Thank you for the detailed tutorial, but I'm having a weird issue.
After a lot of tries, I managed to get this verbose log:
Existing data found for xxx.lorem.com. Continue and replace existing certificate? (y/N) y
### Creating dummy certificate for xxx.lorem.com ...
Generating a RSA private key
..........................................+++++
...............+++++
writing new private key to '/etc/letsencrypt/live/xxx.lorem.com/privkey.pem'
-----
### Starting nginx ...
Recreating xxx-nginx ...
Recreating xxx-nginx ... done
### Deleting dummy certificate for xxx.lorem.com ...
### Requesting Let's Encrypt certificate for xxx.lorem.com ...
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator webroot and installer None
Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f4e79936e10>
Prep: True
Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f4e79936e10> and installer None
Plugins selected: Authenticator webroot, Installer None
Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/11519950', new_authzr_uri=None, terms_of_service=None), 803e21903d9d8cfa20499d0bb2bd2586, Meta(creation_dt=datetime.datetime(2019, 11, 8, 15, 32, 18, tzinfo=<UTC>), creation_host='13b6b54e68c0'))>
Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 724
Received response:
HTTP 200
Server: nginx
Date: Fri, 08 Nov 2019 16:33:48 GMT
Content-Type: application/json
Content-Length: 724
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"21IRDSaUJLI": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org/docs/staging-environment/"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
Obtaining a new certificate
Generating key (4096 bits): /etc/letsencrypt/keys/0015_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0015_csr-certbot.pem
Requesting fresh nonce
Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Server: nginx
Date: Fri, 08 Nov 2019 16:33:49 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002tUBK5GOg9sYqNGtZVk8sAu5CvI2kCg6CZ2ubFK7OzKU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Storing nonce: 0002tUBK5GOg9sYqNGtZVk8sAu5CvI2kCg6CZ2ubFK7OzKU
JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "xxx.lorem.com"\n }\n ]\n}'
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMTUxOTk1MCIsICJub25jZSI6ICIwMDAydFVCSzVHT2c5c1lxTkd0WlZrOHNBdTVDdkkya0NnNkNaMnViRks3T3pLVSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "eUu7ijFJznEuhHIbsGZXEIFMVnVGQ7q3B_afLKLkdEeHreuggZq9GgBycDZrsbMHxojVkwwRdFV59tSL6uJ_PLYnsat9nsRgU9EDnFpCgUlXwvPiek43_yXVczB2VHtgYdx8bL1jxnAWUCwlJVmfMy-Y1Jptjn10-Jvolsemr5-jQrn5P7Be1-ibVqi7iqA8rYY8ZeWw7YJdpaF3lR_i1VBQsaLcnE4-fGIn7CTDMdOKqZGlTY4ac-41dDpHtzZ7yQV3yU6nBaXakenBoubInvctfc5T6jQ_HVchKW1R2Qoysy1Hki-j24t2cJaet7BZwyNV-mF3lN6-BGWfbz7qQzfPdoFFzDaPNmPBsnu1y1sBmtTBgHCJ1YjQQTbYmACwIvcTRzGTUbqLFS0avjCXvZOsK08j6yaDP3uSvpPCB9qaV2v_7_Lqlcir66i0--EiVHEKvXiFVe345EudGg6Q9_sjw93FqpMo3TAKpOuLYRZQIZJxfnpeCCTt8jCREcNUUFp05Q17pCf03pv25F2EK_g61HLdrDUQNva8IvtNMEzm6HQUE23HfNRyFHogYODUlAGMB2ygAdFUhje9SA4YgWXwCvDKSrct-EN4bODp8hfLjfhHbx1Gp5__-8IkKPNNyKAnxvggI9iJYSnazOwsog0gquCrljmjNzDwctZNsPI",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInByb2pvLm9jdXMuY29tIgogICAgfQogIF0KfQ"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 355
Received response:
HTTP 201
Server: nginx
Date: Fri, 08 Nov 2019 16:33:49 GMT
Content-Type: application/json
Content-Length: 355
Connection: keep-alive
Boulder-Requester: 11519950
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/11519950/60509153
Replay-Nonce: 0002d_thn50OPYUbaGIfCqJFbisnxyD1Hy19kLbjXooClNg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2019-11-15T16:33:49.73815071Z",
"identifiers": [
{
"type": "dns",
"value": "xxx.lorem.com"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/19815850"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/11519950/60509153"
}
Storing nonce: 0002d_thn50OPYUbaGIfCqJFbisnxyD1Hy19kLbjXooClNg
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/19815850:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMTUxOTk1MCIsICJub25jZSI6ICIwMDAyZF90aG41ME9QWVViYUdJZkNxSkZiaXNueHlEMUh5MTlrTGJqWG9vQ2xOZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xOTgxNTg1MCJ9",
"signature": "KZ7llK_j4mZIYamX7xhVkHSUnavih30MWEY4Kl_mzcYdNHtOd_hGSNG0FFU3ZsVFuu4XIzmfUyIW3esdSIHllOM41DdC_HVe8d0sIxuN75V7cs59ltAPMCZoeiG64XBwxJDsBtDV2WdJ35DVv7UPqCfcX9Ntw0T9LkooCQaRGJCstAPlx2MiVb2uf6gJIPqY8-O4thKUA-_DbzMDeew0PDMtlHYHa_qQZOvaajgY4vTFtF188Q8DsfEyLASpkony3f_Hlw7S6IuDDrZhLUyAbvKgwJDeTkYOOyiizxzf8JnEvEG4JyKNZsfLhMCxst1W4dDYlbESYXAKQSY_bBhbFaDCzVAOQ_T5--Cc3iq8MSVITyB4h0vGq7dJHVJloobTBDg7azuNN3ERnsZLuIKO0_wFQ7HoGyFP_2AQ8VPKgCDP6MXf34Whv9O9InciBuAO8QKkNrpxBmLlrXD8ndcDQ53pD6gtlStvBIADHuee2L9zxoqIu5sOxmbmAWCHIPCQDYDIOTbad3WPYS6N6aiIdjoNwTbtN-bXys5CzYfeSw9nRugyWz9geTg9MhpYqo_HIWqFQfVMW-3ER2g7kwc-IYTb_jZt2MdE5IW_ydJEq7Q7M_vcEvGOLuYfpZjE74deaHl5NSiw2JUW6mYtSylWxXgxRVdChhRZtjh5UlspHWU",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/19815850 HTTP/1.1" 200 810
Received response:
HTTP 200
Server: nginx
Date: Fri, 08 Nov 2019 16:33:50 GMT
Content-Type: application/json
Content-Length: 810
Connection: keep-alive
Boulder-Requester: 11519950
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002pQ68YQCYousjJoEJZ1sTVmzmaAAtuPCBHN7FLfOiQU4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "xxx.lorem.com"
},
"status": "pending",
"expires": "2019-11-15T16:33:49Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/19815850/PmKNmQ",
"token": "dkzqQxktAdggktPN5t4gT3ckwh70o3hmSc28g_yhE8U"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/19815850/xRpPTQ",
"token": "dkzqQxktAdggktPN5t4gT3ckwh70o3hmSc28g_yhE8U"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/19815850/-6VPpg",
"token": "dkzqQxktAdggktPN5t4gT3ckwh70o3hmSc28g_yhE8U"
}
]
}
Storing nonce: 0002pQ68YQCYousjJoEJZ1sTVmzmaAAtuPCBHN7FLfOiQU4
Performing the following challenges:
http-01 challenge for xxx.lorem.com
Using the webroot path /var/www/certbot for all unmatched domains.
Creating root challenges validation dir at /var/www/certbot/.well-known/acme-challenge
Attempting to save validation to /var/www/certbot/.well-known/acme-challenge/dkzqQxktAdggktPN5t4gT3ckwh70o3hmSc28g_yhE8U
Waiting for verification...
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about
challenges.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
JWS payload:
b'{\n "resource": "challenge",\n "type": "http-01"\n}'
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/19815850/PmKNmQ:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMTUxOTk1MCIsICJub25jZSI6ICIwMDAycFE2OFlRQ1lvdXNqSm9FSloxc1RWbXptYUFBdHVQQ0JITjdGTGZPaVFVNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xOTgxNTg1MC9QbUtObVEifQ",
"signature": "FDYkuxb4R5dc1ZBRJfezgMw2D_OSt7y4nAqoplXs4F0D2N8Esvnl9hiVFhd3MlbbYLdsVz-_EQ1vbnc0NPUzVVK1MtFI_w-3aMNuIJnGIAgn1coIffZZKfha8mQD9gRffhuIFUP8xVDMNR8rcpsN9WNiHnDeuz_pUJqOGGDiqGy0-SITfiCff9cTKqYOykbgsPsfBO4taY1KHq1nGP2H6pQvlboEu4_ALKzH7UUP3UaHxejq5FLLrHYLqHMsVqLSegJU4OjxrxCMl3g6_ygrNunrO36ctgiIgN9WNgld4I5mOOEGkfz6UVjvmfGmKwlWl7fcqsGyy-9jBgG_bgvPbBFX7YRsahdBvlb7nJaLNs5lBqFWUCgnGLO0PuMbDgVTqFUwrcGM91UerwV66GK2AItNxvV9DAcXRGorVnYEindt22p7OsbXA8iO50X-Hegp0ficXfLuBKnbc5IxW0R_o5ew8eU3nQ27170DpEE5wh65exlQJgm1-XYItbDL00XdpxkVcGkvE3jhQpuvwSWv1MGgxkuVU2uV3eSPw6wB0iQxHHzk6vl5kD9GbtC7Lqx9TaadkLHWQm1rl7PjHjJS5O5cYvIWqlUaDFVOfyABub-J5Dd_FHIWHjKNZz8hFIW8AyNOsxP50VotU9xN5ypc5m4OkLfJWFuXSuOCBqwRdp0",
"payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/19815850/PmKNmQ HTTP/1.1" 200 191
Received response:
HTTP 200
Server: nginx
Date: Fri, 08 Nov 2019 16:35:08 GMT
Content-Type: application/json
Content-Length: 191
Connection: keep-alive
Boulder-Requester: 11519950
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/19815850>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/19815850/PmKNmQ
Replay-Nonce: 0002uVhZwVzdVbFWDpcL52c_gOmusK7spQSTfRTrB1N4I9o
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/19815850/PmKNmQ",
"token": "dkzqQxktAdggktPN5t4gT3ckwh70o3hmSc28g_yhE8U"
}
Storing nonce: 0002uVhZwVzdVbFWDpcL52c_gOmusK7spQSTfRTrB1N4I9o
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/19815850:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMTUxOTk1MCIsICJub25jZSI6ICIwMDAydVZoWndWemRWYkZXRHBjTDUyY19nT211c0s3c3BRU1RmUlRyQjFONEk5byIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xOTgxNTg1MCJ9",
"signature": "EIKVD-rBIyCXBwsMk-w7Ejs_VgAbcp5ry2oKvSFKnP9T6ze66aq-rk-SAMZAWyrOObarYAB7jMZGNCJzk2-ODIIVQBACY2LXxvwfWj42IItIf77NyFc6dIUgw17r-3fPLMpWCR7meTyzTVDzVjzqJsn5bQw4pGTlXvAPl_6BtH8MB4d9qKokOYWd19qVSRRFpygm6ITLCTaqryl-t-lb5XFRFVrYtkChRetdyhr8WXHgEbO8D59wuoYYLN_W3R2MOlbb_qBKYmTs6ekxH00ofD-nx13HHi-lqskbFT0sjG6Mtqe8yM4ui8KWGipG5Gacwme3_YW_Lf2cJDgHStSyVJacegDQa05fePwYEiZfHCEw6fkChNyxT0iGKDOdTUIf7tYLpMFIBi341zjdN5qEAShqx4hFoqSlYHv0K1OWvKgv5S4DvJXPwH2zMKIVJDIGFI6J69HH-Hjru_XhLp9mN62LLaeRsVyfiiRgT5PKwo7uLm_mRiysa_m9BwciCalZKEhQlMoswiUOkCnSJaeXTEGdJtdE-VWk7uPblNQUTgL-yM7x_tAuftiwNbZCi56jHXjeVkEEx_NKfptihb_hkjAj_C0D6IX3G0d_8alwnl9BtwsJgPAhHx5s349nQ8B3oX808cEIkeSZPixKY3KIYCc1wtYE99kUCq1BDroZqlE",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/19815850 HTTP/1.1" 200 1407
Received response:
HTTP 200
Server: nginx
Date: Fri, 08 Nov 2019 16:35:10 GMT
Content-Type: application/json
Content-Length: 1407
Connection: keep-alive
Boulder-Requester: 11519950
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002m0OY7qa_ElRdf4p40LyJeqReobHWSx3G8FMn4I0ganA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "xxx.lorem.com"
},
"status": "invalid",
"expires": "2019-11-15T16:33:49Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "Fetching http://xxx.lorem.com/.well-known/acme-challenge/dkzqQxktAdggktPN5t4gT3ckwh70o3hmSc28g_yhE8U: Connection refused",
"status": 400
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/19815850/PmKNmQ",
"token": "dkzqQxktAdggktPN5t4gT3ckwh70o3hmSc28g_yhE8U",
"validationRecord": [
{
"url": "http://xxx.lorem.com/.well-known/acme-challenge/dkzqQxktAdggktPN5t4gT3ckwh70o3hmSc28g_yhE8U",
"hostname": "xxx.lorem.com",
"port": "80",
"addressesResolved": [
"157.230.115.5"
],
"addressUsed": "157.230.115.5"
}
]
},
{
"type": "dns-01",
"status": "invalid",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/19815850/xRpPTQ",
"token": "dkzqQxktAdggktPN5t4gT3ckwh70o3hmSc28g_yhE8U"
},
{
"type": "tls-alpn-01",
"status": "invalid",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/19815850/-6VPpg",
"token": "dkzqQxktAdggktPN5t4gT3ckwh70o3hmSc28g_yhE8U"
}
]
}
Storing nonce: 0002m0OY7qa_ElRdf4p40LyJeqReobHWSx3G8FMn4I0ganA
Challenge failed for domain xxx.lorem.com
http-01 challenge for xxx.lorem.com
Reporting to user: The following errors were reported by the server:
Domain: xxx.lorem.com
Type: connection
Detail: Fetching http://xxx.lorem.com/.well-known/acme-challenge/dkzqQxktAdggktPN5t4gT3ckwh70o3hmSc28g_yhE8U: Connection refused
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
Encountered exception:
Traceback (most recent call last):
File "/opt/certbot/src/certbot/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/opt/certbot/src/certbot/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
Calling registered functions
Cleaning up challenges
Removing /var/www/certbot/.well-known/acme-challenge/dkzqQxktAdggktPN5t4gT3ckwh70o3hmSc28g_yhE8U
All challenges cleaned up
Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 11, in <module>
load_entry_point('certbot', 'console_scripts', 'certbot')()
File "/opt/certbot/src/certbot/main.py", line 1378, in main
return config.func(config, plugins)
File "/opt/certbot/src/certbot/main.py", line 1265, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/opt/certbot/src/certbot/main.py", line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/opt/certbot/src/certbot/client.py", line 417, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/opt/certbot/src/certbot/client.py", line 348, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/opt/certbot/src/certbot/client.py", line 396, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/opt/certbot/src/certbot/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/opt/certbot/src/certbot/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: xxx.lorem.com
Type: connection
Detail: Fetching
http://xxx.lorem.com/.well-known/acme-challenge/dkzqQxktAdggktPN5t4gT3ckwh70o3hmSc28g_yhE8U:
Connection refused
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
### Reloading nginx ...
2019/11/08 16:35:12 [notice] 10#10: signal process started
I double checked my subdomain with nslookup and it seems to be fine.
Also, I tried on a different subdomain, same issue.
I'm really desesperate.
Any advice, tip or idea is more than welcome.