letsencrypt-plesk
letsencrypt-plesk copied to clipboard
Published
20 hours ago •
plesk
plesk
Cannot renew certifcate because of wrong url
Using plesk letsencrypt i cannot anymore update the certificate for the plesk panel itself.
It appears that it is missing a "/" in the url.
It should be justus.ebtc-online.org/.well-known not justus.ebtc-online.org.well-known
Plesk version: 17.0.17 The log:
2017-03-16 12:34:06,759:DEBUG:certbot.main:Root logging level set at 20
2017-03-16 12:34:06,759:INFO:certbot.main:Saving debug log to /opt/psa/var/modules/letsencrypt/logs/letsencrypt.log
2017-03-16 12:34:06,760:DEBUG:certbot.main:certbot version: 0.12.0
2017-03-16 12:34:06,760:DEBUG:certbot.main:Arguments: ['--non-interactive', '--renew-by-default', '--no-redirect', '--agree-tos', '--text', '--config-dir', '/opt/psa/var/modules/letsencrypt/etc', '--work-dir', '/opt/psa/var/modules/letsencrypt/lib', '--logs-dir', '/opt/psa/var/modules/letsencrypt/logs', '--authenticator', 'letsencrypt-plesk:plesk', '--installer', 'letsencrypt-plesk:plesk', '--email', '***@ebtc-online.org', '-d', 'justus.ebtc-online.org']
2017-03-16 12:34:06,760:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone,PluginEntryPoint#letsencrypt-plesk:plesk)
2017-03-16 12:34:06,760:DEBUG:certbot.plugins.selection:Requested authenticator letsencrypt-plesk:plesk and installer letsencrypt-plesk:plesk
2017-03-16 12:34:06,764:DEBUG:certbot.plugins.selection:Single candidate plugin: * letsencrypt-plesk:plesk
Description: Plesk
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: plesk = letsencrypt_plesk.configurator:PleskConfigurator
Initialized: <letsencrypt_plesk.configurator.PleskConfigurator object at 0x7f047d603410>
Prep: True
2017-03-16 12:34:06,764:DEBUG:certbot.plugins.selection:Selected authenticator <letsencrypt_plesk.configurator.PleskConfigurator object at 0x7f047d603410> and installer <letsencrypt_plesk.configurator.PleskConfigurator object at 0x7f047d603410>
2017-03-16 12:34:06,789:DEBUG:certbot.main:Picked account: <Account(08d189adff43c45c35921be51ac09543)>
2017-03-16 12:34:06,790:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2017-03-16 12:34:06,791:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-03-16 12:34:07,070:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 352
2017-03-16 12:34:07,071:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 352
Boulder-Request-Id: TUGgirw2u_T9K-klB94xHyZSXBta2_EARNQM4uw2BDg
Replay-Nonce: nTxGIm7AFoq6dLIF7mcxWZZiOMj2-Fe4v1RDZHmhcsg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 16 Mar 2017 12:34:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Mar 2017 12:34:07 GMT
Connection: keep-alive
{
"key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
"revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
2017-03-16 12:34:07,237:DEBUG:certbot.renewal:Auto-renewal forced with --force-renewal...
2017-03-16 12:34:07,237:INFO:certbot.main:Renewing an existing certificate
2017-03-16 12:34:07,237:DEBUG:acme.client:Requesting fresh nonce
2017-03-16 12:34:07,238:DEBUG:acme.client:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
2017-03-16 12:34:07,420:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2017-03-16 12:34:07,420:DEBUG:acme.client:Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Boulder-Request-Id: cNfJtMb0OpXp_vz2DgBrdoXMHR7u35F5iyDYK8-YuoE
Replay-Nonce: kd2J3fIKF2dEuLoAIkyqGcYz0ANRsyc7aJqnL7is9T8
Expires: Thu, 16 Mar 2017 12:34:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Mar 2017 12:34:07 GMT
Connection: keep-alive
2017-03-16 12:34:07,421:DEBUG:acme.client:Storing nonce: kd2J3fIKF2dEuLoAIkyqGcYz0ANRsyc7aJqnL7is9T8
2017-03-16 12:34:07,421:DEBUG:acme.client:JWS payload:
{
"identifier": {
"type": "dns",
"value": "justus.ebtc-online.org"
},
"resource": "new-authz"
}
2017-03-16 12:34:07,423:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
"header": {
"alg": "RS256",
"jwk": {
"e": "AQAB",
"kty": "RSA",
"n": "u0vvGiDxpQoLG7mi-stXNT31NOjNfnvB0Z5AutEPeM3varwqzAcqGERC-Q2sepIMw169Z56ZtsS0iayKc1ipNDxaBTsBjW9IjcA3D_qfNfuKae7EL49w31ceJ1uBfEhix9avMvjZ7PYXXgPX07IQCpFHxZyW4bM1ApP9AEVOeKk-5PQO-h1CLphi682Wsq7LYxxCR5nacTfFkwYnABGQJPRysdZ5L3FPaG4meZoC3EfqVmq2PSKnsbvOZCOnVJuyRdE9vE7X51tV1onzt1ruHf8i1MbjC_2mA0Rldqtl9JgZVh_fXeWcn3BbLlxJ_vABee1aThm65mHkI8EbfEA9w"
}
},
"protected": "eyJub25jZSI6ICJrZDJKM2ZJSZEV1TG9BSWt5cUdjWXowQU5Sc3ljN2FKcW5MN2lzOVQ4In0",
"payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAianVzdHVzLmVidGMtb25saW5lLm9yZyIKICB9LCAKICicmVzb3VyY2UiOiAibmV3LWF1dGh6Igp9",
"signature": "Q27cJgenIsjkbpfn_AHnYfcC4qCM1Q398OPRe5kOcnWFq8Mn8nJhBcrRkk0-wWJsPF8F6xJGZZ6fRu4A3d0nX8oIo8vhs9Chf2ArdozelKcwgEtWHv88ZJBTShUNRQJ5w90mm8PjGqsfRi8OuAnumhFxgLvsaV_r3qThNAOCyTdL0wD7m5oQJDBewVSg4C3_7CNBmxhMoz0k7tU3lT6gYWpZX5kRwXouEm08oRjiERl4NtwP54FbkTrRrQ4791sdU6NOcx53nX9I8A_8r9VIpZxzyr4QQLgFb8nlE8Nk_Y-nV3nHnVzYeeestTc8BnV6UmIxCEO-qqlJUMjNUGO4A"
}
2017-03-16 12:34:07,638:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 1007
2017-03-16 12:34:07,638:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 1007
Boulder-Request-Id: 8frV6NSxmT9elPIOAVs8Ff4HbzmGAqXi7H7fkmTbtCQ
Boulder-Requester: 4486109
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU
Replay-Nonce: 1osR0B_CJ-zPDHAMUfrNngi-RJwwsQU6R_pK6kVgKJ0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 16 Mar 2017 12:34:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Mar 2017 12:34:07 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "justus.ebtc-online.org"
},
"status": "pending",
"expires": "2017-03-23T12:34:07.534065433Z",
"challenges": [
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU/811019753",
"token": "y5TZj4xu3sheeWqyQrztlWIRNg3Ts5P95DZjncSE"
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU/811019754",
"token": "wtgF2SXxmx9SKRtDuwtPIaPtxBP9hW8-iuO9gIoYeN0"
},
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU/811019755",
"token": "sdqggBgKQLcDetcrV4f90a6UVss_L4mHJyf2yG8m3p4"
}
],
"combinations": [
[
1
],
[
2
],
[
0
]
]
}
2017-03-16 12:34:07,638:DEBUG:acme.client:Storing nonce: 1osR0B_CJ-zPDHAMUfrNngi-RJwwsQU6R_pK6kVgKJ0
2017-03-16 12:34:07,639:INFO:certbot.auth_handler:Performing the following challenges:
2017-03-16 12:34:07,639:INFO:certbot.auth_handler:http-01 challenge for justus.ebtc-online.org
2017-03-16 12:34:07,641:DEBUG:letsencrypt_plesk.api_client:Plesk API-RPC request: <?xml version="1.0" ?><packet><site><get><filter><name>justus.ebtc-online.org</name></filter><dataset><hosting/></dataset></get></site></packet>
2017-03-16 12:34:07,642:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): 127.0.0.1
2017-03-16 12:34:07,846:DEBUG:requests.packages.urllib3.connectionpool:"POST /enterprise/control/agent.php HTTP/1.1" 200 None
2017-03-16 12:34:07,847:DEBUG:letsencrypt_plesk.api_client:Plesk API-RPC response: <?xml version="1.0" encoding="UTF-8"?>
<packet version="1.6.8.0">
<site>
<get>
<result>
<status>ok</status>
<filter-id>justus.ebtc-online.org</filter-id>
<id>46</id>
<data>
<hosting>
<vrt_hst>
<property>
<name>ftp_login</name>
<value>webserver</value>
</property>
<property>
<name>ftp_password</name>
<value>**********************</value>
</property>
<property>
<name>ftp_password_type</name>
<value>plain</value>
</property>
<property>
<name>ftp_quota</name>
<value>-1</value>
</property>
<property>
<name>ssl</name>
<value>true</value>
</property>
<property>
<name>ssl-redirect</name>
<value>false</value>
</property>
<property>
<name>shell</name>
<value>/opt/psa/bin/chrootsh</value>
</property>
<property>
<name>php</name>
<value>true</value>
</property>
<property>
<name>php_handler_id</name>
<value>fpm</value>
</property>
<property>
<name>unpaid_website_status</name>
<value>disabled</value>
</property>
<property>
<name>ssi</name>
<value>false</value>
</property>
<property>
<name>cgi</name>
<value>true</value>
</property>
<property>
<name>perl</name>
<value>false</value>
</property>
<property>
<name>python</name>
<value>true</value>
</property>
<property>
<name>asp</name>
<value>false</value>
</property>
<property>
<name>asp_dot_net</name>
<value>false</value>
</property>
<property>
<name>webstat</name>
<value>awstats</value>
</property>
<property>
<name>webstat_protected</name>
<value>true</value>
</property>
<property>
<name>errdocs</name>
<value>true</value>
</property>
<property>
<name>wuscripts</name>
<value>false</value>
</property>
<property>
<name>at_domains</name>
<value>false</value>
</property>
<property>
<name>fastcgi</name>
<value>true</value>
</property>
<property>
<name>cgi_mode</name>
<value>webspace</value>
</property>
<property>
<name>www_root</name>
<value>/var/www/vhosts/ebtc-online.org/justus.ebtc-online.org</value>
</property>
<property>
<name>certificate_name</name>
<value>Lets Encrypt justus.ebtc-online.org</value>
</property>
<property>
<name>open_basedir</name>
<value>none</value>
</property>
<property>
<name>post_max_size</name>
<value>128M</value>
</property>
<property>
<name>upload_max_filesize</name>
<value>128M</value>
</property>
<property>
<name>max_input_vars</name>
<value>1500</value>
</property>
<property>
<name>apache-restrict-follow-sym-links</name>
<value>false</value>
</property>
<property>
<name>nginx-proxy-mode</name>
<value>true</value>
</property>
<property>
<name>nginx-transparent-mode</name>
<value>true</value>
</property>
<property>
<name>nginx-serve-static</name>
<value>false</value>
</property>
<property>
<name>nginx-static-extensions</name>
<value>ac3 avi bmp bz2 css cue dat doc docx dts eot exe flv gif gz htm html ico img iso jpeg jpg js mkv mp3 mp4 mpeg mpg ogg pdf png ppt pptx qt rar rm svg swf tar tgz ttf txt wav woff woff2 xls xlsx zip</value>
</property>
<property>
<name>nginx-serve-php</name>
<value>false</value>
</property>
<property>
<name>additional-settings</name>
<value>Redirect / https://justus.ebtc-online.org</value>
</property>
<property>
<name>additional-ssl-settings</name>
<value>RewriteEngine On
ProxyPass /.well-known !
ProxyPassReverse /.well-known !
ProxyPass / http://localhost:8443/
ProxyPassReverse / http://localhost:8443/</value>
</property>
<property>
<name>additional-nginx-settings</name>
<value/>
</property>
<ip_address>78.46.174.146</ip_address>
</vrt_hst>
</hosting>
</data>
</result>
</get>
</site>
</packet>
2017-03-16 12:34:07,864:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver file_exists /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge
2017-03-16 12:34:07,868:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver mkdir -p /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge
2017-03-16 12:34:07,872:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver cp2perm /tmp/tmp211DYz /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge/.htaccess 0644
2017-03-16 12:34:07,875:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver file_exists /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge
2017-03-16 12:34:07,878:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver cp2perm /tmp/tmpl5gvtX /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge/sdqggBgKQLcDetCrV4f90a6UVss_L4mHJyf2yG8m3p4 0644
2017-03-16 12:34:07,881:INFO:certbot.auth_handler:Waiting for verification...
2017-03-16 12:34:07,881:DEBUG:acme.client:JWS payload:
{
"keyAuthorization": "sdqggBgKQLcDetCrV4f90a6UVss_L4mHJyf2yG8m3p4.QKPTjhQqogeu4nOAxgvvmcreqMH3mYCLQPDy_T3YO0Y",
"type": "http-01",
"resource": "challenge"
}
2017-03-16 12:34:07,883:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU/811019755:
{
"header": {
"alg": "RS256",
"jwk": {
"e": "AQAB",
"kty": "RSA",
"n": "u0vvGiDxpQoLG7mi-stXNT31NOjYNfnvB0Z5AutEPeM3varwqzAcqGERC-Q2sepIMw169Z56ZtsS0iayKc1ipNDxaBTsBjW9IjcA3D_qfNfuKae7EL49w31ceJ1uBfEhix9avMvjZ7PYXXgPX07IQCpFHxZyW4bM1ApP9AEVOeKk-5PQO-h1CLphi682Wsq7LYxxCR5nacTfFkwYnABGQJPRysdZ5L3FPaG4meZoC3EfqVmq2PSKnsbvOZCOnVJuyRdE9vE7X51tV1onzt1ruHf8i1MbjC_2mA0Rldqtl9JgZVh_fXeWcn3BbLlxJ_vABee1aThm65mHkI8EbfEA9w"
}
},
"protected": "eyJub25jZSI6ICIxb3NSMEJfQ0otelBESEFNVWZyTm5naS1SSnd3c1FVNlJfcEs2a1ZnS0owIn0",
"payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogInNkcWdnQmdLUUxjRGV0Q3JWNGY5MGE2VVZzc19MNG1ISnlmMnlHOG0zcDQuUUtQVGpoUXFvZ2V1NG5PQXhndnZtY3JlcU1IM21ZQ0xRUER5X1QzWU8wWSIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
"signature": "HWKwRhhFAFX2i5WYjGALlGtheDIOxkPfZkUmfuv2NM1UBR24i7BGX7ZqUZIGLf3eRMQO3AX0j1fYi8Buc-4d7Krmga1dcmAct7Yt_4lGNC3weyPpwTe-iXsnVkap5QtI5pALxGZ0Z6tXk8e3nX9nS5PcG8EaErz05jr2kc6fyYL4WHEhEOcQ4bDDHG7II1tjNrU_vBs5gFllLQOXiKJnCWUalRojISvLO1J6qDZ9jBmxdmhOS3xPuRiVtFJDXaVQbHMKm4nRKUe3JHWzPLB2o9F1X32zAybwC9-8qqj1hQJBXT8rwp7oMf_ST5N_aLihlnlLmevnmVLvfqaEaj3qCg"
}
2017-03-16 12:34:08,080:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU/811019755 HTTP/1.1" 202 335
2017-03-16 12:34:08,080:DEBUG:acme.client:Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 335
Boulder-Request-Id: j3Ebe8FoyHVGNFqdEtINpimbbK1LVNBqeUiJRz2H0ps
Boulder-Requester: 4486109
Link: <https://acme-v01.api.letsencrypt.org/acme/authz/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU>;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU/811019755
Replay-Nonce: H4RBsl_-T8c-fF7zXNhtakXxDURJVZubJvgfPgnv3vg
Expires: Thu, 16 Mar 2017 12:34:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Mar 2017 12:34:08 GMT
Connection: keep-alive
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU/811019755",
"token": "sdqggBgKQLcDetCrV4f90a6UVss_L4mHJyf2yG8m3p4",
"keyAuthorization": "sdqggBgKQLcDetCrV4f90a6UVss_L4mHJyf2yG8m3p4.QKPTjhQqogeu4nOAxgvvmcreqMH3mYCLQPDy_T3YO0Y"
}
2017-03-16 12:34:08,081:DEBUG:acme.client:Storing nonce: H4RBsl_-T8c-fF7zXNhtakXxDURJVZubJvgfPgnv3vg
2017-03-16 12:34:11,082:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU.
2017-03-16 12:34:11,272:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU HTTP/1.1" 200 1937
2017-03-16 12:34:11,273:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1937
Boulder-Request-Id: TCE47BMcCvwEIXezuiXJ0qwS8m42zwBPhey2uzMfSLQ
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Replay-Nonce: 528KzpSaQeHxmXXVpu0zgl1ILk9HAeKufGlj4yBuR4I
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 16 Mar 2017 12:34:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Mar 2017 12:34:11 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "justus.ebtc-online.org"
},
"status": "invalid",
"expires": "2017-03-23T12:34:07Z",
"challenges": [
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU/811019753",
"token": "y5TZj4xu3sheeWqyQrztlWIRNg3Ts5P9hJD5DZjncSE"
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU/811019754",
"token": "wtgF2SXxmx9SKRtDuwtPIePtxBP9hW8-iuO9gIoYeN0"
},
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:connection",
"detail": "Could not connect to justus.ebtc-online.org.well-known",
"status": 400
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU/811019755",
"token": "sdqggBgKQLcDetCrV4f90a6UVss_L4mHJyf2yG8m3p4",
"keyAuthorization": "sdqggBgKQLcDetCrV4f90a6UVss_L4mHJyf2yG8m3p4.QKPTjhQqogeu4nOAxgvvmcreqMH3mYCLQPDy_T3YO0Y",
"validationRecord": [
{
"url": "http://justus.ebtc-online.org/.well-known/acme-challenge/sdqggBgKQLcDetCrV4f90a6UVss_L4mHJyf2yG8m3p4",
"hostname": "justus.ebtc-online.org",
"port": "80",
"addressesResolved": [
"78.46.174.146"
],
"addressUsed": "78.46.174.146"
},
{
"url": "https://justus.ebtc-online.org.well-known/acme-challenge/sdqggBgKQLcDetCrV4f90a6UVss_L4mHJyf2yG8m3p4",
"hostname": "justus.ebtc-online.org.well-known",
"port": "443",
"addressesResolved": [],
"addressUsed": ""
}
]
}
],
"combinations": [
[
1
],
[
2
],
[
0
]
]
}
2017-03-16 12:34:11,273:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: justus.ebtc-online.org
Type: connection
Detail: Could not connect to justus.ebtc-online.org.well-known
To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2017-03-16 12:34:11,274:INFO:certbot.auth_handler:Cleaning up challenges
2017-03-16 12:34:11,274:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver file_exists /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge/web.config
2017-03-16 12:34:11,278:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver file_exists /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge
2017-03-16 12:34:11,281:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver list both /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge
2017-03-16 12:34:11,284:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver file_exists /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge/.htaccess
2017-03-16 12:34:11,286:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver rm /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge/.htaccess
2017-03-16 12:34:11,290:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver file_exists /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge
2017-03-16 12:34:11,292:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver list both /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge
2017-03-16 12:34:11,295:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver file_exists /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge/sdqggBgKQLcDetCrV4f90a6UVss_L4mHJyf2yG8m3p4
2017-03-16 12:34:11,298:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver rm /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge/sdqggBgKQLcDetCrV4f90a6UVss_L4mHJyf2yG8m3p4
2017-03-16 12:34:11,301:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver file_exists /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge
2017-03-16 12:34:11,303:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver list both /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge
2017-03-16 12:34:11,306:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver rmdir /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge
2017-03-16 12:34:11,309:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver file_exists /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known
2017-03-16 12:34:11,312:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver list both /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known
2017-03-16 12:34:11,314:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver rmdir /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known
2017-03-16 12:34:11,318:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File "/opt/psa/var/modules/letsencrypt/venv/bin/certbot", line 11, in <module>
sys.exit(main())
File "/usr/local/psa/var/modules/letsencrypt/venv.5eosw/lib/python2.7/site-packages/certbot/main.py", line 896, in main
return config.func(config, plugins)
File "/usr/local/psa/var/modules/letsencrypt/venv.5eosw/lib/python2.7/site-packages/certbot/main.py", line 607, in run
certname, lineage)
File "/usr/local/psa/var/modules/letsencrypt/venv.5eosw/lib/python2.7/site-packages/certbot/main.py", line 87, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/local/psa/var/modules/letsencrypt/venv.5eosw/lib/python2.7/site-packages/certbot/renewal.py", line 296, in renew_cert
new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File "/usr/local/psa/var/modules/letsencrypt/venv.5eosw/lib/python2.7/site-packages/certbot/client.py", line 265, in obtain_certificate
self.config.allow_subset_of_names)
File "/usr/local/psa/var/modules/letsencrypt/venv.5eosw/lib/python2.7/site-packages/certbot/auth_handler.py", line 77, in get_authorizations
self._respond(resp, best_effort)
File "/usr/local/psa/var/modules/letsencrypt/venv.5eosw/lib/python2.7/site-packages/certbot/auth_handler.py", line 134, in _respond
self._poll_challenges(chall_update, best_effort)
File "/usr/local/psa/var/modules/letsencrypt/venv.5eosw/lib/python2.7/site-packages/certbot/auth_handler.py", line 198, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. justus.ebtc-online.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to justus.ebtc-online.org.well-known
Have you found any solution to this? It's preventing me from securing my subdomains. Somehow it works on my root domain though.
No, not yet.
You are right in the obersavation that it fails only for subdomains. Thats interesting.
Hi metaxy and PhilippCh,
if you experience such issues, pls. consider to open a bug - report at for example: => https://talk.plesk.com/threads/php-version-and-handler-could-not-changed.342932/, so that the Plesk - Team - Members in the forum are able to pass it over to the Plesk developpers. ;-)
It is failing for an add-on domain configured as web space in our case, too.
I have reported it in https://talk.plesk.com/threads/ssl-certificate-renewal-is-failing-for-an-add-on-domain-slash-missing-from-well-known.342953/ We consider this an urgent issue, because it can affect very many customers here soon when their renewal date is up.
Issue solved for Bitpalast: => https://talk.plesk.com/threads/ssl-certificate-renewal-is-failing-for-an-add-on-domain-slash-missing-from-well-known.342953/#post-825456
I had the same issue. I was using Nginx as a reverse-proxy for apache, and here's the problem:
<VirtualHost 127.0.0.1:8082>
ServerName ***.com
ServerAlias ***.com
Redirect permanent / http://www.***.com
</VirtualHost>
The last line must end with a / for the redirection. It wasn’t happening on the previous version of the tool.
