I have installed Passbolt correctly and it works, but now I am trying to use Let´s Encrypt certificates but I can´t.
I use:
dpkg-reconfigure passbolt-ce-server
And then, I say to reconfigure nginx server. When I fill domain name and email I get this error:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for passbolt.krack360.com
Waiting for verification...
Challenge failed for domain passbolt.krack360.com
http-01 challenge for passbolt.krack360.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: passbolt.krack360.com
Type: dns
Detail: DNS problem: SERVFAIL looking up A for
passbolt.krack360.com - the domain's nameservers may be
malfunctioning; no valid AAAA records found for
passbolt.krack360.com
I don´t Know the origin of this mistake. My DNS servers are on the cloud, in OVH and I have an A register on DNS.
root@passbolt:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:xx:xx:xx brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.0.199/24 brd 192.168.0.255 scope global dynamic noprefixroute ens160
valid_lft 602783sec preferred_lft 602783sec
inet6 fe80::57fd:233c:dfcc:603/64 scope link noprefixroute
valid_lft forever preferred_lft forever
root@passbolt:~# nslookup passbolt.krack360.com
Server: 192.168.0.111
Address: 192.168.0.111#53
Non-authoritative answer:
Name: passbolt.krack360.com
Address: 192.168.0.199
This is what Let’s Encrypt Log has:
2022-04-25 08:58:58,012:INFO:certbot.auth_handler:Waiting for verification...
2022-04-25 08:58:58,013:DEBUG:acme.client:JWS payload:
b'{\n "resource": "challenge",\n "type": "http-01"\n}'
2022-04-25 08:58:58,016:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/101871722807/5ztutw:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDgzNjMyODgwIiwgIm5vbmNlIjogIjAxMDFmRzZFZXRTUWJjd0xlSkoyZkNuU3lhUHhqVGRJblM0bXVlWnhfVzlmZ2ZNIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xMDE4NzE3MjI4MDcvNXp0dXR3In0",
"signature": "Bz1kK7GU-fE6j2Vg6i96G89TySf577APqPATkZbLL4s-63jeLcbG_GbhvsIzwi8ExblME2orF5nZRRlc90FmyrFd4tMHrtCtJx4O0d7zpFd-NgsyzMuf5JkGQwcVAM1ymEsXDpo4_wlWiYYY8XNSzQwBKVJNtECilveNbGYmE1BS8S_0P6SpmXsMG3siOevnVauU99dgIsih_kPRivjwN4xVoOR3xwPM0lR4OSqlH2xzuY5OJdCjrMmv76J8tCciEH6xTkSQ_mgG9XaJXxmXwjJmWzXhhQbXWt4JZos7iiPUe_KdyK-ofEe4qJtY4ApDxnhetuOXhaDODRXhcVhqMg",
"payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
2022-04-25 08:58:58,226:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/101871722807/5ztutw HTTP/1.1" 200 187
2022-04-25 08:58:58,227:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 25 Apr 2022 06:58:58 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 483632880
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/101871722807>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/101871722807/5ztutw
Replay-Nonce: 0101bRIk5-WyAgcEg9mPZqiLXCqyq7bYHjBPBDJwtKGYuFM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/101871722807/5ztutw",
"token": "53uK1Bg9IcrprSUCEFCPRwJy4kUN9StFBsByO7hlnmk"
}
2022-04-25 08:58:58,227:DEBUG:acme.client:Storing nonce: 0101bRIk5-WyAgcEg9mPZqiLXCqyq7bYHjBPBDJwtKGYuFM
2022-04-25 08:58:59,229:DEBUG:acme.client:JWS payload:
b''
2022-04-25 08:58:59,231:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/101871722807:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDgzNjMyODgwIiwgIm5vbmNlIjogIjAxMDFiUklrNS1XeUFnY0VnOW1QWnFpTFhDcXlxN2JZSGpCUEJESnd0S0dZdUZNIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMDE4NzE3MjI4MDcifQ",
"signature": "Hqdxy2bVGktoIcKn6z6YwO_sa1MnfDT9dPmASnP4QAfXvqVDo-yPkGgxOGK80RUkXxqP89D7F_1NGzX2nZh_7Nie1KR-_NeR39WifIuBD_Qs_h6GCM6829emJxrlYxNrYFqVDySieMvRLZQfehIw2umDgrx04prNf6j1aYiSKiw3WRQ_qhbGmGNxIbmIewlHdyQA81XrnqoW-6M_2lcpKiJheeyJGSIYJt21jg0zyD5gc7mI9wWtLbGRqNIds2KSLbtRdtr9zG8BMg7a3mtvC6tWhE8mlQJoeV3juShEC5w6kzusi60OSGUMKFYW9AivEFYt4S5adu-kxO_2pR-yBA",
"payload": ""
}
2022-04-25 08:58:59,415:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/101871722807 HTTP/1.1" 200 805
2022-04-25 08:58:59,416:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 25 Apr 2022 06:58:59 GMT
Content-Type: application/json
Content-Length: 805
Connection: keep-alive
Boulder-Requester: 483632880
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 01022YRkRLuzNcBae0waLrAlz577R9X1_PU0cUWrIcr_Oo8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "passbolt.krack360.com"
},
"status": "pending",
"expires": "2022-05-02T06:58:56Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/101871722807/5ztutw",
"token": "53uK1Bg9IcrprSUCEFCPRwJy4kUN9StFBsByO7hlnmk"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/101871722807/7SkFaw",
"token": "53uK1Bg9IcrprSUCEFCPRwJy4kUN9StFBsByO7hlnmk"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/101871722807/pbKMyQ",
"token": "53uK1Bg9IcrprSUCEFCPRwJy4kUN9StFBsByO7hlnmk"
}
]
}
2022-04-25 08:58:59,416:DEBUG:acme.client:Storing nonce: 01022YRkRLuzNcBae0waLrAlz577R9X1_PU0cUWrIcr_Oo8
2022-04-25 08:59:02,420:DEBUG:acme.client:JWS payload:
b''
2022-04-25 08:59:02,423:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/101871722807:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDgzNjMyODgwIiwgIm5vbmNlIjogIjAxMDIyWVJrUkx1ek5jQmFlMHdhTHJBbHo1NzdSOVgxX1BVMGNVV3JJY3JfT284IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMDE4NzE3MjI4MDcifQ",
"signature": "Ob10Pq7L0yq_nTosa-y0dklZyR-gkPF2EJ1fZpv3WfAbjuRY8E6LqNNXpkDdfee-GoYlbpawqyPRdSO5ikJHYlNIhckpd4tMQcpzkTgn5X9hQrgEZs5uRtHhRJ2om8Tz1J0uVdF036hIY17WPgPr69M6Yju6DgvjkeIgRDWlhf6IazQBfo32Z-6r9JtJEhazCtTOnShIeIww6u84Uq7EGRZLY6ub8d8h7wu0lvd3CYd5bBDn5g2AKXxUnN6GUoeNFp9pXF4INJM5ibt3SoAkjgW8hXwsl_UcGNmlsN2CgsjyOrS-fefWZm0MKGLNl4lWUo12RpwcyguzgDUCBQGtbQ",
"payload": ""
}
2022-04-25 08:59:02,623:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/101871722807 HTTP/1.1" 200 703
2022-04-25 08:59:02,624:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 25 Apr 2022 06:59:02 GMT
Content-Type: application/json
Content-Length: 703
Connection: keep-alive
Boulder-Requester: 483632880
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102fovSAqLmz4Kiq3csvUoHPOVAKCblfstGGcUq8KDBfJw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "passbolt.krack360.com"
},
"status": "invalid",
"expires": "2022-05-02T06:58:56Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:dns",
"detail": "DNS problem: SERVFAIL looking up A for passbolt.krack360.com - the domain's nameservers may be malfunctioning; no valid AAAA records found for passbolt.krack360.com",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/101871722807/5ztutw",
"token": "53uK1Bg9IcrprSUCEFCPRwJy4kUN9StFBsByO7hlnmk",
"validated": "2022-04-25T06:58:58Z"
}
]
}
2022-04-25 08:59:02,624:DEBUG:acme.client:Storing nonce: 0102fovSAqLmz4Kiq3csvUoHPOVAKCblfstGGcUq8KDBfJw
2022-04-25 08:59:02,624:WARNING:certbot.auth_handler:Challenge failed for domain passbolt.krack360.com
2022-04-25 08:59:02,625:INFO:certbot.auth_handler:http-01 challenge for passbolt.krack360.com
2022-04-25 08:59:02,625:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: passbolt.krack360.com
Type: dns
Detail: DNS problem: SERVFAIL looking up A for passbolt.krack360.com - the domain's nameservers may be malfunctioning; no valid AAAA records found for passbolt.krack360.com
2022-04-25 08:59:02,639:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-04-25 08:59:02,639:DEBUG:certbot.error_handler:Calling registered functions
2022-04-25 08:59:02,639:INFO:certbot.auth_handler:Cleaning up challenges
2022-04-25 08:59:04,034:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1382, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1132, in run
new_lineage = _get_and_save_cert(le_client, config, domains,
File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 417, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 348, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 396, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
I am using Ubuntu 20.04 machine and Passbolt 3.5.0 version.
I would be so grateful If someone can help me.