tobiaspr
May 11, 2020
view8349
view9
0
Goto Top

Nginx Proxy Manager - Fehler

GermanQuestionServerInternet
Guten Tag,

Ich habe hier eine Nextcloud installation und möchte diese gerne im Internet erreichbar machen. Ich habe eine Statische IP und die Ports sind Freigegeben. Um das ganze zu verschlüsseln, nutzte ich den Nginx Proxy Manager. Nur leider ist es mir nicht möglich ein Let`s Encrypt Zertifikat anzufragen. Es kommt immer der Fehler: "Internal Error" Danach wurde ein Zertifikat erstellt, dieses ist am selben Tag ausgelaufen. Früher hat das ganz normal funktioniert.
comment-contentCommentShareShare
Share on Facebook Share on Twitter Share on Reddit Share on Linkedin

Content-Key: 571036

Url: https://administrator.de/contentid/571036

Printed on: April 26, 2024 at 23:04 o'clock

9 Comments
Latest comment
Goto Top
Member: Dani
Dani May 11, 2020 at 17:20:22 (UTC)
Goto Top
Moin,
Es kommt immer der Fehler: "Internal Error"
erste Anlaufstelle ist natürlich das Log. das kannst du dir mit docker logs containername anschauen. Wobei du containername durch den Namen des Docker Containers ersetzen musst. Wenn dort nichts ersichtlich ist gibt es im Hauptverzeichnis der Docker Container ein Verzeichnis ./data/logs. Dort solltest du auf jeden Fall fündig werden.


Gruß,
Dani
Member: Tobiaspr
Tobiaspr May 12, 2020 at 11:55:38 (UTC)
Goto Top
Saving debug log to /config/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.cycen.de
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. cloud.cycen.de (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://_/.well-known/acme-challenge/Yq92xNMJ-DKERJMNiP-81uuzdQrgu8RdZCYnnnld-Ls: Invalid hostname in redirect target, must end in IANA registered TLD
Der oben erwähnte Log:

2020-04-02 20:15:49,268:DEBUG:certbot.main:certbot version: 0.30.2
2020-04-02 20:15:49,269:DEBUG:certbot.main:Arguments: ['--non-interactive', '--quiet', '--config', '/etc/letsencrypt.ini', '--preferred-challenges', 'dns,http', '--disable-hook-validation']  
2020-04-02 20:15:49,271:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-04-02 20:15:49,843:DEBUG:certbot.log:Root logging level set at 30
2020-04-02 20:15:49,845:INFO:certbot.log:Saving debug log to /config/log/letsencrypt/letsencrypt.log
2020-04-02 20:15:49,895:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer <certbot.cli._Default object at 0x14eac11b8f28>
2020-04-02 20:15:49,895:DEBUG:certbot.cli:Var pref_challs=dns,http (set by user).
2020-04-02 20:15:49,896:DEBUG:certbot.cli:Var logs_dir=/config/log/letsencrypt (set by user).
2020-04-02 20:15:49,896:DEBUG:certbot.cli:Var work_dir=/config/letsencrypt-workdir (set by user).
2020-04-02 20:15:49,896:DEBUG:certbot.cli:Var authenticator=webroot (set by user).
2020-04-02 20:15:49,896:DEBUG:certbot.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user).
2020-04-02 20:15:49,897:DEBUG:certbot.cli:Var webroot_map={'webroot_path'} (set by user).  
2020-04-02 20:15:49,952:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2019-08-23 21:48:44 UTC.
2020-04-02 20:15:49,952:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2020-04-02 20:15:49,952:INFO:certbot.renewal:Non-interactive renewal: random delay of 315 seconds
2020-04-02 20:21:05,053:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2020-04-02 20:21:05,060:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x14eac11bfc88>
Prep: True
2020-04-02 20:21:05,062:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x14eac11bfc88> and installer None
2020-04-02 20:21:05,062:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2020-04-02 20:21:05,071:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x14eac11bf828>)>), contact=('mailto:tobias.pries.p@gmail.com',), agreement='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf', status='valid', terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v01.api.letsencrypt.org/acme/reg/57727894', new_authzr_uri='https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'), 5a81b723bb664426bf44cf6cb966af94, Meta(creation_dt=datetime.datetime(2019, 5, 24, 15, 7, 2, tzinfo=<UTC>), creation_host='1072d0b110af'))>  
2020-04-02 20:21:05,073:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2020-04-02 20:21:05,081:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2020-04-02 20:21:05,674:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658 
2020-04-02 20:21:05,675:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Apr 2020 03:21:05 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "_wZUhU6LAxY": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",  
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",  
  "meta": {  
    "caaIdentities": [  
      "letsencrypt.org"  
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",  
    "website": "https://letsencrypt.org"  
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",  
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",  
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",  
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"  
}
2020-04-02 20:21:05,675:INFO:certbot.main:Renewing an existing certificate
2020-04-02 20:21:06,368:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/5816_key-certbot.pem
2020-04-02 20:21:07,036:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/5816_csr-certbot.pem
2020-04-02 20:21:07,037:DEBUG:acme.client:Requesting fresh nonce
2020-04-02 20:21:07,037:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2020-04-02 20:21:07,176:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0 
2020-04-02 20:21:07,177:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Apr 2020 03:21:07 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" 
Replay-Nonce: 0101QuboMTSpte71fKWPw_m4X7s08u-9ISKKfR1FbE-7p-0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2020-04-02 20:21:07,178:DEBUG:acme.client:Storing nonce: 0101QuboMTSpte71fKWPw_m4X7s08u-9ISKKfR1FbE-7p-0
2020-04-02 20:21:07,178:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "mcc.cycen.de"\n    }\n  ]\n}'  
2020-04-02 20:21:07,182:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81NzcyNzg5NCIsICJub25jZSI6ICIwMTAxUXVib01UU3B0ZTcxZktXUHdfbTRYN3MwOHUtOUlTS0tmUjFGYkUtN3AtMCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",  
  "signature": "GBkK_Y8XCC5Xlrn_8P3eVLsCI4xB3wFgr32xzzK5AxPGIGan7ayIb22gYxPdeEUU5T1rsU6rPQrNBUEe4no_QIcmcg2s2unxyPe0bI-nXxVUWWHMlkbCDpH6_CKWuIAN978Tv-aZBlL6o3h2US-OvKzK-BzcG47vSHn64RkxYlvWIxdcbcRKNIk-V-ftdaVJkyICDq_PJgX94PCePtgDSQZ-tdlAUt5Uc8iol1aZ0szQUuA3izm_cNpEAUo_zacEEQ7DQedmRUouPywTfYc3rUdVWmlT5_f9d4hUTcsOVm8Y9oMt2RxpQhhyPK0jb8Ym8v-F3SiHEy5QW2Z_MFfyQw",  
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1jYy5jeWNlbi5kZSIKICAgIH0KICBdCn0"  
}
2020-04-02 20:21:07,476:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 342 
2020-04-02 20:21:07,477:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 03 Apr 2020 03:21:07 GMT
Content-Type: application/json
Content-Length: 342
Connection: keep-alive
Boulder-Requester: 57727894
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" 
Location: https://acme-v02.api.letsencrypt.org/acme/order/57727894/2872601614
Replay-Nonce: 0102OixlFA-rUty4HCTP-zRx_1Gt_LYDT8TZE1nQ0fTYuWw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",  
  "expires": "2020-04-10T03:21:07.368769688Z",  
  "identifiers": [  
    {
      "type": "dns",  
      "value": "mcc.cycen.de"  
    }
  ],
  "authorizations": [  
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/3728433153"  
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/57727894/2872601614"  
}
2020-04-02 20:21:07,478:DEBUG:acme.client:Storing nonce: 0102OixlFA-rUty4HCTP-zRx_1Gt_LYDT8TZE1nQ0fTYuWw
2020-04-02 20:21:07,478:DEBUG:acme.client:JWS payload:
b''  
2020-04-02 20:21:07,480:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/3728433153:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81NzcyNzg5NCIsICJub25jZSI6ICIwMTAyT2l4bEZBLXJVdHk0SENUUC16UnhfMUd0X0xZRFQ4VFpFMW5RMGZUWXVXdyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzcyODQzMzE1MyJ9",  
  "signature": "UEsrHUQIFTi9kBIdqsTkQECI8fChcE9Jn8BrBLzmXp8k0jTgNpjp_kbXdUZAB_PhAsvlzLYWkxBFvSlp38eKJV1GDzY7bktPZkm4ZpJ4gwHmF1eaxI8y6pEhfxrBobT6PiFYBtYq_sbZIy-j9ii8ABpLIR_UwUkd-c8DqAfNk0NYCktvFa_sW-VM_ZTIXE7wkjcsgW2vqKP_oriR10Q6h7rhVWGn8t1DXqwifogbgfa9BJtvr_BoKWJ8zuz5jqEhG1VzaYEgrmSdMOholsRKM_UwnX2uiULhKK_evKIDpDRaK0RH3EjP1T2bG7RwIUFptHv-C5iX9Alp8izq69Zbdg",  
  "payload": ""  
}
2020-04-02 20:21:07,654:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/3728433153 HTTP/1.1" 200 790 
2020-04-02 20:21:07,656:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Apr 2020 03:21:07 GMT
Content-Type: application/json
Content-Length: 790
Connection: keep-alive
Boulder-Requester: 57727894
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" 
Replay-Nonce: 010169gKQTl8sUHim8V_J8gEBjEqbwwA0ERP66KWlumKSzo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {  
    "type": "dns",  
    "value": "mcc.cycen.de"  
  },
  "status": "pending",  
  "expires": "2020-04-10T03:21:07Z",  
  "challenges": [  
    {
      "type": "http-01",  
      "status": "pending",  
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3728433153/DQJyKQ",  
      "token": "m5ZR3BjbeaZRvGHMcxDBnqXxppM6kv1rN7FEbLIned0"  
    },
    {
      "type": "dns-01",  
      "status": "pending",  
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3728433153/XP90KQ",  
      "token": "m5ZR3BjbeaZRvGHMcxDBnqXxppM6kv1rN7FEbLIned0"  
    },
    {
      "type": "tls-alpn-01",  
      "status": "pending",  
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3728433153/YUz2gA",  
      "token": "m5ZR3BjbeaZRvGHMcxDBnqXxppM6kv1rN7FEbLIned0"  
    }
  ]
}
2020-04-02 20:21:07,656:DEBUG:acme.client:Storing nonce: 010169gKQTl8sUHim8V_J8gEBjEqbwwA0ERP66KWlumKSzo
2020-04-02 20:21:07,657:INFO:certbot.auth_handler:Performing the following challenges:
2020-04-02 20:21:07,658:INFO:certbot.auth_handler:http-01 challenge for mcc.cycen.de
2020-04-02 20:21:07,658:INFO:certbot.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2020-04-02 20:21:07,658:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2020-04-02 20:21:07,663:DEBUG:certbot.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/m5ZR3BjbeaZRvGHMcxDBnqXxppM6kv1rN7FEbLIned0
2020-04-02 20:21:07,664:INFO:certbot.auth_handler:Waiting for verification...
2020-04-02 20:21:07,664:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "challenge",\n  "keyAuthorization": "m5ZR3BjbeaZRvGHMcxDBnqXxppM6kv1rN7FEbLIned0.schb2lPDhm3trnzthRtFDn2SjxwB5TxmMZeZ_b27Xrc",\n  "type": "http-01"\n}'  
2020-04-02 20:21:07,667:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/3728433153/DQJyKQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81NzcyNzg5NCIsICJub25jZSI6ICIwMTAxNjlnS1FUbDhzVUhpbThWX0o4Z0VCakVxYnd3QTBFUlA2NktXbHVtS1N6byIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMzcyODQzMzE1My9EUUp5S1EifQ",  
  "signature": "QyMTmZ9nZkiUPkRYxd5xG27frXt-PqpeQeDVwSN7PXSfcGSLDDagQWmlpBIYVP7-KNedrSHXxa16caRJ3mO6BKShSpDH8xfHimdDYLlPognogHL3EuKZiV_c7cLv_9FB8YjAbdAUkS_1R9Mj977hJyWxO_8OPhnJSjhmqZ1jsDUSwQr02NbpmjroqTHHkjs3iYw_5IGgNo0XN4GmT50akl88p1TVpl4_2x_lCVJqpG3E_10eexwQ75UNWMJC3DaRjkQhMy8bU6fO9fTQzfsGs6o5DhxixUw-OpZkEl61uI7nlx0_XEy-bRSxIv_U8M8eZW5TJeZ4Sf2KjB0I9V3s1w",  
  "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJrZXlBdXRob3JpemF0aW9uIjogIm01WlIzQmpiZWFaUnZHSE1jeERCbnFYeHBwTTZrdjFyTjdGRWJMSW5lZDAuc2NoYjJsUERobTN0cm56dGhSdEZEbjJTanh3QjVUeG1NWmVaX2IyN1hyYyIsCiAgInR5cGUiOiAiaHR0cC0wMSIKfQ"  
}
2020-04-02 20:21:07,872:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/3728433153/DQJyKQ HTTP/1.1" 200 185 
2020-04-02 20:21:07,874:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Apr 2020 03:21:07 GMT
Content-Type: application/json
Content-Length: 185
Connection: keep-alive
Boulder-Requester: 57727894
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/3728433153>;rel="up" 
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/3728433153/DQJyKQ
Replay-Nonce: 0101REYvl9pAEUPHmvXWJ4ZEy5zDFGW37EaMPoKo0EH1Yq4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",  
  "status": "pending",  
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3728433153/DQJyKQ",  
  "token": "m5ZR3BjbeaZRvGHMcxDBnqXxppM6kv1rN7FEbLIned0"  
}
2020-04-02 20:21:07,874:DEBUG:acme.client:Storing nonce: 0101REYvl9pAEUPHmvXWJ4ZEy5zDFGW37EaMPoKo0EH1Yq4
2020-04-02 20:21:10,878:DEBUG:acme.client:JWS payload:
b''  
2020-04-02 20:21:10,881:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/3728433153:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDEuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy81NzcyNzg5NCIsICJub25jZSI6ICIwMTAxUkVZdmw5cEFFVVBIbXZYV0o0WkV5NXpERkdXMzdFYU1Qb0tvMEVIMVlxNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzcyODQzMzE1MyJ9",  
  "signature": "Squ7L_FsmLmKPfFixloFSckCqnl-3IIgX94StZEcocIvZQlUs_gOnF6KRJgjABWUT8y8sX713vQgaoR0Jwi8OqEpj51n9HpTHPEYgBw3jwaXbvTphz022kJz2o5MK-1kgYa-iyj6DQOFaEI5sgF3gXHzHeNuxXojL2MC0eZ96Iyl0azcnixyLFLWintqaHtvawKB9_kTx42Qagsknhrf6SXOtJnx6Z0cM8Hwhkp6YGWDQVyFW5lb_17_wbjDOZsHgQSt2B9g3Tvih4oNE2_3oHkUeQ8s0l4FkNy_AZGCXaTcZy_mNzkUDX3-I2qnfxMg2ngZgX2OM0fGnxDtCHkURA",  
  "payload": ""  
}
2020-04-02 20:21:11,087:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/3728433153 HTTP/1.1" 200 585 
2020-04-02 20:21:11,089:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 03 Apr 2020 03:21:11 GMT
Content-Type: application/json
Content-Length: 585
Connection: keep-alive
Boulder-Requester: 57727894
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" 
Replay-Nonce: 01028PXNm00UHP620qgVDRYQJoETZN8gLglHZcp9cajOZV0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {  
    "type": "dns",  
    "value": "mcc.cycen.de"  
  },
  "status": "invalid",  
  "expires": "2020-04-10T03:21:07Z",  
  "challenges": [  
    {
      "type": "http-01",  
      "status": "invalid",  
      "error": {  
        "type": "urn:ietf:params:acme:error:dns",  
        "detail": "DNS problem: NXDOMAIN looking up A for mcc.cycen.de - check that a DNS record exists for this domain",  
        "status": 400  
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3728433153/DQJyKQ",  
      "token": "m5ZR3BjbeaZRvGHMcxDBnqXxppM6kv1rN7FEbLIned0"  
    }
  ]
}
2020-04-02 20:21:11,089:DEBUG:acme.client:Storing nonce: 01028PXNm00UHP620qgVDRYQJoETZN8gLglHZcp9cajOZV0
2020-04-02 20:21:11,090:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: mcc.cycen.de
Type:   None
Detail: DNS problem: NXDOMAIN looking up A for mcc.cycen.de - check that a DNS record exists for this domain
2020-04-02 20:21:11,091:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/certbot/auth_handler.py", line 82, in handle_authorizations  
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3.6/site-packages/certbot/auth_handler.py", line 161, in _respond  
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3.6/site-packages/certbot/auth_handler.py", line 232, in _poll_challenges  
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. mcc.cycen.de (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for mcc.cycen.de - check that a DNS record exists for this domain

2020-04-02 20:21:11,092:DEBUG:certbot.error_handler:Calling registered functions
2020-04-02 20:21:11,092:INFO:certbot.auth_handler:Cleaning up challenges
2020-04-02 20:21:11,092:DEBUG:certbot.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/m5ZR3BjbeaZRvGHMcxDBnqXxppM6kv1rN7FEbLIned0
2020-04-02 20:21:11,093:DEBUG:certbot.plugins.webroot:All challenges cleaned up
2020-04-02 20:21:11,093:WARNING:certbot.renewal:Attempting to renew cert (npm-2) from /etc/letsencrypt/renewal/npm-2.conf produced an unexpected error: Failed authorization procedure. mcc.cycen.de (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for mcc.cycen.de - check that a DNS record exists for this domain. Skipping.
2020-04-02 20:21:11,113:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/certbot/renewal.py", line 452, in handle_renewal_request  
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3.6/site-packages/certbot/main.py", line 1192, in renew_cert  
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3.6/site-packages/certbot/main.py", line 116, in _get_and_save_cert  
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3.6/site-packages/certbot/renewal.py", line 310, in renew_cert  
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3.6/site-packages/certbot/client.py", line 353, in obtain_certificate  
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3.6/site-packages/certbot/client.py", line 389, in _get_order_and_authorizations  
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python3.6/site-packages/certbot/auth_handler.py", line 82, in handle_authorizations  
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3.6/site-packages/certbot/auth_handler.py", line 161, in _respond  
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3.6/site-packages/certbot/auth_handler.py", line 232, in _poll_challenges  
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. mcc.cycen.de (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for mcc.cycen.de - check that a DNS record exists for this domain

2020-04-02 20:21:11,119:DEBUG:certbot.cli:Var pref_challs=dns,http (set by user).
2020-04-02 20:21:11,119:DEBUG:certbot.cli:Var logs_dir=/config/log/letsencrypt (set by user).
2020-04-02 20:21:11,120:DEBUG:certbot.cli:Var work_dir=/config/letsencrypt-workdir (set by user).
2020-04-02 20:21:11,120:DEBUG:certbot.cli:Var authenticator=webroot (set by user).
2020-04-02 20:21:11,121:DEBUG:certbot.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user).
2020-04-02 20:21:11,121:DEBUG:certbot.cli:Var webroot_map={'webroot_path'} (set by user).  
2020-04-02 20:21:11,155:INFO:certbot.renewal:Cert not yet due for renewal
2020-04-02 20:21:11,159:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2020-04-02 20:21:11,164:DEBUG:certbot.cli:Var pref_challs=dns,http (set by user).
2020-04-02 20:21:11,164:DEBUG:certbot.cli:Var logs_dir=/config/log/letsencrypt (set by user).
2020-04-02 20:21:11,165:DEBUG:certbot.cli:Var work_dir=/config/letsencrypt-workdir (set by user).
2020-04-02 20:21:11,165:DEBUG:certbot.cli:Var authenticator=webroot (set by user).
2020-04-02 20:21:11,166:DEBUG:certbot.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user).
2020-04-02 20:21:11,166:DEBUG:certbot.cli:Var webroot_map={'webroot_path'} (set by user).  
2020-04-02 20:21:11,202:INFO:certbot.renewal:Cert not yet due for renewal
2020-04-02 20:21:11,205:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2020-04-02 20:21:11,211:DEBUG:certbot.cli:Var pref_challs=dns,http (set by user).
2020-04-02 20:21:11,211:DEBUG:certbot.cli:Var logs_dir=/config/log/letsencrypt (set by user).
2020-04-02 20:21:11,211:DEBUG:certbot.cli:Var work_dir=/config/letsencrypt-workdir (set by user).
2020-04-02 20:21:11,211:DEBUG:certbot.cli:Var authenticator=webroot (set by user).
2020-04-02 20:21:11,212:DEBUG:certbot.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user).
2020-04-02 20:21:11,212:DEBUG:certbot.cli:Var webroot_map={'webroot_path'} (set by user).  
2020-04-02 20:21:11,248:INFO:certbot.renewal:Cert not yet due for renewal
2020-04-02 20:21:11,251:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2020-04-02 20:21:11,256:DEBUG:certbot.cli:Var pref_challs=dns,http (set by user).
2020-04-02 20:21:11,256:DEBUG:certbot.cli:Var logs_dir=/config/log/letsencrypt (set by user).
2020-04-02 20:21:11,256:DEBUG:certbot.cli:Var work_dir=/config/letsencrypt-workdir (set by user).
2020-04-02 20:21:11,257:DEBUG:certbot.cli:Var authenticator=webroot (set by user).
2020-04-02 20:21:11,257:DEBUG:certbot.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user).
2020-04-02 20:21:11,257:DEBUG:certbot.cli:Var webroot_map={'webroot_path'} (set by user).  
2020-04-02 20:21:11,294:INFO:certbot.renewal:Cert not yet due for renewal
2020-04-02 20:21:11,298:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2020-04-02 20:21:11,302:DEBUG:certbot.cli:Var pref_challs=dns,http (set by user).
2020-04-02 20:21:11,302:DEBUG:certbot.cli:Var logs_dir=/config/log/letsencrypt (set by user).
2020-04-02 20:21:11,303:DEBUG:certbot.cli:Var work_dir=/config/letsencrypt-workdir (set by user).
2020-04-02 20:21:11,303:DEBUG:certbot.cli:Var authenticator=webroot (set by user).
2020-04-02 20:21:11,303:DEBUG:certbot.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user).
2020-04-02 20:21:11,303:DEBUG:certbot.cli:Var webroot_map={'webroot_path'} (set by user).  
2020-04-02 20:21:11,338:INFO:certbot.renewal:Cert not yet due for renewal
2020-04-02 20:21:11,343:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2020-04-02 20:21:11,347:DEBUG:certbot.cli:Var pref_challs=dns,http (set by user).
2020-04-02 20:21:11,348:DEBUG:certbot.cli:Var logs_dir=/config/log/letsencrypt (set by user).
2020-04-02 20:21:11,348:DEBUG:certbot.cli:Var work_dir=/config/letsencrypt-workdir (set by user).
2020-04-02 20:21:11,348:DEBUG:certbot.cli:Var authenticator=webroot (set by user).
2020-04-02 20:21:11,349:DEBUG:certbot.cli:Var webroot_path=/data/letsencrypt-acme-challenge (set by user).
2020-04-02 20:21:11,349:DEBUG:certbot.cli:Var webroot_map={'webroot_path'} (set by user).  
2020-04-02 20:21:11,386:INFO:certbot.renewal:Cert not yet due for renewal
2020-04-02 20:21:11,391:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2020-04-02 20:21:11,391:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2020-04-02 20:21:11,391:ERROR:certbot.renewal:  /etc/letsencrypt/live/npm-2/fullchain.pem (failure)
2020-04-02 20:21:11,392:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>  
    load_entry_point('certbot==0.30.2', 'console_scripts', 'certbot')()  
  File "/usr/lib/python3.6/site-packages/certbot/main.py", line 1364, in main  
    return config.func(config, plugins)
  File "/usr/lib/python3.6/site-packages/certbot/main.py", line 1271, in renew  
    renewal.handle_renewal_request(config)
  File "/usr/lib/python3.6/site-packages/certbot/renewal.py", line 477, in handle_renewal_request  
    len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
Member: Dani
Dani May 12, 2020 updated at 18:43:24 (UTC)
Goto Top
Moin,
certbot.errors.FailedChallenges: Failed authorization procedure. mcc.cycen.de (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for mcc.cycen.de - check that a DNS record exists for this domain
die DNS Konfiguration stimmt nicht. Die DNS A-Eintrag für die Subdomain zeigt nicht auf die korrekte IP-Adresse, über die der NPM erreichbar ist. In deinem Fall existiert gar kein A-Eintrag für die Subdomain.


Gruß,
Dani
Member: Tobiaspr
Tobiaspr May 14, 2020 at 19:04:16 (UTC)
Goto Top
Hallo,
Danke für die Antwort,
Das interessante ist, mir wird diese Domain nirgendwo angezeigt.
Member: Tobiaspr
Tobiaspr May 14, 2020 at 19:17:39 (UTC)
Goto Top
[5/14/2020] [12:11:13 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --agree-tos --email "theodaro@gmail.com" --preferred-challenges "dns,http" --webroot --domains "cloud.cycen.de"  
Saving debug log to /config/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.cycen.de
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. cloud.cycen.de (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://_/.well-known/acme-challenge/ZyG3NdiyvpqHxAq3jcubSuQYBuxqsPvZzhQG_acViHs: Invalid hostname in redirect target, must end in IANA registered TLD

Ich habe die angesprochenen Verzeichnisse gesucht, aber nicht gefunden.
Member: Dani
Dani May 15, 2020 at 17:48:39 (UTC)
Goto Top
Moin,
Ich habe die angesprochenen Verzeichnisse gesucht, aber nicht gefunden.
wie betreibst du das Docker-Image, via docker oder docker-compose?

⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --agree-tos --email "theodaro@gmail.com" --preferred-challenges "dns,http" --webroot --domains "cloud.cycen.de"
In diesem Fall wieder eine andere Domain. Könnte es sein, dass dein Server nicht mehr vollständig unter deiner Kontrolle ist?!


Gruß,
Dani
Member: Tobiaspr
Tobiaspr May 16, 2020 at 19:06:20 (UTC)
Goto Top
´
Zitat von @Dani:

Moin,
Ich habe die angesprochenen Verzeichnisse gesucht, aber nicht gefunden.
wie betreibst du das Docker-Image, via docker oder docker-compose?

⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-1" --agree-tos --email "theodaro@gmail.com" --preferred-challenges "dns,http" --webroot --domains "cloud.cycen.de"
In diesem Fall wieder eine andere Domain. Könnte es sein, dass dein Server nicht mehr vollständig unter deiner Kontrolle ist?!


Gruß,
Dani

Ich nutzte das Docker Image. Die Domains sind alles meine. Die vorherige habe ich nur vor einiger Zeit gelöscht.
Member: Tobiaspr
Tobiaspr May 16, 2020 at 19:13:28 (UTC)
Goto Top
Ich hoste auf dem Server eben Nextcloud instanz mit Onlyoffice. Die Verbindung habe ich früher immer über den ProxyManager verschlüsselt. Aber dann sind die Zertifikate nicht mehr verlängert worden, wahrscheinlich wegen der geänderten Validierungsverfahren. Dieses benötigt ja jetzt port 80 & 443 die natürlich Standartmäßig durch Nextcloud besetzt waren.

Die Subdomain zeigt via A Reccord auf die Statische IP und die Ports werden vom Router korrekt weitergeleitet. Immer wenn ich ein SSL Zertifikat erstellen möchte kommt dieser fehler und es wird eins erstellt das berreits abgelaufen ist.

Jetzt habe ich Nextcloud (auch im Docker) gestoppt. Damit die Ports 80 & 443 frei sind. Es kommt trozdem der "Internal Error"
Member: Dani
Dani May 16, 2020 at 20:25:36 (UTC)
Goto Top
Moin,
wie betreibst du das Docker-Image, via docker oder docker-compose?
Ich nutzte das Docker Image.
Das ist klar. Aber nutzt du es via docker oder docker-compose? Kleiner aber feiner Unterschied.

Jetzt habe ich Nextcloud (auch im Docker) gestoppt. Damit die Ports 80 & 443 frei sind. Es kommt trozdem der "Internal Error"
Vermutlich eine doppelte Belegung durch zwei unterschiedliche Docker Images (Nextcloud und NPM). Da bleibt dir nur die Anpassung der der Konfiguration bzw. der docker-compose.yml für Nextcloud.
Du mussz den NPM Container neu starten müssen, damit die Ports gemapped werden.


Gruß,
Dani
GermanQuestionServerInternet