Welcome to Centmin Mod Community
Become a Member

Nginx LetsEncrypt Error

Discussion in 'Beta release code' started by cloud9, Jan 9, 2024.

  1. cloud9

    cloud9 Premium Member Premium Member

    424
    117
    43
    Oct 6, 2015
    England
    Ratings:
    +217
    Local Time:
    11:41 PM
    1.25.3
    10.6.x
    Please fill in any relevant information that applies to you:
    • CentOS Version: Alma 8.x latest
    • Centmin Mod Version Installed: 130.00beta01
    • Nginx Version Installed: 1.25.3
    • PHP Version Installed: 8.1.25
    • MariaDB MySQL Version Installed: 10.6.
    • When was last time updated Centmin Mod code base ? : today
    • Persistent Config:
      Code:
      #### Installed by Centminmod##############
      CENTOS_ALPHATEST='y'
      NGINX_VERSION='1.23.2'
      NGINX_ONETWOTHREE_COMPAT='y'
      DEVTOOLSETTEN='n'
      DEVTOOLSETELEVEN='y'
      #SELFSIGNEDSSL_ECDSA='y'
      #PHPFINFO='y'
      
      MARCH_TARGETNATIVE='n'
      ##########################################
      
      #####################################################
      # CSF FIREWALL
      # PORTFLOOD Configuration
      # https://community.centminmod.com/threads/14708/
      # Setting CSFPORTFLOOD_OVERRIDE='y' allows you to
      # override default CSF Firewall PORTFLOOD values set
      # by Centmin Mod initial install. If end user made
      # custom changes to PORTFLOOD values, the override
      # will not work. Override only works if end user has
      # not made custom changes to PORTFLOOD values to ensure
      # end users customisations do not get overwritten
      CSFPORTFLOOD_OVERRIDE='y'
      # max hit count value allowed is 20
      PORTFLOOD_COUNT=20
      # lowering interval in seconds allows for more
      # port flood hits against default TCP port 21
      PORTFLOOD_INTERVAL=300
      #####################################################
      
      # enable letsencrypt ssl certificate + dual RSA+ECDSA ssl certs https://centminmod.com/acmetool/
      # https://community.centminmod.com/threads/official-acmetool-sh-testing-thread-for-centmin-mod-123-09beta01.8290/
      LETSENCRYPT_DETECT='y'
      DUALCERTS='y'
      
      # Add custom curl to update curl to 8.x latest
      # https://community.centminmod.com/threads/update-addons-customcurl-sh-custom_curlrpm-y-routine-in-123-09beta01.17503/
      CUSTOM_CURLRPM=y
      
      # Force SSL to only using TLSv1.2 or TLSv1.2 + TLSv1.3 (when using OpenSSL 1.1.1 or BoringsSSL)
      #https://community.centminmod.com/threads/add-ssl_protocol_modern-variable-in-123-09beta01.19715/#post-83781
      SSL_PROTOCOL_MODERN='y'
      
      # Enable Rclone and Dropbox to enable sharing Logs
      #https://community.centminmod.com/threads/centmin-mod-nginx-1-21-5-pcre2-beta-testing.22326/#post-91386
      RCLONE_ENABLE='y'
      DROPBOX_SEND='y'
      
      #replace older PCRE2 8.x library with 10.x library
      #https://community.centminmod.com/threads/centmin-mod-nginx-1-21-5-pcre2-beta-testing.22326/#post-91354
      NGINX_PCRE_TWO='y'
      
      # dynamically tune nginx ssl_session_cache in /usr/local/nginx/conf/ssl_include.conf based on system detected memory
      # https://community.centminmod.com/posts/76615/
      NGINX_SSLCACHE_ALLOWOVERRIDE='y'
      
      # override Nginx default OCSP response cache refresh time 1h (3600 seconds) to 24hrs (86400 seconds)
      # https://community.centminmod.com/threads/19515/
      #NGINX_STAPLE_CACHE_OVERRIDE='y'
      #NGINX_STAPLE_CACHE_TTL='86400'
      
      # SET_DEFAULT_MYSQLCHARSET='utf8mb4' to override MariaDB MySQL
      # default characterset and collation from default utf8 to utf8mb4
      # https://community.centminmod.com/threads/17949/
      SET_DEFAULT_MYSQLCHARSET='utf8mb4'
      
      # enable nginx backlog override https://community.centminmod.com/threads/17620/
      #AUTOHARDTUNE_NGINXBACKLOG='y'
      
      # enable zstd compressed logrotation for nginx & php-fpm https://community.centminmod.com/threads/16374/
      ZSTD_LOGROTATE_NGINX='y'
      ZSTD_LOGROTATE_PHPFPM='y'
      
      # enable ECC 256bit ECDSA self-signed SSL certificate generation https://community.centminmod.com/posts/82177/
      SELFSIGNEDSSL_ECDSA='y'
      
      # COMMENTED OUT DEFAULT - enable nginx zero downtime on the fly nginx binary upgrades https://community.centminmod.com/threads/8000/
      # NGINX_ZERODT='y'
      
      # COMMENTED OUT - REQUIRES CENTOS KERNEL 5.1 or ABOVE - CHECK VERSION FIRST WITH uname -r
      # CARE WHEN UPGRADING KERNEL - BEST NOT TO DO ON A LIVE SERVER
      # SEE https://community.centminmod.com/threads/add-nginx_iouring_patch-variable-support-in-123-09beta01.18075/#post-76552
      # NGINX_IOURING_PATCH='y'
      
      # enable brotli compression https://community.centminmod.com/threads/10688/
      #NGINX_LIBBROTLI='y'
      #NGXDYNAMIC_BROTLI='y'
      
      #enable MariaDB 10.4,5 & 6
      ENABLE_MARIADBTENFOURUPGRADE='y'
      ENABLE_MARIADBTENFIVEUPGRADE='y'
      ENABLE_MARIADBTENSIXUPGRADE='y'
      
      
      # boost PHP 7 performance by enabling Profile Guided Optimisation flag
      # https://centminmod.com/perf/
      # will dramatically increase PHP-FPM compile/install times but result in
      # 5-20% faster PHP 7+ performance. PHP_PGO='y' only works with servers with
      # 2+ or more cpu threads. However, you can force PHP PGO optimisations with
      # 1 cpu thread servers via PHP_PGO_ALWAYS='y'
      #PHP_PGO_ALWAYS='y'
      #PHP_PGO='y'
      
      # php compression extensions https://community.centminmod.com/posts/70777/
      #PHP_BROTLI='y'
      #PHP_LZFOUR='y'
      #PHP_LZF='y'
      #PHP_ZSTD='y'
      
      # php file info
      PHPFINFO='y'
      
      # enable centmin.sh menu option 22 WordPress Cache Enabler Query String inclusions
      # https://community.centminmod.com/posts/85927/
      # WPCLI_CE_QUERYSTRING_INCLUDED='y'
      
      # Set PHP version
      # PHP versions - https://www.php.net/downloads.php
      # https://community.centminmod.com/threads/php-8-0-0-ga-stable-release.20739/#post-87309
      PHP_VERSION='8.1.27'
      
      # PHP version checks
      # https://community.centminmod.com/threads/add-optional-php-version-check-in-123-09beta01.19334/
      DMOTD_PHPCHECK='y'
      
      # Enable VHost Stats
      # see https://community.centminmod.com/threads/add-ngxdynamic_vhoststats-option-support-for-nginx-module-vts-module.12913/#post-54842
      #NGINX_VHOSTSTATS=y
      
      #Enable Max Mind GeoIP
      #see https://community.centminmod.com/threads/how-to-enable-geoip-2-lite-nginx-module-support.17165/
      #MM_LICENSE_KEY='XXXXXXXXXXXXX'
      #NGINX_GEOIPTWOLITE='y'
      #NGXDYNAMIC_GEOIPTWOLITE='y'
      

    Getting this, DNS fine at NameCheap, dig command shows the correct server IP address

    Code:
    [Mon Jan  8 16:50:45 UTC 2024] Invalid status, MYWWWSITE.bike:Verify error detail:MYIPADDRE(xx.xx.xx.xx): Fetching http://MYWWWSITE.bike/.well-known/acme-challenge/rdpfUWoFWZOLmHl-zE9HWzZaxF_4iKxEI1bNwCT0T1k: Connection refused
    DIG

    Code:
    [16:56][root@alma.MYSERVER.com addons]# dig MYWEBSITE.bike +short
    xx.xx.xx.xx *correct IP returned but obscured)
    Not sure ?

     
  2. cloud9

    cloud9 Premium Member Premium Member

    424
    117
    43
    Oct 6, 2015
    England
    Ratings:
    +217
    Local Time:
    11:41 PM
    1.25.3
    10.6.x
    forgot the output from curl

    Code:
    [16:56][root@alma.MYSERVER.com addons]# curl -I https://MYWWWSITE.bike
    curl: (7) Failed to connect to MYWWWSITE.bike port 443: Connection refused
    [17:02][root@alma.MYSERVER.com addons]# curl -I http://MYWWWSITE.bike
    HTTP/1.1 200 OK
    Date: Mon, 08 Jan 2024 17:36:07 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 4515
    Last-Modified: Fri, 17 Mar 2023 20:09:11 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
    ETag: "6414c8e7-11a3"
    Server: nginx centminmod
    X-Powered-By: centminmod
    Accept-Ranges: bytes
    [17:02][root@alma.MYSERVER.com addons]# curl -I http://www.MYWWWSITE.bike
    HTTP/1.1 200 OK
    Date: Mon, 08 Jan 2024 17:36:07 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 4515
    Last-Modified: Fri, 17 Mar 2023 20:09:11 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
    ETag: "6414c8e7-11a3"
    Server: nginx centminmod
    X-Powered-By: centminmod
    Accept-Ranges: bytes
    [17:03][root@alma.MYSERVER.com addons]# curl -I https://www.MYWWWSITE.bike
    curl: (7) Failed to connect to www.MYWWWSITE.bike port 443: Connection refused
    This was using option 22 - Wordpress and host install with option 4 for Letsencrypt HTTPS default (no self signed)

    Also going to www.MYWEBSITE.bike - I get the CMM installer page - not a WP page and /wp-admin doesnt work either - even though wp did install looking at the script
     
    Last edited: Jan 9, 2024
  3. cloud9

    cloud9 Premium Member Premium Member

    424
    117
    43
    Oct 6, 2015
    England
    Ratings:
    +217
    Local Time:
    11:41 PM
    1.25.3
    10.6.x
    More info

    Looking at FTP - WP is installed - All there inc wp-admin - Yet the myWWWsite.bike goes to the cmm installer page and not any wp page including the admin page

    I am guessing this is why lets encrypt is throwing an error ?

    I must be getting old and missing something........

    Screenshot 2024-01-08 at 18.43.19.png
     
  4. cloud9

    cloud9 Premium Member Premium Member

    424
    117
    43
    Oct 6, 2015
    England
    Ratings:
    +217
    Local Time:
    11:41 PM
    1.25.3
    10.6.x
    Thought I would restart nginx

    Code:
    Job for nginx.service failed because the control process exited with error code.
    See "systemctl status nginx.service" and "journalctl -xe" for details.
    Have these two logs - just need to clean them - but going to roll back to yesterdays backup as no sites are up now :(
     
  5. cloud9

    cloud9 Premium Member Premium Member

    424
    117
    43
    Oct 6, 2015
    England
    Ratings:
    +217
    Local Time:
    11:41 PM
    1.25.3
    10.6.x
    Ok rolled back (logs to follow)

    All good nginx restarts

    Option 22 - new wp site - SSL opt 4 - Letsencrypt fails - then nginx wont restart - same error as above

    ill roll back to the working backup and then if you want me to check anything I can do it all again
     
  6. cloud9

    cloud9 Premium Member Premium Member

    424
    117
    43
    Oct 6, 2015
    England
    Ratings:
    +217
    Local Time:
    11:41 PM
    1.25.3
    10.6.x
    adding

    Code:
    [19:29][root@alma.MYSERVER.com ~]# systemctl status nginx.service
    ● nginx.service - Centmin Mod NGINX Server
       Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
      Drop-In: /etc/systemd/system/nginx.service.d
               └─failure-restart.conf, openfileslimit.conf
       Active: failed (Result: exit-code) since Mon 2024-01-08 19:26:30 UTC; 2min 59s ago
      Process: 3083072 ExecStartPre=/usr/local/sbin/nginx -t (code=exited, status=1/FAILURE)
     Main PID: 3073034 (code=exited, status=0/SUCCESS)
    
    Jan 08 19:26:24 alma.MYSERVER.com systemd[1]: nginx.service: Control process exited, code=exited status=1
    Jan 08 19:26:24 alma.MYSERVER.com systemd[1]: nginx.service: Failed with result 'exit-code'.
    Jan 08 19:26:24 alma.MYSERVER.com systemd[1]: Failed to start Centmin Mod NGINX Server.
    Jan 08 19:26:30 alma.MYSERVER.com systemd[1]: nginx.service: Service RestartSec=5s expired, scheduling restart.
    Jan 08 19:26:30 alma.MYSERVER.com systemd[1]: nginx.service: Scheduled restart job, restart counter is at 5.
    Jan 08 19:26:30 alma.MYSERVER.com systemd[1]: Stopped Centmin Mod NGINX Server.
    Jan 08 19:26:30 alma.MYSERVER.com systemd[1]: nginx.service: Start request repeated too quickly.
    Jan 08 19:26:30 alma.MYSERVER.com systemd[1]: nginx.service: Failed with result 'exit-code'.
    Jan 08 19:26:30 alma.MYSERVER.com systemd[1]: Failed to start Centmin Mod NGINX Server.
    [19:29][root@alma.MYSERVER.com ~]#              
    Code:
    [19:28][root@alma.MYSERVER.com ~]# journalctl -xe
    -- the configured Restart= setting for the unit.
    Jan 08 19:26:30 alma.MYSERVER.com systemd[1]: Stopped Centmin Mod NGINX Server.
    -- Subject: Unit nginx.service has finished shutting down
    -- Defined-By: systemd
    -- Support: https://access.redhat.com/support
    --
    -- Unit nginx.service has finished shutting down.
    Jan 08 19:26:30 alma.MYSERVER.com systemd[1]: nginx.service: Start request repeated too quickly.
    Jan 08 19:26:30 alma.MYSERVER.com systemd[1]: nginx.service: Failed with result 'exit-code'.
    -- Subject: Unit failed
    -- Defined-By: systemd
    -- Support: https://access.redhat.com/support
    --
    -- The unit nginx.service has entered the 'failed' state with result 'exit-code'.
    Jan 08 19:26:30 alma.MYSERVER.com systemd[1]: Failed to start Centmin Mod NGINX Server.
    -- Subject: Unit nginx.service has failed
    -- Defined-By: systemd
    -- Support: https://access.redhat.com/support
    --
    -- Unit nginx.service has failed.
    --
    -- The result is failed.
    Jan 08 19:26:30 alma.MYSERVER.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:02:02:c2:46:d2:74:7f:6e:37:e3:08:00 SRC=193.35.18.30 DST=78.47.232.10 LEN=40 TOS>
    Jan 08 19:26:32 alma.MYSERVER.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:02:02:c2:46:d2:74:7f:6e:37:e3:08:00 SRC=193.35.18.30 DST=78.47.232.10 LEN=40 TOS>
    Jan 08 19:26:35 alma.MYSERVER.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:02:02:c2:46:d2:74:7f:6e:37:e3:08:00 SRC=79.124.62.78 DST=78.47.232.10 LEN=40 TOS>
    Jan 08 19:26:38 alma.MYSERVER.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:02:02:c2:46:d2:74:7f:6e:37:e3:08:00 SRC=45.148.10.81 DST=78.47.232.10 LEN=60 TOS>
    Jan 08 19:26:48 alma.MYSERVER.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:02:02:c2:46:d2:74:7f:6e:37:e3:08:00 SRC=77.90.185.130 DST=78.47.232.10 LEN=40 TO>
    Jan 08 19:26:48 alma.MYSERVER.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:02:02:c2:46:d2:74:7f:6e:37:e3:08:00 SRC=79.124.62.78 DST=78.47.232.10 LEN=40 TOS>
    Jan 08 19:27:12 alma.MYSERVER.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:02:02:c2:46:d2:74:7f:6e:37:e3:08:00 SRC=79.124.49.130 DST=78.47.232.10 LEN=44 TO>
    Jan 08 19:27:13 alma.MYSERVER.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:02:02:c2:46:d2:74:7f:6e:37:e3:08:00 SRC=xx.xx.xx.xx DST=78.47.232.10 LEN=40 TOS>
    Jan 08 19:27:17 alma.MYSERVER.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:02:02:c2:46:d2:74:7f:6e:37:e3:08:00 SRC=77.90.185.127 DST=78.47.232.10 LEN=40 TO>
    Jan 08 19:27:47 alma.MYSERVER.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:02:02:c2:46:d2:74:7f:6e:37:e3:08:00 SRC=79.124.60.138 DST=78.47.232.10 LEN=44 TO>
    Jan 08 19:27:50 alma.MYSERVER.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:02:02:c2:46:d2:74:7f:6e:37:e3:08:00 SRC=138.197.171.71 DST=78.47.232.10 LEN=40 T>
    Jan 08 19:28:05 alma.MYSERVER.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:02:02:c2:46:d2:74:7f:6e:37:e3:08:00 SRC=91.92.244.219 DST=78.47.232.10 LEN=44 TO>
    Jan 08 19:28:07 alma.MYSERVER.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:02:02:c2:46:d2:74:7f:6e:37:e3:08:00 SRC=91.92.244.219 DST=78.47.232.10 LEN=44 TO>
    Jan 08 19:28:14 alma.MYSERVER.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:02:02:c2:46:d2:74:7f:6e:37:e3:08:00 SRC=183.136.225.29 DST=78.47.232.10 LEN=44 T>
    lines 2205-2240/2240 (END)      
     
  7. eva2000

    eva2000 Administrator Staff Member

    52,657
    12,071
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,597
    Local Time:
    8:41 AM
    Nginx 1.25.x
    MariaDB 10.x
    What does nginx config test check output return
    Code (Text):
    nginx -t


    Does your server have IPv6 enabled with nginx vhost setup with IPv6 listen directives too? Do you have domain with both IPv4 IP address and IPv6 IP Addresses set in DNS ?
     
  8. cloud9

    cloud9 Premium Member Premium Member

    424
    117
    43
    Oct 6, 2015
    England
    Ratings:
    +217
    Local Time:
    11:41 PM
    1.25.3
    10.6.x
    This is with a rolled back cmm install - all sites working - no new site added

    Nginx will restart

    Code:
    [16:10][root@alma.MYSERVER.com ~]# nginx -t
    nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
    [16:10][root@alma.MYSERVER.com ~]#             
    Ill now install a new WP site with the LE error and do nginx -t

    And no IPV6 on CMM or at the DNS

    Ok run CMM - 22 - Letsencrypt option 4

    Get same error as posted above

    Exited CMM

    Ran Nginx -t

    Code:
    [16:20][root@alma.MYSERVER.com ~]# nginx -t
    nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /usr/local/nginx/conf/conf.d/MYWWWSITE.bike.ssl.conf:13
    nginx: [emerg] duplicate listen options for 0.0.0.0:443 in /usr/local/nginx/conf/conf.d/MYWWWSITE.bike.ssl.conf:13
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
    [16:20][root@alma.MYSERVER.com ~]#   
     
  9. cloud9

    cloud9 Premium Member Premium Member

    424
    117
    43
    Oct 6, 2015
    England
    Ratings:
    +217
    Local Time:
    11:41 PM
    1.25.3
    10.6.x
    If I comment out line 13 - nginx test is successful apart from the warnings

    Code:
    [16:24][root@alma.MYSERVER.com ~]# nginx -t
    nginx: [warn] conflicting server name "MYWWWSITE.bike" on 0.0.0.0:80, ignored
    nginx: [warn] conflicting server name "www.MYWWWSITE.bike" on 0.0.0.0:80, ignored
    nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
    [16:24][root@alma.MYSERVER.com ~]# 
    But no SSL cert and the site directs to the CMM installer page
     
  10. eva2000

    eva2000 Administrator Staff Member

    52,657
    12,071
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,597
    Local Time:
    8:41 AM
    Nginx 1.25.x
    MariaDB 10.x
    What was involved and how was it rolled back?
     
  11. cloud9

    cloud9 Premium Member Premium Member

    424
    117
    43
    Oct 6, 2015
    England
    Ratings:
    +217
    Local Time:
    11:41 PM
    1.25.3
    10.6.x
    Hetzner Server - Restore from backup - full vps restore rolled back
     
  12. eva2000

    eva2000 Administrator Staff Member

    52,657
    12,071
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,597
    Local Time:
    8:41 AM
    Nginx 1.25.x
    MariaDB 10.x
    When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
    Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

    what is output of these commands in ssh you already posted this but just for readers sake
    Code (Text):
    curl -I https://domain.com
    

    Code (Text):
    curl -I https://www.domain.com
    

    Code (Text):
    curl -I http://domain.com
    

    Code (Text):
    curl -I http://www.domain.com
    

    wrap output in CODE tags
     
  13. cloud9

    cloud9 Premium Member Premium Member

    424
    117
    43
    Oct 6, 2015
    England
    Ratings:
    +217
    Local Time:
    11:41 PM
    1.25.3
    10.6.x
    Bugger - I did all that a few days ago - and didnt post it - http was good - https was bad - all the directories were made for the new site

    Will do curl again and re-post
     
  14. cloud9

    cloud9 Premium Member Premium Member

    424
    117
    43
    Oct 6, 2015
    England
    Ratings:
    +217
    Local Time:
    11:41 PM
    1.25.3
    10.6.x
    Installed host under option 22 and then ran curl - errors for install on LE as above (always the same)

    Curl

    Code:
    [07:22][root@alma.MYSERVER.com centminmod]# curl -I https://MYWWWSITE.bike
    curl: (51) SSL: no alternative certificate subject name matches target host name 'MYWWWSITE.bike'
    [07:23][root@alma.MYSERVER.com centminmod]# curl -I https://www.MYWWWSITE.bike
    curl: (51) SSL: no alternative certificate subject name matches target host name 'www.MYWWWSITE.bike'
    [07:23][root@alma.MYSERVER.com centminmod]# curl -I http://www.MYWWWSITE.bike
    HTTP/1.1 200 OK
    Date: Wed, 10 Jan 2024 07:23:36 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 4515
    Last-Modified: Fri, 17 Mar 2023 20:09:11 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
    ETag: "6414c8e7-11a3"
    Server: nginx centminmod
    X-Powered-By: centminmod
    Accept-Ranges: bytes
    
    [07:23][root@alma.MYSERVER.com centminmod]# curl -I http://MYWWWSITE.bike
    HTTP/1.1 200 OK
    Date: Wed, 10 Jan 2024 07:23:42 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 4515
    Last-Modified: Fri, 17 Mar 2023 20:09:11 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
    ETag: "6414c8e7-11a3"
    Server: nginx centminmod
    X-Powered-By: centminmod
    Accept-Ranges: bytes
    
    [07:23][root@alma.MYSERVER.com centminmod]#   
    Nginx -t

    Code:
    [07:23][root@alma.MYSERVER.com centminmod]# nginx -t
    nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /usr/local/nginx/conf/conf.d/MYWWWSITE.bike.ssl.conf:13
    nginx: [emerg] duplicate listen options for 0.0.0.0:443 in /usr/local/nginx/conf/conf.d/MYWWWSITE.bike.ssl.conf:13
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
    [07:26][root@alma.MYSERVER.com centminmod]#        
     
  15. cloud9

    cloud9 Premium Member Premium Member

    424
    117
    43
    Oct 6, 2015
    England
    Ratings:
    +217
    Local Time:
    11:41 PM
    1.25.3
    10.6.x
    Output of the two files

    cat MYWWWSITE.bike.conf

    There is no file as I chose Option 4 for for https only

    cat MYWWWSITE.bike.ssl.conf

    Code:
    #x# HTTPS-DEFAULT
     server {
       listen   80;
    #x#   listen   [::]:80;
       server_name MYWWWSITE.bike www.MYWWWSITE.bike;
       return 302 https://MYWWWSITE.bike$request_uri;
       root /home/nginx/domains/MYWWWSITE.bike/public;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2 reuseport;
    
      server_name MYWWWSITE.bike www.MYWWWSITE.bike;
    
      include /usr/local/nginx/conf/ssl/MYWWWSITE.bike/MYWWWSITE.bike.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/MYWWWSITE.bike/origin.crt;
      #ssl_verify_client on;
    
    
    
      # mozilla recommended
      ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/MYWWWSITE.bike/log/access.log combined buffer=256k flush=5m;
      #access_log /home/nginx/domains/MYWWWSITE.bike/log/access.json main_json buffer=256k flush=5m;
      error_log /home/nginx/domains/MYWWWSITE.bike/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/MYWWWSITE.bike/autoprotect-MYWWWSITE.bike.conf;
      root /home/nginx/domains/MYWWWSITE.bike/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      #include /usr/local/nginx/conf/wpincludes/MYWWWSITE.bike/wpcacheenabler_MYWWWSITE.bike.conf;
      #include /usr/local/nginx/conf/wpincludes/MYWWWSITE.bike/wpsupercache_MYWWWSITE.bike.conf;
      # https://community.centminmod.com/posts/18828/
      include /usr/local/nginx/conf/wpincludes/MYWWWSITE.bike/rediscache_MYWWWSITE.bike.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # for wordpress super cache plugin
      #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
    
      # for wp cache enabler plugin
      #try_files $cache_enabler_uri_webp $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args;
    
      # Wordpress Permalinks
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      # Nginx level redis Wordpress
      # https://community.centminmod.com/posts/18828/
      try_files $uri $uri/ /index.php?$args;
    
      }
    
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        #auth_basic "Private";
        #auth_basic_user_file /home/nginx/domains/MYWWWSITE.bike/htpasswd_wplogin;
        #include /usr/local/nginx/conf/php-wpsc.conf;
    
        # https://community.centminmod.com/posts/18828/
        include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        #include /usr/local/nginx/conf/php-wpsc.conf;
        # https://jetpack.com/support/hosting-faq/
        include /usr/local/nginx/conf/jetpack_whitelist_ip.conf;
    
        # https://community.centminmod.com/posts/18828/
        include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /wp-admin/(load-scripts\.php) {
        limit_req zone=xwprpc burst=5 nodelay;
        #limit_conn xwpconlimit 30;
        #include /usr/local/nginx/conf/php-wpsc.conf;
    
        # https://community.centminmod.com/posts/18828/
        include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /wp-admin/(load-styles\.php) {
        limit_req zone=xwprpc burst=5 nodelay;
        #limit_conn xwpconlimit 30;
        #include /usr/local/nginx/conf/php-wpsc.conf;
    
        # https://community.centminmod.com/posts/18828/
        include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
      include /usr/local/nginx/conf/wpincludes/MYWWWSITE.bike/wpsecure_MYWWWSITE.bike.conf;
      #include /usr/local/nginx/conf/php-wpsc.conf;
    
      # https://community.centminmod.com/posts/18828/
      include /usr/local/nginx/conf/php-rediscache.conf;
      include /usr/local/nginx/conf/pre-staticfiles-local-MYWWWSITE.bike.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    [07:55][root@alma.MYSERVER.com conf.d]#      
     
  16. eva2000

    eva2000 Administrator Staff Member

    52,657
    12,071
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,597
    Local Time:
    8:41 AM
    Nginx 1.25.x
    MariaDB 10.x
    Those are different errors from previous ones and haven't seen these before.

    First try running your intended SSL certificate domain through the letsdebug.net online testing tool to check for potential errors with HTTP-01 validation. If you created Centmin Mod 123.09beta01 or higher Nginx site with Letsencrypt via centmin.sh menu option 2, 22 or nv command line, you now also have an automatic letsdebug.net API check log saved at /root/centminlogs/letsdebug-yourdomain.com-${DT}.log where yourdomain.com is domain specified during nginx vhost creation and DT is date/timestamp. Inspecting the /root/centminlogs/letsdebug-yourdomain.com-${DT}.log log will also give you clues as to why letsencrypt SSL certificate issuance failed. You can provide via private message to me the unredacted version if you want.

    Troubleshooting



    There are various steps you can do to troubleshoot failed letsencrypt issuances, renews, reissues etc.
    • acmetool.sh logs all command line or shell menu runs to log files at /root/centminlogs. To troubleshoot, copy the contents of the log run and post contents of log to pastebin.com or gist.github.com and share link in this thread. To find the log list the logs in ascending date order
      Code (Text):
      ls -lahrt /root/centminlogs
      .
    • You can also do a quick grep filter on all previous and current acmetool.sh runs of the underlying acme.sh client for errors listed in errordetails field of each log using the command below:
      Code (Text):
      find /root/centminlogs/ -type f -name 'acme*.log' -printf '%TY-%Tm-%Td %TH:%TM:%TS %p\n' | sort | awk '{print $3}' | xargs -d '\n' grep -i 'errordetail'
      
    • For direct acmetool.sh runs, there should be a 2nd & 3rd & 4th log in format /root/centminlogs/centminmod_${DT}_nginx_addvhost_nv.log and /root/centminlogs/acmetool.sh-debug-log-$DT.log and /root/centminlogs/acmesh-issue_*.log or /root/centminlogs/acmesh-reissue_*.log which would need to be included via separate pastebin.com or gist.github.com post.
    • Enable acmetool.sh debug mode. In persistent config file at /etc/centminmod/custom_config.inc (create it if doesn't exist) add and enable acmetool.sh debug mode which gives much more verbose letsencrypt issuance process information when you re-run acmetool.sh or centmin.sh menu options 2, 22 or /usr/bin/nv command lines.
      Code (Text):
      ACMEDEBUG='y'
    If acme.sh auto renewals didn't happen, check output for the following commands
    Code (Text):
    grep acme /var/log/cron* | sed -e "s|$(hostname -s)|host|g"
    

    Code (Text):
    echo y | /usr/local/src/centminmod/addons/acmetool.sh checkdates
    

    Code (Text):
    "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"
    

    Code (Text):
    echo | openssl s_client -connect yourdomain.com:443
    

    Without the answers to above questions and logs, there is nothing to help troubleshoot.

    SSLLabs Test



    Also run your HTTPS domain site through SSLLabs tester at SSL Server Test (Powered by Qualys SSL Labs) if it says untrusted SSL cert and prompts to continue the test, continue the test.

    Cloudflare



    If you use Cloudflare, instead of the default Letsencrypt web root validation, you can use Cloudflare's DNS API for Letsencrypt DNS validation for your domain. See the outline at bottom of page at Letsencrypt Free SSL Certificates
     
  17. cloud9

    cloud9 Premium Member Premium Member

    424
    117
    43
    Oct 6, 2015
    England
    Ratings:
    +217
    Local Time:
    11:41 PM
    1.25.3
    10.6.x
    Log PM'd

    And

    Code:
    /root/centminlogs/acmetool.sh-debug-log-100124-072211.log:[Wed Jan 10 07:22:27 UTC 2024] errordetail='XX.XX.XX.XX: Invalid response from http://MYWWWSITE.bike/.well-known/acme-challenge/0vV2CtqFodswYJXsXI3xsQ4JBlj75QmwL2vJuVLv9d0: 404'
    Will enable

    Code:
    ACMEDEBUG='y'
    And re run option 22 to install again
     
  18. cloud9

    cloud9 Premium Member Premium Member

    424
    117
    43
    Oct 6, 2015
    England
    Ratings:
    +217
    Local Time:
    11:41 PM
    1.25.3
    10.6.x
    ACMEDEBUG Enabled

    Ran op 22 - opt 3 for LE

    cat /root/centminlogs/acmetool.sh-debug-log-100124-171837.log

    Code:
    [17:23][root@alma.MYSERVER.com centminmod]# cat /root/centminlogs/acmetool.sh-debug-log-100124-171837.log
    [Wed Jan 10 17:18:44 UTC 2024] Lets find script dir.
    [Wed Jan 10 17:18:44 UTC 2024] _SCRIPT_='/root/.acme.sh/acme.sh'
    [Wed Jan 10 17:18:44 UTC 2024] _script='/root/.acme.sh/acme.sh'
    [Wed Jan 10 17:18:44 UTC 2024] _script_home='/root/.acme.sh'
    [Wed Jan 10 17:18:44 UTC 2024] Using config home:/root/.acme.sh
    [Wed Jan 10 17:18:44 UTC 2024] LE_WORKING_DIR='/root/.acme.sh'
    [Wed Jan 10 17:18:44 UTC 2024] Running cmd: issue
    [Wed Jan 10 17:18:44 UTC 2024] _main_domain='MYWWWSITE.bike'
    [Wed Jan 10 17:18:44 UTC 2024] _alt_domains='www.MYWWWSITE.bike'
    [Wed Jan 10 17:18:44 UTC 2024] Using config home:/root/.acme.sh
    [Wed Jan 10 17:18:44 UTC 2024] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
    [Wed Jan 10 17:18:44 UTC 2024] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Wed Jan 10 17:18:44 UTC 2024] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
    [Wed Jan 10 17:18:44 UTC 2024] _ACME_SERVER_PATH='directory'
    [Wed Jan 10 17:18:44 UTC 2024] DOMAIN_PATH='/root/.acme.sh/MYWWWSITE.bike'
    [Wed Jan 10 17:18:45 UTC 2024] '/home/nginx/domains/MYWWWSITE.bike/public' does not contain 'dns'
    [Wed Jan 10 17:18:45 UTC 2024] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
    [Wed Jan 10 17:18:45 UTC 2024] _init api for server: https://acme-v02.api.letsencrypt.org/directory
    [Wed Jan 10 17:18:45 UTC 2024] GET
    [Wed Jan 10 17:18:45 UTC 2024] url='https://acme-v02.api.letsencrypt.org/directory'
    [Wed Jan 10 17:18:45 UTC 2024] timeout=
    [Wed Jan 10 17:18:45 UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Wed Jan 10 17:18:45 UTC 2024] ret='0'
    [Wed Jan 10 17:18:45 UTC 2024] response='{
      "Lk_hlm62OvQ": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
      "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
      "meta": {
        "caaIdentities": [
          "letsencrypt.org"
        ],
        "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
        "website": "https://letsencrypt.org"
      },
      "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
      "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
      "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
      "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
      "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
    }'
    [Wed Jan 10 17:18:45 UTC 2024] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
    [Wed Jan 10 17:18:45 UTC 2024] ACME_NEW_AUTHZ
    [Wed Jan 10 17:18:45 UTC 2024] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
    [Wed Jan 10 17:18:45 UTC 2024] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
    [Wed Jan 10 17:18:45 UTC 2024] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
    [Wed Jan 10 17:18:45 UTC 2024] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
    [Wed Jan 10 17:18:45 UTC 2024] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
    [Wed Jan 10 17:18:45 UTC 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
    [Wed Jan 10 17:18:45 UTC 2024] _on_before_issue
    [Wed Jan 10 17:18:45 UTC 2024] _chk_main_domain='MYWWWSITE.bike'
    [Wed Jan 10 17:18:45 UTC 2024] _chk_alt_domains='www.MYWWWSITE.bike'
    [Wed Jan 10 17:18:45 UTC 2024] Run pre hook:'/usr/local/src/centminmod/tools/pre-acme-hooks.sh all-check MYWWWSITE.bike'
    [Wed Jan 10 17:18:45 UTC 2024] '/home/nginx/domains/MYWWWSITE.bike/public' does not contain 'no'
    [Wed Jan 10 17:18:45 UTC 2024] Le_LocalAddress
    [Wed Jan 10 17:18:45 UTC 2024] d='MYWWWSITE.bike'
    [Wed Jan 10 17:18:45 UTC 2024] Check for domain='MYWWWSITE.bike'
    [Wed Jan 10 17:18:45 UTC 2024] _currentRoot='/home/nginx/domains/MYWWWSITE.bike/public'
    [Wed Jan 10 17:18:45 UTC 2024] d='www.MYWWWSITE.bike'
    [Wed Jan 10 17:18:45 UTC 2024] Check for domain='www.MYWWWSITE.bike'
    [Wed Jan 10 17:18:45 UTC 2024] _currentRoot='/home/nginx/domains/MYWWWSITE.bike/public'
    [Wed Jan 10 17:18:45 UTC 2024] d
    [Wed Jan 10 17:18:45 UTC 2024] '/home/nginx/domains/MYWWWSITE.bike/public' does not contain 'apache'
    [Wed Jan 10 17:18:45 UTC 2024] _saved_account_key_hash='fefbltRAjXhk5OG/pzLF5IT5IXpABRALzI8PkOD8sQI='
    [Wed Jan 10 17:18:45 UTC 2024] _saved_account_key_hash is not changed, skip register account.
    [Wed Jan 10 17:18:46 UTC 2024] Read key length:2048
    [Wed Jan 10 17:18:46 UTC 2024] Creating domain key
    [Wed Jan 10 17:18:46 UTC 2024] Using config home:/root/.acme.sh
    [Wed Jan 10 17:18:46 UTC 2024] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Wed Jan 10 17:18:46 UTC 2024] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
    [Wed Jan 10 17:18:46 UTC 2024] _ACME_SERVER_PATH='directory'
    [Wed Jan 10 17:18:46 UTC 2024] _createkey for file:/root/.acme.sh/MYWWWSITE.bike/MYWWWSITE.bike.key
    [Wed Jan 10 17:18:46 UTC 2024] Use length 2048
    [Wed Jan 10 17:18:46 UTC 2024] Using RSA: 2048
    [Wed Jan 10 17:18:46 UTC 2024] The domain key is here: /root/.acme.sh/MYWWWSITE.bike/MYWWWSITE.bike.key
    [Wed Jan 10 17:18:46 UTC 2024] _createcsr
    [Wed Jan 10 17:18:46 UTC 2024] domain='MYWWWSITE.bike'
    [Wed Jan 10 17:18:46 UTC 2024] domainlist='www.MYWWWSITE.bike'
    [Wed Jan 10 17:18:46 UTC 2024] csrkey='/root/.acme.sh/MYWWWSITE.bike/MYWWWSITE.bike.key'
    [Wed Jan 10 17:18:46 UTC 2024] csr='/root/.acme.sh/MYWWWSITE.bike/MYWWWSITE.bike.csr'
    [Wed Jan 10 17:18:46 UTC 2024] csrconf='/root/.acme.sh/MYWWWSITE.bike/MYWWWSITE.bike.csr.conf'
    [Wed Jan 10 17:18:46 UTC 2024] _is_idn_d='www.MYWWWSITE.bike'
    [Wed Jan 10 17:18:46 UTC 2024] _idn_temp
    [Wed Jan 10 17:18:46 UTC 2024] domainlist='www.MYWWWSITE.bike'
    [Wed Jan 10 17:18:46 UTC 2024] seg='MYWWWSITE'
    [Wed Jan 10 17:18:46 UTC 2024] _is_idn_d='MYWWWSITE.bike'
    [Wed Jan 10 17:18:46 UTC 2024] _idn_temp
    [Wed Jan 10 17:18:46 UTC 2024] seg='www'
    [Wed Jan 10 17:18:46 UTC 2024] Multi domain='DNS:MYWWWSITE.bike,DNS:www.MYWWWSITE.bike'
    [Wed Jan 10 17:18:46 UTC 2024] _is_idn_d='MYWWWSITE.bike'
    [Wed Jan 10 17:18:46 UTC 2024] _idn_temp
    [Wed Jan 10 17:18:46 UTC 2024] _csr_cn='MYWWWSITE.bike'
    [Wed Jan 10 17:18:46 UTC 2024] seg='MYWWWSITE'
    [Wed Jan 10 17:18:46 UTC 2024] Getting domain auth token for each domain
    [Wed Jan 10 17:18:46 UTC 2024] seg='MYWWWSITE'
    [Wed Jan 10 17:18:46 UTC 2024] _is_idn_d='MYWWWSITE.bike'
    [Wed Jan 10 17:18:46 UTC 2024] _idn_temp
    [Wed Jan 10 17:18:46 UTC 2024] d='www.MYWWWSITE.bike'
    [Wed Jan 10 17:18:46 UTC 2024] seg='www'
    [Wed Jan 10 17:18:46 UTC 2024] _is_idn_d='www.MYWWWSITE.bike'
    [Wed Jan 10 17:18:46 UTC 2024] _idn_temp
    [Wed Jan 10 17:18:46 UTC 2024] d
    [Wed Jan 10 17:18:46 UTC 2024] _identifiers='{"type":"dns","value":"MYWWWSITE.bike"},{"type":"dns","value":"www.MYWWWSITE.bike"}'
    [Wed Jan 10 17:18:46 UTC 2024] _notBefore
    [Wed Jan 10 17:18:46 UTC 2024] _notAfter
    [Wed Jan 10 17:18:46 UTC 2024] =======Begin Send Signed Request=======
    [Wed Jan 10 17:18:46 UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
    [Wed Jan 10 17:18:46 UTC 2024] payload='{"identifiers": [{"type":"dns","value":"MYWWWSITE.bike"},{"type":"dns","value":"www.MYWWWSITE.bike"}]}'
    [Wed Jan 10 17:18:46 UTC 2024] EC key
    [Wed Jan 10 17:18:46 UTC 2024] _URGLY_PRINTF
    [Wed Jan 10 17:18:46 UTC 2024] xargs
    [Wed Jan 10 17:18:46 UTC 2024] _URGLY_PRINTF
    [Wed Jan 10 17:18:46 UTC 2024] xargs
    [Wed Jan 10 17:18:46 UTC 2024] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
    [Wed Jan 10 17:18:46 UTC 2024] HEAD
    [Wed Jan 10 17:18:46 UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
    [Wed Jan 10 17:18:46 UTC 2024] body
    [Wed Jan 10 17:18:46 UTC 2024] _postContentType='application/jose+json'
    [Wed Jan 10 17:18:46 UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  -I  '
    [Wed Jan 10 17:18:47 UTC 2024] _ret='0'
    [Wed Jan 10 17:18:47 UTC 2024] _headers='HTTP/2 200
    server: nginx
    date: Wed, 10 Jan 2024 17:18:47 GMT
    cache-control: public, max-age=0, no-cache
    link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    replay-nonce: zXX7izQwIXHuKAmSEf8njscnBHycZL4hZ7xmBWXdtoiMj2sMfxQ
    x-frame-options: DENY
    strict-transport-security: max-age=604800
    '
    [Wed Jan 10 17:18:47 UTC 2024] _CACHED_NONCE='zXX7izQwIXHuKAmSEf8njscnBHycZL4hZ7xmBWXdtoiMj2sMfxQ'
    [Wed Jan 10 17:18:47 UTC 2024] nonce='zXX7izQwIXHuKAmSEf8njscnBHycZL4hZ7xmBWXdtoiMj2sMfxQ'
    [Wed Jan 10 17:18:47 UTC 2024] _URGLY_PRINTF
    [Wed Jan 10 17:18:47 UTC 2024] xargs
    [Wed Jan 10 17:18:47 UTC 2024] POST
    [Wed Jan 10 17:18:47 UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
    [Wed Jan 10 17:18:47 UTC 2024] body='{"protected": "eyJub25jZSI6ICJ6WFg3aXpRd0lYSHVLQW1TRWY4bmpzY25CSHljWkw0aFo3eG1CV1hkdG9pTWoyc01meFEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAxNDU1NTYzNyJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImZhdGJveXNhZHZlbnR1cmVzLmJpa2UifSx7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6Ind3dy5mYXRib3lzYWR2ZW50dXJlcy5iaWtlIn1dfQ", "signature": "io63v2qXsCgZGITxCDSeGdIxSVAxud08hEulUKLOsS3D9295Bsm-zvglDPAZr_nbcJkafgxsrChgIwh9uivJaw"}'
    [Wed Jan 10 17:18:47 UTC 2024] _postContentType='application/jose+json'
    [Wed Jan 10 17:18:47 UTC 2024] Http already initialized.
    [Wed Jan 10 17:18:47 UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Wed Jan 10 17:18:48 UTC 2024] _ret='0'
    [Wed Jan 10 17:18:48 UTC 2024] responseHeaders='HTTP/2 201
    server: nginx
    date: Wed, 10 Jan 2024 17:18:47 GMT
    content-type: application/json
    content-length: 497
    boulder-requester: 1014555637
    cache-control: public, max-age=0, no-cache
    link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    location: https://acme-v02.api.letsencrypt.org/acme/order/1014555637/235692315846
    replay-nonce: zXX7izQwB5sEQmwdN7UITTmqjQDjWjaR4BaFE5hQu0ngVaMa3Jw
    x-frame-options: DENY
    strict-transport-security: max-age=604800
    '
    [Wed Jan 10 17:18:48 UTC 2024] code='201'
    [Wed Jan 10 17:18:48 UTC 2024] original='{
      "status": "pending",
      "expires": "2024-01-17T17:18:47Z",
      "identifiers": [
        {
          "type": "dns",
          "value": "MYWWWSITE.bike"
        },
        {
          "type": "dns",
          "value": "www.MYWWWSITE.bike"
        }
      ],
      "authorizations": [
        "https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178916",
        "https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178926"
      ],
      "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1014555637/235692315846"
    }'
    [Wed Jan 10 17:18:48 UTC 2024] response='{"status":"pending","expires":"2024-01-17T17:18:47Z","identifiers":[{"type":"dns","value":"MYWWWSITE.bike"},{"type":"dns","value":"www.MYWWWSITE.bike"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178916","https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178926"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/1014555637/235692315846"}'
    [Wed Jan 10 17:18:48 UTC 2024] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/1014555637/235692315846'
    [Wed Jan 10 17:18:48 UTC 2024] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1014555637/235692315846'
    [Wed Jan 10 17:18:48 UTC 2024] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178916,https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178926'
    [Wed Jan 10 17:18:48 UTC 2024] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178916'
    [Wed Jan 10 17:18:48 UTC 2024] =======Begin Send Signed Request=======
    [Wed Jan 10 17:18:48 UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178916'
    [Wed Jan 10 17:18:48 UTC 2024] payload
    [Wed Jan 10 17:18:48 UTC 2024] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
    [Wed Jan 10 17:18:48 UTC 2024] Use _CACHED_NONCE='zXX7izQwB5sEQmwdN7UITTmqjQDjWjaR4BaFE5hQu0ngVaMa3Jw'
    [Wed Jan 10 17:18:48 UTC 2024] nonce='zXX7izQwB5sEQmwdN7UITTmqjQDjWjaR4BaFE5hQu0ngVaMa3Jw'
    [Wed Jan 10 17:18:48 UTC 2024] _URGLY_PRINTF
    [Wed Jan 10 17:18:48 UTC 2024] xargs
    [Wed Jan 10 17:18:48 UTC 2024] POST
    [Wed Jan 10 17:18:48 UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178916'
    [Wed Jan 10 17:18:48 UTC 2024] body='{"protected": "eyJub25jZSI6ICJ6WFg3aXpRd0I1c0VRbXdkTjdVSVRUbXFqUURqV2phUjRCYUZFNWhRdTBuZ1ZhTWEzSnciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMwMjc5MDE3ODkxNiIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAxNDU1NTYzNyJ9", "payload": "", "signature": "RRyO2jVHktxm456Qg1E5sETlxaUeRoqSOj_dF2MgRh26BNzAEFm7T-6XNgJguxQF5RHt5VIPxaHxhg3YRIMQHQ"}'
    [Wed Jan 10 17:18:48 UTC 2024] _postContentType='application/jose+json'
    [Wed Jan 10 17:18:48 UTC 2024] Http already initialized.
    [Wed Jan 10 17:18:48 UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Wed Jan 10 17:18:48 UTC 2024] _ret='0'
    [Wed Jan 10 17:18:48 UTC 2024] responseHeaders='HTTP/2 200
    server: nginx
    date: Wed, 10 Jan 2024 17:18:48 GMT
    content-type: application/json
    content-length: 806
    boulder-requester: 1014555637
    cache-control: public, max-age=0, no-cache
    link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    replay-nonce: T8gQgmco_2GL8ahy7gn62U85WV0Tid-UBQWqbAjitKsvxkqJ9DY
    x-frame-options: DENY
    strict-transport-security: max-age=604800
    '
    [Wed Jan 10 17:18:48 UTC 2024] code='200'
    [Wed Jan 10 17:18:48 UTC 2024] original='{
      "identifier": {
        "type": "dns",
        "value": "MYWWWSITE.bike"
      },
      "status": "pending",
      "expires": "2024-01-17T17:18:47Z",
      "challenges": [
        {
          "type": "http-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ",
          "token": "5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"
        },
        {
          "type": "dns-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/Epng9A",
          "token": "5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"
        },
        {
          "type": "tls-alpn-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2lJ5WA",
          "token": "5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"
        }
      ]
    }'
    [Wed Jan 10 17:18:48 UTC 2024] response='{"identifier":{"type":"dns","value":"MYWWWSITE.bike"},"status":"pending","expires":"2024-01-17T17:18:47Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/Epng9A","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2lJ5WA","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"}]}'
    [Wed Jan 10 17:18:48 UTC 2024] response='{"identifier":{"type":"dns","value":"MYWWWSITE.bike"},"status":"pending","expires":"2024-01-17T17:18:47Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/Epng9A","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2lJ5WA","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"}]}'
    [Wed Jan 10 17:18:48 UTC 2024] _d='MYWWWSITE.bike'
    [Wed Jan 10 17:18:48 UTC 2024] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178926'
    [Wed Jan 10 17:18:48 UTC 2024] =======Begin Send Signed Request=======
    [Wed Jan 10 17:18:48 UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178926'
    [Wed Jan 10 17:18:48 UTC 2024] payload
    [Wed Jan 10 17:18:48 UTC 2024] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
    [Wed Jan 10 17:18:48 UTC 2024] Use _CACHED_NONCE='T8gQgmco_2GL8ahy7gn62U85WV0Tid-UBQWqbAjitKsvxkqJ9DY'
    [Wed Jan 10 17:18:48 UTC 2024] nonce='T8gQgmco_2GL8ahy7gn62U85WV0Tid-UBQWqbAjitKsvxkqJ9DY'
    [Wed Jan 10 17:18:48 UTC 2024] _URGLY_PRINTF
    [Wed Jan 10 17:18:48 UTC 2024] xargs
    [Wed Jan 10 17:18:49 UTC 2024] POST
    [Wed Jan 10 17:18:49 UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178926'
    [Wed Jan 10 17:18:49 UTC 2024] body='{"protected": "eyJub25jZSI6ICJUOGdRZ21jb18yR0w4YWh5N2duNjJVODVXVjBUaWQtVUJRV3FiQWppdEtzdnhrcUo5RFkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMwMjc5MDE3ODkyNiIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAxNDU1NTYzNyJ9", "payload": "", "signature": "15dsCUySLR7DIzGHxyx3G-5TDCx4UeaADtQ-K3ctKf05It6SOIHMhhNrHzUDh238pK2C0HXemdEk4A1QGG7aTw"}'
    [Wed Jan 10 17:18:49 UTC 2024] _postContentType='application/jose+json'
    [Wed Jan 10 17:18:49 UTC 2024] Http already initialized.
    [Wed Jan 10 17:18:49 UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Wed Jan 10 17:18:49 UTC 2024] _ret='0'
    [Wed Jan 10 17:18:49 UTC 2024] responseHeaders='HTTP/2 200
    server: nginx
    date: Wed, 10 Jan 2024 17:18:49 GMT
    content-type: application/json
    content-length: 810
    boulder-requester: 1014555637
    cache-control: public, max-age=0, no-cache
    link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    replay-nonce: T8gQgmcoKizMFgKCUa3Ot9SZbFRUTf0drOB343-Go12DZkBZFkw
    x-frame-options: DENY
    strict-transport-security: max-age=604800
    '
    [Wed Jan 10 17:18:49 UTC 2024] code='200'
    [Wed Jan 10 17:18:49 UTC 2024] original='{
      "identifier": {
        "type": "dns",
        "value": "www.MYWWWSITE.bike"
      },
      "status": "pending",
      "expires": "2024-01-17T17:18:47Z",
      "challenges": [
        {
          "type": "http-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/D0SnXA",
          "token": "AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"
        },
        {
          "type": "dns-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/hX9hqA",
          "token": "AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"
        },
        {
          "type": "tls-alpn-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/NsLojQ",
          "token": "AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"
        }
      ]
    }'
    [Wed Jan 10 17:18:49 UTC 2024] response='{"identifier":{"type":"dns","value":"www.MYWWWSITE.bike"},"status":"pending","expires":"2024-01-17T17:18:47Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/D0SnXA","token":"AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/hX9hqA","token":"AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/NsLojQ","token":"AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"}]}'
    [Wed Jan 10 17:18:49 UTC 2024] response='{"identifier":{"type":"dns","value":"www.MYWWWSITE.bike"},"status":"pending","expires":"2024-01-17T17:18:47Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/D0SnXA","token":"AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/hX9hqA","token":"AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/NsLojQ","token":"AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"}]}'
    [Wed Jan 10 17:18:49 UTC 2024] _d='www.MYWWWSITE.bike'
    [Wed Jan 10 17:18:49 UTC 2024] _authorizations_map='www.MYWWWSITE.bike,{"identifier":{"type":"dns","value":"www.MYWWWSITE.bike"},"status":"pending","expires":"2024-01-17T17:18:47Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/D0SnXA","token":"AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/hX9hqA","token":"AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/NsLojQ","token":"AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178926
    MYWWWSITE.bike,{"identifier":{"type":"dns","value":"MYWWWSITE.bike"},"status":"pending","expires":"2024-01-17T17:18:47Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/Epng9A","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2lJ5WA","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178916
    '
    [Wed Jan 10 17:18:49 UTC 2024] d='MYWWWSITE.bike'
    [Wed Jan 10 17:18:49 UTC 2024] Getting webroot for domain='MYWWWSITE.bike'
    [Wed Jan 10 17:18:49 UTC 2024] _w='/home/nginx/domains/MYWWWSITE.bike/public'
    [Wed Jan 10 17:18:49 UTC 2024] _currentRoot='/home/nginx/domains/MYWWWSITE.bike/public'
    [Wed Jan 10 17:18:49 UTC 2024] _is_idn_d='MYWWWSITE.bike'
    [Wed Jan 10 17:18:49 UTC 2024] _idn_temp
    [Wed Jan 10 17:18:49 UTC 2024] _candidates='MYWWWSITE.bike,{"identifier":{"type":"dns","value":"MYWWWSITE.bike"},"status":"pending","expires":"2024-01-17T17:18:47Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/Epng9A","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2lJ5WA","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178916'
    [Wed Jan 10 17:18:49 UTC 2024] response='{"identifier":{"type":"dns","value":"MYWWWSITE.bike"},"status":"pending","expires":"2024-01-17T17:18:47Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/Epng9A","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2lJ5WA","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178916'
    [Wed Jan 10 17:18:49 UTC 2024] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178916'
    [Wed Jan 10 17:18:49 UTC 2024] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"'
    [Wed Jan 10 17:18:49 UTC 2024] token='5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4'
    [Wed Jan 10 17:18:49 UTC 2024] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ'
    [Wed Jan 10 17:18:49 UTC 2024] keyauthorization='5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4.ybnaVaauDTaFoFqrmwu1VuuEmxLGcJWeKV_Ki2MUrS4'
    [Wed Jan 10 17:18:49 UTC 2024] dvlist='MYWWWSITE.bike#5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4.ybnaVaauDTaFoFqrmwu1VuuEmxLGcJWeKV_Ki2MUrS4#https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ#http-01#/home/nginx/domains/MYWWWSITE.bike/public#https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178916'
    [Wed Jan 10 17:18:49 UTC 2024] d='www.MYWWWSITE.bike'
    [Wed Jan 10 17:18:49 UTC 2024] Getting webroot for domain='www.MYWWWSITE.bike'
    [Wed Jan 10 17:18:49 UTC 2024] _w='/home/nginx/domains/MYWWWSITE.bike/public'
    [Wed Jan 10 17:18:49 UTC 2024] _currentRoot='/home/nginx/domains/MYWWWSITE.bike/public'
    [Wed Jan 10 17:18:49 UTC 2024] _is_idn_d='www.MYWWWSITE.bike'
    [Wed Jan 10 17:18:49 UTC 2024] _idn_temp
    [Wed Jan 10 17:18:49 UTC 2024] _candidates='www.MYWWWSITE.bike,{"identifier":{"type":"dns","value":"www.MYWWWSITE.bike"},"status":"pending","expires":"2024-01-17T17:18:47Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/D0SnXA","token":"AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/hX9hqA","token":"AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/NsLojQ","token":"AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178926'
    [Wed Jan 10 17:18:49 UTC 2024] response='{"identifier":{"type":"dns","value":"www.MYWWWSITE.bike"},"status":"pending","expires":"2024-01-17T17:18:47Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/D0SnXA","token":"AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/hX9hqA","token":"AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/NsLojQ","token":"AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178926'
    [Wed Jan 10 17:18:49 UTC 2024] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178926'
    [Wed Jan 10 17:18:49 UTC 2024] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/D0SnXA","token":"AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"'
    [Wed Jan 10 17:18:49 UTC 2024] token='AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM'
    [Wed Jan 10 17:18:49 UTC 2024] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/D0SnXA'
    [Wed Jan 10 17:18:49 UTC 2024] keyauthorization='AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM.ybnaVaauDTaFoFqrmwu1VuuEmxLGcJWeKV_Ki2MUrS4'
    [Wed Jan 10 17:18:49 UTC 2024] dvlist='www.MYWWWSITE.bike#AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM.ybnaVaauDTaFoFqrmwu1VuuEmxLGcJWeKV_Ki2MUrS4#https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/D0SnXA#http-01#/home/nginx/domains/MYWWWSITE.bike/public#https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178926'
    [Wed Jan 10 17:18:49 UTC 2024] d
    [Wed Jan 10 17:18:49 UTC 2024] vlist='MYWWWSITE.bike#5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4.ybnaVaauDTaFoFqrmwu1VuuEmxLGcJWeKV_Ki2MUrS4#https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ#http-01#/home/nginx/domains/MYWWWSITE.bike/public#https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178916,www.MYWWWSITE.bike#AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM.ybnaVaauDTaFoFqrmwu1VuuEmxLGcJWeKV_Ki2MUrS4#https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/D0SnXA#http-01#/home/nginx/domains/MYWWWSITE.bike/public#https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178926,'
    [Wed Jan 10 17:18:50 UTC 2024] d='MYWWWSITE.bike'
    [Wed Jan 10 17:18:50 UTC 2024] d='www.MYWWWSITE.bike'
    [Wed Jan 10 17:18:50 UTC 2024] ok, let's start to verify
    [Wed Jan 10 17:18:50 UTC 2024] Verifying: MYWWWSITE.bike
    [Wed Jan 10 17:18:50 UTC 2024] d='MYWWWSITE.bike'
    [Wed Jan 10 17:18:50 UTC 2024] keyauthorization='5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4.ybnaVaauDTaFoFqrmwu1VuuEmxLGcJWeKV_Ki2MUrS4'
    [Wed Jan 10 17:18:50 UTC 2024] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ'
    [Wed Jan 10 17:18:50 UTC 2024] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178916'
    [Wed Jan 10 17:18:50 UTC 2024] _currentRoot='/home/nginx/domains/MYWWWSITE.bike/public'
    [Wed Jan 10 17:18:50 UTC 2024] wellknown_path='/home/nginx/domains/MYWWWSITE.bike/public/.well-known/acme-challenge'
    [Wed Jan 10 17:18:50 UTC 2024] writing token:5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4 to /home/nginx/domains/MYWWWSITE.bike/public/.well-known/acme-challenge/5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4
    [Wed Jan 10 17:18:50 UTC 2024] Trigger domain validation.
    [Wed Jan 10 17:18:50 UTC 2024] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ'
    [Wed Jan 10 17:18:50 UTC 2024] _t_key_authz='5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4.ybnaVaauDTaFoFqrmwu1VuuEmxLGcJWeKV_Ki2MUrS4'
    [Wed Jan 10 17:18:50 UTC 2024] _t_vtype='http-01'
    [Wed Jan 10 17:18:50 UTC 2024] =======Begin Send Signed Request=======
    [Wed Jan 10 17:18:50 UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ'
    [Wed Jan 10 17:18:50 UTC 2024] payload='{}'
    [Wed Jan 10 17:18:50 UTC 2024] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
    [Wed Jan 10 17:18:50 UTC 2024] Use _CACHED_NONCE='T8gQgmcoKizMFgKCUa3Ot9SZbFRUTf0drOB343-Go12DZkBZFkw'
    [Wed Jan 10 17:18:50 UTC 2024] nonce='T8gQgmcoKizMFgKCUa3Ot9SZbFRUTf0drOB343-Go12DZkBZFkw'
    [Wed Jan 10 17:18:50 UTC 2024] _URGLY_PRINTF
    [Wed Jan 10 17:18:50 UTC 2024] xargs
    [Wed Jan 10 17:18:50 UTC 2024] POST
    [Wed Jan 10 17:18:50 UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ'
    [Wed Jan 10 17:18:50 UTC 2024] body='{"protected": "eyJub25jZSI6ICJUOGdRZ21jb0tpek1GZ0tDVWEzT3Q5U1piRlJVVGYwZHJPQjM0My1HbzEyRFprQlpGa3ciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMwMjc5MDE3ODkxNi8ydGctV1EiLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzEwMTQ1NTU2MzcifQ", "payload": "e30", "signature": "nwNbDeSbQ0obAd_ivj_5IHJwvNiCy1cGqnD7oJQE0LQ0YxfE2nGL04NeJ_PmSH5QIZ6PV4_tP3EpTucnTlrawg"}'
    [Wed Jan 10 17:18:50 UTC 2024] _postContentType='application/jose+json'
    [Wed Jan 10 17:18:50 UTC 2024] Http already initialized.
    [Wed Jan 10 17:18:50 UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Wed Jan 10 17:18:50 UTC 2024] _ret='0'
    [Wed Jan 10 17:18:50 UTC 2024] responseHeaders='HTTP/2 200
    server: nginx
    date: Wed, 10 Jan 2024 17:18:50 GMT
    content-type: application/json
    content-length: 187
    boulder-requester: 1014555637
    cache-control: public, max-age=0, no-cache
    link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178916>;rel="up"
    location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ
    replay-nonce: T8gQgmco-k8xuFDMNPWhdgAUWGyLjtsuhMORmWKybeOW6Ceirn0
    x-frame-options: DENY
    strict-transport-security: max-age=604800
    '
    [Wed Jan 10 17:18:50 UTC 2024] code='200'
    [Wed Jan 10 17:18:50 UTC 2024] original='{
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ",
      "token": "5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"
    }'
    [Wed Jan 10 17:18:50 UTC 2024] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"}'
    [Wed Jan 10 17:18:50 UTC 2024] trigger validation code: 200
    [Wed Jan 10 17:18:50 UTC 2024] Lets check the status of the authz
    [Wed Jan 10 17:18:50 UTC 2024] original='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"}'
    [Wed Jan 10 17:18:50 UTC 2024] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4"}'
    [Wed Jan 10 17:18:50 UTC 2024] status='pending'
    [Wed Jan 10 17:18:50 UTC 2024] Pending, The CA is processing your order, please just wait. (1/30)
    [Wed Jan 10 17:18:50 UTC 2024] sleep 2 secs to verify again
    [Wed Jan 10 17:18:52 UTC 2024] checking
    [Wed Jan 10 17:18:52 UTC 2024] =======Begin Send Signed Request=======
    [Wed Jan 10 17:18:52 UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178916'
    [Wed Jan 10 17:18:52 UTC 2024] payload
    [Wed Jan 10 17:18:52 UTC 2024] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
    [Wed Jan 10 17:18:52 UTC 2024] Use _CACHED_NONCE='T8gQgmco-k8xuFDMNPWhdgAUWGyLjtsuhMORmWKybeOW6Ceirn0'
    [Wed Jan 10 17:18:52 UTC 2024] nonce='T8gQgmco-k8xuFDMNPWhdgAUWGyLjtsuhMORmWKybeOW6Ceirn0'
    [Wed Jan 10 17:18:53 UTC 2024] _URGLY_PRINTF
    [Wed Jan 10 17:18:53 UTC 2024] xargs
    [Wed Jan 10 17:18:53 UTC 2024] POST
    [Wed Jan 10 17:18:53 UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178916'
    [Wed Jan 10 17:18:53 UTC 2024] body='{"protected": "eyJub25jZSI6ICJUOGdRZ21jby1rOHh1RkRNTlBXaGRnQVVXR3lManRzdWhNT1JtV0t5YmVPVzZDZWlybjAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMwMjc5MDE3ODkxNiIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAxNDU1NTYzNyJ9", "payload": "", "signature": "ysg3GdvWP5eDiQnMWdvQw34R9pPMMNm5-dQSa794Ab8yNuIdWZotkrreD35VgLWA2XmZHRoh6JHpty0h9lYRDg"}'
    [Wed Jan 10 17:18:53 UTC 2024] _postContentType='application/jose+json'
    [Wed Jan 10 17:18:53 UTC 2024] Http already initialized.
    [Wed Jan 10 17:18:53 UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Wed Jan 10 17:18:53 UTC 2024] _ret='0'
    [Wed Jan 10 17:18:53 UTC 2024] responseHeaders='HTTP/2 200
    server: nginx
    date: Wed, 10 Jan 2024 17:18:53 GMT
    content-type: application/json
    content-length: 1053
    boulder-requester: 1014555637
    cache-control: public, max-age=0, no-cache
    link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    replay-nonce: I5zfHDkY6UtJ64pjuoJs7sxxlbPu8U4wnK2iizQaXnH-UVo59HA
    x-frame-options: DENY
    strict-transport-security: max-age=604800
    '
    [Wed Jan 10 17:18:53 UTC 2024] code='200'
    [Wed Jan 10 17:18:53 UTC 2024] original='{
      "identifier": {
        "type": "dns",
        "value": "MYWWWSITE.bike"
      },
      "status": "invalid",
      "expires": "2024-01-17T17:18:47Z",
      "challenges": [
        {
          "type": "http-01",
          "status": "invalid",
          "error": {
            "type": "urn:ietf:params:acme:error:unauthorized",
            "detail": "xx.xx.xx.xx: Invalid response from http://MYWWWSITE.bike/.well-known/acme-challenge/5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4: 404",
            "status": 403
          },
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ",
          "token": "5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4",
          "validationRecord": [
            {
              "url": "http://MYWWWSITE.bike/.well-known/acme-challenge/5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4",
              "hostname": "MYWWWSITE.bike",
              "port": "80",
              "addressesResolved": [
                "xx.xx.xx.xx"
              ],
              "addressUsed": "xx.xx.xx.xx"
            }
          ],
          "validated": "2024-01-10T17:18:50Z"
        }
      ]
    }'
    [Wed Jan 10 17:18:53 UTC 2024] response='{"identifier":{"type":"dns","value":"MYWWWSITE.bike"},"status":"invalid","expires":"2024-01-17T17:18:47Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"xx.xx.xx.xx: Invalid response from http://MYWWWSITE.bike/.well-known/acme-challenge/5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4: 404","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4","validationRecord":[{"url":"http://MYWWWSITE.bike/.well-known/acme-challenge/5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4","hostname":"MYWWWSITE.bike","port":"80","addressesResolved":["xx.xx.xx.xx"],"addressUsed":"xx.xx.xx.xx"}],"validated":"2024-01-10T17:18:50Z"}]}'
    [Wed Jan 10 17:18:53 UTC 2024] original='{"identifier":{"type":"dns","value":"MYWWWSITE.bike"},"status":"invalid","expires":"2024-01-17T17:18:47Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"xx.xx.xx.xx: Invalid response from http://MYWWWSITE.bike/.well-known/acme-challenge/5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4: 404","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4","validationRecord":[{"url":"http://MYWWWSITE.bike/.well-known/acme-challenge/5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4","hostname":"MYWWWSITE.bike","port":"80","addressesResolved":["xx.xx.xx.xx"],"addressUsed":"xx.xx.xx.xx"}],"validated":"2024-01-10T17:18:50Z"}]}'
    [Wed Jan 10 17:18:53 UTC 2024] response='{"identifier":{"type":"dns","value":"MYWWWSITE.bike"},"status":"invalid","expires":"2024-01-17T17:18:47Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"xx.xx.xx.xx: Invalid response from http://MYWWWSITE.bike/.well-known/acme-challenge/5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4: 404","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ","token":"5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4","validationRecord":[{"url":"http://MYWWWSITE.bike/.well-known/acme-challenge/5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4","hostname":"MYWWWSITE.bike","port":"80","addressesResolved":["xx.xx.xx.xx"],"addressUsed":"xx.xx.xx.xx"}],"validated":"2024-01-10T17:18:50Z"}]}'
    [Wed Jan 10 17:18:53 UTC 2024] status='invalid
    invalid'
    [Wed Jan 10 17:18:53 UTC 2024] error='"error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"xx.xx.xx.xx: Invalid response from http://MYWWWSITE.bike/.well-known/acme-challenge/5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4: 404","status": 403'
    [Wed Jan 10 17:18:53 UTC 2024] errordetail='xx.xx.xx.xx: Invalid response from http://MYWWWSITE.bike/.well-known/acme-challenge/5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4: 404'
    [Wed Jan 10 17:18:53 UTC 2024] Invalid status, MYWWWSITE.bike:Verify error detail:xx.xx.xx.xx: Invalid response from http://MYWWWSITE.bike/.well-known/acme-challenge/5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4: 404
    [Wed Jan 10 17:18:53 UTC 2024] pid
    [Wed Jan 10 17:18:53 UTC 2024] No need to restore nginx, skip.
    [Wed Jan 10 17:18:53 UTC 2024] _clearupdns
    [Wed Jan 10 17:18:53 UTC 2024] dns_entries
    [Wed Jan 10 17:18:53 UTC 2024] skip dns.
    [Wed Jan 10 17:18:53 UTC 2024] _on_issue_err
    [Wed Jan 10 17:18:53 UTC 2024] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-100124-171837.log
    [Wed Jan 10 17:18:53 UTC 2024] _chk_vlist='MYWWWSITE.bike#5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4.ybnaVaauDTaFoFqrmwu1VuuEmxLGcJWeKV_Ki2MUrS4#https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ#http-01#/home/nginx/domains/MYWWWSITE.bike/public#https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178916,www.MYWWWSITE.bike#AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM.ybnaVaauDTaFoFqrmwu1VuuEmxLGcJWeKV_Ki2MUrS4#https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/D0SnXA#http-01#/home/nginx/domains/MYWWWSITE.bike/public#https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178926,'
    [Wed Jan 10 17:18:53 UTC 2024] start to deactivate authz
    [Wed Jan 10 17:18:53 UTC 2024] Trigger domain validation.
    [Wed Jan 10 17:18:53 UTC 2024] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ'
    [Wed Jan 10 17:18:53 UTC 2024] _t_key_authz='5aApqvGaSpYqxU4EVgsNF9Qko9FmnEGrVjehtP3hKx4.ybnaVaauDTaFoFqrmwu1VuuEmxLGcJWeKV_Ki2MUrS4'
    [Wed Jan 10 17:18:53 UTC 2024] _t_vtype
    [Wed Jan 10 17:18:53 UTC 2024] =======Begin Send Signed Request=======
    [Wed Jan 10 17:18:53 UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ'
    [Wed Jan 10 17:18:53 UTC 2024] payload='{}'
    [Wed Jan 10 17:18:53 UTC 2024] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
    [Wed Jan 10 17:18:53 UTC 2024] Use _CACHED_NONCE='I5zfHDkY6UtJ64pjuoJs7sxxlbPu8U4wnK2iizQaXnH-UVo59HA'
    [Wed Jan 10 17:18:53 UTC 2024] nonce='I5zfHDkY6UtJ64pjuoJs7sxxlbPu8U4wnK2iizQaXnH-UVo59HA'
    [Wed Jan 10 17:18:53 UTC 2024] _URGLY_PRINTF
    [Wed Jan 10 17:18:53 UTC 2024] xargs
    [Wed Jan 10 17:18:53 UTC 2024] POST
    [Wed Jan 10 17:18:53 UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178916/2tg-WQ'
    [Wed Jan 10 17:18:53 UTC 2024] body='{"protected": "eyJub25jZSI6ICJJNXpmSERrWTZVdEo2NHBqdW9KczdzeHhsYlB1OFU0d25LMmlpelFhWG5ILVVWbzU5SEEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMwMjc5MDE3ODkxNi8ydGctV1EiLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzEwMTQ1NTU2MzcifQ", "payload": "e30", "signature": "VCS5L6iZJbMTTsOXIRO4mfwxTLv7uCeuSQJNCr6rYGuCTzfpnyCTT-xmxdjSkBw1WD-rvs9V26wVhIiWCJ83FA"}'
    [Wed Jan 10 17:18:53 UTC 2024] _postContentType='application/jose+json'
    [Wed Jan 10 17:18:53 UTC 2024] Http already initialized.
    [Wed Jan 10 17:18:53 UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Wed Jan 10 17:18:54 UTC 2024] _ret='0'
    [Wed Jan 10 17:18:54 UTC 2024] responseHeaders='HTTP/2 400
    server: nginx
    date: Wed, 10 Jan 2024 17:18:54 GMT
    content-type: application/problem+json
    content-length: 144
    boulder-requester: 1014555637
    cache-control: public, max-age=0, no-cache
    link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    replay-nonce: xavOoKHvYq6We92d0LyK9H6ZeDpFglIfBc3k7m1lPb3cK-BLHOU
    '
    [Wed Jan 10 17:18:54 UTC 2024] code='400'
    [Wed Jan 10 17:18:54 UTC 2024] original='{
      "type": "urn:ietf:params:acme:error:malformed",
      "detail": "Unable to update challenge :: authorization must be pending",
      "status": 400
    }'
    [Wed Jan 10 17:18:54 UTC 2024] response='{
      "type": "urn:ietf:params:acme:error:malformed",
      "detail": "Unable to update challenge :: authorization must be pending",
      "status": 400
    }'
    [Wed Jan 10 17:18:54 UTC 2024] Trigger domain validation.
    [Wed Jan 10 17:18:54 UTC 2024] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/D0SnXA'
    [Wed Jan 10 17:18:54 UTC 2024] _t_key_authz='AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM.ybnaVaauDTaFoFqrmwu1VuuEmxLGcJWeKV_Ki2MUrS4'
    [Wed Jan 10 17:18:54 UTC 2024] _t_vtype
    [Wed Jan 10 17:18:54 UTC 2024] =======Begin Send Signed Request=======
    [Wed Jan 10 17:18:54 UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/D0SnXA'
    [Wed Jan 10 17:18:54 UTC 2024] payload='{}'
    [Wed Jan 10 17:18:54 UTC 2024] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
    [Wed Jan 10 17:18:54 UTC 2024] Use _CACHED_NONCE='xavOoKHvYq6We92d0LyK9H6ZeDpFglIfBc3k7m1lPb3cK-BLHOU'
    [Wed Jan 10 17:18:54 UTC 2024] nonce='xavOoKHvYq6We92d0LyK9H6ZeDpFglIfBc3k7m1lPb3cK-BLHOU'
    [Wed Jan 10 17:18:54 UTC 2024] _URGLY_PRINTF
    [Wed Jan 10 17:18:54 UTC 2024] xargs
    [Wed Jan 10 17:18:54 UTC 2024] POST
    [Wed Jan 10 17:18:54 UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/D0SnXA'
    [Wed Jan 10 17:18:54 UTC 2024] body='{"protected": "eyJub25jZSI6ICJ4YXZPb0tIdllxNldlOTJkMEx5SzlINlplRHBGZ2xJZkJjM2s3bTFsUGIzY0stQkxIT1UiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMwMjc5MDE3ODkyNi9EMFNuWEEiLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzEwMTQ1NTU2MzcifQ", "payload": "e30", "signature": "OJneiH56TXtBm03ctBmDoUyTDLnzkUmKIUidnnnsHYx_mVE0f7M6vyJhQ-tWErgosw5rVB4ZPKQ3MMEtRGCaDA"}'
    [Wed Jan 10 17:18:54 UTC 2024] _postContentType='application/jose+json'
    [Wed Jan 10 17:18:54 UTC 2024] Http already initialized.
    [Wed Jan 10 17:18:54 UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Wed Jan 10 17:18:55 UTC 2024] _ret='0'
    [Wed Jan 10 17:18:55 UTC 2024] responseHeaders='HTTP/2 200
    server: nginx
    date: Wed, 10 Jan 2024 17:18:55 GMT
    content-type: application/json
    content-length: 187
    boulder-requester: 1014555637
    cache-control: public, max-age=0, no-cache
    link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/302790178926>;rel="up"
    location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/D0SnXA
    replay-nonce: T8gQgmco5rK6V0fSnRQB2Rh171LIwXX2jHtcQ6c7BBhvrfaEdJo
    x-frame-options: DENY
    strict-transport-security: max-age=604800
    '
    [Wed Jan 10 17:18:55 UTC 2024] code='200'
    [Wed Jan 10 17:18:55 UTC 2024] original='{
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/D0SnXA",
      "token": "AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"
    }'
    [Wed Jan 10 17:18:55 UTC 2024] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/302790178926/D0SnXA","token":"AlgZJ-hAbmbZcQ2nrBxQanFZaRQLoGTHEE-pTyqk4PM"}'
    [17:23][root@alma.MYSERVER.com centminmod]#     
    nginx -t

    Code:
    [17:27][root@alma.MYSERVER.com centminmod]# nginx -t
    nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /usr/local/nginx/conf/conf.d/MYWWWSITE.bike.ssl.conf:15
    nginx: [emerg] duplicate listen options for 0.0.0.0:443 in /usr/local/nginx/conf/conf.d/MYWWWSITE.bike.ssl.conf:15
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
    [17:28][root@alma.MYSERVER.com centminmod]# 
    Screenshot 2024-01-10 at 17.31.20.png
     
  19. cloud9

    cloud9 Premium Member Premium Member

    424
    117
    43
    Oct 6, 2015
    England
    Ratings:
    +217
    Local Time:
    11:41 PM
    1.25.3
    10.6.x
    grep acme /var/log/cron* | sed -e "s|$(hostname -s)|host|g"

    Code:
    /var/log/cron:Jan  8 00:19:01 host CROND[3003220]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron:Jan  9 00:19:02 host CROND[21640]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231217:Dec 11 00:19:01 host CROND[1299500]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231217:Dec 12 00:19:01 host CROND[1342289]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231217:Dec 13 00:19:01 host CROND[1382013]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231217:Dec 14 00:19:01 host CROND[1417512]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231217:Dec 15 00:19:01 host CROND[1456528]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231217:Dec 16 00:19:01 host CROND[1502674]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231217:Dec 17 00:19:01 host CROND[1540799]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231224:Dec 18 00:19:01 host CROND[1578447]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231224:Dec 19 00:19:01 host CROND[1620446]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231224:Dec 20 00:19:01 host CROND[1658279]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231224:Dec 21 00:19:01 host CROND[1693909]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231224:Dec 22 00:19:01 host CROND[1736909]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231224:Dec 23 00:19:01 host CROND[1791286]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231224:Dec 24 00:19:01 host CROND[1846890]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231231:Dec 25 00:19:01 host CROND[2368425]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231231:Dec 26 00:19:01 host CROND[2405445]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231231:Dec 27 00:19:01 host CROND[2442838]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231231:Dec 28 00:19:01 host CROND[2490125]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231231:Dec 29 00:19:01 host CROND[2527284]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231231:Dec 30 00:19:01 host CROND[2569034]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20231231:Dec 31 00:19:01 host CROND[2604171]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20240107:Jan  1 00:19:01 host CROND[2639564]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20240107:Jan  2 00:19:01 host CROND[2675523]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20240107:Jan  3 00:19:01 host CROND[2710549]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20240107:Jan  4 00:19:01 host CROND[2753747]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20240107:Jan  5 00:19:01 host CROND[2789354]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20240107:Jan  6 00:19:02 host CROND[2898650]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20240107:Jan  7 00:19:01 host CROND[2963980]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    
    echo y | /usr/local/src/centminmod/addons/acmetool.sh checkdates

    If I run the above command I get all my domains APART from the www site I just installed under option 22 - its not there

    "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"

    if I run this - it renews some certs and skips others - BUT the new WWW site just installed with opt 22 is not there

    Pid you this

    echo | openssl s_client -connect fatboysadventures.bike:443
     
  20. eva2000

    eva2000 Administrator Staff Member

    52,657
    12,071
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,597
    Local Time:
    8:41 AM
    Nginx 1.25.x
    MariaDB 10.x
    Strange checking your actual domain access via https://tools.keycdn.com/curl to non-https version works and gives HTTP 200 OK status while https version of domain gives host not found suggestion DNS issue

    If the Nginx vhost above was working, then access to non-https version would give HTTP 302 temp redirect to https version

    That leads me to believe another nginx vhost config file on server is catching non-https access which is what default Letsencrypt webroot domain validation uses for SSL certificate issuance