March 5, 20251 yr This was a set and forget docker. Then I just got notice that certificates are going to expire. I checked out NGINX and sure enough it is failing to renew. No idea why. Ports seem fine and haven't changed. Logs a below and diagnostics attached. Thanks. [app ] [3/5/2025] [8:29:27 AM] [SSL ] › ✖ error Saving debug log to /tmp/letsencrypt-log/letsencrypt.log [app ] Failed to renew certificate npm-11 with error: Some challenges have failed. [app ] All renewals failed. The following certificates could not be renewed: [app ] /etc/letsencrypt/live/npm-11/fullchain.pem (failure) [app ] 1 renew failure(s), 0 parse failure(s) [app ] Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details. [app ] [3/5/2025] [8:29:27 AM] [SSL ] › ℹ info Completed SSL cert renew process 2025-03-05 08:29:22,800:DEBUG:certbot._internal.main:certbot version: 3.1.0 2025-03-05 08:29:22,800:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot 2025-03-05 08:29:22,800:DEBUG:certbot._internal.main:Arguments: ['--force-renewal', '--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-8', '--preferred-challenges', 'dns,http', '--no-random-sleep-on-renew', '--disable-hook-validation'] 2025-03-05 08:29:22,801:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2025-03-05 08:29:22,832:DEBUG:certbot._internal.log:Root logging level set at 30 2025-03-05 08:29:22,836:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/npm-8.conf 2025-03-05 08:29:22,847:DEBUG:certbot.configuration:Var pref_challs=['dns-01', 'http-01'] (set by user). 2025-03-05 08:29:22,847:DEBUG:certbot.configuration:Var config_dir=/etc/letsencrypt (set by user). 2025-03-05 08:29:22,848:DEBUG:certbot.configuration:Var logs_dir=/tmp/letsencrypt-log (set by user). 2025-03-05 08:29:22,848:DEBUG:certbot.configuration:Var work_dir=/tmp/letsencrypt-lib (set by user). 2025-03-05 08:29:22,849:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None 2025-03-05 08:29:22,849:DEBUG:certbot.configuration:Var preferred_chain=ISRG Root X1 (set by user). 2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var key_type=ecdsa (set by user). 2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var elliptic_curve=secp384r1 (set by user). 2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var webroot_path=['/data/letsencrypt-acme-challenge'] (set by user). 2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var webroot_map={'webroot_path'} (set by user). 2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var webroot_path=['/data/letsencrypt-acme-challenge'] (set by user). 2025-03-05 08:29:22,879:DEBUG:certbot._internal.renewal:Auto-renewal forced with --force-renewal... 2025-03-05 08:29:22,880:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None 2025-03-05 08:29:22,880:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A separate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported). Interfaces: Authenticator, Plugin Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins') Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x14906ae7eda0> Prep: True 2025-03-05 08:29:22,881:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x14906ae7eda0> and installer None 2025-03-05 08:29:22,881:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None 2025-03-05 08:29:22,941:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/2089955277', new_authzr_uri=None, terms_of_service=None), 9fdff809fd74c0d75b72d2d684cbabd0, Meta(creation_dt=datetime.datetime(2024, 12, 2, 14, 16, 33, tzinfo=datetime.timezone.utc), creation_host='d8c38cf8bc4b', register_to_eff=None))> 2025-03-05 08:29:22,942:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. 2025-03-05 08:29:22,945:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443 2025-03-05 08:29:23,110:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 1042 2025-03-05 08:29:23,111:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Wed, 05 Mar 2025 13:29:23 GMT Content-Type: application/json Content-Length: 1042 Connection: keep-alive Cache-Control: public, max-age=0, no-cache X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "1wiqWvUNI48": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "profiles": { "classic": "https://letsencrypt.org/docs/profiles#classic", "shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)", "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver (not yet generally available)" }, "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" } 2025-03-05 08:29:23,115:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for frigate.themasons.net 2025-03-05 08:29:23,123:DEBUG:acme.client:Requesting fresh nonce 2025-03-05 08:29:23,123:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce. 2025-03-05 08:29:23,177:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0 2025-03-05 08:29:23,178:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Wed, 05 Mar 2025 13:29:23 GMT Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: O_IBgPpLK4_7mNt-_MTs2MqevazewZvOQMUVrwyQtB4skvjDIi8 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 2025-03-05 08:29:23,178:DEBUG:acme.client:Storing nonce: O_IBgPpLK4_7mNt-_MTs2MqevazewZvOQMUVrwyQtB4skvjDIi8 2025-03-05 08:29:23,179:DEBUG:acme.client:JWS payload: b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "frigate.themasons.net"\n }\n ]\n}' 2025-03-05 08:29:23,182:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjA4OTk1NTI3NyIsICJub25jZSI6ICJPX0lCZ1BwTEs0XzdtTnQtX01UczJNcWV2YXpld1p2T1FNVVZyd3lRdEI0c2t2akRJaTgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9", "signature": "Xn862je0tRoOnj9CmNp82OlH4hiuPPLeHvZP5LSpoDpVtgTkLPJbu4k-QY90NHv3QJQSKaHmKhUJldkO7md6lLunXs02_UJflTzjHTVo656_0a1GkLdr-8QWr2PrMd8lif4AXUS16P3UuXcyF-cpi49CemfzZ8UUOf3mIo99jgebWN9iruoJyi58INGR5sN6QrIfu6KoPnP8Mf87PQ01yLLYv9vlQOucUZ8S178epsG1FLAWLXdm1ELdCxzcUxNU7ZLE7yzhf3ojiE4EmQHI3vzkzm-DTQf8iIiBr5T7udZZ7hsuOEkJJ5v35lsw0oohzQbPAhNhkpWhsOdxRM0CWg", "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImZyaWdhdGUudGhlbWFzb25zLm5ldCIKICAgIH0KICBdCn0" } 2025-03-05 08:29:23,395:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 355 2025-03-05 08:29:23,396:DEBUG:acme.client:Received response: HTTP 201 Server: nginx Date: Wed, 05 Mar 2025 13:29:23 GMT Content-Type: application/json Content-Length: 355 Connection: keep-alive Boulder-Requester: 2089955277 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Location: https://acme-v02.api.letsencrypt.org/acme/order/2089955277/360474178825 Replay-Nonce: O_IBgPpLsDvBk-JuFgLgaJ9Z0Qb1QjEJ6b1KZavZsiS7EuH6wh0 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "status": "pending", "expires": "2025-03-12T13:29:23Z", "identifiers": [ { "type": "dns", "value": "frigate.themasons.net" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz/2089955277/485188991435" ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/2089955277/360474178825" } 2025-03-05 08:29:23,397:DEBUG:acme.client:Storing nonce: O_IBgPpLsDvBk-JuFgLgaJ9Z0Qb1QjEJ6b1KZavZsiS7EuH6wh0 2025-03-05 08:29:23,397:DEBUG:acme.client:JWS payload: b'' 2025-03-05 08:29:23,399:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2089955277/485188991435: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjA4OTk1NTI3NyIsICJub25jZSI6ICJPX0lCZ1BwTHNEdkJrLUp1RmdMZ2FKOVowUWIxUWpFSjZiMUtaYXZac2lTN0V1SDZ3aDAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzIwODk5NTUyNzcvNDg1MTg4OTkxNDM1In0", "signature": "JggVQlY1o9nsAHF7ZjS0jzcyOItwxdbuHVojrY_CpMENFqfWFualSyNoX_QVzDpkmzFSOlt8LGYqztiLdS7PIoE3Ma-QN195qnBG_1270Cz3UNUIaFECCIcvLcyBAJ8ssrGVpiRyvM8RaUntj7jmumr_cn_lRDwIZwtxafLrmz03qz7Epkb7QjfCsMJIQgf85J6ldnKT4rh8eQ2gSvS-sZ0tPnQq_v5I7-R9SxJSvCnXZmquDvzg034MKmRZt29Vs4HaT2Q2lQ9-TLgwSoXr1ux4GVI2oqkoQ7yY60yktly2cqbAf2YF-ORTAwmgcAY6EKCj8eujrPEXqYkNjoyvBQ", "payload": "" } 2025-03-05 08:29:23,478:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2089955277/485188991435 HTTP/1.1" 200 829 2025-03-05 08:29:23,479:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Wed, 05 Mar 2025 13:29:23 GMT Content-Type: application/json Content-Length: 829 Connection: keep-alive Boulder-Requester: 2089955277 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: rkDw0Do9M4mcIHEaBSJGCaUbqzFihJsOuDtG_ErxfUHAzC2vLUw X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "frigate.themasons.net" }, "status": "pending", "expires": "2025-03-12T13:29:23Z", "challenges": [ { "type": "tls-alpn-01", "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/gTkoFg", "status": "pending", "token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo" }, { "type": "http-01", "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg", "status": "pending", "token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo" }, { "type": "dns-01", "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/YF79-g", "status": "pending", "token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo" } ] } 2025-03-05 08:29:23,479:DEBUG:acme.client:Storing nonce: rkDw0Do9M4mcIHEaBSJGCaUbqzFihJsOuDtG_ErxfUHAzC2vLUw 2025-03-05 08:29:23,480:INFO:certbot._internal.auth_handler:Performing the following challenges: 2025-03-05 08:29:23,480:INFO:certbot._internal.auth_handler:http-01 challenge for frigate.themasons.net 2025-03-05 08:29:23,480:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. 2025-03-05 08:29:23,481:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge 2025-03-05 08:29:23,483:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo 2025-03-05 08:29:23,485:DEBUG:acme.client:JWS payload: b'{}' 2025-03-05 08:29:23,487:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjA4OTk1NTI3NyIsICJub25jZSI6ICJya0R3MERvOU00bWNJSEVhQlNKR0NhVWJxekZpaEpzT3VEdEdfRXJ4ZlVIQXpDMnZMVXciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzIwODk5NTUyNzcvNDg1MTg4OTkxNDM1L3BzNHJHZyJ9", "signature": "D3wQ1ElAt-MG4G47CQcwxmWgBXIj8giVYZdvMtttZaVZaoa5Z-lmr9VJcl9N7Uk4t61FuETeE7puiLqmrpdn1Q0soE9PkygxGx5fm8TGixZaLxQLEDiYfGxainrFth4LKdEDH23UQS8Je9lEbuhuchXQFD3100qePYQDoOOC7GRoisgIPhQFVdBDT8LyhsdeH43_mAHHFeo-HScoRR3a4yKFl_mKRe3SQTAIoqKk5XT2Wpbk8eis2aoP_GUOzC8hSSTQIJpW-EsvHUEBVnipcxa9MdjUs7kuJZLxQ61Mse5uhNjIOYAFthHcvYjug79_lSyEFA2r6oqRHE_9kXHARQ", "payload": "e30" } 2025-03-05 08:29:23,599:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/2089955277/485188991435/ps4rGg HTTP/1.1" 200 195 2025-03-05 08:29:23,601:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Wed, 05 Mar 2025 13:29:23 GMT Content-Type: application/json Content-Length: 195 Connection: keep-alive Boulder-Requester: 2089955277 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz/2089955277/485188991435>;rel="up" Location: https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg Replay-Nonce: rkDw0Do9-3ugme4jN-LDUD51yvkTVVDt67Zdvx4j76VaQlum9kA X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "type": "http-01", "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg", "status": "pending", "token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo" } 2025-03-05 08:29:23,601:DEBUG:acme.client:Storing nonce: rkDw0Do9-3ugme4jN-LDUD51yvkTVVDt67Zdvx4j76VaQlum9kA 2025-03-05 08:29:23,602:INFO:certbot._internal.auth_handler:Waiting for verification... 2025-03-05 08:29:24,603:DEBUG:acme.client:JWS payload: b'' 2025-03-05 08:29:24,605:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2089955277/485188991435: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjA4OTk1NTI3NyIsICJub25jZSI6ICJya0R3MERvOS0zdWdtZTRqTi1MRFVENTF5dmtUVlZEdDY3WmR2eDRqNzZWYVFsdW05a0EiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzIwODk5NTUyNzcvNDg1MTg4OTkxNDM1In0", "signature": "ljjoj78dh3Sr9OOXUPKTMt2TbPY7YyUAw0LvcadxJbZl9B284wdxq2eTzmbRr-50JcReiMu2iYD--OreYwa_tGdM_HElUsnB7iubbuvgWSzyp-B4w3nXphooRj0i4EIzWtEho-ErQGzlVWivcaKahDmybx51iDffyvENTI1nGA8cveLCpAbUI0kt6wNKcVJNZ6F6yc0zymJo1EIEzEtF7NDHzhJlEIXKCl3Ft7G5xL8ujytYke8TvRwikMwpU18vd9SF62lVTi1EMjq_YjAeO1gSZUOSrkXKU-Uyy8VEmWr4KbOzvcOmz7Gmb7T5mqeTun01ecP7jAvOfiGIrVKRnA", "payload": "" } 2025-03-05 08:29:24,680:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2089955277/485188991435 HTTP/1.1" 200 1385 2025-03-05 08:29:24,682:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Wed, 05 Mar 2025 13:29:24 GMT Content-Type: application/json Content-Length: 1385 Connection: keep-alive Boulder-Requester: 2089955277 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: O_IBgPpLeg6KOoN9YklSAGZR2CJtpSPmQQwkeOwNWO9ROUaGcfo X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "frigate.themasons.net" }, "status": "invalid", "expires": "2025-03-12T13:29:23Z", "challenges": [ { "type": "http-01", "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg", "status": "invalid", "validated": "2025-03-05T13:29:23Z", "error": { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "100.8.123.38: Invalid response from https://frigate.themasons.net/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo: 404", "status": 403 }, "token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo", "validationRecord": [ { "url": "http://frigate.themasons.net/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo", "hostname": "frigate.themasons.net", "port": "80", "addressesResolved": [ "100.8.123.38" ], "addressUsed": "100.8.123.38" }, { "url": "https://frigate.themasons.net/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo", "hostname": "frigate.themasons.net", "port": "443", "addressesResolved": [ "100.8.123.38" ], "addressUsed": "100.8.123.38" } ] } ] } 2025-03-05 08:29:24,683:DEBUG:acme.client:Storing nonce: O_IBgPpLeg6KOoN9YklSAGZR2CJtpSPmQQwkeOwNWO9ROUaGcfo 2025-03-05 08:29:24,684:INFO:certbot._internal.auth_handler:Challenge failed for domain frigate.themasons.net 2025-03-05 08:29:24,684:INFO:certbot._internal.auth_handler:http-01 challenge for frigate.themasons.net 2025-03-05 08:29:24,684:DEBUG:certbot._internal.display.obj:Notifying user: Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: frigate.themasons.net Type: unauthorized Detail: 100.8.123.38: Invalid response from https://frigate.themasons.net/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo: 404 Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet. 2025-03-05 08:29:24,685:DEBUG:certbot._internal.error_handler:Encountered exception: Traceback (most recent call last): File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort) File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2025-03-05 08:29:24,685:DEBUG:certbot._internal.error_handler:Calling registered functions 2025-03-05 08:29:24,686:INFO:certbot._internal.auth_handler:Cleaning up challenges 2025-03-05 08:29:24,686:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo 2025-03-05 08:29:24,687:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up 2025-03-05 08:29:24,688:ERROR:certbot._internal.renewal:Failed to renew certificate npm-8 with error: Some challenges have failed. 2025-03-05 08:29:24,689:DEBUG:certbot._internal.renewal:Traceback was: Traceback (most recent call last): File "/usr/lib/python3.10/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request main.renew_cert(lineage_config, plugins, renewal_candidate) File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 1529, in renew_cert renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage) File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 130, in _get_and_save_cert renewal.renew_cert(config, domains, le_client, lineage) File "/usr/lib/python3.10/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key) File "/usr/lib/python3.10/site-packages/certbot/_internal/client.py", line 429, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/usr/lib/python3.10/site-packages/certbot/_internal/client.py", line 497, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort) File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort) File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2025-03-05 08:29:24,693:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2025-03-05 08:29:24,693:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed: 2025-03-05 08:29:24,693:ERROR:certbot._internal.renewal: /etc/letsencrypt/live/npm-8/fullchain.pem (failure) 2025-03-05 08:29:24,694:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2025-03-05 08:29:24,694:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 8, in <module> sys.exit(main()) File "/usr/lib/python3.10/site-packages/certbot/main.py", line 19, in main return internal_main.main(cli_args) File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 1873, in main return config.func(config, plugins) File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 1621, in renew renewed_domains, failed_domains = renewal.handle_renewal_request(config) File "/usr/lib/python3.10/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request raise errors.Error( certbot.errors.Error: 1 renew failure(s), 0 parse failure(s) 2025-03-05 08:29:24,694:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s) odin-diagnostics-20250305-0839.zip
March 6, 20251 yr Author On 3/5/2025 at 8:55 AM, The Transplant said: This was a set and forget docker. Then I just got notice that certificates are going to expire. I checked out NGINX and sure enough it is failing to renew. No idea why. Ports seem fine and haven't changed. Logs a below and diagnostics attached. Thanks. [app ] [3/5/2025] [8:29:27 AM] [SSL ] › ✖ error Saving debug log to /tmp/letsencrypt-log/letsencrypt.log [app ] Failed to renew certificate npm-11 with error: Some challenges have failed. [app ] All renewals failed. The following certificates could not be renewed: [app ] /etc/letsencrypt/live/npm-11/fullchain.pem (failure) [app ] 1 renew failure(s), 0 parse failure(s) [app ] Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details. [app ] [3/5/2025] [8:29:27 AM] [SSL ] › ℹ info Completed SSL cert renew process 2025-03-05 08:29:22,800:DEBUG:certbot._internal.main:certbot version: 3.1.0 2025-03-05 08:29:22,800:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot 2025-03-05 08:29:22,800:DEBUG:certbot._internal.main:Arguments: ['--force-renewal', '--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-8', '--preferred-challenges', 'dns,http', '--no-random-sleep-on-renew', '--disable-hook-validation'] 2025-03-05 08:29:22,801:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2025-03-05 08:29:22,832:DEBUG:certbot._internal.log:Root logging level set at 30 2025-03-05 08:29:22,836:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/npm-8.conf 2025-03-05 08:29:22,847:DEBUG:certbot.configuration:Var pref_challs=['dns-01', 'http-01'] (set by user). 2025-03-05 08:29:22,847:DEBUG:certbot.configuration:Var config_dir=/etc/letsencrypt (set by user). 2025-03-05 08:29:22,848:DEBUG:certbot.configuration:Var logs_dir=/tmp/letsencrypt-log (set by user). 2025-03-05 08:29:22,848:DEBUG:certbot.configuration:Var work_dir=/tmp/letsencrypt-lib (set by user). 2025-03-05 08:29:22,849:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None 2025-03-05 08:29:22,849:DEBUG:certbot.configuration:Var preferred_chain=ISRG Root X1 (set by user). 2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var key_type=ecdsa (set by user). 2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var elliptic_curve=secp384r1 (set by user). 2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var webroot_path=['/data/letsencrypt-acme-challenge'] (set by user). 2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var webroot_map={'webroot_path'} (set by user). 2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var webroot_path=['/data/letsencrypt-acme-challenge'] (set by user). 2025-03-05 08:29:22,879:DEBUG:certbot._internal.renewal:Auto-renewal forced with --force-renewal... 2025-03-05 08:29:22,880:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None 2025-03-05 08:29:22,880:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A separate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported). Interfaces: Authenticator, Plugin Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins') Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x14906ae7eda0> Prep: True 2025-03-05 08:29:22,881:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x14906ae7eda0> and installer None 2025-03-05 08:29:22,881:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None 2025-03-05 08:29:22,941:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/2089955277', new_authzr_uri=None, terms_of_service=None), 9fdff809fd74c0d75b72d2d684cbabd0, Meta(creation_dt=datetime.datetime(2024, 12, 2, 14, 16, 33, tzinfo=datetime.timezone.utc), creation_host='d8c38cf8bc4b', register_to_eff=None))> 2025-03-05 08:29:22,942:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. 2025-03-05 08:29:22,945:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443 2025-03-05 08:29:23,110:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 1042 2025-03-05 08:29:23,111:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Wed, 05 Mar 2025 13:29:23 GMT Content-Type: application/json Content-Length: 1042 Connection: keep-alive Cache-Control: public, max-age=0, no-cache X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "1wiqWvUNI48": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "profiles": { "classic": "https://letsencrypt.org/docs/profiles#classic", "shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)", "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver (not yet generally available)" }, "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" } 2025-03-05 08:29:23,115:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for frigate.themasons.net 2025-03-05 08:29:23,123:DEBUG:acme.client:Requesting fresh nonce 2025-03-05 08:29:23,123:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce. 2025-03-05 08:29:23,177:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0 2025-03-05 08:29:23,178:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Wed, 05 Mar 2025 13:29:23 GMT Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: O_IBgPpLK4_7mNt-_MTs2MqevazewZvOQMUVrwyQtB4skvjDIi8 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 2025-03-05 08:29:23,178:DEBUG:acme.client:Storing nonce: O_IBgPpLK4_7mNt-_MTs2MqevazewZvOQMUVrwyQtB4skvjDIi8 2025-03-05 08:29:23,179:DEBUG:acme.client:JWS payload: b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "frigate.themasons.net"\n }\n ]\n}' 2025-03-05 08:29:23,182:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjA4OTk1NTI3NyIsICJub25jZSI6ICJPX0lCZ1BwTEs0XzdtTnQtX01UczJNcWV2YXpld1p2T1FNVVZyd3lRdEI0c2t2akRJaTgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9", "signature": "Xn862je0tRoOnj9CmNp82OlH4hiuPPLeHvZP5LSpoDpVtgTkLPJbu4k-QY90NHv3QJQSKaHmKhUJldkO7md6lLunXs02_UJflTzjHTVo656_0a1GkLdr-8QWr2PrMd8lif4AXUS16P3UuXcyF-cpi49CemfzZ8UUOf3mIo99jgebWN9iruoJyi58INGR5sN6QrIfu6KoPnP8Mf87PQ01yLLYv9vlQOucUZ8S178epsG1FLAWLXdm1ELdCxzcUxNU7ZLE7yzhf3ojiE4EmQHI3vzkzm-DTQf8iIiBr5T7udZZ7hsuOEkJJ5v35lsw0oohzQbPAhNhkpWhsOdxRM0CWg", "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImZyaWdhdGUudGhlbWFzb25zLm5ldCIKICAgIH0KICBdCn0" } 2025-03-05 08:29:23,395:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 355 2025-03-05 08:29:23,396:DEBUG:acme.client:Received response: HTTP 201 Server: nginx Date: Wed, 05 Mar 2025 13:29:23 GMT Content-Type: application/json Content-Length: 355 Connection: keep-alive Boulder-Requester: 2089955277 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Location: https://acme-v02.api.letsencrypt.org/acme/order/2089955277/360474178825 Replay-Nonce: O_IBgPpLsDvBk-JuFgLgaJ9Z0Qb1QjEJ6b1KZavZsiS7EuH6wh0 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "status": "pending", "expires": "2025-03-12T13:29:23Z", "identifiers": [ { "type": "dns", "value": "frigate.themasons.net" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz/2089955277/485188991435" ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/2089955277/360474178825" } 2025-03-05 08:29:23,397:DEBUG:acme.client:Storing nonce: O_IBgPpLsDvBk-JuFgLgaJ9Z0Qb1QjEJ6b1KZavZsiS7EuH6wh0 2025-03-05 08:29:23,397:DEBUG:acme.client:JWS payload: b'' 2025-03-05 08:29:23,399:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2089955277/485188991435: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjA4OTk1NTI3NyIsICJub25jZSI6ICJPX0lCZ1BwTHNEdkJrLUp1RmdMZ2FKOVowUWIxUWpFSjZiMUtaYXZac2lTN0V1SDZ3aDAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzIwODk5NTUyNzcvNDg1MTg4OTkxNDM1In0", "signature": "JggVQlY1o9nsAHF7ZjS0jzcyOItwxdbuHVojrY_CpMENFqfWFualSyNoX_QVzDpkmzFSOlt8LGYqztiLdS7PIoE3Ma-QN195qnBG_1270Cz3UNUIaFECCIcvLcyBAJ8ssrGVpiRyvM8RaUntj7jmumr_cn_lRDwIZwtxafLrmz03qz7Epkb7QjfCsMJIQgf85J6ldnKT4rh8eQ2gSvS-sZ0tPnQq_v5I7-R9SxJSvCnXZmquDvzg034MKmRZt29Vs4HaT2Q2lQ9-TLgwSoXr1ux4GVI2oqkoQ7yY60yktly2cqbAf2YF-ORTAwmgcAY6EKCj8eujrPEXqYkNjoyvBQ", "payload": "" } 2025-03-05 08:29:23,478:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2089955277/485188991435 HTTP/1.1" 200 829 2025-03-05 08:29:23,479:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Wed, 05 Mar 2025 13:29:23 GMT Content-Type: application/json Content-Length: 829 Connection: keep-alive Boulder-Requester: 2089955277 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: rkDw0Do9M4mcIHEaBSJGCaUbqzFihJsOuDtG_ErxfUHAzC2vLUw X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "frigate.themasons.net" }, "status": "pending", "expires": "2025-03-12T13:29:23Z", "challenges": [ { "type": "tls-alpn-01", "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/gTkoFg", "status": "pending", "token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo" }, { "type": "http-01", "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg", "status": "pending", "token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo" }, { "type": "dns-01", "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/YF79-g", "status": "pending", "token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo" } ] } 2025-03-05 08:29:23,479:DEBUG:acme.client:Storing nonce: rkDw0Do9M4mcIHEaBSJGCaUbqzFihJsOuDtG_ErxfUHAzC2vLUw 2025-03-05 08:29:23,480:INFO:certbot._internal.auth_handler:Performing the following challenges: 2025-03-05 08:29:23,480:INFO:certbot._internal.auth_handler:http-01 challenge for frigate.themasons.net 2025-03-05 08:29:23,480:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. 2025-03-05 08:29:23,481:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge 2025-03-05 08:29:23,483:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo 2025-03-05 08:29:23,485:DEBUG:acme.client:JWS payload: b'{}' 2025-03-05 08:29:23,487:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjA4OTk1NTI3NyIsICJub25jZSI6ICJya0R3MERvOU00bWNJSEVhQlNKR0NhVWJxekZpaEpzT3VEdEdfRXJ4ZlVIQXpDMnZMVXciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzIwODk5NTUyNzcvNDg1MTg4OTkxNDM1L3BzNHJHZyJ9", "signature": "D3wQ1ElAt-MG4G47CQcwxmWgBXIj8giVYZdvMtttZaVZaoa5Z-lmr9VJcl9N7Uk4t61FuETeE7puiLqmrpdn1Q0soE9PkygxGx5fm8TGixZaLxQLEDiYfGxainrFth4LKdEDH23UQS8Je9lEbuhuchXQFD3100qePYQDoOOC7GRoisgIPhQFVdBDT8LyhsdeH43_mAHHFeo-HScoRR3a4yKFl_mKRe3SQTAIoqKk5XT2Wpbk8eis2aoP_GUOzC8hSSTQIJpW-EsvHUEBVnipcxa9MdjUs7kuJZLxQ61Mse5uhNjIOYAFthHcvYjug79_lSyEFA2r6oqRHE_9kXHARQ", "payload": "e30" } 2025-03-05 08:29:23,599:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/2089955277/485188991435/ps4rGg HTTP/1.1" 200 195 2025-03-05 08:29:23,601:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Wed, 05 Mar 2025 13:29:23 GMT Content-Type: application/json Content-Length: 195 Connection: keep-alive Boulder-Requester: 2089955277 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz/2089955277/485188991435>;rel="up" Location: https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg Replay-Nonce: rkDw0Do9-3ugme4jN-LDUD51yvkTVVDt67Zdvx4j76VaQlum9kA X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "type": "http-01", "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg", "status": "pending", "token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo" } 2025-03-05 08:29:23,601:DEBUG:acme.client:Storing nonce: rkDw0Do9-3ugme4jN-LDUD51yvkTVVDt67Zdvx4j76VaQlum9kA 2025-03-05 08:29:23,602:INFO:certbot._internal.auth_handler:Waiting for verification... 2025-03-05 08:29:24,603:DEBUG:acme.client:JWS payload: b'' 2025-03-05 08:29:24,605:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2089955277/485188991435: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjA4OTk1NTI3NyIsICJub25jZSI6ICJya0R3MERvOS0zdWdtZTRqTi1MRFVENTF5dmtUVlZEdDY3WmR2eDRqNzZWYVFsdW05a0EiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzIwODk5NTUyNzcvNDg1MTg4OTkxNDM1In0", "signature": "ljjoj78dh3Sr9OOXUPKTMt2TbPY7YyUAw0LvcadxJbZl9B284wdxq2eTzmbRr-50JcReiMu2iYD--OreYwa_tGdM_HElUsnB7iubbuvgWSzyp-B4w3nXphooRj0i4EIzWtEho-ErQGzlVWivcaKahDmybx51iDffyvENTI1nGA8cveLCpAbUI0kt6wNKcVJNZ6F6yc0zymJo1EIEzEtF7NDHzhJlEIXKCl3Ft7G5xL8ujytYke8TvRwikMwpU18vd9SF62lVTi1EMjq_YjAeO1gSZUOSrkXKU-Uyy8VEmWr4KbOzvcOmz7Gmb7T5mqeTun01ecP7jAvOfiGIrVKRnA", "payload": "" } 2025-03-05 08:29:24,680:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2089955277/485188991435 HTTP/1.1" 200 1385 2025-03-05 08:29:24,682:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Wed, 05 Mar 2025 13:29:24 GMT Content-Type: application/json Content-Length: 1385 Connection: keep-alive Boulder-Requester: 2089955277 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: O_IBgPpLeg6KOoN9YklSAGZR2CJtpSPmQQwkeOwNWO9ROUaGcfo X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "frigate.themasons.net" }, "status": "invalid", "expires": "2025-03-12T13:29:23Z", "challenges": [ { "type": "http-01", "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg", "status": "invalid", "validated": "2025-03-05T13:29:23Z", "error": { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "100.8.123.38: Invalid response from https://frigate.themasons.net/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo: 404", "status": 403 }, "token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo", "validationRecord": [ { "url": "http://frigate.themasons.net/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo", "hostname": "frigate.themasons.net", "port": "80", "addressesResolved": [ "100.8.123.38" ], "addressUsed": "100.8.123.38" }, { "url": "https://frigate.themasons.net/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo", "hostname": "frigate.themasons.net", "port": "443", "addressesResolved": [ "100.8.123.38" ], "addressUsed": "100.8.123.38" } ] } ] } 2025-03-05 08:29:24,683:DEBUG:acme.client:Storing nonce: O_IBgPpLeg6KOoN9YklSAGZR2CJtpSPmQQwkeOwNWO9ROUaGcfo 2025-03-05 08:29:24,684:INFO:certbot._internal.auth_handler:Challenge failed for domain frigate.themasons.net 2025-03-05 08:29:24,684:INFO:certbot._internal.auth_handler:http-01 challenge for frigate.themasons.net 2025-03-05 08:29:24,684:DEBUG:certbot._internal.display.obj:Notifying user: Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: frigate.themasons.net Type: unauthorized Detail: 100.8.123.38: Invalid response from https://frigate.themasons.net/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo: 404 Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet. 2025-03-05 08:29:24,685:DEBUG:certbot._internal.error_handler:Encountered exception: Traceback (most recent call last): File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort) File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2025-03-05 08:29:24,685:DEBUG:certbot._internal.error_handler:Calling registered functions 2025-03-05 08:29:24,686:INFO:certbot._internal.auth_handler:Cleaning up challenges 2025-03-05 08:29:24,686:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo 2025-03-05 08:29:24,687:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up 2025-03-05 08:29:24,688:ERROR:certbot._internal.renewal:Failed to renew certificate npm-8 with error: Some challenges have failed. 2025-03-05 08:29:24,689:DEBUG:certbot._internal.renewal:Traceback was: Traceback (most recent call last): File "/usr/lib/python3.10/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request main.renew_cert(lineage_config, plugins, renewal_candidate) File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 1529, in renew_cert renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage) File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 130, in _get_and_save_cert renewal.renew_cert(config, domains, le_client, lineage) File "/usr/lib/python3.10/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key) File "/usr/lib/python3.10/site-packages/certbot/_internal/client.py", line 429, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/usr/lib/python3.10/site-packages/certbot/_internal/client.py", line 497, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort) File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort) File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2025-03-05 08:29:24,693:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2025-03-05 08:29:24,693:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed: 2025-03-05 08:29:24,693:ERROR:certbot._internal.renewal: /etc/letsencrypt/live/npm-8/fullchain.pem (failure) 2025-03-05 08:29:24,694:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2025-03-05 08:29:24,694:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 8, in <module> sys.exit(main()) File "/usr/lib/python3.10/site-packages/certbot/main.py", line 19, in main return internal_main.main(cli_args) File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 1873, in main return config.func(config, plugins) File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 1621, in renew renewed_domains, failed_domains = renewal.handle_renewal_request(config) File "/usr/lib/python3.10/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request raise errors.Error( certbot.errors.Error: 1 renew failure(s), 0 parse failure(s) 2025-03-05 08:29:24,694:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s) odin-diagnostics-20250305-0839.zip 179.19 kB · 0 downloads I found the solution here: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3979 Just in case someone else runs into this. I had to disable Force SSL and then run the renew and it works.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.