🐛 Bug Report: worker-certificates generate SSL certificate failed #5617
Description
👟 Reproduction steps
Preconditions:
- The appwrite has been installed correctly
- Properly configure the domain name my.domain.com
Run: docker compose exec appwrite ssl
worker-certificates logs:
Cannot renew domain (my.domain.com) on attempt no. 4 certificate: Failed to issue a certificate with message: Saving debug log to /var/log/letsencrypt/letsencrypt.lo
/var/log/letsencrypt/letsencrypt.lo:
2023-05-31 13:43:13,758:DEBUG:certbot._internal.main:certbot version: 1.21.0
2023-05-31 13:43:13,758:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2023-05-31 13:43:13,758:DEBUG:certbot._internal.main:Arguments: ['--webroot', '--noninteractive', '--agree-tos', '--email', '[email protected]', '--cert-name', '64774eef75c9e479c247', '-w', '/storage/certificates', '-d', 'my.domain.com']
2023-05-31 13:43:13,759:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-05-31 13:43:13,784:DEBUG:certbot._internal.log:Root logging level set at 30
2023-05-31 13:43:13,789:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2023-05-31 13:43:13,795:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7fb84d006910>
Prep: True
2023-05-31 13:43:13,795:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7fb84d006910> and installer None
2023-05-31 13:43:13,795:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2023-05-31 13:43:13,886:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-05-31 13:43:13,893:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2023-05-31 13:43:16,397:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2023-05-31 13:43:16,397:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 31 May 2023 13:43:15 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"EJf8o9ZOweo": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2023-05-31 13:43:16,398:DEBUG:acme.client:Requesting fresh nonce
2023-05-31 13:43:16,398:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2023-05-31 13:43:16,673:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2023-05-31 13:43:16,674:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 31 May 2023 13:43:16 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 15C9wfTOGUJlnlUDahe1L11bJf2ArdE6JzosJl6pzhs_qC4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2023-05-31 13:43:16,675:DEBUG:acme.client:Storing nonce: 15C9wfTOGUJlnlUDahe1L11bJf2ArdE6JzosJl6pzhs_qC4
2023-05-31 13:43:16,675:DEBUG:acme.client:JWS payload:
b'{\n "contact": [\n "mailto:[email protected]"\n ],\n "termsOfServiceAgreed": true\n}'
2023-05-31 13:43:16,679:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-acct:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogInd6eFVhOG52UlNOb0lsN2ZQcUhmbHU2cEJxd09PcmYwQWtiOXhPbEk0RnNYUURWckhWMVdIQS1sQVNYeV82UnRWMjh4MFBsR1pBR0Q1bE9lUXJ2NGgtdUVsSjdYYWtEeGhtMUR1VmtNVUFWbVNEWUtaMTlpZFg2WmppOVY1TkJtY1IzRkFLMXFsaFZubFlzREFCc3FPS1FZeHk3M3VidW10cjlaR0xybzJfUEx4bGhmamRzRXVuMmx0UDFrcUJUcFRHRzI0Nk5MUXdNaDhkSDZrM0wxTWQ5dVFEQlpYM0RaOHlUcU5LMFFYMU9NcUlMVllXOTRwOHBzU19PZVRYUHd3QmF6alZTNmZZcVJzSUZDNE5VM0JNZU5rZHR3WnRMWHAyWG0zTllCUEZhb3hIMFdVWVY5Uk1qbEZBSHdBNVA4YThBZTk1bF9TSTRLT096ZTFMVmdDdyIsICJlIjogIkFRQUIiLCAia3R5IjogIlJTQSJ9LCAibm9uY2UiOiAiMTVDOXdmVE9HVUpsbmxVRGFoZTFMMTFiSmYyQXJkRTZKem9zSmw2cHpoc19xQzQiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1hY2N0In0",
"signature": "Mpt8uPVWrvxS1wLeF3jYGid3a1Tn3vjqFGUug8JdFE652EVDQvWI-SKUH1f2Ro9cvVq9cJzilGDkwlVh6jqJ35fA7zxtRv_mDEOrA5lVeQoxagN-W54xiay4txB236Rcjw2WuPPMN9Po-_UdVxkcWGEJadlYV2vkqrIuDM6cVBLF3y5eLJ-8Sh7nH6nl2LsoOKuy4CAGS4XoTc5mt1ullHf9xVj9q8rB00KUX_JX0C91YdQFFBelj52H6AfEJhO1MLJADjqd3F_YsjUhcNCaTw7Gw9BaZN8j4H7BAPpSTmkAf1rHnJRSeuILCt28xCLPVjb9Up7IhHvCgYeN5-EtHA",
"payload": "ewogICJjb250YWN0IjogWwogICAgIm1haWx0bzpjZXJ0c0BhcHB3cml0ZS5pbyIKICBdLAogICJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWUKfQ"
}
2023-05-31 13:43:16,992:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-acct HTTP/1.1" 201 561
2023-05-31 13:43:16,993:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 31 May 2023 13:43:16 GMT
Content-Type: application/json
Content-Length: 561
Connection: keep-alive
Boulder-Requester: 1136520607
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf>;rel="terms-of-service"
Location: https://acme-v02.api.letsencrypt.org/acme/acct/1136520607
Replay-Nonce: 15C9myFgzoGZr9hVHiMYdSXpDZgmRAodL-5TsmmT5FmR22Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"key": {
"kty": "RSA",
"n": "wzxUa8nvRSNoIl7fPqHflu6pBqwOOrf0Akb9xOlI4FsXQDVrHV1WHA-lASXy_6RtV28x0PlGZAGD5lOeQrv4h-uElJ7XakDxhm1DuVkMUAVmSDYKZ19idX6Zji9V5NBmcR3FAK1qlhVnlYsDABsqOKQYxy73ubumtr9ZGLro2_PLxlhfjdsEun2ltP1kqBTpTGG246NLQwMh8dH6k3L1Md9uQDBZX3DZ8yTqNK0QX1OMqILVYW94p8psS_OeTXPwwBazjVS6fYqRsIFC4NU3BMeNkdtwZtLXp2Xm3NYBPFaoxH0WUYV9RMjlFAHwA5P8a8Ae95l_SI4KOOze1LVgCw",
"e": "AQAB"
},
"contact": [
"mailto:[email protected]"
],
"initialIp": "182.92.176.221",
"createdAt": "2023-05-31T13:43:16.825377872Z",
"status": "valid"
}
2023-05-31 13:43:16,993:DEBUG:acme.client:Storing nonce: 15C9myFgzoGZr9hVHiMYdSXpDZgmRAodL-5TsmmT5FmR22Y
2023-05-31 13:43:16,997:DEBUG:certbot._internal.display.obj:Notifying user: Account registered.
2023-05-31 13:43:16,997:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7fb84d0034c0>)>), contact=('mailto:[email protected]',), agreement=None, status='valid', terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1136520607', new_authzr_uri=None, terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'), 5c0ec3a18fcb3cbb994534dc787dd082, Meta(creation_dt=datetime.datetime(2023, 5, 31, 13, 43, 16, tzinfo=<UTC>), creation_host='318b73835b42', register_to_eff=None))>
2023-05-31 13:43:16,998:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for my.domain.com
2023-05-31 13:43:17,105:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
2023-05-31 13:43:17,129:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem
2023-05-31 13:43:17,131:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "my.domain.com"\n }\n ]\n}'
2023-05-31 13:43:17,134:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTEzNjUyMDYwNyIsICJub25jZSI6ICIxNUM5bXlGZ3pvR1pyOWhWSGlNWWRTWHBEWmdtUkFvZEwtNVRzbW1UNUZtUjIyWSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
"signature": "TLiEL0z75Keid-9VTTDCd-Zk_2WpBnqCOJAVQHTY7-lEf98bEq4hJ83klApJBzSlPh2zLO4SuDvWkgwiebitEB2qi5tutnSrycL6bqr9gyE-2qu1qwi8KcZdWtBzP2bbwH-qC-YhJMeLFUN_4Po4QJ2EN9IiQ_xXHu7SMKr6FOoTSigUj-fYW5Q9iodFGtM_lyGk7scxva8vo4ZafO9858UW4HTdC6u6nE5mtehwmpKZbKfWtl36t-doVCrCyk4jpoA_UyHsC9xGPh7ptBhikD2CaeamKkA6gQzsrTkR8AEI7Wexy7hp-Dm1LIHyfHg92v9Y11I_J4BE6qg9a4E00g",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImFwcC5pb3Jlc3QuY29tIgogICAgfQogIF0KfQ"
}
2023-05-31 13:43:17,980:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 340
2023-05-31 13:43:17,982:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 31 May 2023 13:43:17 GMT
Content-Type: application/json
Content-Length: 340
Connection: keep-alive
Boulder-Requester: 1136520607
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1136520607/185676526967
Replay-Nonce: 15C9-PdEgtw6hNiw-cyxJwBKqQK2E5INDhjFAKN-PY-uf2g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2023-06-07T13:43:17Z",
"identifiers": [
{
"type": "dns",
"value": "my.domain.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/232702648627"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1136520607/185676526967"
}
2023-05-31 13:43:17,982:DEBUG:acme.client:Storing nonce: 15C9-PdEgtw6hNiw-cyxJwBKqQK2E5INDhjFAKN-PY-uf2g
2023-05-31 13:43:17,983:DEBUG:acme.client:JWS payload:
b''
2023-05-31 13:43:17,985:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/232702648627:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTEzNjUyMDYwNyIsICJub25jZSI6ICIxNUM5LVBkRWd0dzZoTml3LWN5eEp3QktxUUsyRTVJTkRoakZBS04tUFktdWYyZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjMyNzAyNjQ4NjI3In0",
"signature": "hNSNmTS8mCdQnfOx_UZYuRY1T28Rqaa6bnpMILafs2d2NmcbaK9HKhGqBBFUHcBEc44zvu0_jWeL34PZCU4T7OnTjGKOF-Zc_1CxcSpDQfPhmyj8T5Goo4VbDIpGIpdFHLfA581FT3KOta1iyzDh5g3jUTBU7eCI41_MWjFk7iKxXKhsVUXqkp48xEglUibWLMP1ZpHbGJbnPxOnNRDG6YSsUijGn28SeH1agtjKCdO-ap7gjSMBmrRQF1vQWgPHF740yTalEqMcC_Wk24dlmjJuFm9fvYSQ9A-u-kvyOCx5Iji1wyCgArdLiGM_DYYPil5GH9WNBJ58Mup8qOYACQ",
"payload": ""
}
2023-05-31 13:43:18,265:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/232702648627 HTTP/1.1" 200 798
2023-05-31 13:43:18,267:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 31 May 2023 13:43:18 GMT
Content-Type: application/json
Content-Length: 798
Connection: keep-alive
Boulder-Requester: 1136520607
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 1AADRDlZ7p6V6MH_FKe11yujAUp9DJx5P2I6lvgqXkPy5zM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "my.domain.com"
},
"status": "pending",
"expires": "2023-06-07T13:43:17Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/232702648627/_xtK8A",
"token": "Rhso2S7e9D9JhGRxfAmVr9887-83K6z5XkmJflJVpMc"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/232702648627/uvRTRQ",
"token": "Rhso2S7e9D9JhGRxfAmVr9887-83K6z5XkmJflJVpMc"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/232702648627/gpWVKg",
"token": "Rhso2S7e9D9JhGRxfAmVr9887-83K6z5XkmJflJVpMc"
}
]
}
2023-05-31 13:43:18,267:DEBUG:acme.client:Storing nonce: 1AADRDlZ7p6V6MH_FKe11yujAUp9DJx5P2I6lvgqXkPy5zM
2023-05-31 13:43:18,268:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-05-31 13:43:18,269:INFO:certbot._internal.auth_handler:http-01 challenge for my.domain.com
2023-05-31 13:43:18,269:INFO:certbot._internal.plugins.webroot:Using the webroot path /storage/certificates for all unmatched domains.
2023-05-31 13:43:18,269:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /storage/certificates/.well-known/acme-challenge
2023-05-31 13:43:18,272:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /storage/certificates/.well-known/acme-challenge/Rhso2S7e9D9JhGRxfAmVr9887-83K6z5XkmJflJVpMc
2023-05-31 13:43:18,273:DEBUG:acme.client:JWS payload:
b'{}'
2023-05-31 13:43:18,277:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/232702648627/_xtK8A:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTEzNjUyMDYwNyIsICJub25jZSI6ICIxQUFEUkRsWjdwNlY2TUhfRktlMTF5dWpBVXA5REp4NVAySTZsdmdxWGtQeTV6TSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMjMyNzAyNjQ4NjI3L194dEs4QSJ9",
"signature": "STjuVPL9UNjp9uPVx7Vv3-5eEU_3Aew__g5iPYfR6LX5sJnEMtiyU9BIaix6w6q6fZ-VxXBf5w_2TMabM25WiyhDCMzcUdfxt1yF9IrKqtDdFPxhL18g9w_eSiFT4k5g535hcIA-QbUST67rI_6gJOhw2FFQa2x1HGVOZCjeBHNO2nnJWPHoCcBt5dkpu3gZvs7kOD-GLHS6auM7brvjFgr0GdnCoocdaxqsgTXOJT8nMEJI4ShzlfKT-VicKpsG_4f7Dtut1nWd6sGeRqtV9wdYuMHdBXcKVJl-olr7ktOdbMajRM9KHamzUmZBJOP_oWDK93bQTK7M8QShIoP69A",
"payload": "e30"
}
2023-05-31 13:43:18,561:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/232702648627/_xtK8A HTTP/1.1" 200 187
2023-05-31 13:43:18,562:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 31 May 2023 13:43:18 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1136520607
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/232702648627>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/232702648627/_xtK8A
Replay-Nonce: 1AADUGuPAuRO6tbET0D2dr6GvdFXHQHiOJVpqqZ_bPSkEO4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/232702648627/_xtK8A",
"token": "Rhso2S7e9D9JhGRxfAmVr9887-83K6z5XkmJflJVpMc"
}
2023-05-31 13:43:18,563:DEBUG:acme.client:Storing nonce: 1AADUGuPAuRO6tbET0D2dr6GvdFXHQHiOJVpqqZ_bPSkEO4
2023-05-31 13:43:18,563:INFO:certbot._internal.auth_handler:Waiting for verification...
2023-05-31 13:43:19,565:DEBUG:acme.client:JWS payload:
b''
2023-05-31 13:43:19,567:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/232702648627:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTEzNjUyMDYwNyIsICJub25jZSI6ICIxQUFEVUd1UEF1Uk82dGJFVDBEMmRyNkd2ZEZYSFFIaU9KVnBxcVpfYlBTa0VPNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjMyNzAyNjQ4NjI3In0",
"signature": "DuCwzvbExHIeD52hXvbKGot3_AyDy9PPhMrCn3f2E9e2eYgLHBKZ3iMK3jKWOsGtgN3xjp_RXdWY8pEMqrUGgNU52awf1Vdd22bn_c5uhSWNsbjR5q96o5Ube0IXglVRge44tQsdSNisw7LPUdpnIhnXbMIpCYrtedVehRsxv4bSCO3vgAsg8HgRbbtbaakY3DYmTYa_-oWkUhStUX8-cN_z0ZSFKtD1-fys1O5GTP7z6hbP6k_mhNF0yuhWbdJ2dgJ6FrR6MuTXy42F7MEkmW_hs93LBSveATsaCpkKSJISECa6t7nTkgKM6q3VM1QVEVJBXBSEVUqUax0e81Xlvw",
"payload": ""
}
2023-05-31 13:43:19,847:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/232702648627 HTTP/1.1" 200 1027
2023-05-31 13:43:19,848:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 31 May 2023 13:43:19 GMT
Content-Type: application/json
Content-Length: 1027
Connection: keep-alive
Boulder-Requester: 1136520607
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 1AADqu236d9F6Uw5N2U_W3AvXGg2DE6YAK22_J4WZEEAY4g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "my.domain.com"
},
"status": "invalid",
"expires": "2023-06-07T13:43:17Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "182.92.176.221: Invalid response from http://my.domain.com/.well-known/acme-challenge/Rhso2S7e9D9JhGRxfAmVr9887-83K6z5XkmJflJVpMc: 404",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/232702648627/_xtK8A",
"token": "Rhso2S7e9D9JhGRxfAmVr9887-83K6z5XkmJflJVpMc",
"validationRecord": [
{
"url": "http://my.domain.com/.well-known/acme-challenge/Rhso2S7e9D9JhGRxfAmVr9887-83K6z5XkmJflJVpMc",
"hostname": "my.domain.com",
"port": "80",
"addressesResolved": [
"182.92.176.221"
],
"addressUsed": "182.92.176.221"
}
],
"validated": "2023-05-31T13:43:18Z"
}
]
}
2023-05-31 13:43:19,848:DEBUG:acme.client:Storing nonce: 1AADqu236d9F6Uw5N2U_W3AvXGg2DE6YAK22_J4WZEEAY4g
2023-05-31 13:43:19,849:INFO:certbot._internal.auth_handler:Challenge failed for domain my.domain.com
2023-05-31 13:43:19,849:INFO:certbot._internal.auth_handler:http-01 challenge for my.domain.com
2023-05-31 13:43:19,849:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: my.domain.com
Type: unauthorized
Detail: 182.92.176.221: Invalid response from http://my.domain.com/.well-known/acme-challenge/Rhso2S7e9D9JhGRxfAmVr9887-83K6z5XkmJflJVpMc: 404
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
2023-05-31 13:43:19,850:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-05-31 13:43:19,850:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-05-31 13:43:19,850:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-05-31 13:43:19,850:DEBUG:certbot._internal.plugins.webroot:Removing /storage/certificates/.well-known/acme-challenge/Rhso2S7e9D9JhGRxfAmVr9887-83K6z5XkmJflJVpMc
2023-05-31 13:43:19,851:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2023-05-31 13:43:19,851:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in <module>
sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
File "/usr/lib/python3.9/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1574, in main
return config.func(config, plugins)
File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1434, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 459, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 389, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 439, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-05-31 13:43:19,853:ERROR:certbot._internal.log:Some challenges have failed.
👍 Expected behavior
Generate SSL certificate correctly
👎 Actual Behavior
SSL certificate not generated correctly
🎲 Appwrite version
Version 1.3.x
💻 Operating system
Linux
🧱 Your Environment
No response
👀 Have you spent some time to check if this issue has been raised before?
- I checked and didn't find similar issue
🏢 Have you read the Code of Conduct?
- I have read the Code of Conduct