verbose log as below, any idea?
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator certbot-s3front:auth and installer certbot-s3front:installer
Single candidate plugin: * certbot-s3front:installer
Description: S3/CloudFront Installer
Interfaces: IInstaller, IPlugin
Entry point: installer = certbot_s3front.installer:Installer
Initialized: <certbot_s3front.installer.Installer object at 0x10bd31310>
Prep: True
Single candidate plugin: * certbot-s3front:auth
Description: S3/CloudFront Authenticator
Interfaces: IAuthenticator, IPlugin
Entry point: auth = certbot_s3front.authenticator:Authenticator
Initialized: <certbot_s3front.authenticator.Authenticator object at 0x10b5ef690>
Prep: True
Selected authenticator <certbot_s3front.authenticator.Authenticator object at 0x10b5ef690> and installer <certbot_s3front.installer.Installer object at 0x10bd31310>
Picked account: <Account(RegistrationResource(body=Registration(status=None, contact=(u'mailto:[email protected]',), agreement=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf', key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x10bd31610>)>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/19021102', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'), ddd80b403fe56d9116cbc2e8cfdece4f, Meta(creation_host=u'lianmeng-C02SG119G8WL', creation_dt=datetime.datetime(2017, 7, 22, 0, 11, 56, tzinfo=)))>
Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 561
Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 561
Replay-Nonce: y_yyjW5RBDgqTlp-KoigRtw9_viNVIAslaYQV61Wpxs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 11 Oct 2017 03:36:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 11 Oct 2017 03:36:44 GMT
Connection: keep-alive
{
"estrD8o6IDg": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
"meta": {
"terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
},
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
"revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
Auto-renewal forced with --force-renewal...
Renewing an existing certificate
Requesting fresh nonce
Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
https://acme-v01.api.letsencrypt.org:443 "HEAD /acme/new-authz HTTP/1.1" 405 0
Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Replay-Nonce: TTM7V7GtUWxFQSrFiiVoRkPPiwnEPbWD68EjTseI7H0
Expires: Wed, 11 Oct 2017 03:36:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 11 Oct 2017 03:36:44 GMT
Connection: keep-alive
Storing nonce: TTM7V7GtUWxFQSrFiiVoRkPPiwnEPbWD68EjTseI7H0
JWS payload:
{
"identifier": {
"type": "dns",
"value": "www.teeterpal.com"
},
"resource": "new-authz"
}
Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
"protected": "eyJub25jZSI6ICJUVE03VjdHdFVXeEZRU3JGaWlWb1JrUFBpd25FUGJXRDY4RWpUc2VJN0gwIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidTM0ZUJyb1hBNHFjbjJXUEswdzl4RDRDSEJQMHFFTzlhWnBWS2ZXbzZFaEtTYVV3bkZySjY1YjBRajUtalpCejktSXVkVHhacFZVSUN0OTVsT2lmbnE5R3hXbjZONDhES0dpLVV5TFVEenVGUk1JTWZIcktIaE83MmY1aER2LTE5TU5hZnBzTWpkN1FVbHNtZEZxY25UNWZZbjcxc3dSS0M5OVZSSWU5Z3hQbnJwMTVLZk1XUG4tMy1HQVFlaUl4X296eFY0TTU1aTFkVS1ROXdHTVFxbzNBNGtYTkNlRmgwWVBwUzVTVGtYMnhhRVlOMzRMS090YnBUZ1NVS0JNanRyNkY0djhwak5XT2k1LUtPbVhrV212bURNR3E3UHMwOFk3WmJYb0FvbnlLUnJvUEhaNGJCbjVfLUJVNDU3MGo0bHlNc2JvOEs5WjMwMW1lUTNQT1RRIn19",
"payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAid3d3LnRlZXRlcnBhbC5jb20iCiAgfSwgCiAgInJlc291cmNlIjogIm5ldy1hdXRoeiIKfQ",
"signature": "r1z1_m1coifKwapey0fmcb3LXWm68r1wmyYQr3kgRQDs9FndgG5CYvPOSW4adZqdvfOvzW9QqF8Dw6wRSwbnpD9FWw6px4MeIC1uuW_us0YcWXHn_V9MxM-c6Nz0udA1QGnujF8igv9JPsb3ZS7i_rdLjIztdbM801NiuaH6cWuUj6oy_m8auxBp-OMtiiXNNZV1zP9hpfbLV-j5_p5PwpA-LkFNKTa4QWPuiYhJd93Lz2Frcw_nAAlpmRbAprG07Elio1kD8SgthAm6Hy0SDQCXYZUWYgk2CsW53-ez672UoVt2GzjUTVwlhbhE1sogglys1WGxzutpxWoQDXXAxA"
}
https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 995
Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 995
Boulder-Requester: 19021102
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/a0Cqu5YJ79VUry79yYZknQXZz9xzZx8OWiXsdSYuBIQ
Replay-Nonce: l7VPBR1kM8h_DKtQuqa0r4_irWEbAYpDYKIc9v4S0_4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 11 Oct 2017 03:36:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 11 Oct 2017 03:36:44 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "www.teeterpal.com"
},
"status": "pending",
"expires": "2017-10-18T02:27:07Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/a0Cqu5YJ79VUry79yYZknQXZz9xzZx8OWiXsdSYuBIQ/2177779021",
"token": "hka3C9U9u0mgSbDYNPLCa7tTcte7JdytxSmxNKvEOq0"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/a0Cqu5YJ79VUry79yYZknQXZz9xzZx8OWiXsdSYuBIQ/2177779022",
"token": "6YInFDE_3T9wPc469voVfOsJXIoiq0StMUJcXDTtxXs"
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/a0Cqu5YJ79VUry79yYZknQXZz9xzZx8OWiXsdSYuBIQ/2177779023",
"token": "oEs6huDhSoA78D_5u1Uy3XUXHkKf0fjTRUDHmtTngkQ"
}
],
"combinations": [
[
1
],
[
2
],
[
0
]
]
}
Storing nonce: l7VPBR1kM8h_DKtQuqa0r4_irWEbAYpDYKIc9v4S0_4
Performing the following challenges:
http-01 challenge for www.teeterpal.com
Loading JSON file: /usr/local/lib/python2.7/site-packages/boto3/data/s3/2006-03-01/resources-1.json
Looking for credentials via: env
Found credentials in environment variables.
Loading JSON file: /Users/lianmeng/Library/Python/2.7/lib/python/site-packages/botocore/data/endpoints.json
Loading JSON file: /Users/lianmeng/Library/Python/2.7/lib/python/site-packages/botocore/data/s3/2006-03-01/service-2.json
Loading JSON file: /Users/lianmeng/Library/Python/2.7/lib/python/site-packages/botocore/data/_retry.json
Registering retry handlers for service: s3
Event creating-client-class.s3: calling handler <function add_generate_presigned_post at 0x10bc97938>
Event creating-client-class.s3: calling handler <function _handler at 0x10be86578>
Event creating-client-class.s3: calling handler <function add_generate_presigned_url at 0x10bc97758>
The s3 config key is not a dictionary type, ignoring its value of: None
Setting s3 timeout as (60, 60)
Defaulting to S3 virtual host style addressing with path style addressing fallback.
Loading s3:s3
Loading s3:Bucket
Renaming Bucket attribute name
Event creating-resource-class.s3.Bucket: calling handler <function _handler at 0x10be866e0>
Calling s3:put_object with {'Body': u'hka3C9U9u0mgSbDYNPLCa7tTcte7JdytxSmxNKvEOq0.Yk2mV5X9pgphhnYd_OkD8G56Z7WH6Wn2mvuO8aeUFdw', u'Bucket': 'www.teeterpal.com', 'Key': u'.well-known/acme-challenge/hka3C9U9u0mgSbDYNPLCa7tTcte7JdytxSmxNKvEOq0', 'ACL': 'public-read'}
Event before-parameter-build.s3.PutObject: calling handler <function validate_ascii_metadata at 0x10bccb2a8>
Event before-parameter-build.s3.PutObject: calling handler <function sse_md5 at 0x10bcc97d0>
Event before-parameter-build.s3.PutObject: calling handler <function convert_body_to_file_like_object at 0x10bccb8c0>
Event before-parameter-build.s3.PutObject: calling handler <function validate_bucket_name at 0x10bcc9758>
Event before-parameter-build.s3.PutObject: calling handler <bound method S3RegionRedirector.redirect_from_cache of <botocore.utils.S3RegionRedirector object at 0x10d4b3510>>
Event before-parameter-build.s3.PutObject: calling handler <function generate_idempotent_uuid at 0x10bcc9410>
Event before-call.s3.PutObject: calling handler <function conditionally_calculate_md5 at 0x10bcc96e0>
Event before-call.s3.PutObject: calling handler <function add_expect_header at 0x10bcc9b90>
Adding expect 100 continue header to request.
Event before-call.s3.PutObject: calling handler <bound method S3RegionRedirector.set_request_url of <botocore.utils.S3RegionRedirector object at 0x10d4b3510>>
Making request for OperationModel(name=PutObject) (verify_ssl=True) with params: {'body': <StringIO.StringIO instance at 0x10d519f80>, 'url': u'https://s3.amazonaws.com/www.teeterpal.com/.well-known/acme-challenge/hka3C9U9u0mgSbDYNPLCa7tTcte7JdytxSmxNKvEOq0', 'headers': {'Content-MD5': u'bdmzmLm1jdGZmU3d8KMvtQ==', 'Expect': '100-continue', u'x-amz-acl': 'public-read', 'User-Agent': 'Boto3/1.4.4 Python/2.7.13 Darwin/16.0.0 Botocore/1.5.77 Resource'}, 'context': {'auth_type': None, 'client_region': 'us-east-1', 'signing': {'bucket': 'www.teeterpal.com'}, 'has_streaming_input': True, 'client_config': <botocore.config.Config object at 0x10d4b31d0>}, 'query_string': {}, 'url_path': u'/www.teeterpal.com/.well-known/acme-challenge/hka3C9U9u0mgSbDYNPLCa7tTcte7JdytxSmxNKvEOq0', 'method': u'PUT'}
Event request-created.s3.PutObject: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x10d431110>>
Event choose-signer.s3.PutObject: calling handler <bound method ClientCreator._default_s3_presign_to_sigv2 of <botocore.client.ClientCreator object at 0x10bfa7310>>
Event choose-signer.s3.PutObject: calling handler <function set_operation_specific_signer at 0x10bcc9320>
Event before-sign.s3.PutObject: calling handler <function fix_s3_host at 0x10bba69b0>
Calculating signature using v4 auth.
CanonicalRequest:
PUT
/www.teeterpal.com/.well-known/acme-challenge/hka3C9U9u0mgSbDYNPLCa7tTcte7JdytxSmxNKvEOq0
content-md5:bdmzmLm1jdGZmU3d8KMvtQ==
host:s3.amazonaws.com
x-amz-acl:public-read
x-amz-content-sha256:UNSIGNED-PAYLOAD
x-amz-date:20171011T033644Z
content-md5;host;x-amz-acl;x-amz-content-sha256;x-amz-date
UNSIGNED-PAYLOAD
StringToSign:
AWS4-HMAC-SHA256
20171011T033644Z
20171011/us-east-1/s3/aws4_request
482b5ea234dcf27cc9b4fa75b7cce9216e275d57808a6f924f2b32e8d64e9396
Signature:
83c4bceb84f59e021553ec896d4df1667d81f71a3daccc34e5099cfb96d3ae15
Sending http request: <PreparedRequest [PUT]>
Starting new HTTPS connection (1): s3.amazonaws.com
Waiting for 100 Continue response.
100 Continue response seen, now sending request body.
"PUT /www.teeterpal.com/.well-known/acme-challenge/hka3C9U9u0mgSbDYNPLCa7tTcte7JdytxSmxNKvEOq0 HTTP/1.1" 200 0
Response headers: {'content-length': '0', 'x-amz-id-2': 'CFdFZP/dwiEANPa2BRfDkWTa61soKlqCH/kgIPRNnOvnszf3/Am8sYyJTxtWZ/CogNsF8gAGX9A=', 'server': 'AmazonS3', 'x-amz-request-id': '63C2F4DC5254FCDA', 'etag': '"6dd9b398b9b58dd199994dddf0a32fb5"', 'date': 'Wed, 11 Oct 2017 03:36:46 GMT'}
Response body:
Event needs-retry.s3.PutObject: calling handler <botocore.retryhandler.RetryHandler object at 0x10d3d0550>
No retry needed.
Event needs-retry.s3.PutObject: calling handler <bound method S3RegionRedirector.redirect_from_error of <botocore.utils.S3RegionRedirector object at 0x10d4b3510>>
Response: {u'ETag': '"6dd9b398b9b58dd199994dddf0a32fb5"', 'ResponseMetadata': {'HTTPStatusCode': 200, 'RetryAttempts': 0, 'HostId': 'CFdFZP/dwiEANPa2BRfDkWTa61soKlqCH/kgIPRNnOvnszf3/Am8sYyJTxtWZ/CogNsF8gAGX9A=', 'RequestId': '63C2F4DC5254FCDA', 'HTTPHeaders': {'content-length': '0', 'x-amz-id-2': 'CFdFZP/dwiEANPa2BRfDkWTa61soKlqCH/kgIPRNnOvnszf3/Am8sYyJTxtWZ/CogNsF8gAGX9A=', 'server': 'AmazonS3', 'x-amz-request-id': '63C2F4DC5254FCDA', 'etag': '"6dd9b398b9b58dd199994dddf0a32fb5"', 'date': 'Wed, 11 Oct 2017 03:36:46 GMT'}}}
Loading s3:Object
Event creating-resource-class.s3.Object: calling handler <function _handler at 0x10beedc80>
Verifying http-01 at http://www.teeterpal.com/.well-known/acme-challenge/hka3C9U9u0mgSbDYNPLCa7tTcte7JdytxSmxNKvEOq0...
Starting new HTTP connection (1): www.teeterpal.com
http://www.teeterpal.com:80 "GET /.well-known/acme-challenge/hka3C9U9u0mgSbDYNPLCa7tTcte7JdytxSmxNKvEOq0 HTTP/1.1" 200 1288
Received <Response [200]>:
<title>Teeterpal</title>
<link type="text/css" rel="stylesheet" media="all" href="//d3obslvgayxcv1.cloudfront.net/css/app.0.0.18.1006171819.css" />
<script src="//d3obslvgayxcv1.cloudfront.net/js/app.0.0.18.1006171819.js"></script>
. Headers: {'Content-Length': '1288', 'Via': '1.1 9f24b18d030ce2b8185b958a523beb8a.cloudfront.net (CloudFront)', 'X-Cache': 'Error from cloudfront', 'Accept-Ranges': 'bytes', 'Server': 'AmazonS3', 'Last-Modified': 'Sat, 07 Oct 2017 01:20:22 GMT', 'Connection': 'keep-alive', 'ETag': '"15ab6f3bda2998dbf46bd0fb5194e7ed"', 'X-Amz-Cf-Id': 'GcY6kwN-AE8-j_EFx5n6YIfvnBgHtQIcXHIVzjnjIojb9APMMuXKfQ==', 'Date': 'Sun, 08 Oct 2017 17:21:49 GMT', 'Content-Type': 'text/html; charset=utf-8'}
Key authorization from response (u'hka3C9U9u0mgSbDYNPLCa7tTcte7JdytxSmxNKvEOq0.Yk2mV5X9pgphhnYd_OkD8G56Z7WH6Wn2mvuO8aeUFdw') doesn't match HTTP response (u'\n\n\n \n \n \n \n <title>Teeterpal</title>\n \n \n \n \n \n \n \n \n\n\n
\n\n\n <script src="//d3obslvgayxcv1.cloudfront.net/js/app.0.0.18.1006171819.js"></script>\n\n\n')
Self-verify of challenge failed, authorization abandoned!
Waiting for verification...
Cleaning up challenges
Registering retry handlers for service: s3
Event creating-client-class.s3: calling handler
Event creating-client-class.s3: calling handler
Event creating-client-class.s3: calling handler
The s3 config key is not a dictionary type, ignoring its value of: None
Setting s3 timeout as (60, 60)
Defaulting to S3 virtual host style addressing with path style addressing fallback.
Loading s3:s3
Event before-parameter-build.s3.DeleteObject: calling handler
Event before-parameter-build.s3.DeleteObject: calling handler >
Event before-parameter-build.s3.DeleteObject: calling handler
Event before-call.s3.DeleteObject: calling handler
Event before-call.s3.DeleteObject: calling handler >
Making request for OperationModel(name=DeleteObject) (verify_ssl=True) with params: {'body': '', 'url': u'https://s3.amazonaws.com/www.teeterpal.com/.well-known/acme-challenge/hka3C9U9u0mgSbDYNPLCa7tTcte7JdytxSmxNKvEOq0', 'headers': {'User-Agent': 'Boto3/1.4.4 Python/2.7.13 Darwin/16.0.0 Botocore/1.5.77 Resource'}, 'context': {'auth_type': None, 'client_region': 'us-east-1', 'signing': {'bucket': 'www.teeterpal.com'}, 'has_streaming_input': False, 'client_config': }, 'query_string': {}, 'url_path': u'/www.teeterpal.com/.well-known/acme-challenge/hka3C9U9u0mgSbDYNPLCa7tTcte7JdytxSmxNKvEOq0', 'method': u'DELETE'}
Event request-created.s3.DeleteObject: calling handler >
Event choose-signer.s3.DeleteObject: calling handler >
Event choose-signer.s3.DeleteObject: calling handler
Event before-sign.s3.DeleteObject: calling handler
Calculating signature using v4 auth.
CanonicalRequest:
DELETE
/www.teeterpal.com/.well-known/acme-challenge/hka3C9U9u0mgSbDYNPLCa7tTcte7JdytxSmxNKvEOq0
host:s3.amazonaws.com
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20171011T033645Z
host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
StringToSign:
AWS4-HMAC-SHA256
20171011T033645Z
20171011/us-east-1/s3/aws4_request
296efa578e35d77f46225e155d38b09e8acc8ef58f04980eec9448f408f06d33
Signature:
e8f5f17710d9585647380473735c3660ca0e72da1b33e9240bbafe3873c3a606
Sending http request: <PreparedRequest [DELETE]>
Starting new HTTPS connection (1): s3.amazonaws.com
"DELETE /www.teeterpal.com/.well-known/acme-challenge/hka3C9U9u0mgSbDYNPLCa7tTcte7JdytxSmxNKvEOq0 HTTP/1.1" 204 0
Response headers: {'x-amz-id-2': 'lPbhgHuLkNorvEL4O8CbOmVr3PuP/YQfCH+z21oWNOscJhV9FS3+xi2pme0YYlbaN4KuCxX870s=', 'date': 'Wed, 11 Oct 2017 03:36:46 GMT', 'x-amz-request-id': '32EC7175E25BFC5D', 'server': 'AmazonS3'}
Response body:
Event needs-retry.s3.DeleteObject: calling handler <botocore.retryhandler.RetryHandler object at 0x10d3d0550>
No retry needed.
Event needs-retry.s3.DeleteObject: calling handler <bound method S3RegionRedirector.redirect_from_error of <botocore.utils.S3RegionRedirector object at 0x10d54b9d0>>
Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 11, in
sys.exit(main())
File "/usr/local/lib/python2.7/site-packages/certbot/main.py", line 743, in main
return config.func(config, plugins)
File "/usr/local/lib/python2.7/site-packages/certbot/main.py", line 598, in run
certname, lineage)
File "/usr/local/lib/python2.7/site-packages/certbot/main.py", line 77, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/local/lib/python2.7/site-packages/certbot/renewal.py", line 297, in renew_cert
new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File "/usr/local/lib/python2.7/site-packages/certbot/client.py", line 317, in obtain_certificate
self.config.allow_subset_of_names)
File "/usr/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 84, in get_authorizations
self.verify_authzr_complete()
File "/usr/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 298, in verify_authzr_complete
raise errors.AuthorizationError("Incomplete authorizations")
AuthorizationError: Incomplete authorizations
Incomplete authorizations