSc4gq6L6JXwUUkeTFipah54hFQ9B2FN5hNLBAfuukVOpjNCwfDl7Zlhn9z4LqfgVSwLeM9yr4OuHy7HYNOpnC2NCSA6jqtkrijN9zI93VICGAx2gZgQvhvetujFsauwBsHEfjPCh_nkTW57Q-axYYFWocZniUNuzEfdGDgjBGayaP85lcX1xJHRvSraiZFmt4zAY1-EN8hSoqJ-l1qyf-9A-ORZ8LnUPaVehYkYlPaUF_4wfn4ELJnK3cBq2m9lXIo8epcGUsxfA_1W03S70uSXqPgBLdHxRfDWZW0Rl8DK2jTYUVHA9jU9DBg8Ejr39ra_ftRUDNHuJCmxctbQVtbCw1p4VcAGdPCheIguR2KqJKmr5lFH7vCe6XXw1O-RGDJhW7ncDWq2zQIqndDpkvN3IikCS-jQivNU9dzbtrppHelzjBGw8UOdulVM408LEKSSyj_oU6FWRSdhKIZSVMca2iUNHo7GcSfJHk",
"payload": ""
2023-03-03 04:24:21,478:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/5578342814 HTTP/1.1" 200 814
2023-03-03 04:24:21,478:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Mar 2023 04:24:21 GMT
Content-Type: application/json
Content-Length: 814
Connection: keep-alive
Boulder-Requester: 91062074
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 8F05KrLzi90ee3TXHQbWz6NQ0wl-UcRB1VbNkPWrV1Ad9VQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
"identifier": {
"type": "dns",
"value": "rinatrix.com"
"status": "pending",
"expires": "2023-03-10T04:24:21Z",
"challenges": [
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5578342814/mO1tCg",
"token": "PLfQ2ztOc3fU--PtM_Nrus-KMoRxEcmZgr0ql_7bzP0"
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5578342814/PZPJ5A",
"token": "PLfQ2ztOc3fU--PtM_Nrus-KMoRxEcmZgr0ql_7bzP0"
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5578342814/_dfB9g",
"token": "PLfQ2ztOc3fU--PtM_Nrus-KMoRxEcmZgr0ql_7bzP0"
2023-03-03 04:24:21,479:DEBUG:acme.client:Storing nonce: 8F05KrLzi90ee3TXHQbWz6NQ0wl-UcRB1VbNkPWrV1Ad9VQ
2023-03-03 04:24:21,479:DEBUG:acme.client:JWS payload:
2023-03-03 04:24:21,489:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/5578342824:
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85MTA2MjA3NCIsICJub25jZSI6ICI4RjA1S3JMemk5MGVlM1RYSFFiV3o2TlEwd2wtVWNSQjFWYk5rUFdyVjFBZDlWUSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My81NTc4MzQyODI0In0",
"signature": "Oy_sxqugX_32ngVujsJxDRavZBZuZPia7kL3HGfThPv66CcaJViNp13cj3F5X4VNiPe2gEvlPzbmTnd0UZ0DsfeDLOorpd381HPvueM3XshmB25btwnNpBblzJwAW0ETXBXdGN6Hpe3YS4Ch2b6Y8yL2Xuy3M7f7uo90KioJrV3j_aXgU3fEyEOhPID4Eyua3DxgJgVXuLQAoZ2LZ2fC9ZwsdaIDItGT7-rU46VJ0hBe7-5Mmmoh_os6kn8bLGE7IulVR8yYjkTfKCe1x8e9wCOPMtlrW6bP8TnAyYTO4n61DPfRJN_q6fGuYykHkge3cdhKMxd3Mlk_PjuaXY_WoWVYMOnhjhKU_eI3Ah9ig5rExqks4D30eW6jHc-chaHvxXsac1PXZVo-VRPwXUpt1hTh3pcDyZTtyOCKxYKbfGuJmZxTCTnEVOGzdE6JmuX0nJms7XPbelXuNWRbSHD6-LjreMfTv2P-ReQMPrlIJUwRRMhun0Oks__ZIdXDDYJzcX9enE6k5PBf7yjpSLomgQNBXarvLYHy6bmdeqlOhZdgeuajeV_deQgohz6mGRAufsBNyw7b9lmEULBY8cSyZV1RsF9cXGlZ9RlbO40w9O_k_258pyczo6gCOWmhjyYI2Q8To4Y3xF3v8GkaGzKU11MthDYLCHJdE-vS6_8hQNI",
"payload": ""
2023-03-03 04:24:21,538:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/5578342824 HTTP/1.1" 200 818
2023-03-03 04:24:21,538:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Mar 2023 04:24:21 GMT
Content-Type: application/json
Content-Length: 818
Connection: keep-alive
Boulder-Requester: 91062074
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 49942Mld3TNqE40tocC6X8QoHzDCZLyJTs6OWW1UyZSLwcs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
"identifier": {
"type": "dns",
"value": "www.rinatrix.com"
"status": "pending",
"expires": "2023-03-10T04:24:21Z",
"challenges": [
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5578342824/tj2LVQ",
"token": "FENLUtlip_H6iGf4sNKvWQqL4UUcHnAy81toIj-yJeA"
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5578342824/OPLb2w",
"token": "FENLUtlip_H6iGf4sNKvWQqL4UUcHnAy81toIj-yJeA"
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5578342824/0Mfl-Q",
"token": "FENLUtlip_H6iGf4sNKvWQqL4UUcHnAy81toIj-yJeA"
2023-03-03 04:24:21,539:DEBUG:acme.client:Storing nonce: 49942Mld3TNqE40tocC6X8QoHzDCZLyJTs6OWW1UyZSLwcs
2023-03-03 04:24:21,539:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-03-03 04:24:21,539:INFO:certbot._internal.auth_handler:http-01 challenge for rinatrix.com
2023-03-03 04:24:21,539:INFO:certbot._internal.auth_handler:http-01 challenge for www.rinatrix.com
2023-03-03 04:24:21,540:INFO:certbot._internal.plugins.webroot:Using the webroot path /var/www/certbot for all unmatched domains.
2023-03-03 04:24:21,540:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/certbot/.well-known/acme-challenge
2023-03-03 04:24:21,541:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/certbot/.well-known/acme-challenge
2023-03-03 04:24:21,542:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/certbot/.well-known/acme-challenge/PLfQ2ztOc3fU--PtM_Nrus-KMoRxEcmZgr0ql_7bzP0
2023-03-03 04:24:21,543:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/certbot/.well-known/acme-challenge/FENLUtlip_H6iGf4sNKvWQqL4UUcHnAy81toIj-yJeA
2023-03-03 04:24:21,543:DEBUG:acme.client:JWS payload:
b'{}'
2023-03-03 04:24:21,552:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5578342814/mO1tCg:
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85MTA2MjA3NCIsICJub25jZSI6ICI0OTk0Mk1sZDNUTnFFNDB0b2NDNlg4UW9IekRDWkx5SlRzNk9XVzFVeVpTTHdjcyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My81NTc4MzQyODE0L21PMXRDZyJ9",
"signature": "SjEuvxH_gOsvHMKO_Is1T6-nBMTcthH8-q5M09hpB3bNMuhBMqbSkxOna7bIP8gkkwGjjSDUEMeyRWoNWLygMUjnC17D9RY6aeAbiC0H5YZ65iJ7X2ItktgPIUYmhmD2_UuK35JSyYkZSMCHBBs5o7-9pBWgqFR5K0t4TD0Pqo7pwRDfSZM_U-nS9GOmQ7UbgsKBCw0I0VIcm2NO2Ev4Cs4xJoiYMIcLtUpxWyCRjnNWVZGksILeoHjWSi2BLsbNvWl1XELLx6RRYJzCLyPRTd7TQrkSmOCTDSv4Vy6lnoVCQEMi19ROYUpBj4yd03HnKJ3sYmvADVWBr4tnmA2a2hD-9JdwDRRE6Z1OiEkTLT4CyMY6PBI-uVbgoIAkwhPzlpVDeG2eNCNx-cP7CQzk46rVBATAGAtlgCFiZfBANwz_1qqqegu9nI5na54ILBcItd4NW5Za0yETMkoIXuaSJLe53fD3TwzuU6G7RkxOgW9sU-nLM1mDmXb0Fdd6SZG1UcCU9Bx0slL7qHolb0JdhufBB9jafDsUwjdRBHjH3wzpoghPBrwDVZjvfPnlpx56ukYk7_Jth4fc0SfJLv2dfDRMFn8XgsPCSGeJUnPcxdfsMhOcGJ8_wjG2v4mLej_WazcTVbwsYp5lNs0ag11Y6ZuJbyXfhPXxbq1SlMpX8jw",
"payload": "e30"
2023-03-03 04:24:21,603:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/5578342814/mO1tCg HTTP/1.1" 200 193
2023-03-03 04:24:21,604:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Mar 2023 04:24:21 GMT
Content-Type: application/json
Content-Length: 193
Connection: keep-alive
Boulder-Requester: 91062074
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/5578342814>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5578342814/mO1tCg
Replay-Nonce: B37CcV7xyfPyHRF8kEHf0JbSarzQCJqzaEeNzHyCfVrDSK8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5578342814/mO1tCg",
"token": "PLfQ2ztOc3fU--PtM_Nrus-KMoRxEcmZgr0ql_7bzP0"
2023-03-03 04:24:21,604:DEBUG:acme.client:Storing nonce: B37CcV7xyfPyHRF8kEHf0JbSarzQCJqzaEeNzHyCfVrDSK8
2023-03-03 04:24:21,604:DEBUG:acme.client:JWS payload:
b'{}'
2023-03-03 04:24:21,613:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5578342824/tj2LVQ:
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85MTA2MjA3NCIsICJub25jZSI6ICJCMzdDY1Y3eHlmUHlIUkY4a0VIZjBKYlNhcnpRQ0pxemFFZU56SHlDZlZyRFNLOCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My81NTc4MzQyODI0L3RqMkxWUSJ9",
"signature": "D98jge0h7j5xMsmgSnT8tNeMHt69nAOnrQf8vyV9lzZN9hWKrWC-noDcxm8qx-lCEjGb-iVArTZAdO5-fnBd5kkOMTzhRVL8hASL_EQ-9Ns7SjsTrNajhqY5YX54WgXnynXSmsmlVdJFAkNY8FLNa2h2KzRaAN9mGyVVUPltFqpQtAVpZqGVlGq7yLGo6aLxj4GFulvwl3kIcXYoIklEk-aFB-Y9b1apy6wjbB0i-jUOn-0dCPS8oocQpnhHVRqlxoX0EgSyTudLKS0cqjHyxTuu31botLcFuWZwynjPinwtlGfYf6QjwOcOQAe9GDjZwBL8Ct53qYBcvdylwYzRh3uRwgZtuBwh93iU456LDEEhZHUZVy67ZpIfvm_0mpA35bAm5LtM9dmtFfCv0fgTu-8cBwBmByXXMmWb2JmcxTITIBpOZ5vmFuTpkBkA_Ugd3eXiYVlZ2tFGNSuB_N25PgCMPpA6Lkiyw_HuPJd90jh4BzBygz6mWaYbE285bjvUPHrKnnO2kZv-4gllikVEIN4ibIF26RZp1z8ST7vT7aIGc3YmCZ4iNt0dIbxfyszXJsq_RNRAouMk_WdaE4V73NJcuHCNUc0O030if8u--2ZlvbLinhhcHeTM6kfFwSmIJ5OPcRqP9ytp4k0EImHvqsZHIW8tfy6l9s75NgUJZ8w",
"payload": "e30"
2023-03-03 04:24:21,663:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/5578342824/tj2LVQ HTTP/1.1" 200 193
2023-03-03 04:24:21,663:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Mar 2023 04:24:21 GMT
Content-Type: application/json
Content-Length: 193
Connection: keep-alive
Boulder-Requester: 91062074
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/5578342824>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5578342824/tj2LVQ
Replay-Nonce: 8F0588vbl7UZRJETdxQCZ7m6EWBVR4Ad1mOSKXO6HA3PMNs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5578342824/tj2LVQ",
"token": "FENLUtlip_H6iGf4sNKvWQqL4UUcHnAy81toIj-yJeA"
2023-03-03 04:24:21,664:DEBUG:acme.client:Storing nonce: 8F0588vbl7UZRJETdxQCZ7m6EWBVR4Ad1mOSKXO6HA3PMNs
2023-03-03 04:24:21,664:INFO:certbot._internal.auth_handler:Waiting for verification...
2023-03-03 04:24:22,664:DEBUG:acme.client:JWS payload:
2023-03-03 04:24:22,674:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/5578342814:
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85MTA2MjA3NCIsICJub25jZSI6ICI4RjA1ODh2Ymw3VVpSSkVUZHhRQ1o3bTZFV0JWUjRBZDFtT1NLWE82SEEzUE1OcyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My81NTc4MzQyODE0In0",
"signature": "R47GzGPcC6Y7Frwa3dUo3eXj48UHn56PGkyfT6NishOKyqFugyY4MHZRiwtNFFL4vlq459e17LKD_HyEBayzM39c8hDzKu9T9PSsB1souHG4k6FnOnee-3zfZkIyw3l6_6sXEwAkQDwue-G2AsJ-Js7gmoYb6FcyxymjLyNguiz2sSG7kWWOZSZXF10j7zFLVXNfDNYnkpumj872K4YiwgG1NgFahisTWc1a2OIaS4mtToDwab6iJv3IyfXMCsxG5VptWBtmqD2vIqF0OVSDZHum7wNDSyh27MSZ-reZ6rx6hnf03p07OvvijkO49ZzyeJJhnD1TZg2HQbD8B0uZjj8B74yxywXzP6WKpgeGFSDpYd9y4uQPy4RJsKRxx3umY7_X9zJN9qLNdaETpYh8OVixe24KuZaej5SQuPsWRDksygtXCtOiOgZ0J8rs1dIoH0aKGhggsa9_qvgx-RQlyUaikuYbOiJivVGyoUyGxuW8pmczFzmXBla4HlLDFL-DreYU_HoNe_acwtvpKpioXiHGMAaUzovdCV5kgw_sG4PFDL1h3Je9A6jaWpgwm7T_Ic_Nlwd3IBYvKSQTNwK7CYxX7OJr80npmi_FMWJdSy1UZKlLYBEYWTVAsV8UgbPTe4eK9WPjToSR8DJ37VnEtCSqg5dqncFJFD5x25Y-yuE",
"payload": ""
2023-03-03 04:24:22,725:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/5578342814 HTTP/1.1" 200 1019
2023-03-03 04:24:22,726:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Mar 2023 04:24:22 GMT
Content-Type: application/json
Content-Length: 1019
Connection: keep-alive
Boulder-Requester: 91062074
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 4994djjdvmQqAx-c0MMwmciQ1P4VoJeUb5XVVMdWUOXSMss
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
"identifier": {
"type": "dns",
"value": "rinatrix.com"
"status": "invalid",
"expires": "2023-03-10T04:24:21Z",
"challenges": [
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "3.138.94.177: Invalid response from http://rinatrix.com/.well-known/acme-challenge/PLfQ2ztOc3fU--PtM_Nrus-KMoRxEcmZgr0ql_7bzP0: 404",
"status": 403
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5578342814/mO1tCg",
"token": "PLfQ2ztOc3fU--PtM_Nrus-KMoRxEcmZgr0ql_7bzP0",
"validationRecord": [
"url": "http://rinatrix.com/.well-known/acme-challenge/PLfQ2ztOc3fU--PtM_Nrus-KMoRxEcmZgr0ql_7bzP0",
"hostname": "rinatrix.com",
"port": "80",
"addressesResolved": [
"3.138.94.177"
"addressUsed": "3.138.94.177"
"validated": "2023-03-03T04:24:21Z"
2023-03-03 04:24:22,726:DEBUG:acme.client:Storing nonce: 4994djjdvmQqAx-c0MMwmciQ1P4VoJeUb5XVVMdWUOXSMss
2023-03-03 04:24:22,726:DEBUG:acme.client:JWS payload:
2023-03-03 04:24:22,735:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/5578342824:
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85MTA2MjA3NCIsICJub25jZSI6ICI0OTk0ZGpqZHZtUXFBeC1jME1Nd21jaVExUDRWb0plVWI1WFZWTWRXVU9YU01zcyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My81NTc4MzQyODI0In0",
"signature": "soODHEDr3F_o5-Eim7IxnrBM4cUJJPTVkapOMzujCRBuduyQAYNKoOdI5GtnjEMQhFsEqx3eZPSy0FdYB1P454qwxDtCalXBZP4jfZRyrlm3OLwqsE9cYtvyhubzNPG-C4CSrkVWT0oadtI8_gmGONmpQ7tXjXikNT9NTL9xaAimTzCr0C4kZj-elIrkTuG3bNY4Xz4nhIiLlyyrVNnuhh_hvDbnDZGOWy_EOXzGBJY-niN_6OQmxlqXVgbRW2chWfgLBZEyqOTKNJl5B59jYzUpRBvV9REIS4PDEe-M0O9nMOT8OLp5MsjrnB1_fi9LW2qSBkhZhTrRkYC1f7byUnUv8w8zaDZ1DK94anP90Nf1VQegR74AQ1dcduIm-hpVxbc6YcAFLqXsj4qcmfizDnAbN8dcQ7YJ8oDvueEY9eUCjroCLf-GfGI0EhC1777nmWBFH_fCjtLh9tgdMBhmNG6RQq0DAe8DXOjmtEB3up9opApMWxRJ3zE65LPIU3b8ySftPN6JzaOowF66v_VDPXr3SX0uBDRWGnTWFAOVnwJ2-T2IahC-y4G-tKjcsKmUn-FoMLOGMZvWy39mvoK153UsT3bKp2Y57lns3K21cKIt8jGHYRpuJVrSehB9WlWGMdD427vW1fG5eOdfHH-aV5IxiIzx-s9qR9exn0yRpYU",
"payload": ""
2023-03-03 04:24:22,794:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/5578342824 HTTP/1.1" 200 1035
2023-03-03 04:24:22,794:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Mar 2023 04:24:22 GMT
Content-Type: application/json
Content-Length: 1035
Connection: keep-alive
Boulder-Requester: 91062074
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: A272wzSmOsA29gD9CUo-oVAcR_D9cZzZqHZYRYBAVeVaQYs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
"identifier": {
"type": "dns",
"value": "www.rinatrix.com"
"status": "invalid",
"expires": "2023-03-10T04:24:21Z",
"challenges": [
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "3.138.94.177: Invalid response from http://www.rinatrix.com/.well-known/acme-challenge/FENLUtlip_H6iGf4sNKvWQqL4UUcHnAy81toIj-yJeA: 404",
"status": 403
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5578342824/tj2LVQ",
"token": "FENLUtlip_H6iGf4sNKvWQqL4UUcHnAy81toIj-yJeA",
"validationRecord": [
"url": "http://www.rinatrix.com/.well-known/acme-challenge/FENLUtlip_H6iGf4sNKvWQqL4UUcHnAy81toIj-yJeA",
"hostname": "www.rinatrix.com",
"port": "80",
"addressesResolved": [
"3.138.94.177"
"addressUsed": "3.138.94.177"
"validated": "2023-03-03T04:24:21Z"
2023-03-03 04:24:22,794:DEBUG:acme.client:Storing nonce: A272wzSmOsA29gD9CUo-oVAcR_D9cZzZqHZYRYBAVeVaQYs
2023-03-03 04:24:22,795:INFO:certbot._internal.auth_handler:Challenge failed for domain rinatrix.com
2023-03-03 04:24:22,795:INFO:certbot._internal.auth_handler:Challenge failed for domain www.rinatrix.com
2023-03-03 04:24:22,795:INFO:certbot._internal.auth_handler:http-01 challenge for rinatrix.com
2023-03-03 04:24:22,795:INFO:certbot._internal.auth_handler:http-01 challenge for www.rinatrix.com
2023-03-03 04:24:22,795:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: rinatrix.com
Type: unauthorized
Detail: 3.138.94.177: Invalid response from http://rinatrix.com/.well-known/acme-challenge/PLfQ2ztOc3fU--PtM_Nrus-KMoRxEcmZgr0ql_7bzP0: 404
Domain: www.rinatrix.com
Type: unauthorized
Detail: 3.138.94.177: Invalid response from http://www.rinatrix.com/.well-known/acme-challenge/FENLUtlip_H6iGf4sNKvWQqL4UUcHnAy81toIj-yJeA: 404
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
2023-03-03 04:24:22,801:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-03-03 04:24:22,801:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-03-03 04:24:22,801:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-03-03 04:24:22,801:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/certbot/.well-known/acme-challenge/PLfQ2ztOc3fU--PtM_Nrus-KMoRxEcmZgr0ql_7bzP0
2023-03-03 04:24:22,802:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/certbot/.well-known/acme-challenge/FENLUtlip_H6iGf4sNKvWQqL4UUcHnAy81toIj-yJeA
2023-03-03 04:24:22,809:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2023-03-03 04:24:22,809:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 33, in <module>
sys.exit(load_entry_point('certbot', 'console_scripts', 'certbot')())
File "/opt/certbot/src/certbot/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1862, in main
return config.func(config, plugins)
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1595, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 140, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 516, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 428, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-03-03 04:24:22,814:ERROR:certbot._internal.log:Some challenges have failed.
your server 404ed at certificate request, certbot ordered to put token /var/www/certbot and server should be configed to pick those path: but your docker failed to run becaseu there was no cert file:
this sound some kind of catch-22
from init-letsencrypt.sh though it seems it makes a dummy certificate then restarts the system before requesting a certificate.
echo "### Creating dummy certificate for $domains ..."
path="/etc/letsencrypt/live/$domains"
mkdir -p "$data_path/conf/live/$domains"
docker-compose run --rm --entrypoint "\
openssl req -x509 -nodes -newkey rsa:1024 -days 1\
-keyout '$path/privkey.pem' \
-out '$path/fullchain.pem' \
-subj '/CN=localhost'" certbot
