Skip to content
This repository has been archived by the owner on Aug 12, 2020. It is now read-only.

Cannot renew certifcate because of wrong url #153

Open
metaxy opened this issue Feb 21, 2017 · 9 comments
Open

Cannot renew certifcate because of wrong url #153

metaxy opened this issue Feb 21, 2017 · 9 comments

Comments

@metaxy
Copy link

metaxy commented Feb 21, 2017

Using plesk letsencrypt i cannot anymore update the certificate for the plesk panel itself.
It appears that it is missing a "/" in the url.
error

It should be justus.ebtc-online.org/.well-known not justus.ebtc-online.org.well-known
@metaxy
Copy link
Author

metaxy commented Mar 16, 2017
edited

Plesk version: 17.0.17
The log:

2017-03-16 12:34:06,759:DEBUG:certbot.main:Root logging level set at 20
2017-03-16 12:34:06,759:INFO:certbot.main:Saving debug log to /opt/psa/var/modules/letsencrypt/logs/letsencrypt.log
2017-03-16 12:34:06,760:DEBUG:certbot.main:certbot version: 0.12.0
2017-03-16 12:34:06,760:DEBUG:certbot.main:Arguments: ['--non-interactive', '--renew-by-default', '--no-redirect', '--agree-tos', '--text', '--config-dir', '/opt/psa/var/modules/letsencrypt/etc', '--work-dir', '/opt/psa/var/modules/letsencrypt/lib', '--logs-dir', '/opt/psa/var/modules/letsencrypt/logs', '--authenticator', 'letsencrypt-plesk:plesk', '--installer', 'letsencrypt-plesk:plesk', '--email', '***@ebtc-online.org', '-d', 'justus.ebtc-online.org']
2017-03-16 12:34:06,760:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone,PluginEntryPoint#letsencrypt-plesk:plesk)
2017-03-16 12:34:06,760:DEBUG:certbot.plugins.selection:Requested authenticator letsencrypt-plesk:plesk and installer letsencrypt-plesk:plesk
2017-03-16 12:34:06,764:DEBUG:certbot.plugins.selection:Single candidate plugin: * letsencrypt-plesk:plesk
Description: Plesk
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: plesk = letsencrypt_plesk.configurator:PleskConfigurator
Initialized: <letsencrypt_plesk.configurator.PleskConfigurator object at 0x7f047d603410>
Prep: True
2017-03-16 12:34:06,764:DEBUG:certbot.plugins.selection:Selected authenticator <letsencrypt_plesk.configurator.PleskConfigurator object at 0x7f047d603410> and installer <letsencrypt_plesk.configurator.PleskConfigurator object at 0x7f047d603410>
2017-03-16 12:34:06,789:DEBUG:certbot.main:Picked account: <Account(08d189adff43c45c35921be51ac09543)>
2017-03-16 12:34:06,790:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2017-03-16 12:34:06,791:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-03-16 12:34:07,070:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 352
2017-03-16 12:34:07,071:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 352
Boulder-Request-Id: TUGgirw2u_T9K-klB94xHyZSXBta2_EARNQM4uw2BDg
Replay-Nonce: nTxGIm7AFoq6dLIF7mcxWZZiOMj2-Fe4v1RDZHmhcsg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 16 Mar 2017 12:34:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Mar 2017 12:34:07 GMT
Connection: keep-alive

{
  "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
2017-03-16 12:34:07,237:DEBUG:certbot.renewal:Auto-renewal forced with --force-renewal...
2017-03-16 12:34:07,237:INFO:certbot.main:Renewing an existing certificate
2017-03-16 12:34:07,237:DEBUG:acme.client:Requesting fresh nonce
2017-03-16 12:34:07,238:DEBUG:acme.client:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
2017-03-16 12:34:07,420:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2017-03-16 12:34:07,420:DEBUG:acme.client:Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Boulder-Request-Id: cNfJtMb0OpXp_vz2DgBrdoXMHR7u35F5iyDYK8-YuoE
Replay-Nonce: kd2J3fIKF2dEuLoAIkyqGcYz0ANRsyc7aJqnL7is9T8
Expires: Thu, 16 Mar 2017 12:34:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Mar 2017 12:34:07 GMT
Connection: keep-alive


2017-03-16 12:34:07,421:DEBUG:acme.client:Storing nonce: kd2J3fIKF2dEuLoAIkyqGcYz0ANRsyc7aJqnL7is9T8
2017-03-16 12:34:07,421:DEBUG:acme.client:JWS payload:
{
  "identifier": {
    "type": "dns", 
    "value": "justus.ebtc-online.org"
  }, 
  "resource": "new-authz"
}
2017-03-16 12:34:07,423:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
  "header": {
    "alg": "RS256", 
    "jwk": {
      "e": "AQAB", 
      "kty": "RSA", 
      "n": "u0vvGiDxpQoLG7mi-stXNT31NOjNfnvB0Z5AutEPeM3varwqzAcqGERC-Q2sepIMw169Z56ZtsS0iayKc1ipNDxaBTsBjW9IjcA3D_qfNfuKae7EL49w31ceJ1uBfEhix9avMvjZ7PYXXgPX07IQCpFHxZyW4bM1ApP9AEVOeKk-5PQO-h1CLphi682Wsq7LYxxCR5nacTfFkwYnABGQJPRysdZ5L3FPaG4meZoC3EfqVmq2PSKnsbvOZCOnVJuyRdE9vE7X51tV1onzt1ruHf8i1MbjC_2mA0Rldqtl9JgZVh_fXeWcn3BbLlxJ_vABee1aThm65mHkI8EbfEA9w"
    }
  }, 
  "protected": "eyJub25jZSI6ICJrZDJKM2ZJSZEV1TG9BSWt5cUdjWXowQU5Sc3ljN2FKcW5MN2lzOVQ4In0", 
  "payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAianVzdHVzLmVidGMtb25saW5lLm9yZyIKICB9LCAKICicmVzb3VyY2UiOiAibmV3LWF1dGh6Igp9", 
  "signature": "Q27cJgenIsjkbpfn_AHnYfcC4qCM1Q398OPRe5kOcnWFq8Mn8nJhBcrRkk0-wWJsPF8F6xJGZZ6fRu4A3d0nX8oIo8vhs9Chf2ArdozelKcwgEtWHv88ZJBTShUNRQJ5w90mm8PjGqsfRi8OuAnumhFxgLvsaV_r3qThNAOCyTdL0wD7m5oQJDBewVSg4C3_7CNBmxhMoz0k7tU3lT6gYWpZX5kRwXouEm08oRjiERl4NtwP54FbkTrRrQ4791sdU6NOcx53nX9I8A_8r9VIpZxzyr4QQLgFb8nlE8Nk_Y-nV3nHnVzYeeestTc8BnV6UmIxCEO-qqlJUMjNUGO4A"
}
2017-03-16 12:34:07,638:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 1007
2017-03-16 12:34:07,638:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 1007
Boulder-Request-Id: 8frV6NSxmT9elPIOAVs8Ff4HbzmGAqXi7H7fkmTbtCQ
Boulder-Requester: 4486109
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU
Replay-Nonce: 1osR0B_CJ-zPDHAMUfrNngi-RJwwsQU6R_pK6kVgKJ0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 16 Mar 2017 12:34:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Mar 2017 12:34:07 GMT
Connection: keep-alive

{
  "identifier": {
    "type": "dns",
    "value": "justus.ebtc-online.org"
  },
  "status": "pending",
  "expires": "2017-03-23T12:34:07.534065433Z",
  "challenges": [
    {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU/811019753",
      "token": "y5TZj4xu3sheeWqyQrztlWIRNg3Ts5P95DZjncSE"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU/811019754",
      "token": "wtgF2SXxmx9SKRtDuwtPIaPtxBP9hW8-iuO9gIoYeN0"
    },
    {
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU/811019755",
      "token": "sdqggBgKQLcDetcrV4f90a6UVss_L4mHJyf2yG8m3p4"
    }
  ],
  "combinations": [
    [
      1
    ],
    [
      2
    ],
    [
      0
    ]
  ]
}
2017-03-16 12:34:07,638:DEBUG:acme.client:Storing nonce: 1osR0B_CJ-zPDHAMUfrNngi-RJwwsQU6R_pK6kVgKJ0
2017-03-16 12:34:07,639:INFO:certbot.auth_handler:Performing the following challenges:
2017-03-16 12:34:07,639:INFO:certbot.auth_handler:http-01 challenge for justus.ebtc-online.org
2017-03-16 12:34:07,641:DEBUG:letsencrypt_plesk.api_client:Plesk API-RPC request: <?xml version="1.0" ?><packet><site><get><filter><name>justus.ebtc-online.org</name></filter><dataset><hosting/></dataset></get></site></packet>
2017-03-16 12:34:07,642:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): 127.0.0.1
2017-03-16 12:34:07,846:DEBUG:requests.packages.urllib3.connectionpool:"POST /enterprise/control/agent.php HTTP/1.1" 200 None
2017-03-16 12:34:07,847:DEBUG:letsencrypt_plesk.api_client:Plesk API-RPC response: <?xml version="1.0" encoding="UTF-8"?>
<packet version="1.6.8.0">
  <site>
    <get>
      <result>
        <status>ok</status>
        <filter-id>justus.ebtc-online.org</filter-id>
        <id>46</id>
        <data>
          <hosting>
            <vrt_hst>
              <property>
                <name>ftp_login</name>
                <value>webserver</value>
              </property>
              <property>
                <name>ftp_password</name>
                <value>**********************</value>
              </property>
              <property>
                <name>ftp_password_type</name>
                <value>plain</value>
              </property>
              <property>
                <name>ftp_quota</name>
                <value>-1</value>
              </property>
              <property>
                <name>ssl</name>
                <value>true</value>
              </property>
              <property>
                <name>ssl-redirect</name>
                <value>false</value>
              </property>
              <property>
                <name>shell</name>
                <value>/opt/psa/bin/chrootsh</value>
              </property>
              <property>
                <name>php</name>
                <value>true</value>
              </property>
              <property>
                <name>php_handler_id</name>
                <value>fpm</value>
              </property>
              <property>
                <name>unpaid_website_status</name>
                <value>disabled</value>
              </property>
              <property>
                <name>ssi</name>
                <value>false</value>
              </property>
              <property>
                <name>cgi</name>
                <value>true</value>
              </property>
              <property>
                <name>perl</name>
                <value>false</value>
              </property>
              <property>
                <name>python</name>
                <value>true</value>
              </property>
              <property>
                <name>asp</name>
                <value>false</value>
              </property>
              <property>
                <name>asp_dot_net</name>
                <value>false</value>
              </property>
              <property>
                <name>webstat</name>
                <value>awstats</value>
              </property>
              <property>
                <name>webstat_protected</name>
                <value>true</value>
              </property>
              <property>
                <name>errdocs</name>
                <value>true</value>
              </property>
              <property>
                <name>wuscripts</name>
                <value>false</value>
              </property>
              <property>
                <name>at_domains</name>
                <value>false</value>
              </property>
              <property>
                <name>fastcgi</name>
                <value>true</value>
              </property>
              <property>
                <name>cgi_mode</name>
                <value>webspace</value>
              </property>
              <property>
                <name>www_root</name>
                <value>/var/www/vhosts/ebtc-online.org/justus.ebtc-online.org</value>
              </property>
              <property>
                <name>certificate_name</name>
                <value>Lets Encrypt justus.ebtc-online.org</value>
              </property>
              <property>
                <name>open_basedir</name>
                <value>none</value>
              </property>
              <property>
                <name>post_max_size</name>
                <value>128M</value>
              </property>
              <property>
                <name>upload_max_filesize</name>
                <value>128M</value>
              </property>
              <property>
                <name>max_input_vars</name>
                <value>1500</value>
              </property>
              <property>
                <name>apache-restrict-follow-sym-links</name>
                <value>false</value>
              </property>
              <property>
                <name>nginx-proxy-mode</name>
                <value>true</value>
              </property>
              <property>
                <name>nginx-transparent-mode</name>
                <value>true</value>
              </property>
              <property>
                <name>nginx-serve-static</name>
                <value>false</value>
              </property>
              <property>
                <name>nginx-static-extensions</name>
                <value>ac3 avi bmp bz2 css cue dat doc docx dts eot exe flv gif gz htm html ico img iso jpeg jpg js mkv mp3 mp4 mpeg mpg ogg pdf png ppt pptx qt rar rm svg swf tar tgz ttf txt wav woff woff2 xls xlsx zip</value>
              </property>
              <property>
                <name>nginx-serve-php</name>
                <value>false</value>
              </property>
              <property>
                <name>additional-settings</name>
                <value>Redirect / https://justus.ebtc-online.org</value>
              </property>
              <property>
                <name>additional-ssl-settings</name>
                <value>RewriteEngine On
ProxyPass /.well-known !
ProxyPassReverse /.well-known !
ProxyPass / http://localhost:8443/
ProxyPassReverse / http://localhost:8443/</value>
              </property>
              <property>
                <name>additional-nginx-settings</name>
                <value/>
              </property>
              <ip_address>78.46.174.146</ip_address>
            </vrt_hst>
          </hosting>
        </data>
      </result>
    </get>
  </site>
</packet>

2017-03-16 12:34:07,864:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver file_exists /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge
2017-03-16 12:34:07,868:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver mkdir -p /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge
2017-03-16 12:34:07,872:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver cp2perm /tmp/tmp211DYz /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge/.htaccess 0644
2017-03-16 12:34:07,875:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver file_exists /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge
2017-03-16 12:34:07,878:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver cp2perm /tmp/tmpl5gvtX /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge/sdqggBgKQLcDetCrV4f90a6UVss_L4mHJyf2yG8m3p4 0644
2017-03-16 12:34:07,881:INFO:certbot.auth_handler:Waiting for verification...
2017-03-16 12:34:07,881:DEBUG:acme.client:JWS payload:
{
  "keyAuthorization": "sdqggBgKQLcDetCrV4f90a6UVss_L4mHJyf2yG8m3p4.QKPTjhQqogeu4nOAxgvvmcreqMH3mYCLQPDy_T3YO0Y", 
  "type": "http-01", 
  "resource": "challenge"
}
2017-03-16 12:34:07,883:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU/811019755:
{
  "header": {
    "alg": "RS256", 
    "jwk": {
      "e": "AQAB", 
      "kty": "RSA", 
      "n": "u0vvGiDxpQoLG7mi-stXNT31NOjYNfnvB0Z5AutEPeM3varwqzAcqGERC-Q2sepIMw169Z56ZtsS0iayKc1ipNDxaBTsBjW9IjcA3D_qfNfuKae7EL49w31ceJ1uBfEhix9avMvjZ7PYXXgPX07IQCpFHxZyW4bM1ApP9AEVOeKk-5PQO-h1CLphi682Wsq7LYxxCR5nacTfFkwYnABGQJPRysdZ5L3FPaG4meZoC3EfqVmq2PSKnsbvOZCOnVJuyRdE9vE7X51tV1onzt1ruHf8i1MbjC_2mA0Rldqtl9JgZVh_fXeWcn3BbLlxJ_vABee1aThm65mHkI8EbfEA9w"
    }
  }, 
  "protected": "eyJub25jZSI6ICIxb3NSMEJfQ0otelBESEFNVWZyTm5naS1SSnd3c1FVNlJfcEs2a1ZnS0owIn0", 
  "payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogInNkcWdnQmdLUUxjRGV0Q3JWNGY5MGE2VVZzc19MNG1ISnlmMnlHOG0zcDQuUUtQVGpoUXFvZ2V1NG5PQXhndnZtY3JlcU1IM21ZQ0xRUER5X1QzWU8wWSIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9", 
  "signature": "HWKwRhhFAFX2i5WYjGALlGtheDIOxkPfZkUmfuv2NM1UBR24i7BGX7ZqUZIGLf3eRMQO3AX0j1fYi8Buc-4d7Krmga1dcmAct7Yt_4lGNC3weyPpwTe-iXsnVkap5QtI5pALxGZ0Z6tXk8e3nX9nS5PcG8EaErz05jr2kc6fyYL4WHEhEOcQ4bDDHG7II1tjNrU_vBs5gFllLQOXiKJnCWUalRojISvLO1J6qDZ9jBmxdmhOS3xPuRiVtFJDXaVQbHMKm4nRKUe3JHWzPLB2o9F1X32zAybwC9-8qqj1hQJBXT8rwp7oMf_ST5N_aLihlnlLmevnmVLvfqaEaj3qCg"
}
2017-03-16 12:34:08,080:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU/811019755 HTTP/1.1" 202 335
2017-03-16 12:34:08,080:DEBUG:acme.client:Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 335
Boulder-Request-Id: j3Ebe8FoyHVGNFqdEtINpimbbK1LVNBqeUiJRz2H0ps
Boulder-Requester: 4486109
Link: <https://acme-v01.api.letsencrypt.org/acme/authz/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU>;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU/811019755
Replay-Nonce: H4RBsl_-T8c-fF7zXNhtakXxDURJVZubJvgfPgnv3vg
Expires: Thu, 16 Mar 2017 12:34:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Mar 2017 12:34:08 GMT
Connection: keep-alive

{
  "type": "http-01",
  "status": "pending",
  "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU/811019755",
  "token": "sdqggBgKQLcDetCrV4f90a6UVss_L4mHJyf2yG8m3p4",
  "keyAuthorization": "sdqggBgKQLcDetCrV4f90a6UVss_L4mHJyf2yG8m3p4.QKPTjhQqogeu4nOAxgvvmcreqMH3mYCLQPDy_T3YO0Y"
}
2017-03-16 12:34:08,081:DEBUG:acme.client:Storing nonce: H4RBsl_-T8c-fF7zXNhtakXxDURJVZubJvgfPgnv3vg
2017-03-16 12:34:11,082:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU.
2017-03-16 12:34:11,272:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU HTTP/1.1" 200 1937
2017-03-16 12:34:11,273:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1937
Boulder-Request-Id: TCE47BMcCvwEIXezuiXJ0qwS8m42zwBPhey2uzMfSLQ
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Replay-Nonce: 528KzpSaQeHxmXXVpu0zgl1ILk9HAeKufGlj4yBuR4I
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 16 Mar 2017 12:34:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Mar 2017 12:34:11 GMT
Connection: keep-alive

{
  "identifier": {
    "type": "dns",
    "value": "justus.ebtc-online.org"
  },
  "status": "invalid",
  "expires": "2017-03-23T12:34:07Z",
  "challenges": [
    {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU/811019753",
      "token": "y5TZj4xu3sheeWqyQrztlWIRNg3Ts5P9hJD5DZjncSE"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU/811019754",
      "token": "wtgF2SXxmx9SKRtDuwtPIePtxBP9hW8-iuO9gIoYeN0"
    },
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:acme:error:connection",
        "detail": "Could not connect to justus.ebtc-online.org.well-known",
        "status": 400
      },
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/GCfw0r-ILDmriYOtvGUPlAwpqsjLnJxiZjuqrl2dwiU/811019755",
      "token": "sdqggBgKQLcDetCrV4f90a6UVss_L4mHJyf2yG8m3p4",
      "keyAuthorization": "sdqggBgKQLcDetCrV4f90a6UVss_L4mHJyf2yG8m3p4.QKPTjhQqogeu4nOAxgvvmcreqMH3mYCLQPDy_T3YO0Y",
      "validationRecord": [
        {
          "url": "http://justus.ebtc-online.org/.well-known/acme-challenge/sdqggBgKQLcDetCrV4f90a6UVss_L4mHJyf2yG8m3p4",
          "hostname": "justus.ebtc-online.org",
          "port": "80",
          "addressesResolved": [
            "78.46.174.146"
          ],
          "addressUsed": "78.46.174.146"
        },
        {
          "url": "https://justus.ebtc-online.org.well-known/acme-challenge/sdqggBgKQLcDetCrV4f90a6UVss_L4mHJyf2yG8m3p4",
          "hostname": "justus.ebtc-online.org.well-known",
          "port": "443",
          "addressesResolved": [],
          "addressUsed": ""
        }
      ]
    }
  ],
  "combinations": [
    [
      1
    ],
    [
      2
    ],
    [
      0
    ]
  ]
}
2017-03-16 12:34:11,273:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: justus.ebtc-online.org
Type:   connection
Detail: Could not connect to justus.ebtc-online.org.well-known

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2017-03-16 12:34:11,274:INFO:certbot.auth_handler:Cleaning up challenges
2017-03-16 12:34:11,274:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver file_exists /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge/web.config
2017-03-16 12:34:11,278:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver file_exists /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge
2017-03-16 12:34:11,281:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver list both /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge
2017-03-16 12:34:11,284:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver file_exists /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge/.htaccess
2017-03-16 12:34:11,286:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver rm /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge/.htaccess
2017-03-16 12:34:11,290:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver file_exists /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge
2017-03-16 12:34:11,292:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver list both /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge
2017-03-16 12:34:11,295:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver file_exists /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge/sdqggBgKQLcDetCrV4f90a6UVss_L4mHJyf2yG8m3p4
2017-03-16 12:34:11,298:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver rm /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge/sdqggBgKQLcDetCrV4f90a6UVss_L4mHJyf2yG8m3p4
2017-03-16 12:34:11,301:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver file_exists /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge
2017-03-16 12:34:11,303:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver list both /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge
2017-03-16 12:34:11,306:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver rmdir /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known/acme-challenge
2017-03-16 12:34:11,309:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver file_exists /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known
2017-03-16 12:34:11,312:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver list both /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known
2017-03-16 12:34:11,314:DEBUG:letsencrypt_plesk.api_client:Plesk exec: /usr/local/psa/admin/bin/filemng webserver rmdir /var/www/vhosts/ebtc-online.org/justus.ebtc-online.org/.well-known
2017-03-16 12:34:11,318:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/psa/var/modules/letsencrypt/venv/bin/certbot", line 11, in <module>
    sys.exit(main())
  File "/usr/local/psa/var/modules/letsencrypt/venv.5eosw/lib/python2.7/site-packages/certbot/main.py", line 896, in main
    return config.func(config, plugins)
  File "/usr/local/psa/var/modules/letsencrypt/venv.5eosw/lib/python2.7/site-packages/certbot/main.py", line 607, in run
    certname, lineage)
  File "/usr/local/psa/var/modules/letsencrypt/venv.5eosw/lib/python2.7/site-packages/certbot/main.py", line 87, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/local/psa/var/modules/letsencrypt/venv.5eosw/lib/python2.7/site-packages/certbot/renewal.py", line 296, in renew_cert
    new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
  File "/usr/local/psa/var/modules/letsencrypt/venv.5eosw/lib/python2.7/site-packages/certbot/client.py", line 265, in obtain_certificate
    self.config.allow_subset_of_names)
  File "/usr/local/psa/var/modules/letsencrypt/venv.5eosw/lib/python2.7/site-packages/certbot/auth_handler.py", line 77, in get_authorizations
    self._respond(resp, best_effort)
  File "/usr/local/psa/var/modules/letsencrypt/venv.5eosw/lib/python2.7/site-packages/certbot/auth_handler.py", line 134, in _respond
    self._poll_challenges(chall_update, best_effort)
  File "/usr/local/psa/var/modules/letsencrypt/venv.5eosw/lib/python2.7/site-packages/certbot/auth_handler.py", line 198, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. justus.ebtc-online.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to justus.ebtc-online.org.well-known

@PhilippCh
Copy link

Have you found any solution to this? It's preventing me from securing my subdomains. Somehow it works on my root domain though.

@metaxy
Copy link
Author

metaxy commented Mar 18, 2017

No, not yet.

You are right in the obersavation that it fails only for subdomains. Thats interesting.

@UFHH01
Copy link

UFHH01 commented Apr 27, 2017

Hi metaxy and PhilippCh,

if you experience such issues, pls. consider to open a bug - report at for example: => https://talk.plesk.com/threads/php-version-and-handler-could-not-changed.342932/, so that the Plesk - Team - Members in the forum are able to pass it over to the Plesk developpers. ;-)

@Bitpalast
Copy link

It is failing for an add-on domain configured as web space in our case, too.

@Bitpalast
Copy link

I have reported it in https://talk.plesk.com/threads/ssl-certificate-renewal-is-failing-for-an-add-on-domain-slash-missing-from-well-known.342953/
We consider this an urgent issue, because it can affect very many customers here soon when their renewal date is up.

@UFHH01
Copy link

UFHH01 commented Apr 30, 2017

Issue solved for Bitpalast: => https://talk.plesk.com/threads/ssl-certificate-renewal-is-failing-for-an-add-on-domain-slash-missing-from-well-known.342953/#post-825456

@metaxy
Copy link
Author

metaxy commented May 3, 2017

It was solved for me by not redirecting to https.

@EmmanuelBeziat EmmanuelBeziat mentioned this issue May 9, 2017
Closed
@EmmanuelBeziat
Copy link

I had the same issue. I was using Nginx as a reverse-proxy for apache, and here's the problem:

<VirtualHost 127.0.0.1:8082>
	ServerName ***.com
	ServerAlias ***.com

	Redirect permanent / http://www.***.com
</VirtualHost>

The last line must end with a / for the redirection. It wasn’t happening on the previous version of the tool.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@metaxy @PhilippCh @EmmanuelBeziat @Bitpalast @UFHH01