I got another domain which still fails: # acme-client -vv feuf.eu acme-client: /etc/ssl/private/feuf.eu.key: loaded RSA domain key acme-client: /etc/acme/letsencrypt-privkey.pem: loaded RSA account key acme-client: /etc/ssl/feuf.eu.crt: certificate renewable: -61 days left acme-client: https://acme-v01.api.letsencrypt.org/directory: directories acme-client: acme-v01.api.letsencrypt.org: DNS: 104.111.246.175 acme-client: transfer buffer: [{ "cKjgVwg29eQ": "https://community.letsenc= rypt.org/t/adding-random-entries-to-the-directory/33417", "key-change": "h= ttps://acme-v01.api.letsencrypt.org/acme/key-change", "meta": { "caaIdenti= ties": [ "letsencrypt.org" ], "terms-of-service": "https://letsencrypt.org= /documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencry= pt.org" }, "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-aut= hz", "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert";, "ne= w-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg";, "revoke-cert"= : "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"; }] (658 bytes) acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth= : feuf.eu acme-client: acme-v01.api.letsencrypt.org: cached acme-client: acme-v01.api.letsencrypt.org: cached acme-client: transfer buffer: [{ "identifier": { "type": "dns", "value": "= feuf.eu" }, "status": "pending", "expires": "2019-02-06T00:54:09Z", "chall= enges": [ { "type": "tls-alpn-01", "status": "pending", "uri": "https://ac= me-v01.api.letsencrypt.org/acme/challenge/jMife2TySNAitSrBm3PLb2LRL5w3F5mQ= VWgRbQxHYtU/12029926875", "token": "ujO-WvILulTRRp73I4PIUm9YUmDjwrH3jXCNiY= _nAYg" }, { "type": "tls-sni-01", "status": "pending", "uri": "https://acm= e-v01.api.letsencrypt.org/acme/challenge/jMife2TySNAitSrBm3PLb2LRL5w3F5mQV= WgRbQxHYtU/12029926878", "token": "LVLUcXyld9xWtMaMgStGvuKT4vm61O_eghW5FXj= T4DQ" }, { "type": "http-01", "status": "pending", "uri": "https://acme-v0= 1.api.letsencrypt.org/acme/challenge/jMife2TySNAitSrBm3PLb2LRL5w3F5mQVWgRb= QxHYtU/12029926881", "token": "PH1MEqFF8jV3f5IyXzg9RBgI2rYnrR4pDIP8jXFiLU0= " }, { "type": "dns-01", "status": "pending", "uri": "https://acme-v01.api= .letsencrypt.org/acme/challenge/jMife2TySNAitSrBm3PLb2LRL5w3F5mQVWgRbQxHYt= U/12029926883", "token": "vs1QZYl6SpiCICn6WAVS0UIVzQ5bW0nCn4ngrJyBm2c" } ]= , "combinations": [ [ 3 ], [ 0 ], [ 2 ], [ 1 ] ] }] (1263 bytes) acme-client: /var/www/acme/PH1MEqFF8jV3f5IyXzg9RBgI2rYnrR4pDIP8jXFiLU0: cr= eated acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/jMife2TyS= NAitSrBm3PLb2LRL5w3F5mQVWgRbQxHYtU/12029926881: challenge acme-client: acme-v01.api.letsencrypt.org: cached acme-client: acme-v01.api.letsencrypt.org: cached acme-client: transfer buffer: [{ "type": "http-01", "status": "pending", "= uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/jMife2TySNAitSr= Bm3PLb2LRL5w3F5mQVWgRbQxHYtU/12029926881", "token": "PH1MEqFF8jV3f5IyXzg9R= BgI2rYnrR4pDIP8jXFiLU0", "keyAuthorization": "PH1MEqFF8jV3f5IyXzg9RBgI2rYn= rR4pDIP8jXFiLU0.YJLLEKdoM4e4WocQ9C9xvXqa6dAO4zUn6hdCgEgIfBs" }] (337 bytes= ) acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/jMife2TyS= NAitSrBm3PLb2LRL5w3F5mQVWgRbQxHYtU/12029926881: status acme-client: acme-v01.api.letsencrypt.org: cached acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/jMife2TyS= NAitSrBm3PLb2LRL5w3F5mQVWgRbQxHYtU/12029926881: bad response acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid", "= error": { "type": "urn:acme:error:unauthorized", "detail": "Invalid respon= se from http://feuf.eu/.well-known/acme-challenge/PH1MEqFF8jV3f5IyXzg9RBgI= 2rYnrR4pDIP8jXFiLU0: \"\u003c!DOCTYPE HTML PUBLIC \\\"-//IETF//DTD HTML 2.= 0//EN\\\"\u003e\\n\u003chtml\u003e\u003chead\u003e\\n\u003ctitle\u003e404 = Not Found\u003c/title\u003e\\n\u003c/head\u003e\u003cbody\u003e\\n\u003ch1= \u003eNot Found\u003c/h1\u003e\\n\u003cp\"", "status": 403 }, "uri": "http= s://acme-v01.api.letsencrypt.org/acme/challenge/jMife2TySNAitSrBm3PLb2LRL5= w3F5mQVWgRbQxHYtU/12029926881", "token": "PH1MEqFF8jV3f5IyXzg9RBgI2rYnrR4p= DIP8jXFiLU0", "validationRecord": [ { "url": "http://feuf.eu/.well-known/a= cme-challenge/PH1MEqFF8jV3f5IyXzg9RBgI2rYnrR4pDIP8jXFiLU0", "hostname": "f= euf.eu", "port": "80", "addressesResolved": [ "46.38.243.234" ], "addressU= sed": "46.38.243.234" } ] }] (964 bytes) acme-client: bad exit: netproc(32321): 1
Recreating the account key doesn't change things: # mv /etc/acme/letsencrypt-privkey.pem /etc/acme/letsencrypt-privkey.pem.O= LD # acme-client -AD -vv feuf.eu acme-client: /etc/ssl/private/feuf.eu.key: domain key exists (not creating= ) acme-client: /etc/ssl/private/feuf.eu.key: loaded RSA domain key acme-client: /etc/ssl/feuf.eu.crt: certificate renewable: -61 days left acme-client: /etc/acme/letsencrypt-privkey.pem: generated RSA account key acme-client: https://acme-v01.api.letsencrypt.org/directory: directories acme-client: acme-v01.api.letsencrypt.org: DNS: 104.111.246.175 acme-client: transfer buffer: [{ "JYURKwteJeI": "https://community.letsenc= rypt.org/t/adding-random-entries-to-the-directory/33417", "key-change": "h= ttps://acme-v01.api.letsencrypt.org/acme/key-change", "meta": { "caaIdenti= ties": [ "letsencrypt.org" ], "terms-of-service": "https://letsencrypt.org= /documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencry= pt.org" }, "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-aut= hz", "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert";, "ne= w-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg";, "revoke-cert"= : "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"; }] (658 bytes) acme-client: https://acme-v01.api.letsencrypt.org/acme/new-reg: new-reg acme-client: acme-v01.api.letsencrypt.org: cached acme-client: acme-v01.api.letsencrypt.org: cached acme-client: transfer buffer: [{ "id": 50500955, "key": { "kty": "RSA", "n= ": "uyWXZuxRSEqq_2R-FuwzpvoYysG0fh3lVo8PYV5Gj531YDMoLW1_EaPOzZleVoTb4LTypv= B7WDf90UE17L2N74GPK3ZX6YsZPaaQXDJv5EHiSjhdEMxrm_2SHKN_pZ1QIoz05gXcAc25T3vR= 8yEDypkHq5gAuzf3abJ54JCr3FzWXK37X1cx7GaE7y6RngIBvfFbJ_khlTnmZdwhtXxEPXrmxB= ldCArhBlw34CNrCk8Yfp-Vo_kk-ojqt5kXH_Pi3d3BMjzMzjVq2mTodCc2syjanHkdCNIJ9rGn= lcrcFqz2TkVrydiq1FcIIk7_jsCPUfxX7cpc07GXQl7oix7rQ_4wViKXh329lbJ2UMBerWYFxI= 5e_PI2Fpnxyj4JdcnCeLIqWm4KxZay4B4QYUiOS_ponLrSjWUkLcR9wLbvz-MJroHeoBqq-Htx= JuEJE64cRIUuEAFrd0kCweVlD-JmXt4vnqybXfBlpV_OxuJ2PLuM1lw3d9pyn8OkhnoAo4EuCi= cIex4qcI2O095DbfAeCgkHT0MfF2P3ldvpe-M4_-ZSymO0xlthGyNLhHuK2jGUdpC-tuVabVkE= MoUyXNlfh1wxe7ynregjYhpBLpV3e8xaVm_9RjROuwV9iDkpwpAJxq7AbT1I__VPORADptvKiI= jk5OYt6OgVewMGFsqSlyc", "e": "AQAB" }, "contact": [], "agreement": "https:= //letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "initialIp":= "88.99.190.88", "createdAt": "2019-01-30T00:58:02.526514078Z", "status": = "valid" }] (968 bytes) acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth= : feuf.eu acme-client: acme-v01.api.letsencrypt.org: cached acme-client: acme-v01.api.letsencrypt.org: cached acme-client: transfer buffer: [{ "identifier": { "type": "dns", "value": "= feuf.eu" }, "status": "pending", "expires": "2019-02-06T00:58:03Z", "chall= enges": [ { "type": "http-01", "status": "pending", "uri": "https://acme-v= 01.api.letsencrypt.org/acme/challenge/pxJj6inEgYECYKGdPgqs7Y0tnCgVhadPbn18= jVk_2ws/12030062500", "token": "lwiD0yHQ2HoPgsV3saYYSJVNa29as6KZSD9ocP-OTs= c" }, { "type": "dns-01", "status": "pending", "uri": "https://acme-v01.ap= i.letsencrypt.org/acme/challenge/pxJj6inEgYECYKGdPgqs7Y0tnCgVhadPbn18jVk_2= ws/12030062502", "token": "a24XS9u5APodx1kfL5Yts-3Dkz_3r-B-UTg4YB1eNHk" },= { "type": "tls-alpn-01", "status": "pending", "uri": "https://acme-v01.ap= i.letsencrypt.org/acme/challenge/pxJj6inEgYECYKGdPgqs7Y0tnCgVhadPbn18jVk_2= ws/12030062504", "token": "Z_wl2z_2-EafhpqYqbVqbAA5CyBUw2NlOHTbaxXa0MU" } = ], "combinations": [ [ 0 ], [ 1 ], [ 2 ] ] }] (989 bytes) acme-client: /var/www/acme/lwiD0yHQ2HoPgsV3saYYSJVNa29as6KZSD9ocP-OTsc: cr= eated acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/pxJj6inEg= YECYKGdPgqs7Y0tnCgVhadPbn18jVk_2ws/12030062500: challenge acme-client: acme-v01.api.letsencrypt.org: cached acme-client: acme-v01.api.letsencrypt.org: cached acme-client: transfer buffer: [{ "type": "http-01", "status": "pending", "= uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/pxJj6inEgYECYKG= dPgqs7Y0tnCgVhadPbn18jVk_2ws/12030062500", "token": "lwiD0yHQ2HoPgsV3saYYS= JVNa29as6KZSD9ocP-OTsc", "keyAuthorization": "lwiD0yHQ2HoPgsV3saYYSJVNa29a= s6KZSD9ocP-OTsc.ZehNmt8wF7sgV5nWkYKV1ps63XN6_9JoaYok3vCf-VY" }] (337 bytes= ) acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/pxJj6inEg= YECYKGdPgqs7Y0tnCgVhadPbn18jVk_2ws/12030062500: status acme-client: acme-v01.api.letsencrypt.org: cached acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/pxJj6inEg= YECYKGdPgqs7Y0tnCgVhadPbn18jVk_2ws/12030062500: bad response acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid", "= error": { "type": "urn:acme:error:unauthorized", "detail": "Invalid respon= se from http://feuf.eu/.well-known/acme-challenge/lwiD0yHQ2HoPgsV3saYYSJVN= a29as6KZSD9ocP-OTsc: \"\u003c!DOCTYPE HTML PUBLIC \\\"-//IETF//DTD HTML 2.= 0//EN\\\"\u003e\\n\u003chtml\u003e\u003chead\u003e\\n\u003ctitle\u003e404 = Not Found\u003c/title\u003e\\n\u003c/head\u003e\u003cbody\u003e\\n\u003ch1= \u003eNot Found\u003c/h1\u003e\\n\u003cp\"", "status": 403 }, "uri": "http= s://acme-v01.api.letsencrypt.org/acme/challenge/pxJj6inEgYECYKGdPgqs7Y0tnC= gVhadPbn18jVk_2ws/12030062500", "token": "lwiD0yHQ2HoPgsV3saYYSJVNa29as6KZ= SD9ocP-OTsc", "validationRecord": [ { "url": "http://feuf.eu/.well-known/a= cme-challenge/lwiD0yHQ2HoPgsV3saYYSJVNa29as6KZSD9ocP-OTsc", "hostname": "f= euf.eu", "port": "80", "addressesResolved": [ "46.38.243.234" ], "addressU= sed": "46.38.243.234" } ] }] (964 bytes) acme-client: bad exit: netproc(81069): 1
