This was a set and forget docker. Then I just got notice that certificates are going to expire. I checked out NGINX and sure enough it is failing to renew. No idea why. Ports seem fine and haven't changed. Logs a below and diagnostics attached. Thanks.
[app ] [3/5/2025] [8:29:27 AM] [SSL ] › ✖ error Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
[app ] Failed to renew certificate npm-11 with error: Some challenges have failed.
[app ] All renewals failed. The following certificates could not be renewed:
[app ] /etc/letsencrypt/live/npm-11/fullchain.pem (failure)
[app ] 1 renew failure(s), 0 parse failure(s)
[app ] Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.
[app ] [3/5/2025] [8:29:27 AM] [SSL ] › ℹ info Completed SSL cert renew process
2025-03-05 08:29:22,800:DEBUG:certbot._internal.main:certbot version: 3.1.0
2025-03-05 08:29:22,800:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2025-03-05 08:29:22,800:DEBUG:certbot._internal.main:Arguments: ['--force-renewal', '--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-8', '--preferred-challenges', 'dns,http', '--no-random-sleep-on-renew', '--disable-hook-validation']
2025-03-05 08:29:22,801:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-03-05 08:29:22,832:DEBUG:certbot._internal.log:Root logging level set at 30
2025-03-05 08:29:22,836:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/npm-8.conf
2025-03-05 08:29:22,847:DEBUG:certbot.configuration:Var pref_challs=['dns-01', 'http-01'] (set by user).
2025-03-05 08:29:22,847:DEBUG:certbot.configuration:Var config_dir=/etc/letsencrypt (set by user).
2025-03-05 08:29:22,848:DEBUG:certbot.configuration:Var logs_dir=/tmp/letsencrypt-log (set by user).
2025-03-05 08:29:22,848:DEBUG:certbot.configuration:Var work_dir=/tmp/letsencrypt-lib (set by user).
2025-03-05 08:29:22,849:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2025-03-05 08:29:22,849:DEBUG:certbot.configuration:Var preferred_chain=ISRG Root X1 (set by user).
2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var key_type=ecdsa (set by user).
2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var elliptic_curve=secp384r1 (set by user).
2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var webroot_path=['/data/letsencrypt-acme-challenge'] (set by user).
2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var webroot_map={'webroot_path'} (set by user).
2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var webroot_path=['/data/letsencrypt-acme-challenge'] (set by user).
2025-03-05 08:29:22,879:DEBUG:certbot._internal.renewal:Auto-renewal forced with --force-renewal...
2025-03-05 08:29:22,880:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2025-03-05 08:29:22,880:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A separate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x14906ae7eda0>
Prep: True
2025-03-05 08:29:22,881:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x14906ae7eda0> and installer None
2025-03-05 08:29:22,881:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2025-03-05 08:29:22,941:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/2089955277', new_authzr_uri=None, terms_of_service=None), 9fdff809fd74c0d75b72d2d684cbabd0, Meta(creation_dt=datetime.datetime(2024, 12, 2, 14, 16, 33, tzinfo=datetime.timezone.utc), creation_host='d8c38cf8bc4b', register_to_eff=None))>
2025-03-05 08:29:22,942:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-03-05 08:29:22,945:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-03-05 08:29:23,110:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 1042
2025-03-05 08:29:23,111:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 05 Mar 2025 13:29:23 GMT
Content-Type: application/json
Content-Length: 1042
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"1wiqWvUNI48": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"profiles": {
"classic": "https://letsencrypt.org/docs/profiles#classic",
"shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
"tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver (not yet generally available)"
},
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-03-05 08:29:23,115:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for frigate.themasons.net
2025-03-05 08:29:23,123:DEBUG:acme.client:Requesting fresh nonce
2025-03-05 08:29:23,123:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2025-03-05 08:29:23,177:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-03-05 08:29:23,178:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 05 Mar 2025 13:29:23 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: O_IBgPpLK4_7mNt-_MTs2MqevazewZvOQMUVrwyQtB4skvjDIi8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2025-03-05 08:29:23,178:DEBUG:acme.client:Storing nonce: O_IBgPpLK4_7mNt-_MTs2MqevazewZvOQMUVrwyQtB4skvjDIi8
2025-03-05 08:29:23,179:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "frigate.themasons.net"\n }\n ]\n}'
2025-03-05 08:29:23,182:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjA4OTk1NTI3NyIsICJub25jZSI6ICJPX0lCZ1BwTEs0XzdtTnQtX01UczJNcWV2YXpld1p2T1FNVVZyd3lRdEI0c2t2akRJaTgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "Xn862je0tRoOnj9CmNp82OlH4hiuPPLeHvZP5LSpoDpVtgTkLPJbu4k-QY90NHv3QJQSKaHmKhUJldkO7md6lLunXs02_UJflTzjHTVo656_0a1GkLdr-8QWr2PrMd8lif4AXUS16P3UuXcyF-cpi49CemfzZ8UUOf3mIo99jgebWN9iruoJyi58INGR5sN6QrIfu6KoPnP8Mf87PQ01yLLYv9vlQOucUZ8S178epsG1FLAWLXdm1ELdCxzcUxNU7ZLE7yzhf3ojiE4EmQHI3vzkzm-DTQf8iIiBr5T7udZZ7hsuOEkJJ5v35lsw0oohzQbPAhNhkpWhsOdxRM0CWg",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImZyaWdhdGUudGhlbWFzb25zLm5ldCIKICAgIH0KICBdCn0"
}
2025-03-05 08:29:23,395:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 355
2025-03-05 08:29:23,396:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 05 Mar 2025 13:29:23 GMT
Content-Type: application/json
Content-Length: 355
Connection: keep-alive
Boulder-Requester: 2089955277
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/2089955277/360474178825
Replay-Nonce: O_IBgPpLsDvBk-JuFgLgaJ9Z0Qb1QjEJ6b1KZavZsiS7EuH6wh0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2025-03-12T13:29:23Z",
"identifiers": [
{
"type": "dns",
"value": "frigate.themasons.net"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/2089955277/485188991435"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/2089955277/360474178825"
}
2025-03-05 08:29:23,397:DEBUG:acme.client:Storing nonce: O_IBgPpLsDvBk-JuFgLgaJ9Z0Qb1QjEJ6b1KZavZsiS7EuH6wh0
2025-03-05 08:29:23,397:DEBUG:acme.client:JWS payload:
b''
2025-03-05 08:29:23,399:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2089955277/485188991435:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjA4OTk1NTI3NyIsICJub25jZSI6ICJPX0lCZ1BwTHNEdkJrLUp1RmdMZ2FKOVowUWIxUWpFSjZiMUtaYXZac2lTN0V1SDZ3aDAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzIwODk5NTUyNzcvNDg1MTg4OTkxNDM1In0",
"signature": "JggVQlY1o9nsAHF7ZjS0jzcyOItwxdbuHVojrY_CpMENFqfWFualSyNoX_QVzDpkmzFSOlt8LGYqztiLdS7PIoE3Ma-QN195qnBG_1270Cz3UNUIaFECCIcvLcyBAJ8ssrGVpiRyvM8RaUntj7jmumr_cn_lRDwIZwtxafLrmz03qz7Epkb7QjfCsMJIQgf85J6ldnKT4rh8eQ2gSvS-sZ0tPnQq_v5I7-R9SxJSvCnXZmquDvzg034MKmRZt29Vs4HaT2Q2lQ9-TLgwSoXr1ux4GVI2oqkoQ7yY60yktly2cqbAf2YF-ORTAwmgcAY6EKCj8eujrPEXqYkNjoyvBQ",
"payload": ""
}
2025-03-05 08:29:23,478:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2089955277/485188991435 HTTP/1.1" 200 829
2025-03-05 08:29:23,479:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 05 Mar 2025 13:29:23 GMT
Content-Type: application/json
Content-Length: 829
Connection: keep-alive
Boulder-Requester: 2089955277
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: rkDw0Do9M4mcIHEaBSJGCaUbqzFihJsOuDtG_ErxfUHAzC2vLUw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "frigate.themasons.net"
},
"status": "pending",
"expires": "2025-03-12T13:29:23Z",
"challenges": [
{
"type": "tls-alpn-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/gTkoFg",
"status": "pending",
"token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo"
},
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg",
"status": "pending",
"token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo"
},
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/YF79-g",
"status": "pending",
"token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo"
}
]
}
2025-03-05 08:29:23,479:DEBUG:acme.client:Storing nonce: rkDw0Do9M4mcIHEaBSJGCaUbqzFihJsOuDtG_ErxfUHAzC2vLUw
2025-03-05 08:29:23,480:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-03-05 08:29:23,480:INFO:certbot._internal.auth_handler:http-01 challenge for frigate.themasons.net
2025-03-05 08:29:23,480:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2025-03-05 08:29:23,481:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2025-03-05 08:29:23,483:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo
2025-03-05 08:29:23,485:DEBUG:acme.client:JWS payload:
b'{}'
2025-03-05 08:29:23,487:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjA4OTk1NTI3NyIsICJub25jZSI6ICJya0R3MERvOU00bWNJSEVhQlNKR0NhVWJxekZpaEpzT3VEdEdfRXJ4ZlVIQXpDMnZMVXciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzIwODk5NTUyNzcvNDg1MTg4OTkxNDM1L3BzNHJHZyJ9",
"signature": "D3wQ1ElAt-MG4G47CQcwxmWgBXIj8giVYZdvMtttZaVZaoa5Z-lmr9VJcl9N7Uk4t61FuETeE7puiLqmrpdn1Q0soE9PkygxGx5fm8TGixZaLxQLEDiYfGxainrFth4LKdEDH23UQS8Je9lEbuhuchXQFD3100qePYQDoOOC7GRoisgIPhQFVdBDT8LyhsdeH43_mAHHFeo-HScoRR3a4yKFl_mKRe3SQTAIoqKk5XT2Wpbk8eis2aoP_GUOzC8hSSTQIJpW-EsvHUEBVnipcxa9MdjUs7kuJZLxQ61Mse5uhNjIOYAFthHcvYjug79_lSyEFA2r6oqRHE_9kXHARQ",
"payload": "e30"
}
2025-03-05 08:29:23,599:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/2089955277/485188991435/ps4rGg HTTP/1.1" 200 195
2025-03-05 08:29:23,601:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 05 Mar 2025 13:29:23 GMT
Content-Type: application/json
Content-Length: 195
Connection: keep-alive
Boulder-Requester: 2089955277
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz/2089955277/485188991435>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg
Replay-Nonce: rkDw0Do9-3ugme4jN-LDUD51yvkTVVDt67Zdvx4j76VaQlum9kA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg",
"status": "pending",
"token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo"
}
2025-03-05 08:29:23,601:DEBUG:acme.client:Storing nonce: rkDw0Do9-3ugme4jN-LDUD51yvkTVVDt67Zdvx4j76VaQlum9kA
2025-03-05 08:29:23,602:INFO:certbot._internal.auth_handler:Waiting for verification...
2025-03-05 08:29:24,603:DEBUG:acme.client:JWS payload:
b''
2025-03-05 08:29:24,605:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2089955277/485188991435:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjA4OTk1NTI3NyIsICJub25jZSI6ICJya0R3MERvOS0zdWdtZTRqTi1MRFVENTF5dmtUVlZEdDY3WmR2eDRqNzZWYVFsdW05a0EiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzIwODk5NTUyNzcvNDg1MTg4OTkxNDM1In0",
"signature": "ljjoj78dh3Sr9OOXUPKTMt2TbPY7YyUAw0LvcadxJbZl9B284wdxq2eTzmbRr-50JcReiMu2iYD--OreYwa_tGdM_HElUsnB7iubbuvgWSzyp-B4w3nXphooRj0i4EIzWtEho-ErQGzlVWivcaKahDmybx51iDffyvENTI1nGA8cveLCpAbUI0kt6wNKcVJNZ6F6yc0zymJo1EIEzEtF7NDHzhJlEIXKCl3Ft7G5xL8ujytYke8TvRwikMwpU18vd9SF62lVTi1EMjq_YjAeO1gSZUOSrkXKU-Uyy8VEmWr4KbOzvcOmz7Gmb7T5mqeTun01ecP7jAvOfiGIrVKRnA",
"payload": ""
}
2025-03-05 08:29:24,680:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2089955277/485188991435 HTTP/1.1" 200 1385
2025-03-05 08:29:24,682:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 05 Mar 2025 13:29:24 GMT
Content-Type: application/json
Content-Length: 1385
Connection: keep-alive
Boulder-Requester: 2089955277
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: O_IBgPpLeg6KOoN9YklSAGZR2CJtpSPmQQwkeOwNWO9ROUaGcfo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "frigate.themasons.net"
},
"status": "invalid",
"expires": "2025-03-12T13:29:23Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg",
"status": "invalid",
"validated": "2025-03-05T13:29:23Z",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "100.8.123.38: Invalid response from https://frigate.themasons.net/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo: 404",
"status": 403
},
"token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo",
"validationRecord": [
{
"url": "http://frigate.themasons.net/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo",
"hostname": "frigate.themasons.net",
"port": "80",
"addressesResolved": [
"100.8.123.38"
],
"addressUsed": "100.8.123.38"
},
{
"url": "https://frigate.themasons.net/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo",
"hostname": "frigate.themasons.net",
"port": "443",
"addressesResolved": [
"100.8.123.38"
],
"addressUsed": "100.8.123.38"
}
]
}
]
}
2025-03-05 08:29:24,683:DEBUG:acme.client:Storing nonce: O_IBgPpLeg6KOoN9YklSAGZR2CJtpSPmQQwkeOwNWO9ROUaGcfo
2025-03-05 08:29:24,684:INFO:certbot._internal.auth_handler:Challenge failed for domain frigate.themasons.net
2025-03-05 08:29:24,684:INFO:certbot._internal.auth_handler:http-01 challenge for frigate.themasons.net
2025-03-05 08:29:24,684:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: frigate.themasons.net
Type: unauthorized
Detail: 100.8.123.38: Invalid response from https://frigate.themasons.net/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo: 404
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
2025-03-05 08:29:24,685:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2025-03-05 08:29:24,685:DEBUG:certbot._internal.error_handler:Calling registered functions
2025-03-05 08:29:24,686:INFO:certbot._internal.auth_handler:Cleaning up challenges
2025-03-05 08:29:24,686:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo
2025-03-05 08:29:24,687:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2025-03-05 08:29:24,688:ERROR:certbot._internal.renewal:Failed to renew certificate npm-8 with error: Some challenges have failed.
2025-03-05 08:29:24,689:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3.10/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 1529, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 130, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3.10/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3.10/site-packages/certbot/_internal/client.py", line 429, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3.10/site-packages/certbot/_internal/client.py", line 497, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2025-03-05 08:29:24,693:DEBUG:certbot._internal.display.obj:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2025-03-05 08:29:24,693:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2025-03-05 08:29:24,693:ERROR:certbot._internal.renewal: /etc/letsencrypt/live/npm-8/fullchain.pem (failure)
2025-03-05 08:29:24,694:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2025-03-05 08:29:24,694:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 8, in <module>
sys.exit(main())
File "/usr/lib/python3.10/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 1873, in main
return config.func(config, plugins)
File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 1621, in renew
renewed_domains, failed_domains = renewal.handle_renewal_request(config)
File "/usr/lib/python3.10/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request
raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2025-03-05 08:29:24,694:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
odin-diagnostics-20250305-0839.zip