Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Cannot renew certificates in LetsEncrypt - anymore

Featured Replies

This was a set and forget docker.  Then I just got notice that certificates are going to expire.  I checked out NGINX and sure enough it is failing to renew.  No idea why.  Ports seem fine and haven't changed.  Logs a below and diagnostics attached.  Thanks.

 

[app         ] [3/5/2025] [8:29:27 AM] [SSL      ] › ✖  error     Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
[app         ] Failed to renew certificate npm-11 with error: Some challenges have failed.
[app         ] All renewals failed. The following certificates could not be renewed:
[app         ]   /etc/letsencrypt/live/npm-11/fullchain.pem (failure)
[app         ] 1 renew failure(s), 0 parse failure(s)
[app         ] Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.
[app         ] [3/5/2025] [8:29:27 AM] [SSL      ] › ℹ  info      Completed SSL cert renew process

 

2025-03-05 08:29:22,800:DEBUG:certbot._internal.main:certbot version: 3.1.0
2025-03-05 08:29:22,800:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2025-03-05 08:29:22,800:DEBUG:certbot._internal.main:Arguments: ['--force-renewal', '--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-8', '--preferred-challenges', 'dns,http', '--no-random-sleep-on-renew', '--disable-hook-validation']
2025-03-05 08:29:22,801:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-03-05 08:29:22,832:DEBUG:certbot._internal.log:Root logging level set at 30
2025-03-05 08:29:22,836:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/npm-8.conf
2025-03-05 08:29:22,847:DEBUG:certbot.configuration:Var pref_challs=['dns-01', 'http-01'] (set by user).
2025-03-05 08:29:22,847:DEBUG:certbot.configuration:Var config_dir=/etc/letsencrypt (set by user).
2025-03-05 08:29:22,848:DEBUG:certbot.configuration:Var logs_dir=/tmp/letsencrypt-log (set by user).
2025-03-05 08:29:22,848:DEBUG:certbot.configuration:Var work_dir=/tmp/letsencrypt-lib (set by user).
2025-03-05 08:29:22,849:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2025-03-05 08:29:22,849:DEBUG:certbot.configuration:Var preferred_chain=ISRG Root X1 (set by user).
2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var key_type=ecdsa (set by user).
2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var elliptic_curve=secp384r1 (set by user).
2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var webroot_path=['/data/letsencrypt-acme-challenge'] (set by user).
2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var webroot_map={'webroot_path'} (set by user).
2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var webroot_path=['/data/letsencrypt-acme-challenge'] (set by user).
2025-03-05 08:29:22,879:DEBUG:certbot._internal.renewal:Auto-renewal forced with --force-renewal...
2025-03-05 08:29:22,880:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2025-03-05 08:29:22,880:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A separate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x14906ae7eda0>
Prep: True
2025-03-05 08:29:22,881:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x14906ae7eda0> and installer None
2025-03-05 08:29:22,881:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2025-03-05 08:29:22,941:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/2089955277', new_authzr_uri=None, terms_of_service=None), 9fdff809fd74c0d75b72d2d684cbabd0, Meta(creation_dt=datetime.datetime(2024, 12, 2, 14, 16, 33, tzinfo=datetime.timezone.utc), creation_host='d8c38cf8bc4b', register_to_eff=None))>
2025-03-05 08:29:22,942:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-03-05 08:29:22,945:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-03-05 08:29:23,110:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 1042
2025-03-05 08:29:23,111:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 05 Mar 2025 13:29:23 GMT
Content-Type: application/json
Content-Length: 1042
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
  "1wiqWvUNI48": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver (not yet generally available)"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-03-05 08:29:23,115:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for frigate.themasons.net
2025-03-05 08:29:23,123:DEBUG:acme.client:Requesting fresh nonce
2025-03-05 08:29:23,123:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2025-03-05 08:29:23,177:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-03-05 08:29:23,178:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 05 Mar 2025 13:29:23 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: O_IBgPpLK4_7mNt-_MTs2MqevazewZvOQMUVrwyQtB4skvjDIi8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2025-03-05 08:29:23,178:DEBUG:acme.client:Storing nonce: O_IBgPpLK4_7mNt-_MTs2MqevazewZvOQMUVrwyQtB4skvjDIi8
2025-03-05 08:29:23,179:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "frigate.themasons.net"\n    }\n  ]\n}'
2025-03-05 08:29:23,182:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjA4OTk1NTI3NyIsICJub25jZSI6ICJPX0lCZ1BwTEs0XzdtTnQtX01UczJNcWV2YXpld1p2T1FNVVZyd3lRdEI0c2t2akRJaTgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "Xn862je0tRoOnj9CmNp82OlH4hiuPPLeHvZP5LSpoDpVtgTkLPJbu4k-QY90NHv3QJQSKaHmKhUJldkO7md6lLunXs02_UJflTzjHTVo656_0a1GkLdr-8QWr2PrMd8lif4AXUS16P3UuXcyF-cpi49CemfzZ8UUOf3mIo99jgebWN9iruoJyi58INGR5sN6QrIfu6KoPnP8Mf87PQ01yLLYv9vlQOucUZ8S178epsG1FLAWLXdm1ELdCxzcUxNU7ZLE7yzhf3ojiE4EmQHI3vzkzm-DTQf8iIiBr5T7udZZ7hsuOEkJJ5v35lsw0oohzQbPAhNhkpWhsOdxRM0CWg",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImZyaWdhdGUudGhlbWFzb25zLm5ldCIKICAgIH0KICBdCn0"
}
2025-03-05 08:29:23,395:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 355
2025-03-05 08:29:23,396:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 05 Mar 2025 13:29:23 GMT
Content-Type: application/json
Content-Length: 355
Connection: keep-alive
Boulder-Requester: 2089955277
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/2089955277/360474178825
Replay-Nonce: O_IBgPpLsDvBk-JuFgLgaJ9Z0Qb1QjEJ6b1KZavZsiS7EuH6wh0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
  "status": "pending",
  "expires": "2025-03-12T13:29:23Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "frigate.themasons.net"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/2089955277/485188991435"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/2089955277/360474178825"
}
2025-03-05 08:29:23,397:DEBUG:acme.client:Storing nonce: O_IBgPpLsDvBk-JuFgLgaJ9Z0Qb1QjEJ6b1KZavZsiS7EuH6wh0
2025-03-05 08:29:23,397:DEBUG:acme.client:JWS payload:
b''
2025-03-05 08:29:23,399:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2089955277/485188991435:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjA4OTk1NTI3NyIsICJub25jZSI6ICJPX0lCZ1BwTHNEdkJrLUp1RmdMZ2FKOVowUWIxUWpFSjZiMUtaYXZac2lTN0V1SDZ3aDAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzIwODk5NTUyNzcvNDg1MTg4OTkxNDM1In0",
  "signature": "JggVQlY1o9nsAHF7ZjS0jzcyOItwxdbuHVojrY_CpMENFqfWFualSyNoX_QVzDpkmzFSOlt8LGYqztiLdS7PIoE3Ma-QN195qnBG_1270Cz3UNUIaFECCIcvLcyBAJ8ssrGVpiRyvM8RaUntj7jmumr_cn_lRDwIZwtxafLrmz03qz7Epkb7QjfCsMJIQgf85J6ldnKT4rh8eQ2gSvS-sZ0tPnQq_v5I7-R9SxJSvCnXZmquDvzg034MKmRZt29Vs4HaT2Q2lQ9-TLgwSoXr1ux4GVI2oqkoQ7yY60yktly2cqbAf2YF-ORTAwmgcAY6EKCj8eujrPEXqYkNjoyvBQ",
  "payload": ""
}
2025-03-05 08:29:23,478:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2089955277/485188991435 HTTP/1.1" 200 829
2025-03-05 08:29:23,479:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 05 Mar 2025 13:29:23 GMT
Content-Type: application/json
Content-Length: 829
Connection: keep-alive
Boulder-Requester: 2089955277
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: rkDw0Do9M4mcIHEaBSJGCaUbqzFihJsOuDtG_ErxfUHAzC2vLUw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
  "identifier": {
    "type": "dns",
    "value": "frigate.themasons.net"
  },
  "status": "pending",
  "expires": "2025-03-12T13:29:23Z",
  "challenges": [
    {
      "type": "tls-alpn-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/gTkoFg",
      "status": "pending",
      "token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo"
    },
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg",
      "status": "pending",
      "token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo"
    },
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/YF79-g",
      "status": "pending",
      "token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo"
    }
  ]
}
2025-03-05 08:29:23,479:DEBUG:acme.client:Storing nonce: rkDw0Do9M4mcIHEaBSJGCaUbqzFihJsOuDtG_ErxfUHAzC2vLUw
2025-03-05 08:29:23,480:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-03-05 08:29:23,480:INFO:certbot._internal.auth_handler:http-01 challenge for frigate.themasons.net
2025-03-05 08:29:23,480:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2025-03-05 08:29:23,481:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2025-03-05 08:29:23,483:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo
2025-03-05 08:29:23,485:DEBUG:acme.client:JWS payload:
b'{}'
2025-03-05 08:29:23,487:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjA4OTk1NTI3NyIsICJub25jZSI6ICJya0R3MERvOU00bWNJSEVhQlNKR0NhVWJxekZpaEpzT3VEdEdfRXJ4ZlVIQXpDMnZMVXciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzIwODk5NTUyNzcvNDg1MTg4OTkxNDM1L3BzNHJHZyJ9",
  "signature": "D3wQ1ElAt-MG4G47CQcwxmWgBXIj8giVYZdvMtttZaVZaoa5Z-lmr9VJcl9N7Uk4t61FuETeE7puiLqmrpdn1Q0soE9PkygxGx5fm8TGixZaLxQLEDiYfGxainrFth4LKdEDH23UQS8Je9lEbuhuchXQFD3100qePYQDoOOC7GRoisgIPhQFVdBDT8LyhsdeH43_mAHHFeo-HScoRR3a4yKFl_mKRe3SQTAIoqKk5XT2Wpbk8eis2aoP_GUOzC8hSSTQIJpW-EsvHUEBVnipcxa9MdjUs7kuJZLxQ61Mse5uhNjIOYAFthHcvYjug79_lSyEFA2r6oqRHE_9kXHARQ",
  "payload": "e30"
}
2025-03-05 08:29:23,599:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/2089955277/485188991435/ps4rGg HTTP/1.1" 200 195
2025-03-05 08:29:23,601:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 05 Mar 2025 13:29:23 GMT
Content-Type: application/json
Content-Length: 195
Connection: keep-alive
Boulder-Requester: 2089955277
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz/2089955277/485188991435>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg
Replay-Nonce: rkDw0Do9-3ugme4jN-LDUD51yvkTVVDt67Zdvx4j76VaQlum9kA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
  "type": "http-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg",
  "status": "pending",
  "token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo"
}
2025-03-05 08:29:23,601:DEBUG:acme.client:Storing nonce: rkDw0Do9-3ugme4jN-LDUD51yvkTVVDt67Zdvx4j76VaQlum9kA
2025-03-05 08:29:23,602:INFO:certbot._internal.auth_handler:Waiting for verification...
2025-03-05 08:29:24,603:DEBUG:acme.client:JWS payload:
b''
2025-03-05 08:29:24,605:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2089955277/485188991435:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjA4OTk1NTI3NyIsICJub25jZSI6ICJya0R3MERvOS0zdWdtZTRqTi1MRFVENTF5dmtUVlZEdDY3WmR2eDRqNzZWYVFsdW05a0EiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzIwODk5NTUyNzcvNDg1MTg4OTkxNDM1In0",
  "signature": "ljjoj78dh3Sr9OOXUPKTMt2TbPY7YyUAw0LvcadxJbZl9B284wdxq2eTzmbRr-50JcReiMu2iYD--OreYwa_tGdM_HElUsnB7iubbuvgWSzyp-B4w3nXphooRj0i4EIzWtEho-ErQGzlVWivcaKahDmybx51iDffyvENTI1nGA8cveLCpAbUI0kt6wNKcVJNZ6F6yc0zymJo1EIEzEtF7NDHzhJlEIXKCl3Ft7G5xL8ujytYke8TvRwikMwpU18vd9SF62lVTi1EMjq_YjAeO1gSZUOSrkXKU-Uyy8VEmWr4KbOzvcOmz7Gmb7T5mqeTun01ecP7jAvOfiGIrVKRnA",
  "payload": ""
}
2025-03-05 08:29:24,680:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2089955277/485188991435 HTTP/1.1" 200 1385
2025-03-05 08:29:24,682:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 05 Mar 2025 13:29:24 GMT
Content-Type: application/json
Content-Length: 1385
Connection: keep-alive
Boulder-Requester: 2089955277
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: O_IBgPpLeg6KOoN9YklSAGZR2CJtpSPmQQwkeOwNWO9ROUaGcfo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
  "identifier": {
    "type": "dns",
    "value": "frigate.themasons.net"
  },
  "status": "invalid",
  "expires": "2025-03-12T13:29:23Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg",
      "status": "invalid",
      "validated": "2025-03-05T13:29:23Z",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "100.8.123.38: Invalid response from https://frigate.themasons.net/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo: 404",
        "status": 403
      },
      "token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo",
      "validationRecord": [
        {
          "url": "http://frigate.themasons.net/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo",
          "hostname": "frigate.themasons.net",
          "port": "80",
          "addressesResolved": [
            "100.8.123.38"
          ],
          "addressUsed": "100.8.123.38"
        },
        {
          "url": "https://frigate.themasons.net/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo",
          "hostname": "frigate.themasons.net",
          "port": "443",
          "addressesResolved": [
            "100.8.123.38"
          ],
          "addressUsed": "100.8.123.38"
        }
      ]
    }
  ]
}
2025-03-05 08:29:24,683:DEBUG:acme.client:Storing nonce: O_IBgPpLeg6KOoN9YklSAGZR2CJtpSPmQQwkeOwNWO9ROUaGcfo
2025-03-05 08:29:24,684:INFO:certbot._internal.auth_handler:Challenge failed for domain frigate.themasons.net
2025-03-05 08:29:24,684:INFO:certbot._internal.auth_handler:http-01 challenge for frigate.themasons.net
2025-03-05 08:29:24,684:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: frigate.themasons.net
  Type:   unauthorized
  Detail: 100.8.123.38: Invalid response from https://frigate.themasons.net/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo: 404
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
2025-03-05 08:29:24,685:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2025-03-05 08:29:24,685:DEBUG:certbot._internal.error_handler:Calling registered functions
2025-03-05 08:29:24,686:INFO:certbot._internal.auth_handler:Cleaning up challenges
2025-03-05 08:29:24,686:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo
2025-03-05 08:29:24,687:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2025-03-05 08:29:24,688:ERROR:certbot._internal.renewal:Failed to renew certificate npm-8 with error: Some challenges have failed.
2025-03-05 08:29:24,689:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3.10/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 1529, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 130, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/client.py", line 429, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/client.py", line 497, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2025-03-05 08:29:24,693:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2025-03-05 08:29:24,693:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2025-03-05 08:29:24,693:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/npm-8/fullchain.pem (failure)
2025-03-05 08:29:24,694:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2025-03-05 08:29:24,694:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/usr/lib/python3.10/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 1873, in main
    return config.func(config, plugins)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 1621, in renew
    renewed_domains, failed_domains = renewal.handle_renewal_request(config)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request
    raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2025-03-05 08:29:24,694:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)


 

odin-diagnostics-20250305-0839.zip

  • Author
On 3/5/2025 at 8:55 AM, The Transplant said:

This was a set and forget docker.  Then I just got notice that certificates are going to expire.  I checked out NGINX and sure enough it is failing to renew.  No idea why.  Ports seem fine and haven't changed.  Logs a below and diagnostics attached.  Thanks.

 

[app         ] [3/5/2025] [8:29:27 AM] [SSL      ] › ✖  error     Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
[app         ] Failed to renew certificate npm-11 with error: Some challenges have failed.
[app         ] All renewals failed. The following certificates could not be renewed:
[app         ]   /etc/letsencrypt/live/npm-11/fullchain.pem (failure)
[app         ] 1 renew failure(s), 0 parse failure(s)
[app         ] Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.
[app         ] [3/5/2025] [8:29:27 AM] [SSL      ] › ℹ  info      Completed SSL cert renew process

 

2025-03-05 08:29:22,800:DEBUG:certbot._internal.main:certbot version: 3.1.0
2025-03-05 08:29:22,800:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2025-03-05 08:29:22,800:DEBUG:certbot._internal.main:Arguments: ['--force-renewal', '--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-8', '--preferred-challenges', 'dns,http', '--no-random-sleep-on-renew', '--disable-hook-validation']
2025-03-05 08:29:22,801:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-03-05 08:29:22,832:DEBUG:certbot._internal.log:Root logging level set at 30
2025-03-05 08:29:22,836:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/npm-8.conf
2025-03-05 08:29:22,847:DEBUG:certbot.configuration:Var pref_challs=['dns-01', 'http-01'] (set by user).
2025-03-05 08:29:22,847:DEBUG:certbot.configuration:Var config_dir=/etc/letsencrypt (set by user).
2025-03-05 08:29:22,848:DEBUG:certbot.configuration:Var logs_dir=/tmp/letsencrypt-log (set by user).
2025-03-05 08:29:22,848:DEBUG:certbot.configuration:Var work_dir=/tmp/letsencrypt-lib (set by user).
2025-03-05 08:29:22,849:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2025-03-05 08:29:22,849:DEBUG:certbot.configuration:Var preferred_chain=ISRG Root X1 (set by user).
2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var key_type=ecdsa (set by user).
2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var elliptic_curve=secp384r1 (set by user).
2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var webroot_path=['/data/letsencrypt-acme-challenge'] (set by user).
2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var webroot_map={'webroot_path'} (set by user).
2025-03-05 08:29:22,850:DEBUG:certbot.configuration:Var webroot_path=['/data/letsencrypt-acme-challenge'] (set by user).
2025-03-05 08:29:22,879:DEBUG:certbot._internal.renewal:Auto-renewal forced with --force-renewal...
2025-03-05 08:29:22,880:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2025-03-05 08:29:22,880:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A separate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x14906ae7eda0>
Prep: True
2025-03-05 08:29:22,881:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x14906ae7eda0> and installer None
2025-03-05 08:29:22,881:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2025-03-05 08:29:22,941:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/2089955277', new_authzr_uri=None, terms_of_service=None), 9fdff809fd74c0d75b72d2d684cbabd0, Meta(creation_dt=datetime.datetime(2024, 12, 2, 14, 16, 33, tzinfo=datetime.timezone.utc), creation_host='d8c38cf8bc4b', register_to_eff=None))>
2025-03-05 08:29:22,942:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-03-05 08:29:22,945:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-03-05 08:29:23,110:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 1042
2025-03-05 08:29:23,111:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 05 Mar 2025 13:29:23 GMT
Content-Type: application/json
Content-Length: 1042
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
  "1wiqWvUNI48": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver (not yet generally available)"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-03-05 08:29:23,115:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for frigate.themasons.net
2025-03-05 08:29:23,123:DEBUG:acme.client:Requesting fresh nonce
2025-03-05 08:29:23,123:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2025-03-05 08:29:23,177:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-03-05 08:29:23,178:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 05 Mar 2025 13:29:23 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: O_IBgPpLK4_7mNt-_MTs2MqevazewZvOQMUVrwyQtB4skvjDIi8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2025-03-05 08:29:23,178:DEBUG:acme.client:Storing nonce: O_IBgPpLK4_7mNt-_MTs2MqevazewZvOQMUVrwyQtB4skvjDIi8
2025-03-05 08:29:23,179:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "frigate.themasons.net"\n    }\n  ]\n}'
2025-03-05 08:29:23,182:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjA4OTk1NTI3NyIsICJub25jZSI6ICJPX0lCZ1BwTEs0XzdtTnQtX01UczJNcWV2YXpld1p2T1FNVVZyd3lRdEI0c2t2akRJaTgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "Xn862je0tRoOnj9CmNp82OlH4hiuPPLeHvZP5LSpoDpVtgTkLPJbu4k-QY90NHv3QJQSKaHmKhUJldkO7md6lLunXs02_UJflTzjHTVo656_0a1GkLdr-8QWr2PrMd8lif4AXUS16P3UuXcyF-cpi49CemfzZ8UUOf3mIo99jgebWN9iruoJyi58INGR5sN6QrIfu6KoPnP8Mf87PQ01yLLYv9vlQOucUZ8S178epsG1FLAWLXdm1ELdCxzcUxNU7ZLE7yzhf3ojiE4EmQHI3vzkzm-DTQf8iIiBr5T7udZZ7hsuOEkJJ5v35lsw0oohzQbPAhNhkpWhsOdxRM0CWg",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImZyaWdhdGUudGhlbWFzb25zLm5ldCIKICAgIH0KICBdCn0"
}
2025-03-05 08:29:23,395:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 355
2025-03-05 08:29:23,396:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 05 Mar 2025 13:29:23 GMT
Content-Type: application/json
Content-Length: 355
Connection: keep-alive
Boulder-Requester: 2089955277
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/2089955277/360474178825
Replay-Nonce: O_IBgPpLsDvBk-JuFgLgaJ9Z0Qb1QjEJ6b1KZavZsiS7EuH6wh0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
  "status": "pending",
  "expires": "2025-03-12T13:29:23Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "frigate.themasons.net"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/2089955277/485188991435"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/2089955277/360474178825"
}
2025-03-05 08:29:23,397:DEBUG:acme.client:Storing nonce: O_IBgPpLsDvBk-JuFgLgaJ9Z0Qb1QjEJ6b1KZavZsiS7EuH6wh0
2025-03-05 08:29:23,397:DEBUG:acme.client:JWS payload:
b''
2025-03-05 08:29:23,399:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2089955277/485188991435:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjA4OTk1NTI3NyIsICJub25jZSI6ICJPX0lCZ1BwTHNEdkJrLUp1RmdMZ2FKOVowUWIxUWpFSjZiMUtaYXZac2lTN0V1SDZ3aDAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzIwODk5NTUyNzcvNDg1MTg4OTkxNDM1In0",
  "signature": "JggVQlY1o9nsAHF7ZjS0jzcyOItwxdbuHVojrY_CpMENFqfWFualSyNoX_QVzDpkmzFSOlt8LGYqztiLdS7PIoE3Ma-QN195qnBG_1270Cz3UNUIaFECCIcvLcyBAJ8ssrGVpiRyvM8RaUntj7jmumr_cn_lRDwIZwtxafLrmz03qz7Epkb7QjfCsMJIQgf85J6ldnKT4rh8eQ2gSvS-sZ0tPnQq_v5I7-R9SxJSvCnXZmquDvzg034MKmRZt29Vs4HaT2Q2lQ9-TLgwSoXr1ux4GVI2oqkoQ7yY60yktly2cqbAf2YF-ORTAwmgcAY6EKCj8eujrPEXqYkNjoyvBQ",
  "payload": ""
}
2025-03-05 08:29:23,478:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2089955277/485188991435 HTTP/1.1" 200 829
2025-03-05 08:29:23,479:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 05 Mar 2025 13:29:23 GMT
Content-Type: application/json
Content-Length: 829
Connection: keep-alive
Boulder-Requester: 2089955277
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: rkDw0Do9M4mcIHEaBSJGCaUbqzFihJsOuDtG_ErxfUHAzC2vLUw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
  "identifier": {
    "type": "dns",
    "value": "frigate.themasons.net"
  },
  "status": "pending",
  "expires": "2025-03-12T13:29:23Z",
  "challenges": [
    {
      "type": "tls-alpn-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/gTkoFg",
      "status": "pending",
      "token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo"
    },
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg",
      "status": "pending",
      "token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo"
    },
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/YF79-g",
      "status": "pending",
      "token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo"
    }
  ]
}
2025-03-05 08:29:23,479:DEBUG:acme.client:Storing nonce: rkDw0Do9M4mcIHEaBSJGCaUbqzFihJsOuDtG_ErxfUHAzC2vLUw
2025-03-05 08:29:23,480:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-03-05 08:29:23,480:INFO:certbot._internal.auth_handler:http-01 challenge for frigate.themasons.net
2025-03-05 08:29:23,480:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2025-03-05 08:29:23,481:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2025-03-05 08:29:23,483:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo
2025-03-05 08:29:23,485:DEBUG:acme.client:JWS payload:
b'{}'
2025-03-05 08:29:23,487:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjA4OTk1NTI3NyIsICJub25jZSI6ICJya0R3MERvOU00bWNJSEVhQlNKR0NhVWJxekZpaEpzT3VEdEdfRXJ4ZlVIQXpDMnZMVXciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzIwODk5NTUyNzcvNDg1MTg4OTkxNDM1L3BzNHJHZyJ9",
  "signature": "D3wQ1ElAt-MG4G47CQcwxmWgBXIj8giVYZdvMtttZaVZaoa5Z-lmr9VJcl9N7Uk4t61FuETeE7puiLqmrpdn1Q0soE9PkygxGx5fm8TGixZaLxQLEDiYfGxainrFth4LKdEDH23UQS8Je9lEbuhuchXQFD3100qePYQDoOOC7GRoisgIPhQFVdBDT8LyhsdeH43_mAHHFeo-HScoRR3a4yKFl_mKRe3SQTAIoqKk5XT2Wpbk8eis2aoP_GUOzC8hSSTQIJpW-EsvHUEBVnipcxa9MdjUs7kuJZLxQ61Mse5uhNjIOYAFthHcvYjug79_lSyEFA2r6oqRHE_9kXHARQ",
  "payload": "e30"
}
2025-03-05 08:29:23,599:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/2089955277/485188991435/ps4rGg HTTP/1.1" 200 195
2025-03-05 08:29:23,601:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 05 Mar 2025 13:29:23 GMT
Content-Type: application/json
Content-Length: 195
Connection: keep-alive
Boulder-Requester: 2089955277
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz/2089955277/485188991435>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg
Replay-Nonce: rkDw0Do9-3ugme4jN-LDUD51yvkTVVDt67Zdvx4j76VaQlum9kA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
  "type": "http-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg",
  "status": "pending",
  "token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo"
}
2025-03-05 08:29:23,601:DEBUG:acme.client:Storing nonce: rkDw0Do9-3ugme4jN-LDUD51yvkTVVDt67Zdvx4j76VaQlum9kA
2025-03-05 08:29:23,602:INFO:certbot._internal.auth_handler:Waiting for verification...
2025-03-05 08:29:24,603:DEBUG:acme.client:JWS payload:
b''
2025-03-05 08:29:24,605:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2089955277/485188991435:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjA4OTk1NTI3NyIsICJub25jZSI6ICJya0R3MERvOS0zdWdtZTRqTi1MRFVENTF5dmtUVlZEdDY3WmR2eDRqNzZWYVFsdW05a0EiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzIwODk5NTUyNzcvNDg1MTg4OTkxNDM1In0",
  "signature": "ljjoj78dh3Sr9OOXUPKTMt2TbPY7YyUAw0LvcadxJbZl9B284wdxq2eTzmbRr-50JcReiMu2iYD--OreYwa_tGdM_HElUsnB7iubbuvgWSzyp-B4w3nXphooRj0i4EIzWtEho-ErQGzlVWivcaKahDmybx51iDffyvENTI1nGA8cveLCpAbUI0kt6wNKcVJNZ6F6yc0zymJo1EIEzEtF7NDHzhJlEIXKCl3Ft7G5xL8ujytYke8TvRwikMwpU18vd9SF62lVTi1EMjq_YjAeO1gSZUOSrkXKU-Uyy8VEmWr4KbOzvcOmz7Gmb7T5mqeTun01ecP7jAvOfiGIrVKRnA",
  "payload": ""
}
2025-03-05 08:29:24,680:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2089955277/485188991435 HTTP/1.1" 200 1385
2025-03-05 08:29:24,682:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 05 Mar 2025 13:29:24 GMT
Content-Type: application/json
Content-Length: 1385
Connection: keep-alive
Boulder-Requester: 2089955277
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: O_IBgPpLeg6KOoN9YklSAGZR2CJtpSPmQQwkeOwNWO9ROUaGcfo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
  "identifier": {
    "type": "dns",
    "value": "frigate.themasons.net"
  },
  "status": "invalid",
  "expires": "2025-03-12T13:29:23Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2089955277/485188991435/ps4rGg",
      "status": "invalid",
      "validated": "2025-03-05T13:29:23Z",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "100.8.123.38: Invalid response from https://frigate.themasons.net/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo: 404",
        "status": 403
      },
      "token": "l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo",
      "validationRecord": [
        {
          "url": "http://frigate.themasons.net/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo",
          "hostname": "frigate.themasons.net",
          "port": "80",
          "addressesResolved": [
            "100.8.123.38"
          ],
          "addressUsed": "100.8.123.38"
        },
        {
          "url": "https://frigate.themasons.net/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo",
          "hostname": "frigate.themasons.net",
          "port": "443",
          "addressesResolved": [
            "100.8.123.38"
          ],
          "addressUsed": "100.8.123.38"
        }
      ]
    }
  ]
}
2025-03-05 08:29:24,683:DEBUG:acme.client:Storing nonce: O_IBgPpLeg6KOoN9YklSAGZR2CJtpSPmQQwkeOwNWO9ROUaGcfo
2025-03-05 08:29:24,684:INFO:certbot._internal.auth_handler:Challenge failed for domain frigate.themasons.net
2025-03-05 08:29:24,684:INFO:certbot._internal.auth_handler:http-01 challenge for frigate.themasons.net
2025-03-05 08:29:24,684:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: frigate.themasons.net
  Type:   unauthorized
  Detail: 100.8.123.38: Invalid response from https://frigate.themasons.net/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo: 404
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
2025-03-05 08:29:24,685:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2025-03-05 08:29:24,685:DEBUG:certbot._internal.error_handler:Calling registered functions
2025-03-05 08:29:24,686:INFO:certbot._internal.auth_handler:Cleaning up challenges
2025-03-05 08:29:24,686:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/l7T63FaaGqbOS3yL9i2KGhknc5iNV0wPjwAaR-iAtgo
2025-03-05 08:29:24,687:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2025-03-05 08:29:24,688:ERROR:certbot._internal.renewal:Failed to renew certificate npm-8 with error: Some challenges have failed.
2025-03-05 08:29:24,689:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3.10/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 1529, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 130, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/client.py", line 429, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/client.py", line 497, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2025-03-05 08:29:24,693:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2025-03-05 08:29:24,693:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2025-03-05 08:29:24,693:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/npm-8/fullchain.pem (failure)
2025-03-05 08:29:24,694:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2025-03-05 08:29:24,694:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/usr/lib/python3.10/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 1873, in main
    return config.func(config, plugins)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 1621, in renew
    renewed_domains, failed_domains = renewal.handle_renewal_request(config)
  File "/usr/lib/python3.10/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request
    raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2025-03-05 08:29:24,694:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)


 

odin-diagnostics-20250305-0839.zip 179.19 kB · 0 downloads

 

I found the solution here:

https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3979

Just in case someone else runs into this.  I had to disable Force SSL and then run the renew and it works.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.