pferrel · August 19, 2020 22:57 · Aug 19, 2020 · Aug 19, 2020
diff --git a/errors while running "sudo certbot --nginx" b/errors while running "sudo certbot --nginx"
@@ -63,7 +63,7 @@ Strict-Transport-Security: max-age=604800
 
 2020-08-19 22:24:20,010:DEBUG:acme.client:Storing nonce: 0001M4gASx1ADh32BHls0Yo2wceU4HC_ThP-4HL1vCCIduE
 2020-08-19 22:24:20,010:DEBUG:acme.client:JWS payload:
-b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "domain.com"\n    }\n  ]\n}'
+b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "example.com"\n    }\n  ]\n}'
 2020-08-19 22:24:20,015:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
 {
   "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTQxMDg2NTIiLCAibm9uY2UiOiAiMDAwMU00Z0FTeDFBRGgzMkJIbHMwWW8yd2NlVTRIQ19UaFAtNEhMMXZDQ0lkdUUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
@@ -92,7 +92,7 @@ Strict-Transport-Security: max-age=604800
   "identifiers": [
     {
       "type": "dns",
-      "value": "domain.com"
+      "value": "example.com"
     }
   ],
   "authorizations": [
@@ -127,7 +127,7 @@ Strict-Transport-Security: max-age=604800
 {
   "identifier": {
     "type": "dns",
-    "value": "domain.com"
+    "value": "example.com"
   },
   "status": "pending",
   "expires": "2020-08-26T22:24:20Z",
@@ -154,13 +154,13 @@ Strict-Transport-Security: max-age=604800
 }
 2020-08-19 22:24:20,662:DEBUG:acme.client:Storing nonce: 0002ubAZkDrQ7VJxLWDd5SBxZOE9oaYqUYqoEZyitmem96M
 2020-08-19 22:24:20,663:INFO:certbot._internal.auth_handler:Performing the following challenges:
-2020-08-19 22:24:20,663:INFO:certbot._internal.auth_handler:http-01 challenge for domain.com
+2020-08-19 22:24:20,663:INFO:certbot._internal.auth_handler:http-01 challenge for example.com
 2020-08-19 22:24:20,677:DEBUG:certbot_nginx._internal.http_01:Generated server block:
 []
 2020-08-19 22:24:20,677:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-mail.conf
 2020-08-19 22:24:20,678:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-image-filter.conf
 2020-08-19 22:24:20,678:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
-2020-08-19 22:24:20,678:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/domain.com
+2020-08-19 22:24:20,678:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/example.com
 2020-08-19 22:24:20,678:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-stream.conf
 2020-08-19 22:24:20,679:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf
 2020-08-19 22:24:20,679:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
@@ -256,13 +256,13 @@ server_names_hash_bucket_size 128;
 #   }
 #}
 
-2020-08-19 22:24:20,681:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/sites-enabled/domain.com:
+2020-08-19 22:24:20,681:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/sites-enabled/example.com:
 server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
 
 
         listen 80;
-        server_name domain.com;
-    root /home/pat/domain.com;
+        server_name example.com;
+    root /home/pat/example.com;
     index index.html;
 #   listen 443 ssl;
 
@@ -279,12 +279,12 @@ server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
 #   ssl_certificate_key /etc/letsencrypt/live/blog.alexellis.io/privkey.pem;
 #   ssl on;
 #        location /.well-known/ {
-#                root /home/pat/domain.com/.well-known/acme-challenge/;
+#                root /home/pat/example.com/.well-known/acme-challenge/;
 #        }
 
     location /.well-known/ {
         default_type "text/plain";
-        root /home/pat/domain.com/;
+        root /home/pat/example.com/;
     }
 #        location / {
 #                return 301 https://$server_name$request_uri;
@@ -353,7 +353,7 @@ Strict-Transport-Security: max-age=604800
 {
   "identifier": {
     "type": "dns",
-    "value": "domain.com"
+    "value": "example.com"
   },
   "status": "invalid",
   "expires": "2020-08-26T22:24:20Z",
@@ -363,15 +363,15 @@ Strict-Transport-Security: max-age=604800
       "status": "invalid",
       "error": {
         "type": "urn:ietf:params:acme:error:connection",
-        "detail": "Fetching http://domain.com/.well-known/acme-challenge/bzk928_t6Uw015bftBT1WwjBp-x7eNXX0DZAhtvbMQo: Connection refused",
+        "detail": "Fetching http://example.com/.well-known/acme-challenge/bzk928_t6Uw015bftBT1WwjBp-x7eNXX0DZAhtvbMQo: Connection refused",
         "status": 400
       },
       "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/6647153594/TE7tyQ",
       "token": "bzk928_t6Uw015bftBT1WwjBp-x7eNXX0DZAhtvbMQo",
       "validationRecord": [
         {
-          "url": "http://domain.com/.well-known/acme-challenge/bzk928_t6Uw015bftBT1WwjBp-x7eNXX0DZAhtvbMQo",
-          "hostname": "domain.com",
+          "url": "http://example.com/.well-known/acme-challenge/bzk928_t6Uw015bftBT1WwjBp-x7eNXX0DZAhtvbMQo",
+          "hostname": "example.com",
           "port": "80",
           "addressesResolved": [
             "73.35.185.91"
@@ -383,13 +383,13 @@ Strict-Transport-Security: max-age=604800
   ]
 }
 2020-08-19 22:24:23,052:DEBUG:acme.client:Storing nonce: 0002L5nLi1wvSQIR9E4Spc5RoqS1oGizSpnQ6lNuD1ox8ag
-2020-08-19 22:24:23,053:WARNING:certbot._internal.auth_handler:Challenge failed for domain domain.com
-2020-08-19 22:24:23,053:INFO:certbot._internal.auth_handler:http-01 challenge for domain.com
+2020-08-19 22:24:23,053:WARNING:certbot._internal.auth_handler:Challenge failed for domain example.com
+2020-08-19 22:24:23,053:INFO:certbot._internal.auth_handler:http-01 challenge for example.com
 2020-08-19 22:24:23,053:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:
 
-Domain: domain.com
+Domain: example.com
 Type:   connection
-Detail: Fetching http://domain.com/.well-known/acme-challenge/bzk928_t6Uw015bftBT1WwjBp-x7eNXX0DZAhtvbMQo: Connection refused
+Detail: Fetching http://example.com/.well-known/acme-challenge/bzk928_t6Uw015bftBT1WwjBp-x7eNXX0DZAhtvbMQo: Connection refused
 
 To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
 2020-08-19 22:24:23,054:DEBUG:certbot._internal.error_handler:Encountered exception:

diff --git a/errors while running "sudo certbot --nginx" b/errors while running "sudo certbot --nginx"
@@ -0,0 +1,429 @@
+pat@angel:~$ sudo cat /var/log/letsencrypt/letsencrypt.log
+2020-08-19 22:24:17,139:DEBUG:certbot._internal.main:certbot version: 1.7.0
+2020-08-19 22:24:17,140:DEBUG:certbot._internal.main:Arguments: ['--nginx']
+2020-08-19 22:24:17,140:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
+2020-08-19 22:24:17,157:DEBUG:certbot._internal.log:Root logging level set at 20
+2020-08-19 22:24:17,157:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
+2020-08-19 22:24:17,158:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
+2020-08-19 22:24:17,308:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
+Description: Nginx Web Server plugin
+Interfaces: IAuthenticator, IInstaller, IPlugin
+Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
+Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7fbb021fadf0>
+Prep: True
+2020-08-19 22:24:17,309:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7fbb021fadf0> and installer <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7fbb021fadf0>
+2020-08-19 22:24:17,309:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
+2020-08-19 22:24:17,313:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/94108652', new_authzr_uri=None, terms_of_service=None), 2826c73ce5bcd0880b42feabf0784628, Meta(creation_dt=datetime.datetime(2020, 8, 16, 20, 23, 26, tzinfo=<UTC>), creation_host='angel', register_to_eff=None))>
+2020-08-19 22:24:17,314:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
+2020-08-19 22:24:17,316:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
+2020-08-19 22:24:17,583:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
+2020-08-19 22:24:17,585:DEBUG:acme.client:Received response:
+HTTP 200
+Server: nginx
+Date: Wed, 19 Aug 2020 22:24:17 GMT
+Content-Type: application/json
+Content-Length: 658
+Connection: keep-alive
+Cache-Control: public, max-age=0, no-cache
+X-Frame-Options: DENY
+Strict-Transport-Security: max-age=604800
+
+{
+  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
+  "lWIV70xsqMc": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
+  "meta": {
+    "caaIdentities": [
+      "letsencrypt.org"
+    ],
+    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
+    "website": "https://letsencrypt.org"
+  },
+  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
+  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
+  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
+  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
+}
+2020-08-19 22:24:19,809:INFO:certbot._internal.main:Obtaining a new certificate
+2020-08-19 22:24:19,946:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0018_key-certbot.pem
+2020-08-19 22:24:19,949:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0018_csr-certbot.pem
+2020-08-19 22:24:19,950:DEBUG:acme.client:Requesting fresh nonce
+2020-08-19 22:24:19,950:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
+2020-08-19 22:24:20,009:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
+2020-08-19 22:24:20,009:DEBUG:acme.client:Received response:
+HTTP 200
+Server: nginx
+Date: Wed, 19 Aug 2020 22:24:19 GMT
+Connection: keep-alive
+Cache-Control: public, max-age=0, no-cache
+Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
+Replay-Nonce: 0001M4gASx1ADh32BHls0Yo2wceU4HC_ThP-4HL1vCCIduE
+X-Frame-Options: DENY
+Strict-Transport-Security: max-age=604800
+
+
+2020-08-19 22:24:20,010:DEBUG:acme.client:Storing nonce: 0001M4gASx1ADh32BHls0Yo2wceU4HC_ThP-4HL1vCCIduE
+2020-08-19 22:24:20,010:DEBUG:acme.client:JWS payload:
+b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "domain.com"\n    }\n  ]\n}'
+2020-08-19 22:24:20,015:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
+{
+  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTQxMDg2NTIiLCAibm9uY2UiOiAiMDAwMU00Z0FTeDFBRGgzMkJIbHMwWW8yd2NlVTRIQ19UaFAtNEhMMXZDQ0lkdUUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
+  "signature": "TzXyl2Z40_vHj-7bjGlUhFZEWj5LAP-bsQ8xpwkDrFk11jP0c3KMWwRLk5tuoeY_RJKab6bhxF9mLEiG8nm07P-lrku0oKbk7Rlk8Tz3dR5t5T7Qhh1ykOlA5Dh53AeETq-7olAXs00LqSWpNKTXGbBqTeeSn0rERjpfIZS0iIyM_h4YCa6QCfTiStqe5Shp_Mm9sFA_BhMjhv5eLWVl0KsXriUW3QBPBRofahLLMGO9lRMUsrPdFQqeH3auxPKxBl-65KGgRIEeaFoRgnToaCpYNguosM5StnJh4b4higgkEZbgPugFksl4iFNahEeIghOHOFh8jHIukiWvv1d0rw",
+  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm9jY2Ftc21hY2hldGUuY29tIgogICAgfQogIF0KfQ"
+}
+2020-08-19 22:24:20,567:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 347
+2020-08-19 22:24:20,568:DEBUG:acme.client:Received response:
+HTTP 201
+Server: nginx
+Date: Wed, 19 Aug 2020 22:24:20 GMT
+Content-Type: application/json
+Content-Length: 347
+Connection: keep-alive
+Boulder-Requester: 94108652
+Cache-Control: public, max-age=0, no-cache
+Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
+Location: https://acme-v02.api.letsencrypt.org/acme/order/94108652/4768615293
+Replay-Nonce: 0001hVrzSwebUSl2YIJbjJ4ZyC1kGvbC5vyKTnmXD4gE1gE
+X-Frame-Options: DENY
+Strict-Transport-Security: max-age=604800
+
+{
+  "status": "pending",
+  "expires": "2020-08-26T22:24:20.301653776Z",
+  "identifiers": [
+    {
+      "type": "dns",
+      "value": "domain.com"
+    }
+  ],
+  "authorizations": [
+    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/6647153594"
+  ],
+  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/94108652/4768615293"
+}
+2020-08-19 22:24:20,569:DEBUG:acme.client:Storing nonce: 0001hVrzSwebUSl2YIJbjJ4ZyC1kGvbC5vyKTnmXD4gE1gE
+2020-08-19 22:24:20,569:DEBUG:acme.client:JWS payload:
+b''
+2020-08-19 22:24:20,573:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/6647153594:
+{
+  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTQxMDg2NTIiLCAibm9uY2UiOiAiMDAwMWhWcnpTd2ViVVNsMllJSmJqSjRaeUMxa0d2YkM1dnlLVG5tWEQ0Z0UxZ0UiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzY2NDcxNTM1OTQifQ",
+  "signature": "QfYhTZFgcdUlHKNP1ga7QJi-mpP2qUkFolecGBUc0EBi2zmCKcskpSscRAQaGwLZGP9YBnEaLL7TRmo9mFRAFgsgMdBzlp9-yQntKk7SyHXCdKXjU2Nk5F0v-tZNODAL6XgeVMFxy8wen55LeOWv3uMNIVQ_jipI3vRAzaiicujUJJkhtza3mEHLpyyqCwt_7YO9KKQtU6-x6aumOdiLT6zneJicRSI6Z_m-PaX864V5ql0nOFy7hx6uTlpmK2SfuNKm_Crts6rOqzWaKHJDVNZmITZKDX48aiS1KlrVW6kpH1Ds35MOH-_MucdAp3mCu--PMirWyqif-EPI-IaIOQ",
+  "payload": ""
+}
+2020-08-19 22:24:20,661:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/6647153594 HTTP/1.1" 200 795
+2020-08-19 22:24:20,662:DEBUG:acme.client:Received response:
+HTTP 200
+Server: nginx
+Date: Wed, 19 Aug 2020 22:24:20 GMT
+Content-Type: application/json
+Content-Length: 795
+Connection: keep-alive
+Boulder-Requester: 94108652
+Cache-Control: public, max-age=0, no-cache
+Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
+Replay-Nonce: 0002ubAZkDrQ7VJxLWDd5SBxZOE9oaYqUYqoEZyitmem96M
+X-Frame-Options: DENY
+Strict-Transport-Security: max-age=604800
+
+{
+  "identifier": {
+    "type": "dns",
+    "value": "domain.com"
+  },
+  "status": "pending",
+  "expires": "2020-08-26T22:24:20Z",
+  "challenges": [
+    {
+      "type": "http-01",
+      "status": "pending",
+      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/6647153594/TE7tyQ",
+      "token": "bzk928_t6Uw015bftBT1WwjBp-x7eNXX0DZAhtvbMQo"
+    },
+    {
+      "type": "dns-01",
+      "status": "pending",
+      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/6647153594/yxEC2w",
+      "token": "bzk928_t6Uw015bftBT1WwjBp-x7eNXX0DZAhtvbMQo"
+    },
+    {
+      "type": "tls-alpn-01",
+      "status": "pending",
+      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/6647153594/vPv-vQ",
+      "token": "bzk928_t6Uw015bftBT1WwjBp-x7eNXX0DZAhtvbMQo"
+    }
+  ]
+}
+2020-08-19 22:24:20,662:DEBUG:acme.client:Storing nonce: 0002ubAZkDrQ7VJxLWDd5SBxZOE9oaYqUYqoEZyitmem96M
+2020-08-19 22:24:20,663:INFO:certbot._internal.auth_handler:Performing the following challenges:
+2020-08-19 22:24:20,663:INFO:certbot._internal.auth_handler:http-01 challenge for domain.com
+2020-08-19 22:24:20,677:DEBUG:certbot_nginx._internal.http_01:Generated server block:
+[]
+2020-08-19 22:24:20,677:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-mail.conf
+2020-08-19 22:24:20,678:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-image-filter.conf
+2020-08-19 22:24:20,678:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
+2020-08-19 22:24:20,678:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/domain.com
+2020-08-19 22:24:20,678:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-stream.conf
+2020-08-19 22:24:20,679:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf
+2020-08-19 22:24:20,679:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
+2020-08-19 22:24:20,680:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/nginx.conf:
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+    worker_connections 768;
+    # multi_accept on;
+}
+
+http {
+include /etc/letsencrypt/le_http_01_cert_challenge.conf;
+server_names_hash_bucket_size 128;
+
+    ##
+    # Basic Settings
+    ##
+
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    types_hash_max_size 2048;
+    # server_tokens off;
+
+    # server_names_hash_bucket_size 64;
+    # server_name_in_redirect off;
+
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    ##
+    # SSL Settings
+    ##
+
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
+    ssl_prefer_server_ciphers on;
+
+    ##
+    # Logging Settings
+    ##
+
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+
+    ##
+    # Gzip Settings
+    ##
+
+    gzip on;
+
+    # pat, increase file size for uploads
+    client_max_body_size 100m;
+
+    # gzip_vary on;
+    # gzip_proxied any;
+    # gzip_comp_level 6;
+    # gzip_buffers 16 8k;
+    # gzip_http_version 1.1;
+    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+    ##
+    # Virtual Host Configs
+    ##
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*;
+}
+
+
+#mail {
+#   # See sample authentication script at:
+#   # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+# 
+#   # auth_http localhost/auth.php;
+#   # pop3_capabilities "TOP" "USER";
+#   # imap_capabilities "IMAP4rev1" "UIDPLUS";
+# 
+#   server {
+#       listen     localhost:110;
+#       protocol   pop3;
+#       proxy      on;
+#   }
+# 
+#   server {
+#       listen     localhost:143;
+#       protocol   imap;
+#       proxy      on;
+#   }
+#}
+
+2020-08-19 22:24:20,681:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/sites-enabled/domain.com:
+server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
+
+
+        listen 80;
+        server_name domain.com;
+    root /home/pat/domain.com;
+    index index.html;
+#   listen 443 ssl;
+
+    location / {
+        proxy_pass  http://127.0.0.1:2368;
+            proxy_set_header    X-Real-IP $remote_addr;
+            proxy_set_header    Host      $http_host;
+        proxy_set_header X-Forwarded-Proto https;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+    }
+
+#   ssl_certificate     /etc/letsencrypt/live/blog.alexellis.io/fullchain.pem;
+#   ssl_certificate_key /etc/letsencrypt/live/blog.alexellis.io/privkey.pem;
+#   ssl on;
+#        location /.well-known/ {
+#                root /home/pat/domain.com/.well-known/acme-challenge/;
+#        }
+
+    location /.well-known/ {
+        default_type "text/plain";
+        root /home/pat/domain.com/;
+    }
+#        location / {
+#                return 301 https://$server_name$request_uri;
+#       try_files $uri $uri/ =404;
+#        }
+location = /.well-known/acme-challenge/bzk928_t6Uw015bftBT1WwjBp-x7eNXX0DZAhtvbMQo{default_type text/plain;return 200 bzk928_t6Uw015bftBT1WwjBp-x7eNXX0DZAhtvbMQo.miQFYUoCdCTTekeHr1etY_8v4l3ZbMbSmlTLGWGhhio;} # managed by Certbot
+
+}
+
+
+2020-08-19 22:24:21,700:INFO:certbot._internal.auth_handler:Waiting for verification...
+2020-08-19 22:24:21,702:DEBUG:acme.client:JWS payload:
+b'{}'
+2020-08-19 22:24:21,707:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/6647153594/TE7tyQ:
+{
+  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTQxMDg2NTIiLCAibm9uY2UiOiAiMDAwMnViQVprRHJRN1ZKeExXRGQ1U0J4Wk9FOW9hWXFVWXFvRVp5aXRtZW05Nk0iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzY2NDcxNTM1OTQvVEU3dHlRIn0",
+  "signature": "V6fdsn6QKiWl0Y_dEjIYDObQ_thP3tWq-BDZbPcDaXsVdDJTseJgeti2JTjYWfP5oWsQ_ofe365uzwBh291uXiymaeKb3V0BLEQ4D4mrut7AbpxATnJD4cFIadaLvvthGr_cHK0y3X4dNaEW9dOcjDc1vDmsHrP3o8cWj9eLdxZaMsIYLAQkIGQunwyhKebfEZ6uILHk28bETiAW_3DNvZViTR-UUAVDQ3_wofDE7XxbOTyVLaA4GEnDfSoKHL1IFGc0h3PZIyFIG18hjmAFSXV36-dQX70Oku89goS5GNsr5C62I-i9aQuJheNkDRPo1G1fBpoxsjnB-F3MqGJZTg",
+  "payload": "e30"
+}
+2020-08-19 22:24:21,964:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/6647153594/TE7tyQ HTTP/1.1" 200 185
+2020-08-19 22:24:21,965:DEBUG:acme.client:Received response:
+HTTP 200
+Server: nginx
+Date: Wed, 19 Aug 2020 22:24:21 GMT
+Content-Type: application/json
+Content-Length: 185
+Connection: keep-alive
+Boulder-Requester: 94108652
+Cache-Control: public, max-age=0, no-cache
+Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/6647153594>;rel="up"
+Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/6647153594/TE7tyQ
+Replay-Nonce: 0001tGRH_W0v8INtn5myvuIm95QJEVAOEvY90H3LzFra13c
+X-Frame-Options: DENY
+Strict-Transport-Security: max-age=604800
+
+{
+  "type": "http-01",
+  "status": "pending",
+  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/6647153594/TE7tyQ",
+  "token": "bzk928_t6Uw015bftBT1WwjBp-x7eNXX0DZAhtvbMQo"
+}
+2020-08-19 22:24:21,966:DEBUG:acme.client:Storing nonce: 0001tGRH_W0v8INtn5myvuIm95QJEVAOEvY90H3LzFra13c
+2020-08-19 22:24:22,968:DEBUG:acme.client:JWS payload:
+b''
+2020-08-19 22:24:22,972:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/6647153594:
+{
+  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTQxMDg2NTIiLCAibm9uY2UiOiAiMDAwMXRHUkhfVzB2OElOdG41bXl2dUltOTVRSkVWQU9Fdlk5MEgzTHpGcmExM2MiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzY2NDcxNTM1OTQifQ",
+  "signature": "BrqOXSA63T4HbK7Y9rLxqi5sWnFzwWuQLkzrfqNI_33M1XOQT8Zqt2y9cJIGDBvAapxHTyjnp_HyaoTiftxM73e4MvmHU2Sr6dektznfISu6TKYjzNHwCZwCgpxWwKXjSpzxNTnNBNqbO0AAuIwaAPArvcCIHTFBhDaH_KHiqUDpgxE8oGTE_qajWkotWBz_nvyW9IzVE1yL4FMxLkwUY35A4SeDz42lPRqqe00wedqTbD7Yk69Tsexd9yX69NadjVRRN6NpBN2ZiLIVQaTs4TqUVGPCp7zQ1bY1vPkNWnmjhPKqRwjDd9F752dviqqPVv8P0m4Yh7nkkM7nO5CQmA",
+  "payload": ""
+}
+2020-08-19 22:24:23,050:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/6647153594 HTTP/1.1" 200 974
+2020-08-19 22:24:23,051:DEBUG:acme.client:Received response:
+HTTP 200
+Server: nginx
+Date: Wed, 19 Aug 2020 22:24:23 GMT
+Content-Type: application/json
+Content-Length: 974
+Connection: keep-alive
+Boulder-Requester: 94108652
+Cache-Control: public, max-age=0, no-cache
+Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
+Replay-Nonce: 0002L5nLi1wvSQIR9E4Spc5RoqS1oGizSpnQ6lNuD1ox8ag
+X-Frame-Options: DENY
+Strict-Transport-Security: max-age=604800
+
+{
+  "identifier": {
+    "type": "dns",
+    "value": "domain.com"
+  },
+  "status": "invalid",
+  "expires": "2020-08-26T22:24:20Z",
+  "challenges": [
+    {
+      "type": "http-01",
+      "status": "invalid",
+      "error": {
+        "type": "urn:ietf:params:acme:error:connection",
+        "detail": "Fetching http://domain.com/.well-known/acme-challenge/bzk928_t6Uw015bftBT1WwjBp-x7eNXX0DZAhtvbMQo: Connection refused",
+        "status": 400
+      },
+      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/6647153594/TE7tyQ",
+      "token": "bzk928_t6Uw015bftBT1WwjBp-x7eNXX0DZAhtvbMQo",
+      "validationRecord": [
+        {
+          "url": "http://domain.com/.well-known/acme-challenge/bzk928_t6Uw015bftBT1WwjBp-x7eNXX0DZAhtvbMQo",
+          "hostname": "domain.com",
+          "port": "80",
+          "addressesResolved": [
+            "73.35.185.91"
+          ],
+          "addressUsed": "73.35.185.91"
+        }
+      ]
+    }
+  ]
+}
+2020-08-19 22:24:23,052:DEBUG:acme.client:Storing nonce: 0002L5nLi1wvSQIR9E4Spc5RoqS1oGizSpnQ6lNuD1ox8ag
+2020-08-19 22:24:23,053:WARNING:certbot._internal.auth_handler:Challenge failed for domain domain.com
+2020-08-19 22:24:23,053:INFO:certbot._internal.auth_handler:http-01 challenge for domain.com
+2020-08-19 22:24:23,053:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:
+
+Domain: domain.com
+Type:   connection
+Detail: Fetching http://domain.com/.well-known/acme-challenge/bzk928_t6Uw015bftBT1WwjBp-x7eNXX0DZAhtvbMQo: Connection refused
+
+To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
+2020-08-19 22:24:23,054:DEBUG:certbot._internal.error_handler:Encountered exception:
+Traceback (most recent call last):
+  File "/snap/certbot/500/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
+    self._poll_authorizations(authzrs, max_retries, best_effort)
+  File "/snap/certbot/500/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
+    raise errors.AuthorizationError('Some challenges have failed.')
+certbot.errors.AuthorizationError: Some challenges have failed.
+
+2020-08-19 22:24:23,055:DEBUG:certbot._internal.error_handler:Calling registered functions
+2020-08-19 22:24:23,055:INFO:certbot._internal.auth_handler:Cleaning up challenges
+2020-08-19 22:24:24,192:DEBUG:certbot._internal.log:Exiting abnormally:
+Traceback (most recent call last):
+  File "/snap/certbot/500/bin/certbot", line 8, in <module>
+    sys.exit(main())
+  File "/snap/certbot/500/lib/python3.8/site-packages/certbot/main.py", line 15, in main
+    return internal_main.main(cli_args)
+  File "/snap/certbot/500/lib/python3.8/site-packages/certbot/_internal/main.py", line 1357, in main
+    return config.func(config, plugins)
+  File "/snap/certbot/500/lib/python3.8/site-packages/certbot/_internal/main.py", line 1101, in run
+    new_lineage = _get_and_save_cert(le_client, config, domains,
+  File "/snap/certbot/500/lib/python3.8/site-packages/certbot/_internal/main.py", line 121, in _get_and_save_cert
+    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
+  File "/snap/certbot/500/lib/python3.8/site-packages/certbot/_internal/client.py", line 418, in obtain_and_enroll_certificate
+    cert, chain, key, _ = self.obtain_certificate(domains)
+  File "/snap/certbot/500/lib/python3.8/site-packages/certbot/_internal/client.py", line 351, in obtain_certificate
+    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
+  File "/snap/certbot/500/lib/python3.8/site-packages/certbot/_internal/client.py", line 398, in _get_order_and_authorizations
+    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
+  File "/snap/certbot/500/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
+    self._poll_authorizations(authzrs, max_retries, best_effort)
+  File "/snap/certbot/500/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
+    raise errors.AuthorizationError('Some challenges have failed.')
+certbot.errors.AuthorizationError: Some challenges have failed.
+2020-08-19 22:24:24,195:ERROR:certbot._internal.log:Some challenges have failed.
+pat@angel:~$