LetsEncrypt 3.1.0 - Challenges Failed for all domains

**kess** · May 16th 2017

Hello guys, I searched the forums for similar problems but I couldn't find the right solution for my situation
I've successfully generated certificates for a couple of domains with one of the previous versions, but the last one gives me some problems while trying to generate a new certificate for some other domain.

This is what I get in the plugin's log:

Code

[Tue May 16 17:14:05 2017] [debug] Modules::Plugin::_call: Calling run() method on Plugin::LetsEncrypt[Tue May 16 17:14:05 2017] [debug] iMSCP::Service::__ANON__: Systemd init system has been detected[Tue May 16 17:14:05 2017] [debug] iMSCP::Execute::execute: /bin/systemctl --system is-active apache2.service[Tue May 16 17:14:05 2017] [debug] iMSCP::Provider::Service::Sysvinit::_exec: active[Tue May 16 17:14:05 2017] [debug] Plugin::LetsEncrypt::run: Executing `toadd' tasks for the `erbolandia.biz' SSL certificate[Tue May 16 17:14:05 2017] [debug] Plugin::LetsEncrypt::_issueCertificate: Required action: issue[Tue May 16 17:14:05 2017] [debug] Plugin::LetsEncrypt::_deleteLineages: Deleting any SSL certificate lineage matching the erbolandia.biz domain name[Tue May 16 17:14:05 2017] [debug] iMSCP::Execute::execute: /usr/local/sbin/certbot-auto certonly --quiet --agree-tos --email support@myhostingcompany.com --webroot --webroot-path /var/www/imscp/gui/plugins/LetsEncrypt/acme --preferred-challenges http --allow-subset-of-names --cert-name erbolandia.biz --domains erbolandia.biz,www.erbolandia.biz[Tue May 16 17:14:11 2017] [debug] iMSCP::Execute::getExitCode: Command exited with value: 1[Tue May 16 17:14:11 2017] [error] Plugin::LetsEncrypt::run: Challenge failed for domain erbolandia.bizChallenge failed for domain www.erbolandia.bizChallenges failed for all domains

and this is the letsencrypt.log

Code

2017-05-16 15:14:07,027:DEBUG:certbot.main:certbot version: 0.14.0
2017-05-16 15:14:07,027:DEBUG:certbot.main:Arguments: ['--quiet', '--agree-tos', '--email', 'support@myhostingcompany.com', '--webroot', '--webroot-path', '/var/www/imscp/gui/plugins/LetsEncrypt/acme', '--preferred-challenges', 'http', '--allow-subset-of-names', '--cert-name', 'erbolandia.biz', '--domains', 'erbolandia.biz,www.erbolandia.biz']
2017-05-16 15:14:07,027:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2017-05-16 15:14:07,075:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer <certbot.cli._Default object at 0x7f4ddceca0d0>
2017-05-16 15:14:07,075:DEBUG:certbot.cli:Default Detector is Namespace(account=<certbot.cli._Default object at 0x7f4ddcec3590>, agree_dev_preview=None, allow_subset_of_names=True, apache=<certbot.cli._Default object at 0x7f4ddceca3d0>, apache_challenge_location=<certbot.cli._Default object at 0x7f4ddcecafd0>, apache_ctl=<certbot.cli._Default object at 0x7f4ddcecf410>, apache_dismod=<certbot.cli._Default object at 0x7f4ddcecaa10>, apache_enmod=<certbot.cli._Default object at 0x7f4ddceca910>, apache_handle_modules=<certbot.cli._Default object at 0x7f4ddcecf190>, apache_handle_sites=<certbot.cli._Default object at 0x7f4ddcecf310>, apache_init_script=<certbot.cli._Default object at 0x7f4ddcecf510>, apache_le_vhost_ext=<certbot.cli._Default object at 0x7f4ddcecab50>, apache_logs_root=<certbot.cli._Default object at 0x7f4ddcecae90>, apache_server_root=<certbot.cli._Default object at 0x7f4ddcecac90>, apache_vhost_root=<certbot.cli._Default object at 0x7f4ddcecad90>, authenticator='webroot', break_my_certs=<certbot.cli._Default object at 0x7f4ddcec5190>, cert_path=<certbot.cli._Default object at 0x7f4ddcec5410>, certname='erbolandia.biz', chain_path=<certbot.cli._Default object at 0x7f4ddcec5b90>, checkpoints=<certbot.cli._Default object at 0x7f4ddcea32d0>, config_dir=<certbot.cli._Default object at 0x7f4ddcec5c90>, config_file=None, configurator=<certbot.cli._Default object at 0x7f4ddceca0d0>, csr=<certbot.cli._Default object at 0x7f4ddcea38d0>, debug=<certbot.cli._Default object at 0x7f4ddcec3c50>, debug_challenges=<certbot.cli._Default object at 0x7f4ddcec3d50>, dialog=None, domains='erbolandia.biz,www.erbolandia.biz', dry_run=<certbot.cli._Default object at 0x7f4ddcea3850>, duplicate=<certbot.cli._Default object at 0x7f4ddcec3690>, eff_email=<certbot.cli._Default object at 0x7f4ddcea3c50>, email='support@myhostingcompany.com', expand=<certbot.cli._Default object at 0x7f4ddcea3f50>, force_interactive=<certbot.cli._Default object at 0x7f4ddcea3390>, fullchain_path=<certbot.cli._Default object at 0x7f4ddcec5050>, func=<function certonly at 0x7f4ddd0fb758>, hsts=<certbot.cli._Default object at 0x7f4ddcec5690>, http01_port=<certbot.cli._Default object at 0x7f4ddcec5090>, ifaces=<certbot.cli._Default object at 0x7f4ddcec5810>, init=<certbot.cli._Default object at 0x7f4ddcf11cd0>, installer=<certbot.cli._Default object at 0x7f4ddceca0d0>, key_path=<certbot.cli._Default object at 0x7f4ddcec5210>, logs_dir=<certbot.cli._Default object at 0x7f4ddcec5e90>, manual=<certbot.cli._Default object at 0x7f4ddceca6d0>, manual_auth_hook=<certbot.cli._Default object at 0x7f4ddceca8d0>, manual_cleanup_hook=<certbot.cli._Default object at 0x7f4ddcecf750>, manual_public_ip_logging_ok=<certbot.cli._Default object at 0x7f4ddcecf850>, must_staple=<certbot.cli._Default object at 0x7f4ddcec5390>, nginx=<certbot.cli._Default object at 0x7f4ddceca4d0>, nginx_ctl=<certbot.cli._Default object at 0x7f4ddcecfa90>, nginx_server_root=<certbot.cli._Default object at 0x7f4ddcecf610>, no_bootstrap=<certbot.cli._Default object at 0x7f4ddcec3990>, no_self_upgrade=<certbot.cli._Default object at 0x7f4ddcec3890>, no_verify_ssl=<certbot.cli._Default object at 0x7f4ddcec3e50>, noninteractive_mode=<certbot.cli._Default object at 0x7f4ddcea3150>, num=<certbot.cli._Default object at 0x7f4ddcea3d10>, os_packages_only=<certbot.cli._Default object at 0x7f4ddcec3790>, post_hook=<certbot.cli._Default object at 0x7f4ddcec3650>, pre_hook=<certbot.cli._Default object at 0x7f4ddcec3850>, pref_challs='http', prepare=<certbot.cli._Default object at 0x7f4ddcf11850>, quiet=True, reason=<certbot.cli._Default object at 0x7f4ddcea3710>, redirect=<certbot.cli._Default object at 0x7f4ddcec5490>, register_unsafely_without_email=<certbot.cli._Default object at 0x7f4ddcea3950>, reinstall=<certbot.cli._Default object at 0x7f4ddcea3e50>, renew_by_default=<certbot.cli._Default object at 0x7f4ddcec3150>, renew_hook=<certbot.cli._Default object at 0x7f4ddcec3450>, renew_with_new_domains=<certbot.cli._Default object at 0x7f4ddcec3250>, rsa_key_size=<certbot.cli._Default object at 0x7f4ddcec5290>, server=<certbot.cli._Default object at 0x7f4ddcec5f90>, staging=<certbot.cli._Default object at 0x7f4ddcea3510>, standalone=<certbot.cli._Default object at 0x7f4ddceca5d0>, standalone_supported_challenges=<certbot.cli._Default object at 0x7f4ddcecfb90>, staple=<certbot.cli._Default object at 0x7f4ddcec3fd0>, strict_permissions=<certbot.cli._Default object at 0x7f4ddcec3c10>, text_mode=<certbot.cli._Default object at 0x7f4ddcf11e50>, tls_sni_01_port=<certbot.cli._Default object at 0x7f4ddcec3f50>, tos=True, uir=<certbot.cli._Default object at 0x7f4ddcec5890>, update_registration=<certbot.cli._Default object at 0x7f4ddcea3a50>, user_agent=<certbot.cli._Default object at 0x7f4ddcea3b10>, validate_hooks=<certbot.cli._Default object at 0x7f4ddcec3210>, verb='certonly', verbose_count=<certbot.cli._Default object at 0x7f4ddcf11b90>, webroot=True, webroot_map=<certbot.cli._Default object at 0x7f4ddcecfd90>, webroot_path='/var/www/imscp/gui/plugins/LetsEncrypt/acme', work_dir=<certbot.cli._Default object at 0x7f4ddcec5d90>)
2017-05-16 15:14:07,085:DEBUG:certbot.log:Root logging level set at 30
2017-05-16 15:14:07,086:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-05-16 15:14:07,086:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2017-05-16 15:14:07,091:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f4ddcecaf50>
Prep: True
2017-05-16 15:14:07,092:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f4ddcecaf50> and installer None
2017-05-16 15:14:07,097:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, contact=(u'mailto:support@myhostingcompany.com',), agreement=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf', key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f4ddf7e6850>)>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/11039534', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'), 4ebcdc981b300ddf5744d2a6a2c1e0e4, Meta(creation_host=u'w01.futurahosters.com', creation_dt=datetime.datetime(2017, 3, 18, 17, 25, 29, tzinfo=<UTC>)))>
2017-05-16 15:14:07,098:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2017-05-16 15:14:07,103:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-05-16 15:14:07,380:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 352
2017-05-16 15:14:07,381:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 352
Boulder-Request-Id: HzKMZJE2jhgOI6ffbXmBpZW3hNIcy3tEtsnhv0_qllQ
Replay-Nonce: 7O1eYRPpRCGN1brH3ydyqCeRzpw4QPXu-Jhgu3HN7yo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 May 2017 15:14:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 May 2017 15:14:07 GMT
Connection: keep-alive
{
"key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
"revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
2017-05-16 15:14:07,382:INFO:certbot.main:Obtaining a new certificate
2017-05-16 15:14:07,382:DEBUG:acme.client:Requesting fresh nonce
2017-05-16 15:14:07,382:DEBUG:acme.client:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
2017-05-16 15:14:07,598:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "HEAD /acme/new-authz HTTP/1.1" 405 0
2017-05-16 15:14:07,599:DEBUG:acme.client:Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Boulder-Request-Id: Rum-ucqtYpm5VEnBnB8-g0pFuQvpIxjiZX0K0tLwPjA
Replay-Nonce: bElKaaqTS_Mi9jUKrGZhksm1FKSCE-wUjHu5vS6VgIA
Expires: Tue, 16 May 2017 15:14:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 May 2017 15:14:07 GMT
Connection: keep-alive
2017-05-16 15:14:07,599:DEBUG:acme.client:Storing nonce: bElKaaqTS_Mi9jUKrGZhksm1FKSCE-wUjHu5vS6VgIA
2017-05-16 15:14:07,599:DEBUG:acme.client:JWS payload:
{
"identifier": {
"type": "dns",
"value": "erbolandia.biz"
},
"resource": "new-authz"
}
2017-05-16 15:14:07,605:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
"header": {
"alg": "RS256",
"jwk": {
"e": "AQAB",
"kty": "RSA",
"n": "6bTKdYZ8f5wzrodmRDRA6r1CtJ-_atrwcfnK2pl9edJh7tF1WuqEVUwroGO8I13iE2g9wdAxait8D1Y9JWsimGKYjokTiLKOVP7ZdBQNhRCGcxIYfQktcsIodsx3Lw5DqiOrmB95fTUukOK0lETnQ0HsYJKXY9e-kr14_-s9d8Pb8wn3txDm0lMN0pT04ry6Weo2FHmNbt7EJPe3bVUPskuHJ3_hMXmsuTJz-08hRfcFJw9vVFScKPnv3SpYV-R5KIkarBASzon5C2WfisbkyrqVRcyjiB8V2GC45AI6ZH8ZMkTnOd5c_kuRm1EnASPfUyTNGe8xWq5EjUtc-njiOQ"
}
},
"protected": "eyJub25jZSI6ICJiRWxLYWFxVFNfTWk5alVLckdaaGtzbTFGS1NDRS13VWpIdTV2UzZWZ0lBIn0",
"payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAiZXJib2xhbmRpYS5iaXoiCiAgfSwgCiAgInJlc291cmNlIjogIm5ldy1hdXRoeiIKfQ",
"signature": "t5TENudVRtjxFNnWM1l6BopcAbCDMetWpz9Bc_DPd49EmOi9Rj2ExJHAephefUsypfZk2HPlxW68OOpAnKARIkgIgV_zVY0swkMIyvBT6rVaKaYevBF6bnWRuBZqrcHBdUB10GHJcf4CaXnfWuo6dEyBeXDZNr4TR9HL6pOa0dQKZY4TsvcXijgsb0A-3o8m4Khw-GPw5qU3gqFQMFda7rD_Sf4tw5admPjKenaj3_6M7e_IxB8Mq4tt1aemgr7akZMqT6N9649lJyNdGjovVCGjJwM9Qes2Pyoz_m0WV5Sef81cqi1Z3f_UUbUWX996uM0bMK-D7kbQ7F5c9Op5hA"
}
2017-05-16 15:14:07,815:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 1002
2017-05-16 15:14:07,816:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 1002
Boulder-Request-Id: O1c2c9xwcPcDTfPS7w3I3HO1K6UmSPJdXgPO1cW57CI
Boulder-Requester: 11039534
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/EMeM42Kws4qmNyWJAvTZTuDLLziYyu10FyAcaMBFKZk
Replay-Nonce: Qg75YfRQuXKOE7StwheOzP1lMkAPdwf9Ye8FqtdEMj4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 May 2017 15:14:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 May 2017 15:14:07 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "erbolandia.biz"
},
"status": "pending",
"expires": "2017-05-23T15:14:07.704003801Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/EMeM42Kws4qmNyWJAvTZTuDLLziYyu10FyAcaMBFKZk/1183652461",
"token": "IFqyWmBe9-LRafopV-HCTq5_Z7c8rzx_U3fIycpEqgQ"
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/EMeM42Kws4qmNyWJAvTZTuDLLziYyu10FyAcaMBFKZk/1183652462",
"token": "BlcKDoAjxWQXmtcb7MtL7B8EK6O-N7WegS2bXbMLpGE"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/EMeM42Kws4qmNyWJAvTZTuDLLziYyu10FyAcaMBFKZk/1183652463",
"token": "cHCzlqLygROVFZ0OFi3-SNd2bSJX5hNc1Q0WzIIDXmw"
}
],
"combinations": [
[
1
],
[
2
],
[
0
]
]
}
2017-05-16 15:14:07,816:DEBUG:acme.client:Storing nonce: Qg75YfRQuXKOE7StwheOzP1lMkAPdwf9Ye8FqtdEMj4
2017-05-16 15:14:07,818:DEBUG:acme.client:JWS payload:
{
"identifier": {
"type": "dns",
"value": "www.erbolandia.biz"
},
"resource": "new-authz"
}
2017-05-16 15:14:07,823:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
"header": {
"alg": "RS256",
"jwk": {
"e": "AQAB",
"kty": "RSA",
"n": "6bTKdYZ8f5wzrodmRDRA6r1CtJ-_atrwcfnK2pl9edJh7tF1WuqEVUwroGO8I13iE2g9wdAxait8D1Y9JWsimGKYjokTiLKOVP7ZdBQNhRCGcxIYfQktcsIodsx3Lw5DqiOrmB95fTUukOK0lETnQ0HsYJKXY9e-kr14_-s9d8Pb8wn3txDm0lMN0pT04ry6Weo2FHmNbt7EJPe3bVUPskuHJ3_hMXmsuTJz-08hRfcFJw9vVFScKPnv3SpYV-R5KIkarBASzon5C2WfisbkyrqVRcyjiB8V2GC45AI6ZH8ZMkTnOd5c_kuRm1EnASPfUyTNGe8xWq5EjUtc-njiOQ"
}
},
"protected": "eyJub25jZSI6ICJRZzc1WWZSUXVYS09FN1N0d2hlT3pQMWxNa0FQZHdmOVllOEZxdGRFTWo0In0",
"payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAid3d3LmVyYm9sYW5kaWEuYml6IgogIH0sIAogICJyZXNvdXJjZSI6ICJuZXctYXV0aHoiCn0",
"signature": "qR2Y1Usg_BRZkUw1mkLKthOllPydr0CtHnbXRqIVZJHienWBjAH2EavtVPDWeePFgMN93Bxq1OEthJMWBOAi2Xw5-fQOsvi1LzTLgLGgrwVWsm01tD2zG5dFaZdLjr_BdVZoBX5uLgTz12Panp4W_Ujr0tSU-B64Je2f0TcMIMGK_QO7l5ZzHS254wFZcvE0q-ZGCuT-kLLJTNGy5brYC0_Vp6ngLCbKJZymyy_krbkTfzOVtkkMzD7uX8G23NkDqARMddovDAtbcK-NyzK-MAIZMPCPuJDmn-b4BgK-0qNO2cEhCaI00F1F_9AmIgHtntD-zWgv-T42WdqeR9l8Dg"
}
2017-05-16 15:14:08,014:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 1006
2017-05-16 15:14:08,015:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 1006
Boulder-Request-Id: adTEl9BasEBZwMIGV3n98R6oPkyNQvcv4Pueasqom3Y
Boulder-Requester: 11039534
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/kWOij8-i_8siJyvEIzxCS4rbg1qYzBuEyWJWOTg69vc
Replay-Nonce: OxSAq3pebn3ahuH5bRcVgr0eiixr0p2Ew12BtzrPQvI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 May 2017 15:14:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 May 2017 15:14:08 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "www.erbolandia.biz"
},
"status": "pending",
"expires": "2017-05-23T15:14:07.908160086Z",
"challenges": [
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/kWOij8-i_8siJyvEIzxCS4rbg1qYzBuEyWJWOTg69vc/1183652484",
"token": "jDlk3DezOkj60ZIPSDyNYWF0jpmVVHAKPPBVofCx_qg"
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/kWOij8-i_8siJyvEIzxCS4rbg1qYzBuEyWJWOTg69vc/1183652485",
"token": "e1vlbb52TeGEy_lU4JIARcd7Ri8mX2Q3rHFmSYmkhlM"
},
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/kWOij8-i_8siJyvEIzxCS4rbg1qYzBuEyWJWOTg69vc/1183652486",
"token": "0c1hdSjKa-qHbmlp-hr1qMMaBsJLXO1sHkEOyzohxCI"
}
],
"combinations": [
[
0
],
[
2
],
[
1
]
]
}
2017-05-16 15:14:08,015:DEBUG:acme.client:Storing nonce: OxSAq3pebn3ahuH5bRcVgr0eiixr0p2Ew12BtzrPQvI
2017-05-16 15:14:08,016:INFO:certbot.auth_handler:Performing the following challenges:
2017-05-16 15:14:08,016:INFO:certbot.auth_handler:http-01 challenge for erbolandia.biz
2017-05-16 15:14:08,016:INFO:certbot.auth_handler:http-01 challenge for www.erbolandia.biz
2017-05-16 15:14:08,017:INFO:certbot.plugins.webroot:Using the webroot path /var/www/imscp/gui/plugins/LetsEncrypt/acme for all unmatched domains.
2017-05-16 15:14:08,017:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /var/www/imscp/gui/plugins/LetsEncrypt/acme/.well-known/acme-challenge
2017-05-16 15:14:08,017:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /var/www/imscp/gui/plugins/LetsEncrypt/acme/.well-known/acme-challenge
2017-05-16 15:14:08,021:DEBUG:certbot.plugins.webroot:Attempting to save validation to /var/www/imscp/gui/plugins/LetsEncrypt/acme/.well-known/acme-challenge/IFqyWmBe9-LRafopV-HCTq5_Z7c8rzx_U3fIycpEqgQ
2017-05-16 15:14:08,025:DEBUG:certbot.plugins.webroot:Attempting to save validation to /var/www/imscp/gui/plugins/LetsEncrypt/acme/.well-known/acme-challenge/0c1hdSjKa-qHbmlp-hr1qMMaBsJLXO1sHkEOyzohxCI
2017-05-16 15:14:08,025:INFO:certbot.auth_handler:Waiting for verification...
2017-05-16 15:14:08,026:DEBUG:acme.client:JWS payload:
{
"keyAuthorization": "IFqyWmBe9-LRafopV-HCTq5_Z7c8rzx_U3fIycpEqgQ.UWSrTKp5dAnMELIsurlLgJ-99d88dMT63Eghk00_5yA",
"type": "http-01",
"resource": "challenge"
}
2017-05-16 15:14:08,031:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/EMeM42Kws4qmNyWJAvTZTuDLLziYyu10FyAcaMBFKZk/1183652461:
{
"header": {
"alg": "RS256",
"jwk": {
"e": "AQAB",
"kty": "RSA",
"n": "6bTKdYZ8f5wzrodmRDRA6r1CtJ-_atrwcfnK2pl9edJh7tF1WuqEVUwroGO8I13iE2g9wdAxait8D1Y9JWsimGKYjokTiLKOVP7ZdBQNhRCGcxIYfQktcsIodsx3Lw5DqiOrmB95fTUukOK0lETnQ0HsYJKXY9e-kr14_-s9d8Pb8wn3txDm0lMN0pT04ry6Weo2FHmNbt7EJPe3bVUPskuHJ3_hMXmsuTJz-08hRfcFJw9vVFScKPnv3SpYV-R5KIkarBASzon5C2WfisbkyrqVRcyjiB8V2GC45AI6ZH8ZMkTnOd5c_kuRm1EnASPfUyTNGe8xWq5EjUtc-njiOQ"
}
},
"protected": "eyJub25jZSI6ICJPeFNBcTNwZWJuM2FodUg1YlJjVmdyMGVpaXhyMHAyRXcxMkJ0enJQUXZJIn0",
"payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIklGcXlXbUJlOS1MUmFmb3BWLUhDVHE1X1o3YzhyenhfVTNmSXljcEVxZ1EuVVdTclRLcDVkQW5NRUxJc3VybExnSi05OWQ4OGRNVDYzRWdoazAwXzV5QSIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
"signature": "TnOtOmqTSmy5OgDUKrgs-UE-AdKCxolKFG2f0syh71DA7yobdLT_1ypzcjd2OKNcdz22iT_rzwWfFf5hwrR4OCP7r3l7LOdgEKY3P9IEKXhrmBM81iejts8q3fBmD_lDXdVN1MmAhgwSi1Znr0kkaagiPeAavwcAtpG6Kn494xVLqdIFU09BVHAp062pFDOtmNdM4PhvQhF7DE-t0PSRJ__eUfnUGJtzTbWKV9CJJOao8XPj9bwDC7qR11qQBzgDNw8cmKckM0w0fOS1nzO3HSxTxvD9pf8JneeeWCFaV5u-KrWJeFdu6GpILsY3_gIyvTR2oPLrheomgDqVvtw49w"
}
2017-05-16 15:14:08,244:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/challenge/EMeM42Kws4qmNyWJAvTZTuDLLziYyu10FyAcaMBFKZk/1183652461 HTTP/1.1" 202 336
2017-05-16 15:14:08,246:DEBUG:acme.client:Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 336
Boulder-Request-Id: e40cPG7SIdx_9a00hVF1f1iklJOMlIAPqp4TRjJ0Gkg
Boulder-Requester: 11039534
Link: <https://acme-v01.api.letsencrypt.org/acme/authz/EMeM42Kws4qmNyWJAvTZTuDLLziYyu10FyAcaMBFKZk>;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/EMeM42Kws4qmNyWJAvTZTuDLLziYyu10FyAcaMBFKZk/1183652461
Replay-Nonce: 6W90fMP-fXu7tXJxqNw4Hg1K9hgSJKHa_nulE2O8RNw
Expires: Tue, 16 May 2017 15:14:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 May 2017 15:14:08 GMT
Connection: keep-alive
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/EMeM42Kws4qmNyWJAvTZTuDLLziYyu10FyAcaMBFKZk/1183652461",
"token": "IFqyWmBe9-LRafopV-HCTq5_Z7c8rzx_U3fIycpEqgQ",
"keyAuthorization": "IFqyWmBe9-LRafopV-HCTq5_Z7c8rzx_U3fIycpEqgQ.UWSrTKp5dAnMELIsurlLgJ-99d88dMT63Eghk00_5yA"
}
2017-05-16 15:14:08,246:DEBUG:acme.client:Storing nonce: 6W90fMP-fXu7tXJxqNw4Hg1K9hgSJKHa_nulE2O8RNw
2017-05-16 15:14:08,247:DEBUG:acme.client:JWS payload:
{
"keyAuthorization": "0c1hdSjKa-qHbmlp-hr1qMMaBsJLXO1sHkEOyzohxCI.UWSrTKp5dAnMELIsurlLgJ-99d88dMT63Eghk00_5yA",
"type": "http-01",
"resource": "challenge"
}
2017-05-16 15:14:08,252:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/kWOij8-i_8siJyvEIzxCS4rbg1qYzBuEyWJWOTg69vc/1183652486:
{
"header": {
"alg": "RS256",
"jwk": {
"e": "AQAB",
"kty": "RSA",
"n": "6bTKdYZ8f5wzrodmRDRA6r1CtJ-_atrwcfnK2pl9edJh7tF1WuqEVUwroGO8I13iE2g9wdAxait8D1Y9JWsimGKYjokTiLKOVP7ZdBQNhRCGcxIYfQktcsIodsx3Lw5DqiOrmB95fTUukOK0lETnQ0HsYJKXY9e-kr14_-s9d8Pb8wn3txDm0lMN0pT04ry6Weo2FHmNbt7EJPe3bVUPskuHJ3_hMXmsuTJz-08hRfcFJw9vVFScKPnv3SpYV-R5KIkarBASzon5C2WfisbkyrqVRcyjiB8V2GC45AI6ZH8ZMkTnOd5c_kuRm1EnASPfUyTNGe8xWq5EjUtc-njiOQ"
}
},
"protected": "eyJub25jZSI6ICI2VzkwZk1QLWZYdTd0WEp4cU53NEhnMUs5aGdTSktIYV9udWxFMk84Uk53In0",
"payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIjBjMWhkU2pLYS1xSGJtbHAtaHIxcU1NYUJzSkxYTzFzSGtFT3l6b2h4Q0kuVVdTclRLcDVkQW5NRUxJc3VybExnSi05OWQ4OGRNVDYzRWdoazAwXzV5QSIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
"signature": "MvNTrJL4wqfb9YiTs9MlZdCPvG7hcxx9dXfHVr4eZN132KHpRuwdKXYio_bAYCby2WJDOQtxz-OkTzCADJ0q-1bfSz0CtT3pWzfLXB2K9Md4fJWW1E24qfHCz3N_gCxYW6E0-DpEb6QMBHwZ9MyKPt-73Z23TuZhcCsmpDQBT3ZzAzvtm4hfaroXlW_5EpRK5c54oh-JDi5Av14Yj2sZPE1krOARaekvb1f5Pdx9wmiJSx_GxKzlU9wjYBlHq9lVWH-LOip0tcd7oLsxLl0Gy5U9NKJ1aCvBferOha8V7NCxjG6JL5pukvUe2_w1FapJHHAO61-Qmcgm9n_7VqeToA"
}
2017-05-16 15:14:08,483:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/challenge/kWOij8-i_8siJyvEIzxCS4rbg1qYzBuEyWJWOTg69vc/1183652486 HTTP/1.1" 202 336
2017-05-16 15:14:08,484:DEBUG:acme.client:Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 336
Boulder-Request-Id: 0Zu5nxeLGFUAjhwh1aGNp2Q-0H6QXz1LCS1qpRqM1bM
Boulder-Requester: 11039534
Link: <https://acme-v01.api.letsencrypt.org/acme/authz/kWOij8-i_8siJyvEIzxCS4rbg1qYzBuEyWJWOTg69vc>;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/kWOij8-i_8siJyvEIzxCS4rbg1qYzBuEyWJWOTg69vc/1183652486
Replay-Nonce: sYo1QOO7Taw094quqHnFV2LxlUY_QmvyC6N-XV9OSFQ
Expires: Tue, 16 May 2017 15:14:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 May 2017 15:14:08 GMT
Connection: keep-alive
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/kWOij8-i_8siJyvEIzxCS4rbg1qYzBuEyWJWOTg69vc/1183652486",
"token": "0c1hdSjKa-qHbmlp-hr1qMMaBsJLXO1sHkEOyzohxCI",
"keyAuthorization": "0c1hdSjKa-qHbmlp-hr1qMMaBsJLXO1sHkEOyzohxCI.UWSrTKp5dAnMELIsurlLgJ-99d88dMT63Eghk00_5yA"
}
2017-05-16 15:14:08,484:DEBUG:acme.client:Storing nonce: sYo1QOO7Taw094quqHnFV2LxlUY_QmvyC6N-XV9OSFQ
2017-05-16 15:14:11,488:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/EMeM42Kws4qmNyWJAvTZTuDLLziYyu10FyAcaMBFKZk.
2017-05-16 15:14:11,683:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /acme/authz/EMeM42Kws4qmNyWJAvTZTuDLLziYyu10FyAcaMBFKZk HTTP/1.1" 200 1959
2017-05-16 15:14:11,684:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1959
Boulder-Request-Id: Xeyzv8PcbF1w4llRNkreq3v0L1EiXuI42x0tvFCwU0c
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Replay-Nonce: -4IxSAlnXc9kzZ1rTftJGuLFK3-GTbEOLgI_lx39NIg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 May 2017 15:14:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 May 2017 15:14:11 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "erbolandia.biz"
},
"status": "invalid",
"expires": "2017-05-23T15:14:07Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:unauthorized",
"detail": "Invalid response from http://erbolandia.biz/.well-known/acme-challenge/IFqyWmBe9-LRafopV-HCTq5_Z7c8rzx_U3fIycpEqgQ: \"\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eForbidden\u003c/h1\u003e\n\u003cp\"",
"status": 403
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/EMeM42Kws4qmNyWJAvTZTuDLLziYyu10FyAcaMBFKZk/1183652461",
"token": "IFqyWmBe9-LRafopV-HCTq5_Z7c8rzx_U3fIycpEqgQ",
"keyAuthorization": "IFqyWmBe9-LRafopV-HCTq5_Z7c8rzx_U3fIycpEqgQ.UWSrTKp5dAnMELIsurlLgJ-99d88dMT63Eghk00_5yA",
"validationRecord": [
{
"url": "http://erbolandia.biz/.well-known/acme-challenge/IFqyWmBe9-LRafopV-HCTq5_Z7c8rzx_U3fIycpEqgQ",
"hostname": "erbolandia.biz",
"port": "80",
"addressesResolved": [
"193.246.36.157"
],
"addressUsed": "193.246.36.157",
"addressesTried": []
}
]
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/EMeM42Kws4qmNyWJAvTZTuDLLziYyu10FyAcaMBFKZk/1183652462",
"token": "BlcKDoAjxWQXmtcb7MtL7B8EK6O-N7WegS2bXbMLpGE"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/EMeM42Kws4qmNyWJAvTZTuDLLziYyu10FyAcaMBFKZk/1183652463",
"token": "cHCzlqLygROVFZ0OFi3-SNd2bSJX5hNc1Q0WzIIDXmw"
}
],
"combinations": [
[
1
],
[
2
],
[
0
]
]
}
2017-05-16 15:14:11,685:WARNING:certbot.auth_handler:Challenge failed for domain erbolandia.biz
2017-05-16 15:14:11,686:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/kWOij8-i_8siJyvEIzxCS4rbg1qYzBuEyWJWOTg69vc.
2017-05-16 15:14:11,909:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /acme/authz/kWOij8-i_8siJyvEIzxCS4rbg1qYzBuEyWJWOTg69vc HTTP/1.1" 200 1975
2017-05-16 15:14:11,911:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1975
Boulder-Request-Id: biCA8JdpDwvrhqyLJXrrftE9p1e2jerqmizXrxlybGI
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Replay-Nonce: qK0OgwGBMhbES9erQmITHERIus24dJV8tG8-e8tkW7c
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 16 May 2017 15:14:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 16 May 2017 15:14:11 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "www.erbolandia.biz"
},
"status": "invalid",
"expires": "2017-05-23T15:14:07Z",
"challenges": [
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/kWOij8-i_8siJyvEIzxCS4rbg1qYzBuEyWJWOTg69vc/1183652484",
"token": "jDlk3DezOkj60ZIPSDyNYWF0jpmVVHAKPPBVofCx_qg"
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/kWOij8-i_8siJyvEIzxCS4rbg1qYzBuEyWJWOTg69vc/1183652485",
"token": "e1vlbb52TeGEy_lU4JIARcd7Ri8mX2Q3rHFmSYmkhlM"
},
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:unauthorized",
"detail": "Invalid response from http://www.erbolandia.biz/.well-known/acme-challenge/0c1hdSjKa-qHbmlp-hr1qMMaBsJLXO1sHkEOyzohxCI: \"\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eForbidden\u003c/h1\u003e\n\u003cp\"",
"status": 403
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/kWOij8-i_8siJyvEIzxCS4rbg1qYzBuEyWJWOTg69vc/1183652486",
"token": "0c1hdSjKa-qHbmlp-hr1qMMaBsJLXO1sHkEOyzohxCI",
"keyAuthorization": "0c1hdSjKa-qHbmlp-hr1qMMaBsJLXO1sHkEOyzohxCI.UWSrTKp5dAnMELIsurlLgJ-99d88dMT63Eghk00_5yA",
"validationRecord": [
{
"url": "http://www.erbolandia.biz/.well-known/acme-challenge/0c1hdSjKa-qHbmlp-hr1qMMaBsJLXO1sHkEOyzohxCI",
"hostname": "www.erbolandia.biz",
"port": "80",
"addressesResolved": [
"193.246.36.157"
],
"addressUsed": "193.246.36.157",
"addressesTried": []
}
]
}
],
"combinations": [
[
0
],
[
2
],
[
1
]
]
}
2017-05-16 15:14:11,912:WARNING:certbot.auth_handler:Challenge failed for domain www.erbolandia.biz
2017-05-16 15:14:11,912:INFO:certbot.auth_handler:Cleaning up challenges
2017-05-16 15:14:11,912:DEBUG:certbot.plugins.webroot:Removing /var/www/imscp/gui/plugins/LetsEncrypt/acme/.well-known/acme-challenge/IFqyWmBe9-LRafopV-HCTq5_Z7c8rzx_U3fIycpEqgQ
2017-05-16 15:14:11,913:DEBUG:certbot.plugins.webroot:Removing /var/www/imscp/gui/plugins/LetsEncrypt/acme/.well-known/acme-challenge/0c1hdSjKa-qHbmlp-hr1qMMaBsJLXO1sHkEOyzohxCI
2017-05-16 15:14:11,913:INFO:certbot.plugins.webroot:Unable to clean up challenge directory /var/www/imscp/gui/plugins/LetsEncrypt/acme/.well-known/acme-challenge
2017-05-16 15:14:11,913:DEBUG:certbot.plugins.webroot:Error was: [Errno 39] Directory not empty: '/var/www/imscp/gui/plugins/LetsEncrypt/acme/.well-known/acme-challenge'
2017-05-16 15:14:11,914:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
sys.exit(main())
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 742, in main
return config.func(config, plugins)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 682, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 82, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 344, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 313, in obtain_certificate
self.config.allow_subset_of_names)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 92, in get_authorizations
"Challenges failed for all domains")
AuthorizationError: Challenges failed for all domains

Display More

i-MSCP : 1.3.16
System : Debian Jessie x64
System : php-fpm, apache2, proftpd, SSL for services and panel
Plugins : ClamAV, LetsEncrypt, Mailgraph, Monitorix, OpenDKIM, PhpSwitcher, Postscreen, RoundcubePlugins, ServerDefaultPage, SpamAssassin
Plugins Versions : all are the latest versions

Could you please help me in finding out if I'm doing something wrong ?

Thank you very much, bye Kess.

**UncleJ** · May 16th 2017

Hi,

please check this topic - perhaps this helps. Looks like the .well-known directory is not accessible

Regards

**kess** · May 16th 2017

Thank you for your reply.
I already tested the access to the .well-known directory and it works without problems.

At least, if I click here: http://www.erbolandia.biz/.wel…n/acme-challenge/.gitkeep it works correctly.
During the certificate request procedure I can see the 2 files that are created it the directory, they rest there for something like 2 seconds and then these files disappear... I bet because of a cleanup at the end of the procedure.

The problem should be elsewhere, but I can't understand...

**Nuxwin** · May 16th 2017

@kess

Quote from kess

During the certificate request procedure I can see the 2 files that are created it the directory,

In what directory (full path please) the files were created exactly? According the logs you posted, the files were created in the /var/www/imscp/gui/plugins/LetsEncrypt/acme/.well-known/acme-challenge directory and that is expected. The plugin make use of the same directory for all ACME challenges.

Can you please disable the ServerDefaultPage plugin and give a new try?

**kess** · May 16th 2017

Hello @Nuxwin,
i confirm that the path is

Code

/var/www/imscp/gui/plugins/LetsEncrypt/acme/.well-known/acme-challenge

and during the request:

Code

root@w01 /var/www/imscp/gui/plugins/LetsEncrypt/acme/.well-known/acme-challenge # ls -la
total 8.0K
drwxr-xr-x 2 vu2000 vu2000 4.0K May 16 20:37 .
drwxr-xr-x 3 vu2000 vu2000 4.0K May 13 16:25 ..
-rw-r--r-- 1 vu2000 vu2000 0 May 16 17:58 .gitkeep
root@w01 /var/www/imscp/gui/plugins/LetsEncrypt/acme/.well-known/acme-challenge # ls -la
total 16K
drwxr-xr-x 2 vu2000 vu2000 4.0K May 16 20:37 .
drwxr-xr-x 3 vu2000 vu2000 4.0K May 13 16:25 ..
-rw-r--r-- 1 root root 87 May 16 20:37 C4Q2JoeGuCuZnfIlGt8taU78FzA-nmqjZu9pbSOywzc
-rw-r--r-- 1 vu2000 vu2000 0 May 16 17:58 .gitkeep
-rw-r--r-- 1 root root 87 May 16 20:37 WjclIbHycSduNxRTdf8XsyvXWYncVhfbFaLINJUTkWU
root@w01 /var/www/imscp/gui/plugins/LetsEncrypt/acme/.well-known/acme-challenge # ls -la
total 16K
drwxr-xr-x 2 vu2000 vu2000 4.0K May 16 20:37 .
drwxr-xr-x 3 vu2000 vu2000 4.0K May 13 16:25 ..
-rw-r--r-- 1 root root 87 May 16 20:37 C4Q2JoeGuCuZnfIlGt8taU78FzA-nmqjZu9pbSOywzc
-rw-r--r-- 1 vu2000 vu2000 0 May 16 17:58 .gitkeep
-rw-r--r-- 1 root root 87 May 16 20:37 WjclIbHycSduNxRTdf8XsyvXWYncVhfbFaLINJUTkWU
root@w01 /var/www/imscp/gui/plugins/LetsEncrypt/acme/.well-known/acme-challenge # ls -la
total 8.0K
drwxr-xr-x 2 vu2000 vu2000 4.0K May 16 20:37 .
drwxr-xr-x 3 vu2000 vu2000 4.0K May 13 16:25 ..
-rw-r--r-- 1 vu2000 vu2000 0 May 16 17:58 .gitkeep

Display More

I've disabled the ServerDefaultPage Plugin and restarted apache, but no changes...

Do you need any other informations in order to investigate ?

**Nuxwin** · May 16th 2017

Quote from kess

Do you need any other informations in order to investigate ?

No. Best would be to give me access to the panel and ssh

**kess** · May 17th 2017

Hi @Nuxwin,
the certbot-auto has been upgraded from 0.14.0 to 0.14.1 automatically.
The problem is still the same.

Did you find time to perform some tests ?

Thank you, bye Kess.

**kess** · May 17th 2017

Just for you to check further:
apache log during request:

Code

66.133.109.36 - - [17/May/2017:11:24:51 +0200] "GET /.well-known/acme-challenge/Rmfg8eE-nMh9eGcKA2HXNBssLUnDKaFeVfNrBICBUco HTTP/1.1" 403 - "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"66.133.109.36 - - [17/May/2017:11:24:51 +0200] "GET /.well-known/acme-challenge/WLbSRgaX5QDyecJ7C47NO5kf-d1OvhcpTV36j5JmJR4 HTTP/1.1" 403 - "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

files in the directory during request:

Code

root@w01 /var/www/imscp/gui/plugins/LetsEncrypt/acme/.well-known/acme-challenge # ls -la
total 16K
drwxr-xr-x 2 vu2000 vu2000 4.0K May 17 11:24 .
drwxr-xr-x 3 vu2000 vu2000 4.0K May 16 21:37 ..
-rw-r--r-- 1 vu2000 vu2000 0 May 16 21:40 .gitkeep
-rw-r--r-- 1 root root 87 May 17 11:24 Rmfg8eE-nMh9eGcKA2HXNBssLUnDKaFeVfNrBICBUco
-rw-r--r-- 1 root root 87 May 17 11:24 WLbSRgaX5QDyecJ7C47NO5kf-d1OvhcpTV36j5JmJR4

Can't understand why apache returns a 403 error on these files.

**Nuxwin** · May 17th 2017

@kess

Can you provide me with a true SSH access and admin access to the control panel? I would investigate further because I cannot reproduce the problem on my installation. Teamviewer is a mess... Too slow and so on...

Thanks.

**kess** · May 17th 2017

Problem found... My bad as always...... Sorry...

There are the contents of the file /etc/apache2/imscp/erbolandia.biz.conf

Code

# Custom Apache configuration for erbolandia.biz## Any changes made to this file will be preserved on update.# i-MSCP doesn't check the contents of this file.## This file should NOT be deleted.# Bad botSetEnvIfNoCase User-Agent ^$ bad_botsSetEnvIfNoCase User-Agent "AhrefsBot" bad_botSetEnvIfNoCase User-Agent "archive.org_bot" bad_botSetEnvIfNoCase User-Agent "MJ12bot" bad_botSetEnvIfNoCase User-Agent "facebookexternalhit" bad_botSetEnvIfNoCase User-Agent "Twitterbot" bad_botSetEnvIfNoCase User-Agent "Baiduspider" bad_botSetEnvIfNoCase User-Agent "spbot" bad_botSetEnvIfNoCase User-Agent "HaosouSpider" bad_botSetEnvIfNoCase User-Agent "MetaURI" bad_botSetEnvIfNoCase User-Agent "mediawords" bad_botSetEnvIfNoCase User-Agent "FlipboardProxy" bad_botSetEnvIfNoCase User-Agent "abot" bad_botSetEnvIfNoCase User-Agent "aipbot" bad_botSetEnvIfNoCase User-Agent "asterias" bad_botSetEnvIfNoCase User-Agent "EI" bad_botSetEnvIfNoCase User-Agent "libwww-perl" bad_botSetEnvIfNoCase User-Agent "LWP" bad_botSetEnvIfNoCase User-Agent "lwp" bad_botSetEnvIfNoCase User-Agent "MSIECrawler" bad_botSetEnvIfNoCase User-Agent "nameprotect" bad_botSetEnvIfNoCase User-Agent "PlantyNet_WebRobot" bad_botSetEnvIfNoCase User-Agent "UCmore" bad_botSetEnvIfNoCase User-Agent "Alligator" bad_botSetEnvIfNoCase User-Agent "AllSubmitter" bad_botSetEnvIfNoCase User-Agent "Anonymous" bad_botSetEnvIfNoCase User-Agent "Asterias" bad_botSetEnvIfNoCase User-Agent "autoemailspider" bad_botSetEnvIfNoCase User-Agent "Badass" bad_botSetEnvIfNoCase User-Agent "Baiduspider" bad_botSetEnvIfNoCase User-Agent "BecomeBot" bad_botSetEnvIfNoCase User-Agent "Bitacle" bad_botSetEnvIfNoCase User-Agent "bladder\ fusion" bad_botSetEnvIfNoCase User-Agent "Blogshares\ Spiders" bad_botSetEnvIfNoCase User-Agent "Board\ Bot" bad_botSetEnvIfNoCase User-Agent "Board\ Bot" bad_botSetEnvIfNoCase User-Agent "Convera" bad_botSetEnvIfNoCase User-Agent "ConveraMultiMediaCrawler" bad_botSetEnvIfNoCase User-Agent "c-spider" bad_botSetEnvIfNoCase User-Agent "DA" bad_botSetEnvIfNoCase User-Agent "DnloadMage" bad_botSetEnvIfNoCase User-Agent "Download\ Demon" bad_botSetEnvIfNoCase User-Agent "Download\ Express" bad_botSetEnvIfNoCase User-Agent "Download\ Wonder" bad_botSetEnvIfNoCase User-Agent "dragonfly" bad_botSetEnvIfNoCase User-Agent "DreamPassport" bad_botSetEnvIfNoCase User-Agent "DSurf" bad_botSetEnvIfNoCase User-Agent "DTS Agent" bad_botSetEnvIfNoCase User-Agent "EBrowse" bad_botSetEnvIfNoCase User-Agent "eCatch" bad_botSetEnvIfNoCase User-Agent "edgeio" bad_botSetEnvIfNoCase User-Agent "Email\ Extractor" bad_botSetEnvIfNoCase User-Agent "EmailSiphon" bad_botSetEnvIfNoCase User-Agent "EmailWolf" bad_botSetEnvIfNoCase User-Agent "EmeraldShield" bad_botSetEnvIfNoCase User-Agent "ESurf" bad_botSetEnvIfNoCase User-Agent "Exabot" bad_botSetEnvIfNoCase User-Agent "ExtractorPro" bad_botSetEnvIfNoCase User-Agent "FileHeap!\ file downloader" bad_botSetEnvIfNoCase User-Agent "FileHound" bad_botSetEnvIfNoCase User-Agent "Forex" bad_botSetEnvIfNoCase User-Agent "Franklin\ Locator" bad_botSetEnvIfNoCase User-Agent "FreshDownload" bad_botSetEnvIfNoCase User-Agent "FrontPage" bad_botSetEnvIfNoCase User-Agent "FSurf" bad_botSetEnvIfNoCase User-Agent "Gaisbot" bad_botSetEnvIfNoCase User-Agent "Gamespy_Arcade" bad_botSetEnvIfNoCase User-Agent "genieBot" bad_botSetEnvIfNoCase User-Agent "GetBot" bad_botSetEnvIfNoCase User-Agent "GetRight" bad_botSetEnvIfNoCase User-Agent "Gigabot" bad_botSetEnvIfNoCase User-Agent "Go!Zilla" bad_botSetEnvIfNoCase User-Agent "Go-Ahead-Got-It" bad_botSetEnvIfNoCase User-Agent "GOFORITBOT" bad_botSetEnvIfNoCase User-Agent "heritrix" bad_botSetEnvIfNoCase User-Agent "HLoader" bad_botSetEnvIfNoCase User-Agent "HooWWWer" bad_botSetEnvIfNoCase User-Agent "HTTrack" bad_botSetEnvIfNoCase User-Agent "iCCrawler" bad_botSetEnvIfNoCase User-Agent "ichiro" bad_botSetEnvIfNoCase User-Agent "iGetter" bad_botSetEnvIfNoCase User-Agent "imds_monitor" bad_botSetEnvIfNoCase User-Agent "Industry\ Program" bad_botSetEnvIfNoCase User-Agent "Indy\ Library" bad_botSetEnvIfNoCase User-Agent "InetURL" bad_botSetEnvIfNoCase User-Agent "InstallShield\ DigitalWizard" bad_botSetEnvIfNoCase User-Agent "IRLbot" bad_botSetEnvIfNoCase User-Agent "IUPUI\ Research\ Bot" bad_botSetEnvIfNoCase User-Agent "Java" bad_botSetEnvIfNoCase User-Agent "jeteye" bad_botSetEnvIfNoCase User-Agent "jeteyebot" bad_botSetEnvIfNoCase User-Agent "JoBo" bad_botSetEnvIfNoCase User-Agent "JOC\ Web\ Spider" bad_botSetEnvIfNoCase User-Agent "Kapere" bad_botSetEnvIfNoCase User-Agent "Larbin" bad_botSetEnvIfNoCase User-Agent "LeechGet" bad_botSetEnvIfNoCase User-Agent "LightningDownload" bad_botSetEnvIfNoCase User-Agent "Linkie" bad_botSetEnvIfNoCase User-Agent "Mac\ Finder" bad_botSetEnvIfNoCase User-Agent "Mail\ Sweeper" bad_botSetEnvIfNoCase User-Agent "Mass\ Downloader" bad_botSetEnvIfNoCase User-Agent "MegaIndex" bad_botSetEnvIfNoCase User-Agent "MetaProducts\ Download\ Express" bad_botSetEnvIfNoCase User-Agent "Microsoft\ Data\ Access" bad_botSetEnvIfNoCase User-Agent "Microsoft\ URL\ Control" bad_botSetEnvIfNoCase User-Agent "Missauga\ Locate" bad_botSetEnvIfNoCase User-Agent "Missauga\ Locator" bad_botSetEnvIfNoCase User-Agent "Missigua Locator" bad_botSetEnvIfNoCase User-Agent "Missouri\ College\ Browse" bad_botSetEnvIfNoCase User-Agent "Mister\ PiX" bad_botSetEnvIfNoCase User-Agent "MovableType" bad_botSetEnvIfNoCase User-Agent "Mozi!" bad_botSetEnvIfNoCase User-Agent "Mozilla/3.0 (compatible)" bad_botSetEnvIfNoCase User-Agent "Mozilla/5.0 (compatible; MSIE 5.0)" bad_botSetEnvIfNoCase User-Agent "MSIE_6.0" bad_botSetEnvIfNoCase User-Agent "MSIECrawler" badbotSetEnvIfNoCase User-Agent "MVAClient" bad_botSetEnvIfNoCase User-Agent "MyFamilyBot" bad_botSetEnvIfNoCase User-Agent "MyGetRight" bad_botSetEnvIfNoCase User-Agent "NASA\ Search" bad_botSetEnvIfNoCase User-Agent "Naver" bad_botSetEnvIfNoCase User-Agent "NaverBot" bad_botSetEnvIfNoCase User-Agent "NetAnts" bad_botSetEnvIfNoCase User-Agent "NetResearchServer" bad_botSetEnvIfNoCase User-Agent "NEWT\ ActiveX" bad_botSetEnvIfNoCase User-Agent "Nextopia" bad_botSetEnvIfNoCase User-Agent "NICErsPRO" bad_botSetEnvIfNoCase User-Agent "NimbleCrawler" bad_botSetEnvIfNoCase User-Agent "Nitro\ Downloader" bad_botSetEnvIfNoCase User-Agent "Nutch" bad_botSetEnvIfNoCase User-Agent "Offline\ Explorer" bad_botSetEnvIfNoCase User-Agent "OmniExplorer" bad_botSetEnvIfNoCase User-Agent "OutfoxBot" bad_botSetEnvIfNoCase User-Agent "P3P" bad_botSetEnvIfNoCase User-Agent "PagmIEDownload" bad_botSetEnvIfNoCase User-Agent "pavuk" bad_botSetEnvIfNoCase User-Agent "PHP\ version" bad_botSetEnvIfNoCase User-Agent "playstarmusic" bad_botSetEnvIfNoCase User-Agent "Program\ Shareware" bad_botSetEnvIfNoCase User-Agent "Progressive Download" bad_botSetEnvIfNoCase User-Agent "psycheclone" bad_botSetEnvIfNoCase User-Agent "puf" bad_botSetEnvIfNoCase User-Agent "PussyCat" bad_botSetEnvIfNoCase User-Agent "PuxaRapido" bad_botSetEnvIfNoCase User-Agent "Python-urllib" bad_botSetEnvIfNoCase User-Agent "Qwantify" bad_botSetEnvIfNoCase User-Agent "RealDownload" bad_botSetEnvIfNoCase User-Agent "RedKernel" bad_botSetEnvIfNoCase User-Agent "relevantnoise" bad_botSetEnvIfNoCase User-Agent "RepoMonkey\ Bait\ &\ Tackle" bad_botSetEnvIfNoCase User-Agent "RTG30" bad_botSetEnvIfNoCase User-Agent "SBIder" bad_botSetEnvIfNoCase User-Agent "script" bad_botSetEnvIfNoCase User-Agent "Seekbot" bad_botSetEnvIfNoCase User-Agent "seoscanners" bad_botSetEnvIfNoCase User-Agent "SemrushBot" bad_botSetEnvIfNoCase User-Agent "SiteExplorer" bad_botSetEnvIfNoCase User-Agent "SiteSnagger" bad_botSetEnvIfNoCase User-Agent "SmartDownload" bad_botSetEnvIfNoCase User-Agent "sna-" bad_botSetEnvIfNoCase User-Agent "Snap\ bot" bad_botSetEnvIfNoCase User-Agent "SpeedDownload" bad_botSetEnvIfNoCase User-Agent "Sphere" bad_botSetEnvIfNoCase User-Agent "sproose" bad_botSetEnvIfNoCase User-Agent "SQ\ Webscanner" bad_botSetEnvIfNoCase User-Agent "Stamina" bad_botSetEnvIfNoCase User-Agent "Star\ Downloader" bad_botSetEnvIfNoCase User-Agent "Teleport" bad_botSetEnvIfNoCase User-Agent "TurnitinBot" bad_botSetEnvIfNoCase User-Agent "TwengaBot" bad_botSetEnvIfNoCase User-Agent "UdmSearch" bad_botSetEnvIfNoCase User-Agent "URLGetFile" bad_botSetEnvIfNoCase User-Agent "User-Agent" bad_botSetEnvIfNoCase User-Agent "UtilMind\ HTTPGet" bad_botSetEnvIfNoCase User-Agent "WebAuto" bad_botSetEnvIfNoCase User-Agent "WebCapture" bad_botSetEnvIfNoCase User-Agent "webcollage" bad_botSetEnvIfNoCase User-Agent "WebCopier" bad_botSetEnvIfNoCase User-Agent "WebFilter" bad_botSetEnvIfNoCase User-Agent "WebReaper" bad_botSetEnvIfNoCase User-Agent "Website\ eXtractor" bad_botSetEnvIfNoCase User-Agent "WebStripper" bad_botSetEnvIfNoCase User-Agent "WebZIP" bad_botSetEnvIfNoCase User-Agent "Wells\ Search" bad_botSetEnvIfNoCase User-Agent "WEP\ Search\ 00" bad_botSetEnvIfNoCase User-Agent "Wget" bad_botSetEnvIfNoCase User-Agent "Wildsoft\ Surfer" bad_botSetEnvIfNoCase User-Agent "WinHttpRequest" bad_botSetEnvIfNoCase User-Agent "WWWOFFLE" bad_botSetEnvIfNoCase User-Agent "Xaldon\ WebSpider" bad_botSetEnvIfNoCase User-Agent "Y!TunnelPro" bad_botSetEnvIfNoCase User-Agent "YahooYSMcm" bad_botSetEnvIfNoCase User-Agent "WWWOFFLE" bad_botSetEnvIfNoCase User-Agent "Xaldon\ WebSpider" bad_botSetEnvIfNoCase User-Agent "Y!TunnelPro" bad_botSetEnvIfNoCase User-Agent "YahooYSMcm" bad_botSetEnvIfNoCase User-Agent "YandexBot" bad_botSetEnvIfNoCase User-Agent "Zade" bad_botSetEnvIfNoCase User-Agent "ZBot" bad_botSetEnvIfNoCase User-Agent "zerxbot" bad_bot<Location />Order Allow,DenyDeny from env=bad_botAllow from all</Location>

This has been setup in order to prevent unwanted scans from unwanted spiders...
After clearing the contents and restarting apache service, the certificate request and setup has worked perfectly.

But now the question: if the user agent is

Code

Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)

why is it blocked with a 403 error ?

Thx again a lot for your time @Nuxwin, my bad...

LetsEncrypt 3.1.0 - Challenges Failed for all domains

Share

Similar Threads

lets encrypt: Challenge failed for domain xxx.de Challenge failed for domain www.xxx.de Challenges failed for all domains

Create letencrypt get error.

Lets Encrypt Plugin und Proxy

Let's Encrypt Fehler

Daily visitors