MOON
Server: Apache
System: Linux vps.espica.me 5.14.0-611.54.3.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 7 16:31:24 EDT 2026 x86_64
User: solaraatech (1010)
PHP: 8.2.32
Disabled: exec,passthru,shell_exec,system
Upload Files
File: //var/log/letsencrypt/letsencrypt.log
2026-07-12 00:58:10,767:DEBUG:certbot._internal.main:certbot version: 3.1.0
2026-07-12 00:58:10,767:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2026-07-12 00:58:10,767:DEBUG:certbot._internal.main:Arguments: ['--noninteractive', '--no-random-sleep-on-renew']
2026-07-12 00:58:10,768:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2026-07-12 00:58:10,793:DEBUG:certbot._internal.log:Root logging level set at 30
2026-07-12 00:58:10,795:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/mail.espica.me.conf
2026-07-12 00:58:10,803:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2026-07-12 00:58:10,845:INFO:certbot.ocsp:Cannot extract OCSP URI from /etc/letsencrypt/archive/mail.espica.me/cert1.pem
2026-07-12 00:58:10,847:DEBUG:certbot._internal.display.obj:Notifying user: Certificate not yet due for renewal
2026-07-12 00:58:10,849:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2026-07-12 00:58:10,850:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2026-07-12 00:58:10,850:DEBUG:certbot._internal.display.obj:Notifying user: The following certificates are not due for renewal yet:
2026-07-12 00:58:10,850:DEBUG:certbot._internal.display.obj:Notifying user:   /etc/letsencrypt/live/mail.espica.me/fullchain.pem expires on 2026-08-11 (skipped)
2026-07-12 00:58:10,850:DEBUG:certbot._internal.display.obj:Notifying user: No renewals were attempted.
2026-07-12 00:58:10,850:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2026-07-12 00:58:10,850:DEBUG:certbot._internal.renewal:no renewal failures
2026-07-12 12:56:02,984:DEBUG:certbot._internal.main:certbot version: 3.1.0
2026-07-12 12:56:02,984:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2026-07-12 12:56:02,984:DEBUG:certbot._internal.main:Arguments: ['--noninteractive', '--no-random-sleep-on-renew']
2026-07-12 12:56:02,985:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2026-07-12 12:56:02,995:DEBUG:certbot._internal.log:Root logging level set at 30
2026-07-12 12:56:02,996:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/mail.espica.me.conf
2026-07-12 12:56:02,998:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2026-07-12 12:56:03,024:INFO:certbot.ocsp:Cannot extract OCSP URI from /etc/letsencrypt/archive/mail.espica.me/cert1.pem
2026-07-12 12:56:03,027:DEBUG:certbot._internal.display.obj:Notifying user: Certificate not yet due for renewal
2026-07-12 12:56:03,027:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2026-07-12 12:56:03,027:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2026-07-12 12:56:03,027:DEBUG:certbot._internal.display.obj:Notifying user: The following certificates are not due for renewal yet:
2026-07-12 12:56:03,028:DEBUG:certbot._internal.display.obj:Notifying user:   /etc/letsencrypt/live/mail.espica.me/fullchain.pem expires on 2026-08-11 (skipped)
2026-07-12 12:56:03,028:DEBUG:certbot._internal.display.obj:Notifying user: No renewals were attempted.
2026-07-12 12:56:03,028:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2026-07-12 12:56:03,028:DEBUG:certbot._internal.renewal:no renewal failures
2026-07-13 01:25:57,210:DEBUG:certbot._internal.main:certbot version: 3.1.0
2026-07-13 01:25:57,211:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2026-07-13 01:25:57,211:DEBUG:certbot._internal.main:Arguments: ['--noninteractive', '--no-random-sleep-on-renew']
2026-07-13 01:25:57,211:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2026-07-13 01:25:57,220:DEBUG:certbot._internal.log:Root logging level set at 30
2026-07-13 01:25:57,221:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/mail.espica.me.conf
2026-07-13 01:25:57,223:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2026-07-13 01:25:57,245:INFO:certbot.ocsp:Cannot extract OCSP URI from /etc/letsencrypt/archive/mail.espica.me/cert1.pem
2026-07-13 01:25:57,247:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2026-08-11 23:31:43 UTC.
2026-07-13 01:25:57,248:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2026-07-13 01:25:57,248:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2026-07-13 01:25:57,248:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A separate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f51c4855a00>
Prep: True
2026-07-13 01:25:57,248:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f51c4855a00> and installer None
2026-07-13 01:25:57,248:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2026-07-13 01:25:57,290:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/3332866786', new_authzr_uri=None, terms_of_service=None), 16f9bbe895785731de66527b923ef6c7, Meta(creation_dt=datetime.datetime(2026, 5, 14, 0, 30, 9, tzinfo=<UTC>), creation_host='mail.espica.me', register_to_eff=None))>
2026-07-13 01:25:57,291:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2026-07-13 01:25:57,293:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2026-07-13 01:25:57,720:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 961
2026-07-13 01:25:57,721:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 13 Jul 2026 05:25:57 GMT
Content-Type: application/json
Content-Length: 961
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "ABzrqP1xiVU": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.8-July-06-2026.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2026-07-13 01:25:57,722:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for mail.espica.me
2026-07-13 01:25:57,724:DEBUG:acme.client:Requesting fresh nonce
2026-07-13 01:25:57,724:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2026-07-13 01:25:57,858:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2026-07-13 01:25:57,858:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 13 Jul 2026 05:25:57 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: tgKU1SCRM1HWCrctd_dp8MQxXUzkouqDr40SngTFfif7tXwYjzw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2026-07-13 01:25:57,858:DEBUG:acme.client:Storing nonce: tgKU1SCRM1HWCrctd_dp8MQxXUzkouqDr40SngTFfif7tXwYjzw
2026-07-13 01:25:57,859:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "mail.espica.me"\n    }\n  ]\n}'
2026-07-13 01:25:57,860:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJ0Z0tVMVNDUk0xSFdDcmN0ZF9kcDhNUXhYVXprb3VxRHI0MFNuZ1RGZmlmN3RYd1lqenciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "PPNZcpojbV0VnpfOzirCqv-jJ8QXA0fKpUXijKOirrAZp9FnOebkf14rGnCEOhuhScKp00OozXXTxHVEVpWPkVRsZT-8PSlr3GC1J8WFkE-VTEgrCRBQJs_NtJtc3E7wKTn6eAD_87WxMv3_GqcdyWEqVz2uBC8Sf7XKJXAAtvwSeXhK0-J9cx4yeV6bmRQNXN9mjauU5xRiXgK60my58GYYN94KbxH29vl3G8Q1OCXYTNEFTjfIZenzifrUHrq-HvVypkZvmEUMGjewvA82uSlGoM7EtjuJ1_LV53T_nifuKLCLlcEOZaeFGUPzljLObTj47edJdWdUOqb6wHHf8w",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1haWwuZXNwaWNhLm1lIgogICAgfQogIF0KfQ"
}
2026-07-13 01:25:58,011:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 348
2026-07-13 01:25:58,011:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Mon, 13 Jul 2026 05:25:57 GMT
Content-Type: application/json
Content-Length: 348
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/3332866786/531706252536
Replay-Nonce: tgKU1SCRiYbm_UYzi51h7muo8CJPFo0rcKpl15cw-pOVJG_9FIc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2026-07-20T05:25:57Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "mail.espica.me"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/738443602576"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/3332866786/531706252536"
}
2026-07-13 01:25:58,011:DEBUG:acme.client:Storing nonce: tgKU1SCRiYbm_UYzi51h7muo8CJPFo0rcKpl15cw-pOVJG_9FIc
2026-07-13 01:25:58,012:DEBUG:acme.client:JWS payload:
b''
2026-07-13 01:25:58,014:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/738443602576:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJ0Z0tVMVNDUmlZYm1fVVl6aTUxaDdtdW84Q0pQRm8wcmNLcGwxNWN3LXBPVkpHXzlGSWMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzMzMzI4NjY3ODYvNzM4NDQzNjAyNTc2In0",
  "signature": "AAY3WwOSLNoqXu6Bvf4PvEKcatKf9fRrBAhZkopgniJyN4wVOyFkao97TpUkUme4lfZRAAw5XY_y1roHQzcv5vhqF05AGLGWgUO8xb9dKS4m1MGxbtGqHFmGaEjR2SG8GvvcEwen7S8rm3jQY21UUXipVtbi2il-WHApbxCAShWRHeGbbZV49yMdcLO4t18zyiw8PFkIhBEWKqZhMSYUlZ-XFe0UZC7Hblue_LaIH3Czi5ChSkV4GDfq28lZB_wUlve8JhSzk63U6CF4TqQL4_gFVhEa3pSuEZ4Oqn5LBOvmL2aOm8HTXRjWHgXyf-cyn0mmFnUDfGoyU1lRfGra_A",
  "payload": ""
}
2026-07-13 01:25:58,151:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/3332866786/738443602576 HTTP/1.1" 200 822
2026-07-13 01:25:58,152:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 13 Jul 2026 05:25:58 GMT
Content-Type: application/json
Content-Length: 822
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 9w0p0d3wmKZkHbM3ZEK0gt4wMf57wt0X4lOh05aTgS6poOVKUYA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mail.espica.me"
  },
  "status": "pending",
  "expires": "2026-07-20T05:25:57Z",
  "challenges": [
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/738443602576/Q9lQDA",
      "status": "pending",
      "token": "1vfgiuTyHJMvA_nDLLnO_YInNkNpOs2PwmINnSUUVF8"
    },
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/738443602576/lY6aEw",
      "status": "pending",
      "token": "1vfgiuTyHJMvA_nDLLnO_YInNkNpOs2PwmINnSUUVF8"
    },
    {
      "type": "tls-alpn-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/738443602576/cKzMtw",
      "status": "pending",
      "token": "1vfgiuTyHJMvA_nDLLnO_YInNkNpOs2PwmINnSUUVF8"
    }
  ]
}
2026-07-13 01:25:58,152:DEBUG:acme.client:Storing nonce: 9w0p0d3wmKZkHbM3ZEK0gt4wMf57wt0X4lOh05aTgS6poOVKUYA
2026-07-13 01:25:58,152:INFO:certbot._internal.auth_handler:Performing the following challenges:
2026-07-13 01:25:58,152:INFO:certbot._internal.auth_handler:http-01 challenge for mail.espica.me
2026-07-13 01:25:58,153:INFO:certbot._internal.plugins.webroot:Using the webroot path /var/www/html for all unmatched domains.
2026-07-13 01:25:58,153:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
2026-07-13 01:25:58,155:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/html/.well-known/acme-challenge/1vfgiuTyHJMvA_nDLLnO_YInNkNpOs2PwmINnSUUVF8
2026-07-13 01:25:58,156:DEBUG:acme.client:JWS payload:
b'{}'
2026-07-13 01:25:58,158:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/738443602576/lY6aEw:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICI5dzBwMGQzd21LWmtIYk0zWkVLMGd0NHdNZjU3d3QwWDRsT2gwNWFUZ1M2cG9PVktVWUEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzMzMzI4NjY3ODYvNzM4NDQzNjAyNTc2L2xZNmFFdyJ9",
  "signature": "OtRi4GW9hVeu_c4q6yDZod9bbcuaXXU2dhlXpRcG-uIX15WQe3nAjJ_8TZkqfoeMs1ISyP0CcCmUMD-P94OIGGHJLDFBbjH9MRmbrAypcV8ZOO43FCEq45wnVfB2JM_I4lQqthsdaFH9EEr7s6wqoYa_1dHiJiyHEO1dZ5rW_VJcu7NRzO_rmO8bDFXTMnnUAEyhtxp7LXNn0t2svD9OXsbAbctcOViHWE01PArGlZJwAJ2VdBF8KlLoQh5ToGDAaN_U08-OtgXWeOvGmpFIcniZzzbhZkSaQMmDwHSQA7QrvrqyzrvwBspXeOeBa_-0PPw2CLTuWWmkuXwhPkJNEg",
  "payload": "e30"
}
2026-07-13 01:25:58,299:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/3332866786/738443602576/lY6aEw HTTP/1.1" 200 195
2026-07-13 01:25:58,300:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 13 Jul 2026 05:25:58 GMT
Content-Type: application/json
Content-Length: 195
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/738443602576>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/738443602576/lY6aEw
Replay-Nonce: tgKU1SCRp_msQw71Aw06JX5UOXjxnvl5flAqYmSDxWV_1-7Psqo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/738443602576/lY6aEw",
  "status": "pending",
  "token": "1vfgiuTyHJMvA_nDLLnO_YInNkNpOs2PwmINnSUUVF8"
}
2026-07-13 01:25:58,300:DEBUG:acme.client:Storing nonce: tgKU1SCRp_msQw71Aw06JX5UOXjxnvl5flAqYmSDxWV_1-7Psqo
2026-07-13 01:25:58,300:INFO:certbot._internal.auth_handler:Waiting for verification...
2026-07-13 01:25:59,302:DEBUG:acme.client:JWS payload:
b''
2026-07-13 01:25:59,303:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/738443602576:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJ0Z0tVMVNDUnBfbXNRdzcxQXcwNkpYNVVPWGp4bnZsNWZsQXFZbVNEeFdWXzEtN1BzcW8iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzMzMzI4NjY3ODYvNzM4NDQzNjAyNTc2In0",
  "signature": "V4QwTL5yA9UiKVutFz0p_ISN_W1JOYxScJmvP5TK9xAhsO0Pz-56aGofHNSeEyvKEpn6LM3NtbXt-5u6Voq_NOILs-eE2fJ8sLrSo6_o__vio7q3amSCLyi-xqln0kFCeIuuzz6vjw1fQK7QLYyT0dHioY5SSzTAsrf8Hy0a2LqdDLMFRSoq98e3jIioahNXQVlAvcQ0_eA7XfsR18-UsBcWhFgjkl_eKd6JkZ2uUEMUtAbkgHg6du4xPx7pjxkWBzOLlsnNEq7Tr3QWkgswkpFK3RuOhRcbLz6ta1Hkbg1-Nb0rhKJhiNqwmzIN_Gv0EseMFD4C5aaJGegfvThZJg",
  "payload": ""
}
2026-07-13 01:25:59,441:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/3332866786/738443602576 HTTP/1.1" 200 1032
2026-07-13 01:25:59,441:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 13 Jul 2026 05:25:59 GMT
Content-Type: application/json
Content-Length: 1032
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: tgKU1SCRwInzAANoUK2vkuhfkksrL2llTXGt_Wq5Pnbc3JXQeG0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mail.espica.me"
  },
  "status": "invalid",
  "expires": "2026-07-20T05:25:57Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/738443602576/lY6aEw",
      "status": "invalid",
      "validated": "2026-07-13T05:25:58Z",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "51.75.182.103: Invalid response from http://mail.espica.me/.well-known/acme-challenge/1vfgiuTyHJMvA_nDLLnO_YInNkNpOs2PwmINnSUUVF8: 404",
        "status": 403
      },
      "token": "1vfgiuTyHJMvA_nDLLnO_YInNkNpOs2PwmINnSUUVF8",
      "validationRecord": [
        {
          "url": "http://mail.espica.me/.well-known/acme-challenge/1vfgiuTyHJMvA_nDLLnO_YInNkNpOs2PwmINnSUUVF8",
          "hostname": "mail.espica.me",
          "port": "80",
          "addressesResolved": [
            "51.75.182.103"
          ],
          "addressUsed": "51.75.182.103"
        }
      ]
    }
  ]
}
2026-07-13 01:25:59,441:DEBUG:acme.client:Storing nonce: tgKU1SCRwInzAANoUK2vkuhfkksrL2llTXGt_Wq5Pnbc3JXQeG0
2026-07-13 01:25:59,442:INFO:certbot._internal.auth_handler:Challenge failed for domain mail.espica.me
2026-07-13 01:25:59,442:INFO:certbot._internal.auth_handler:http-01 challenge for mail.espica.me
2026-07-13 01:25:59,442:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: mail.espica.me
  Type:   unauthorized
  Detail: 51.75.182.103: Invalid response from http://mail.espica.me/.well-known/acme-challenge/1vfgiuTyHJMvA_nDLLnO_YInNkNpOs2PwmINnSUUVF8: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2026-07-13 01:25:59,443:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2026-07-13 01:25:59,443:DEBUG:certbot._internal.error_handler:Calling registered functions
2026-07-13 01:25:59,443:INFO:certbot._internal.auth_handler:Cleaning up challenges
2026-07-13 01:25:59,443:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/1vfgiuTyHJMvA_nDLLnO_YInNkNpOs2PwmINnSUUVF8
2026-07-13 01:25:59,444:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2026-07-13 01:25:59,444:ERROR:certbot._internal.renewal:Failed to renew certificate mail.espica.me with error: Some challenges have failed.
2026-07-13 01:25:59,446:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1529, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 130, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 429, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 497, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2026-07-13 01:25:59,447:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2026-07-13 01:25:59,447:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2026-07-13 01:25:59,448:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/mail.espica.me/fullchain.pem (failure)
2026-07-13 01:25:59,448:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2026-07-13 01:25:59,448:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/usr/lib/python3.9/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1873, in main
    return config.func(config, plugins)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1621, in renew
    renewed_domains, failed_domains = renewal.handle_renewal_request(config)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request
    raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2026-07-13 01:25:59,448:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
2026-07-13 14:32:40,405:DEBUG:certbot._internal.main:certbot version: 3.1.0
2026-07-13 14:32:40,406:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2026-07-13 14:32:40,406:DEBUG:certbot._internal.main:Arguments: ['--noninteractive', '--no-random-sleep-on-renew']
2026-07-13 14:32:40,407:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2026-07-13 14:32:40,419:DEBUG:certbot._internal.log:Root logging level set at 30
2026-07-13 14:32:40,421:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/mail.espica.me.conf
2026-07-13 14:32:40,424:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2026-07-13 14:32:40,449:INFO:certbot.ocsp:Cannot extract OCSP URI from /etc/letsencrypt/archive/mail.espica.me/cert1.pem
2026-07-13 14:32:40,451:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2026-08-11 23:31:43 UTC.
2026-07-13 14:32:40,452:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2026-07-13 14:32:40,452:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2026-07-13 14:32:40,452:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A separate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f1790befa00>
Prep: True
2026-07-13 14:32:40,452:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f1790befa00> and installer None
2026-07-13 14:32:40,452:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2026-07-13 14:32:40,493:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/3332866786', new_authzr_uri=None, terms_of_service=None), 16f9bbe895785731de66527b923ef6c7, Meta(creation_dt=datetime.datetime(2026, 5, 14, 0, 30, 9, tzinfo=<UTC>), creation_host='mail.espica.me', register_to_eff=None))>
2026-07-13 14:32:40,493:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2026-07-13 14:32:40,495:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2026-07-13 14:32:40,921:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 961
2026-07-13 14:32:40,922:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 13 Jul 2026 18:32:40 GMT
Content-Type: application/json
Content-Length: 961
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "G_MGbraP1-4": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.8-July-06-2026.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2026-07-13 14:32:40,923:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for mail.espica.me
2026-07-13 14:32:40,925:DEBUG:acme.client:Requesting fresh nonce
2026-07-13 14:32:40,925:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2026-07-13 14:32:41,060:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2026-07-13 14:32:41,061:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 13 Jul 2026 18:32:40 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 9w0p0d3w9WDK4ko6RbEWZq4D2gbgcxZfKd078yqbVsTkm4nPmCI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2026-07-13 14:32:41,061:DEBUG:acme.client:Storing nonce: 9w0p0d3w9WDK4ko6RbEWZq4D2gbgcxZfKd078yqbVsTkm4nPmCI
2026-07-13 14:32:41,062:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "mail.espica.me"\n    }\n  ]\n}'
2026-07-13 14:32:41,064:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICI5dzBwMGQzdzlXREs0a282UmJFV1pxNEQyZ2JnY3haZktkMDc4eXFiVnNUa200blBtQ0kiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "G21z4B-1KHlBfHYFYzPL6OWpRtq2Ux6UQ23OMt3sXCZn_yl8J1EVGOH7UTfpPQJAn1MOY0ogdvlrtTbIMmZjo5iK-FvJ86f6fZecBfjaPOAtYtEyTkGwL5e3g1QMy5TOuSHdzjYOTL9WJNFSHLmtD6oDmFwwbi1Nu0SB52EN2qi7QyTYiI-63WLzU4uVBFxZ35GoDK2KuwKAb81vYx-65oawXoIwZtO9Ok3KvdGrpS2VcqLcgqn91-DjIjholxjiNGXURf49GQ1jkRLws-lWPx1ENRAAeUdjBfe7fNdjonzQ90rZCnpHscI4oMj_kccshMR7sxcd2eh8PabhXjh5Gg",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1haWwuZXNwaWNhLm1lIgogICAgfQogIF0KfQ"
}
2026-07-13 14:32:41,216:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 348
2026-07-13 14:32:41,217:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Mon, 13 Jul 2026 18:32:41 GMT
Content-Type: application/json
Content-Length: 348
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/3332866786/531904961916
Replay-Nonce: 9w0p0d3wRELnqXDztGGv4uOiZFkFiuu7dJChm5tVz3jKlA3QXTM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2026-07-20T18:32:41Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "mail.espica.me"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/738763854916"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/3332866786/531904961916"
}
2026-07-13 14:32:41,217:DEBUG:acme.client:Storing nonce: 9w0p0d3wRELnqXDztGGv4uOiZFkFiuu7dJChm5tVz3jKlA3QXTM
2026-07-13 14:32:41,217:DEBUG:acme.client:JWS payload:
b''
2026-07-13 14:32:41,218:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/738763854916:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICI5dzBwMGQzd1JFTG5xWER6dEdHdjR1T2laRmtGaXV1N2RKQ2htNXRWejNqS2xBM1FYVE0iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzMzMzI4NjY3ODYvNzM4NzYzODU0OTE2In0",
  "signature": "GAbYB_llt2Q1IhvaEjFKsKiql4iOL95l0pBt3XUXnNc89cYxWZ-0Na3bWbdLVj--eRCUZ5Zx_5cS62Q-Xp68T88kC3nxT_Cvqb-SfMiO0IHOeKoP_Y8O1Kr8zdGrTDA0nGzNoDL12zceFtsTuXsjwF_ISJmtZ9EWyfRe75xl1BlwU2OTC_qH4MzxmIHQU6u0E6JmB7Q0NXoj5SBnbO-EAIJzJRHEf57Nv3a16NHXrL6HcuSK9aSC9Bkf6Hq0s7L4QTBxC4tWT8m7FgWwdFIA4F9rmEnE0mePX-O8ncybY61srTYFDqJK6Y_zcC_a2INC_QrZtHbs45FWyrwouptO-A",
  "payload": ""
}
2026-07-13 14:32:41,355:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/3332866786/738763854916 HTTP/1.1" 200 822
2026-07-13 14:32:41,355:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 13 Jul 2026 18:32:41 GMT
Content-Type: application/json
Content-Length: 822
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 9w0p0d3wjmvisrwnWUm_LkA62Ks7dNbMjE7WrGRKgLEtBa3mdGw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mail.espica.me"
  },
  "status": "pending",
  "expires": "2026-07-20T18:32:41Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/738763854916/PWnL7w",
      "status": "pending",
      "token": "RNQNo9yoviA2f36L3K_MQkQrAAEGunerfKtRkWOAqBo"
    },
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/738763854916/6_cVIA",
      "status": "pending",
      "token": "RNQNo9yoviA2f36L3K_MQkQrAAEGunerfKtRkWOAqBo"
    },
    {
      "type": "tls-alpn-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/738763854916/S_GcXQ",
      "status": "pending",
      "token": "RNQNo9yoviA2f36L3K_MQkQrAAEGunerfKtRkWOAqBo"
    }
  ]
}
2026-07-13 14:32:41,356:DEBUG:acme.client:Storing nonce: 9w0p0d3wjmvisrwnWUm_LkA62Ks7dNbMjE7WrGRKgLEtBa3mdGw
2026-07-13 14:32:41,356:INFO:certbot._internal.auth_handler:Performing the following challenges:
2026-07-13 14:32:41,356:INFO:certbot._internal.auth_handler:http-01 challenge for mail.espica.me
2026-07-13 14:32:41,356:INFO:certbot._internal.plugins.webroot:Using the webroot path /var/www/html for all unmatched domains.
2026-07-13 14:32:41,356:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
2026-07-13 14:32:41,358:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/html/.well-known/acme-challenge/RNQNo9yoviA2f36L3K_MQkQrAAEGunerfKtRkWOAqBo
2026-07-13 14:32:41,359:DEBUG:acme.client:JWS payload:
b'{}'
2026-07-13 14:32:41,360:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/738763854916/PWnL7w:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICI5dzBwMGQzd2ptdmlzcnduV1VtX0xrQTYyS3M3ZE5iTWpFN1dyR1JLZ0xFdEJhM21kR3ciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzMzMzI4NjY3ODYvNzM4NzYzODU0OTE2L1BXbkw3dyJ9",
  "signature": "FZh-URj7SRRulVOZiXj42PT_Tl0Izxa2WIqJTXjydGxkTMG73sa9h3LKQ7Q6voj4wb38ev6Qrpi8rnNsHkgE54--osgRrci8a4s_noo5MnN5xp60sZsM-QEVYHte-LxRYMkbKEGk4UfyF0frPFOkKOCoLbC8yMm0XARlCxGKh38iZAA87o-bxdaHiQZ3imRY_EkGuiMTCe9dDZqzlLtD4lN_YbDi5g-6Mpu6Ju8RYs5G4-BFI97VJRjJ5SIGQQ6iWXuskaUGb3IaRYuSTq3z5V7XXgIyDHjzcEcL2IzBCVWTJYG1IKcaYv5pzJrvv4ZZ_jWrYEIdrlfDoi-BLqoCFw",
  "payload": "e30"
}
2026-07-13 14:32:41,501:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/3332866786/738763854916/PWnL7w HTTP/1.1" 200 195
2026-07-13 14:32:41,501:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 13 Jul 2026 18:32:41 GMT
Content-Type: application/json
Content-Length: 195
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/738763854916>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/738763854916/PWnL7w
Replay-Nonce: tgKU1SCR1e41dQevX5Al1weZOx8Rwg1xbMCNUS3dm5qis3RPhkI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/738763854916/PWnL7w",
  "status": "pending",
  "token": "RNQNo9yoviA2f36L3K_MQkQrAAEGunerfKtRkWOAqBo"
}
2026-07-13 14:32:41,501:DEBUG:acme.client:Storing nonce: tgKU1SCR1e41dQevX5Al1weZOx8Rwg1xbMCNUS3dm5qis3RPhkI
2026-07-13 14:32:41,502:INFO:certbot._internal.auth_handler:Waiting for verification...
2026-07-13 14:32:42,505:DEBUG:acme.client:JWS payload:
b''
2026-07-13 14:32:42,507:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/738763854916:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJ0Z0tVMVNDUjFlNDFkUWV2WDVBbDF3ZVpPeDhSd2cxeGJNQ05VUzNkbTVxaXMzUlBoa0kiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzMzMzI4NjY3ODYvNzM4NzYzODU0OTE2In0",
  "signature": "XxVwel_WsidHrY9AdcJgmLhki2PbwtfhiUPtmytbS06LT_b5hOkLIGfOY0SgfqMza0DbihlujQUfW62mrqCMHLWNTSigsY6Wz5OrgUVWNKTYnkHRU-a0tcCM1t9mQ7XAlqhh-ued6lT9NdFonGI0e5di2W_Y7tHYByEYc6ucZIT8WfGFqvTKPjcskeHYAFaAOiDAwlWuwwsFiPynBiPzoqUd6QtEYVFoS_HO_R3-2kQ2XDrJIv_AOxuu0_hGd3ohwWCHPbYgpI5PD00yFomqeznk65_j4dxA03Tw8iWrVkf8LZG5vN4nG2y6RreanY6rgwADqHD0fBlgaljZahdo-A",
  "payload": ""
}
2026-07-13 14:32:42,646:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/3332866786/738763854916 HTTP/1.1" 200 1032
2026-07-13 14:32:42,646:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 13 Jul 2026 18:32:42 GMT
Content-Type: application/json
Content-Length: 1032
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 9w0p0d3wYCSu7xDT7WbW2aQRJm01WzRPIUFjfwE0OCasVFduas8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mail.espica.me"
  },
  "status": "invalid",
  "expires": "2026-07-20T18:32:41Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/738763854916/PWnL7w",
      "status": "invalid",
      "validated": "2026-07-13T18:32:41Z",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "51.75.182.103: Invalid response from http://mail.espica.me/.well-known/acme-challenge/RNQNo9yoviA2f36L3K_MQkQrAAEGunerfKtRkWOAqBo: 404",
        "status": 403
      },
      "token": "RNQNo9yoviA2f36L3K_MQkQrAAEGunerfKtRkWOAqBo",
      "validationRecord": [
        {
          "url": "http://mail.espica.me/.well-known/acme-challenge/RNQNo9yoviA2f36L3K_MQkQrAAEGunerfKtRkWOAqBo",
          "hostname": "mail.espica.me",
          "port": "80",
          "addressesResolved": [
            "51.75.182.103"
          ],
          "addressUsed": "51.75.182.103"
        }
      ]
    }
  ]
}
2026-07-13 14:32:42,647:DEBUG:acme.client:Storing nonce: 9w0p0d3wYCSu7xDT7WbW2aQRJm01WzRPIUFjfwE0OCasVFduas8
2026-07-13 14:32:42,647:INFO:certbot._internal.auth_handler:Challenge failed for domain mail.espica.me
2026-07-13 14:32:42,647:INFO:certbot._internal.auth_handler:http-01 challenge for mail.espica.me
2026-07-13 14:32:42,647:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: mail.espica.me
  Type:   unauthorized
  Detail: 51.75.182.103: Invalid response from http://mail.espica.me/.well-known/acme-challenge/RNQNo9yoviA2f36L3K_MQkQrAAEGunerfKtRkWOAqBo: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2026-07-13 14:32:42,648:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2026-07-13 14:32:42,648:DEBUG:certbot._internal.error_handler:Calling registered functions
2026-07-13 14:32:42,648:INFO:certbot._internal.auth_handler:Cleaning up challenges
2026-07-13 14:32:42,648:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/RNQNo9yoviA2f36L3K_MQkQrAAEGunerfKtRkWOAqBo
2026-07-13 14:32:42,648:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2026-07-13 14:32:42,649:ERROR:certbot._internal.renewal:Failed to renew certificate mail.espica.me with error: Some challenges have failed.
2026-07-13 14:32:42,651:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1529, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 130, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 429, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 497, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2026-07-13 14:32:42,652:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2026-07-13 14:32:42,652:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2026-07-13 14:32:42,652:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/mail.espica.me/fullchain.pem (failure)
2026-07-13 14:32:42,652:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2026-07-13 14:32:42,653:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/usr/lib/python3.9/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1873, in main
    return config.func(config, plugins)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1621, in renew
    renewed_domains, failed_domains = renewal.handle_renewal_request(config)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request
    raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2026-07-13 14:32:42,653:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
2026-07-14 02:43:41,488:DEBUG:certbot._internal.main:certbot version: 3.1.0
2026-07-14 02:43:41,488:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2026-07-14 02:43:41,488:DEBUG:certbot._internal.main:Arguments: ['--noninteractive', '--no-random-sleep-on-renew']
2026-07-14 02:43:41,489:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2026-07-14 02:43:41,499:DEBUG:certbot._internal.log:Root logging level set at 30
2026-07-14 02:43:41,501:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/mail.espica.me.conf
2026-07-14 02:43:41,502:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2026-07-14 02:43:41,522:INFO:certbot.ocsp:Cannot extract OCSP URI from /etc/letsencrypt/archive/mail.espica.me/cert1.pem
2026-07-14 02:43:41,526:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2026-08-11 23:31:43 UTC.
2026-07-14 02:43:41,527:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2026-07-14 02:43:41,527:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2026-07-14 02:43:41,527:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A separate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f6c64a6fa00>
Prep: True
2026-07-14 02:43:41,527:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f6c64a6fa00> and installer None
2026-07-14 02:43:41,528:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2026-07-14 02:43:41,569:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/3332866786', new_authzr_uri=None, terms_of_service=None), 16f9bbe895785731de66527b923ef6c7, Meta(creation_dt=datetime.datetime(2026, 5, 14, 0, 30, 9, tzinfo=<UTC>), creation_host='mail.espica.me', register_to_eff=None))>
2026-07-14 02:43:41,570:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2026-07-14 02:43:41,572:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2026-07-14 02:43:41,999:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 961
2026-07-14 02:43:42,002:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 14 Jul 2026 06:43:41 GMT
Content-Type: application/json
Content-Length: 961
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.8-July-06-2026.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "nkdVqKp9iKU": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2026-07-14 02:43:42,004:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for mail.espica.me
2026-07-14 02:43:42,008:DEBUG:acme.client:Requesting fresh nonce
2026-07-14 02:43:42,009:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2026-07-14 02:43:42,143:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2026-07-14 02:43:42,144:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 14 Jul 2026 06:43:42 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: tgKU1SCRMZz9gWVhcc0X6E6doNouEsGV_5XDZM4kx9MNtm-N8dM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2026-07-14 02:43:42,144:DEBUG:acme.client:Storing nonce: tgKU1SCRMZz9gWVhcc0X6E6doNouEsGV_5XDZM4kx9MNtm-N8dM
2026-07-14 02:43:42,144:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "mail.espica.me"\n    }\n  ]\n}'
2026-07-14 02:43:42,147:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJ0Z0tVMVNDUk1aejlnV1ZoY2MwWDZFNmRvTm91RXNHVl81WERaTTRreDlNTnRtLU44ZE0iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "JxL0KbPVipzR6-yyicXqEp85E97oXFr01VmsiX0A3-5ueO2DClFlAisAahXldRCF9fMjE1D1wjgLxgPUI6ez_UvXkAIpj-RCb9ga835nJ-b8gmIrSyLtdx7VrNH_A7MDqAEwsIIz6opJX3dCUM6BypdgJXcXGMjlpwPV3hx-kiC7wC5M1flXufLDPPfcPpL4j7H_kajhxJah5aOK_vbGPjGmr5NWMU9LovrOeWoo7EjT1wDjA_EknZv77L4fD2ttSLRqDl9gofGOxjkBo__LHT3CDRbD40waeNU-js-f6pn_73Cwk_BZgjGC0UXAUKSB7LEgUpvUU7a82UvHG9x1aA",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1haWwuZXNwaWNhLm1lIgogICAgfQogIF0KfQ"
}
2026-07-14 02:43:42,303:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 348
2026-07-14 02:43:42,304:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 14 Jul 2026 06:43:42 GMT
Content-Type: application/json
Content-Length: 348
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/3332866786/532095244816
Replay-Nonce: tgKU1SCRhc0d98J_sc3cUwSRxDt3iUHtegkYkPKWiYqhP_Z5PK0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2026-07-21T06:43:42Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "mail.espica.me"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/739074952536"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/3332866786/532095244816"
}
2026-07-14 02:43:42,304:DEBUG:acme.client:Storing nonce: tgKU1SCRhc0d98J_sc3cUwSRxDt3iUHtegkYkPKWiYqhP_Z5PK0
2026-07-14 02:43:42,304:DEBUG:acme.client:JWS payload:
b''
2026-07-14 02:43:42,306:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/739074952536:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJ0Z0tVMVNDUmhjMGQ5OEpfc2MzY1V3U1J4RHQzaVVIdGVna1lrUEtXaVlxaFBfWjVQSzAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzMzMzI4NjY3ODYvNzM5MDc0OTUyNTM2In0",
  "signature": "FxUmdNenUaNadRTwB0q2mFkrvsFzhzpE3R4ZkHZD-M9nz5RpdWvGGv7EBDaLhbi3Zah3JBuRV0CcKaRIFWbVMN69IyNhoO1M_M71OeRo04kUy4AhLe5Vs7vABY-CCerftbrD7y56iYzxn8Ne_gv3nyrBxVXxH2gGqQO-RZT09m4D3DKuxXM7YgqlUyDEAdZnQ0OjweKmElwzwlVlFSjzcwzSczxTjy87wV5RNbpba_-JWJAHBD2EtJlrFX1hwWY7lnTCaGGMt9o85uuBO1s2I4t_YXv2WlkRRClHbKY9rSsltcKF-w-XERVXhCjIxMGn-IIri0yXYuShYCVGh3fqnw",
  "payload": ""
}
2026-07-14 02:43:42,488:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/3332866786/739074952536 HTTP/1.1" 200 822
2026-07-14 02:43:42,488:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 14 Jul 2026 06:43:42 GMT
Content-Type: application/json
Content-Length: 822
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: tgKU1SCRtY1KJHiqQUxSSZD2DSGcAaxONItIM_A1CmmsZE4u6zM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mail.espica.me"
  },
  "status": "pending",
  "expires": "2026-07-21T06:43:42Z",
  "challenges": [
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739074952536/l3XR2w",
      "status": "pending",
      "token": "Ux_DGlclDihQ2_08tDGzZ2ybIEfJstGkBwv3cqXE0F0"
    },
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739074952536/ig7alw",
      "status": "pending",
      "token": "Ux_DGlclDihQ2_08tDGzZ2ybIEfJstGkBwv3cqXE0F0"
    },
    {
      "type": "tls-alpn-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739074952536/Er0eAA",
      "status": "pending",
      "token": "Ux_DGlclDihQ2_08tDGzZ2ybIEfJstGkBwv3cqXE0F0"
    }
  ]
}
2026-07-14 02:43:42,489:DEBUG:acme.client:Storing nonce: tgKU1SCRtY1KJHiqQUxSSZD2DSGcAaxONItIM_A1CmmsZE4u6zM
2026-07-14 02:43:42,489:INFO:certbot._internal.auth_handler:Performing the following challenges:
2026-07-14 02:43:42,489:INFO:certbot._internal.auth_handler:http-01 challenge for mail.espica.me
2026-07-14 02:43:42,490:INFO:certbot._internal.plugins.webroot:Using the webroot path /var/www/html for all unmatched domains.
2026-07-14 02:43:42,490:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
2026-07-14 02:43:42,491:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/html/.well-known/acme-challenge/Ux_DGlclDihQ2_08tDGzZ2ybIEfJstGkBwv3cqXE0F0
2026-07-14 02:43:42,492:DEBUG:acme.client:JWS payload:
b'{}'
2026-07-14 02:43:42,493:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739074952536/ig7alw:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJ0Z0tVMVNDUnRZMUtKSGlxUVV4U1NaRDJEU0djQWF4T05JdElNX0ExQ21tc1pFNHU2ek0iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzMzMzI4NjY3ODYvNzM5MDc0OTUyNTM2L2lnN2FsdyJ9",
  "signature": "QfmVG-cJpbECa_2JSxwTrbV4zu2mWQqqM4cESyXbU4ZuBJqZbL0Z-xdRwtjzYISs2EkkVpgWYf0LPQshgW9qhV-wr1eDdCI6NHGUrENb5fxfWHHh4gkRmdagcokJurMrC5fQw9c_EL58KGdwBNorrrX0TH0CXtiievZF_cM0PHwsW8kaEeCgwrBD8teV7LjZl6G9r4shUnVJB45fgi4gPoEctakIP8Z2ZNmCYc_6MynQc4gElngUIC0fViC1XtFx52-iZ64BT2FT5-XkZ5O77y6-6veB3USKiC8N0h_wDMNigL1w_hPABa24qZLewHysgQ_fyKu7FSbQbTReRx4iyg",
  "payload": "e30"
}
2026-07-14 02:43:42,632:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/3332866786/739074952536/ig7alw HTTP/1.1" 200 195
2026-07-14 02:43:42,632:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 14 Jul 2026 06:43:42 GMT
Content-Type: application/json
Content-Length: 195
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/739074952536>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739074952536/ig7alw
Replay-Nonce: tgKU1SCR5ZLHzOSyqTVLKczb_dR7Fa0CXdasKThQp2OkEljXpow
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739074952536/ig7alw",
  "status": "pending",
  "token": "Ux_DGlclDihQ2_08tDGzZ2ybIEfJstGkBwv3cqXE0F0"
}
2026-07-14 02:43:42,633:DEBUG:acme.client:Storing nonce: tgKU1SCR5ZLHzOSyqTVLKczb_dR7Fa0CXdasKThQp2OkEljXpow
2026-07-14 02:43:42,633:INFO:certbot._internal.auth_handler:Waiting for verification...
2026-07-14 02:43:43,634:DEBUG:acme.client:JWS payload:
b''
2026-07-14 02:43:43,636:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/739074952536:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJ0Z0tVMVNDUjVaTEh6T1N5cVRWTEtjemJfZFI3RmEwQ1hkYXNLVGhRcDJPa0Vsalhwb3ciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzMzMzI4NjY3ODYvNzM5MDc0OTUyNTM2In0",
  "signature": "FJ6mI9etxqK5sfY-Jz9k5yawu22ElKOC2oScWl8Dik9IxkdwqnuIsgX2z6zqDYJj5holYRgP-ogRdoubU_vGzuyyq6Ier9CBHXwAFyF9kgTMjCvO9_FslITYEUCGF6EAhUqjXcABNE2b5rX-6q7v3G-tTJHFE2EJynzj5XEZwy0wYJwh5rqPhAtL7yyFFt8-qjGjGfmFlSgw_RVv42WTW3pscUUtpoqJdo7Ipye-Oxny0H6m0d3m512H1ayXJatBTqwJo08_yQiHjEB8zlQl180Q-F2Y7thvbEE2I5kwkGWuGYkV8ghjMXYEtGupgvhV8h1Cs1FymQjf7uo_Fr1eaw",
  "payload": ""
}
2026-07-14 02:43:43,852:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/3332866786/739074952536 HTTP/1.1" 200 1032
2026-07-14 02:43:43,853:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 14 Jul 2026 06:43:43 GMT
Content-Type: application/json
Content-Length: 1032
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: tgKU1SCRSJhQsf_RsWAgoTTCRm9R-Kv5naBlX41HFv8pOqhkZRU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mail.espica.me"
  },
  "status": "invalid",
  "expires": "2026-07-21T06:43:42Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739074952536/ig7alw",
      "status": "invalid",
      "validated": "2026-07-14T06:43:42Z",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "51.75.182.103: Invalid response from http://mail.espica.me/.well-known/acme-challenge/Ux_DGlclDihQ2_08tDGzZ2ybIEfJstGkBwv3cqXE0F0: 404",
        "status": 403
      },
      "token": "Ux_DGlclDihQ2_08tDGzZ2ybIEfJstGkBwv3cqXE0F0",
      "validationRecord": [
        {
          "url": "http://mail.espica.me/.well-known/acme-challenge/Ux_DGlclDihQ2_08tDGzZ2ybIEfJstGkBwv3cqXE0F0",
          "hostname": "mail.espica.me",
          "port": "80",
          "addressesResolved": [
            "51.75.182.103"
          ],
          "addressUsed": "51.75.182.103"
        }
      ]
    }
  ]
}
2026-07-14 02:43:43,853:DEBUG:acme.client:Storing nonce: tgKU1SCRSJhQsf_RsWAgoTTCRm9R-Kv5naBlX41HFv8pOqhkZRU
2026-07-14 02:43:43,853:INFO:certbot._internal.auth_handler:Challenge failed for domain mail.espica.me
2026-07-14 02:43:43,853:INFO:certbot._internal.auth_handler:http-01 challenge for mail.espica.me
2026-07-14 02:43:43,854:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: mail.espica.me
  Type:   unauthorized
  Detail: 51.75.182.103: Invalid response from http://mail.espica.me/.well-known/acme-challenge/Ux_DGlclDihQ2_08tDGzZ2ybIEfJstGkBwv3cqXE0F0: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2026-07-14 02:43:43,856:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2026-07-14 02:43:43,856:DEBUG:certbot._internal.error_handler:Calling registered functions
2026-07-14 02:43:43,856:INFO:certbot._internal.auth_handler:Cleaning up challenges
2026-07-14 02:43:43,856:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/Ux_DGlclDihQ2_08tDGzZ2ybIEfJstGkBwv3cqXE0F0
2026-07-14 02:43:43,856:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2026-07-14 02:43:43,857:ERROR:certbot._internal.renewal:Failed to renew certificate mail.espica.me with error: Some challenges have failed.
2026-07-14 02:43:43,860:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1529, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 130, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 429, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 497, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2026-07-14 02:43:43,861:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2026-07-14 02:43:43,862:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2026-07-14 02:43:43,862:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/mail.espica.me/fullchain.pem (failure)
2026-07-14 02:43:43,862:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2026-07-14 02:43:43,863:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/usr/lib/python3.9/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1873, in main
    return config.func(config, plugins)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1621, in renew
    renewed_domains, failed_domains = renewal.handle_renewal_request(config)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request
    raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2026-07-14 02:43:43,863:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
2026-07-14 12:44:06,428:DEBUG:certbot._internal.main:certbot version: 3.1.0
2026-07-14 12:44:06,428:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2026-07-14 12:44:06,428:DEBUG:certbot._internal.main:Arguments: ['--noninteractive', '--no-random-sleep-on-renew']
2026-07-14 12:44:06,429:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2026-07-14 12:44:06,438:DEBUG:certbot._internal.log:Root logging level set at 30
2026-07-14 12:44:06,439:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/mail.espica.me.conf
2026-07-14 12:44:06,441:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2026-07-14 12:44:06,465:INFO:certbot.ocsp:Cannot extract OCSP URI from /etc/letsencrypt/archive/mail.espica.me/cert1.pem
2026-07-14 12:44:06,468:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2026-08-11 23:31:43 UTC.
2026-07-14 12:44:06,468:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2026-07-14 12:44:06,468:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2026-07-14 12:44:06,468:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A separate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f753f86ca00>
Prep: True
2026-07-14 12:44:06,469:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f753f86ca00> and installer None
2026-07-14 12:44:06,469:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2026-07-14 12:44:06,511:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/3332866786', new_authzr_uri=None, terms_of_service=None), 16f9bbe895785731de66527b923ef6c7, Meta(creation_dt=datetime.datetime(2026, 5, 14, 0, 30, 9, tzinfo=<UTC>), creation_host='mail.espica.me', register_to_eff=None))>
2026-07-14 12:44:06,512:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2026-07-14 12:44:06,514:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2026-07-14 12:44:06,941:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 961
2026-07-14 12:44:06,942:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 14 Jul 2026 16:44:06 GMT
Content-Type: application/json
Content-Length: 961
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.8-July-06-2026.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
  "suo3eQKxHg4": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
2026-07-14 12:44:06,943:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for mail.espica.me
2026-07-14 12:44:06,945:DEBUG:acme.client:Requesting fresh nonce
2026-07-14 12:44:06,945:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2026-07-14 12:44:07,078:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2026-07-14 12:44:07,079:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 14 Jul 2026 16:44:07 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: tgKU1SCRo9YH_qiJhKS5RKYJNA5PW0V23KbdyxBf_GuBSxVmdEM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2026-07-14 12:44:07,079:DEBUG:acme.client:Storing nonce: tgKU1SCRo9YH_qiJhKS5RKYJNA5PW0V23KbdyxBf_GuBSxVmdEM
2026-07-14 12:44:07,079:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "mail.espica.me"\n    }\n  ]\n}'
2026-07-14 12:44:07,081:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJ0Z0tVMVNDUm85WUhfcWlKaEtTNVJLWUpOQTVQVzBWMjNLYmR5eEJmX0d1QlN4Vm1kRU0iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "MqUhYFgl-vbCoELdhotR_GJKovWrAvqSjMPSv7UmhaG0cUon2jibRkC4qZOE8thHQEKpMeUQtj9Vf68fz5kbzix60ygL7xMd2B78c6L0x-nLT1ajHNNrMgC4WQ6YWgTvI1J-z0hH_tQSd3ZW9HBHz06jRzKMBQKr0pCl_bST_Y7GgkO2i-Bvodg3Ee-Q0x3xl_tRjbfda1BDCNS-lfrXInReqWUYj94QoaCCfwpksz6PWvRGecRh2p27IiLCD0Su3iIYNheRJS4jIOKz_wN8zhK7coDFtdik_Wc_vVxEqS_vMGJvJPkpy0w8Lc1uqh8sp0zNEx5WkEZ-hCQjoQ0r7w",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1haWwuZXNwaWNhLm1lIgogICAgfQogIF0KfQ"
}
2026-07-14 12:44:07,232:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 348
2026-07-14 12:44:07,233:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 14 Jul 2026 16:44:07 GMT
Content-Type: application/json
Content-Length: 348
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/3332866786/532247429646
Replay-Nonce: tgKU1SCR4WyEs6ZIX8JCGx9-ExE8tW1QwoFsdf-PBM0fzOgwav4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2026-07-21T16:44:07Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "mail.espica.me"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/739323792126"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/3332866786/532247429646"
}
2026-07-14 12:44:07,233:DEBUG:acme.client:Storing nonce: tgKU1SCR4WyEs6ZIX8JCGx9-ExE8tW1QwoFsdf-PBM0fzOgwav4
2026-07-14 12:44:07,233:DEBUG:acme.client:JWS payload:
b''
2026-07-14 12:44:07,235:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/739323792126:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJ0Z0tVMVNDUjRXeUVzNlpJWDhKQ0d4OS1FeEU4dFcxUXdvRnNkZi1QQk0wZnpPZ3dhdjQiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzMzMzI4NjY3ODYvNzM5MzIzNzkyMTI2In0",
  "signature": "YcF5H_9ViCAXink845n7L035PnWuC3PB44ZVZGniE7Q2mC79hiKC88T6OF6jd7w4DrvC_MiEmJQltDcdGnGpNw3l-cROrK_B990bYlJpzAs1jIV1iPeSfAjGtuAr5B4ErIGbpWuporhuaxywS7M4dKGHsd7eDehSlK9-lQ4u6GYZQ1K9cBsczFqPynsjDCPXkf0LtpICEOBAQQDwowRYUxsVdnvDFgU5MbrTcosczU5n9_voXhD40OcRMGX2SYCxI5hvYT1816mpQ83glngh1VUmcyZPQ4PSCkCO2ZejgM0Wwd1vLKhF9-E6fQy8hPEh12SI9ELEWt-h0Q60ksGR3g",
  "payload": ""
}
2026-07-14 12:44:07,378:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/3332866786/739323792126 HTTP/1.1" 200 822
2026-07-14 12:44:07,379:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 14 Jul 2026 16:44:07 GMT
Content-Type: application/json
Content-Length: 822
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: tgKU1SCR-7N0IG8z3VrYeqQQOYwYkfywj2YW9kRBug8u7jSx1dw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mail.espica.me"
  },
  "status": "pending",
  "expires": "2026-07-21T16:44:07Z",
  "challenges": [
    {
      "type": "tls-alpn-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739323792126/KT2CHw",
      "status": "pending",
      "token": "12Dpb_FcNNSP3KOWnBI9qGgX1Gl1gOfmkHZhJCSCcLc"
    },
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739323792126/aV0h5Q",
      "status": "pending",
      "token": "12Dpb_FcNNSP3KOWnBI9qGgX1Gl1gOfmkHZhJCSCcLc"
    },
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739323792126/pb4SmQ",
      "status": "pending",
      "token": "12Dpb_FcNNSP3KOWnBI9qGgX1Gl1gOfmkHZhJCSCcLc"
    }
  ]
}
2026-07-14 12:44:07,379:DEBUG:acme.client:Storing nonce: tgKU1SCR-7N0IG8z3VrYeqQQOYwYkfywj2YW9kRBug8u7jSx1dw
2026-07-14 12:44:07,380:INFO:certbot._internal.auth_handler:Performing the following challenges:
2026-07-14 12:44:07,381:INFO:certbot._internal.auth_handler:http-01 challenge for mail.espica.me
2026-07-14 12:44:07,381:INFO:certbot._internal.plugins.webroot:Using the webroot path /var/www/html for all unmatched domains.
2026-07-14 12:44:07,382:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
2026-07-14 12:44:07,386:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/html/.well-known/acme-challenge/12Dpb_FcNNSP3KOWnBI9qGgX1Gl1gOfmkHZhJCSCcLc
2026-07-14 12:44:07,388:DEBUG:acme.client:JWS payload:
b'{}'
2026-07-14 12:44:07,390:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739323792126/aV0h5Q:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJ0Z0tVMVNDUi03TjBJRzh6M1ZyWWVxUVFPWXdZa2Z5d2oyWVc5a1JCdWc4dTdqU3gxZHciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzMzMzI4NjY3ODYvNzM5MzIzNzkyMTI2L2FWMGg1USJ9",
  "signature": "C3KMjo_me_qk-1of1O6U_QufKHZYgYdHTDq6RlGpFt8xSCwvIfyOo6hc3BrTLl91HHhTk26-f0LC8puVuLXoDlo4f3O98sYtyjKryT_d0ZTdkDEA7Is8Q6ULiDAlVHyYojGPqCfxn0PZ7xW7NhqjEKj18Cx-e7kaVwLcrAk8V4PteKzmUcJKSb44XDGGitIWLXFtbim55n-BfYYhG3UOLYh1L58UQVrkH9a9psqu_CxRRPZdIJGp6h2IY-Jt2RXMWyp9FGVBVtDkgO6qh-3D2X6779tA2THcZ5HuW2WU2Vm2H1UeWZV9OFA2CJZB66zPMkTD37AOpyPzEE1DMGaWRA",
  "payload": "e30"
}
2026-07-14 12:44:07,530:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/3332866786/739323792126/aV0h5Q HTTP/1.1" 200 195
2026-07-14 12:44:07,530:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 14 Jul 2026 16:44:07 GMT
Content-Type: application/json
Content-Length: 195
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/739323792126>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739323792126/aV0h5Q
Replay-Nonce: tgKU1SCRxcsalph6K_Taz_NVjpqpccB4taKVTJLSdcn7IYVe-PE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739323792126/aV0h5Q",
  "status": "pending",
  "token": "12Dpb_FcNNSP3KOWnBI9qGgX1Gl1gOfmkHZhJCSCcLc"
}
2026-07-14 12:44:07,530:DEBUG:acme.client:Storing nonce: tgKU1SCRxcsalph6K_Taz_NVjpqpccB4taKVTJLSdcn7IYVe-PE
2026-07-14 12:44:07,531:INFO:certbot._internal.auth_handler:Waiting for verification...
2026-07-14 12:44:08,532:DEBUG:acme.client:JWS payload:
b''
2026-07-14 12:44:08,533:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/739323792126:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJ0Z0tVMVNDUnhjc2FscGg2S19UYXpfTlZqcHFwY2NCNHRhS1ZUSkxTZGNuN0lZVmUtUEUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzMzMzI4NjY3ODYvNzM5MzIzNzkyMTI2In0",
  "signature": "i45o3XmHnHndIe7Zn4KvACTmjnVcm9YeWRNF9JVh0Y0bkwri0DbmvTx7PSypWJQl3207bDuCeSLgWNX_qTaYuNNaFhg80QfKEDFq0iJIynwvUiNArlp_VvRhebvvEInXhF6GEmNtZjxjSYNB3WUDxMTsZRJYkOfGCpqHaLvvUqEe1z2ddCG0ciZ511hQm62zCk1peCSVbR19Gl8gvhGnj6qqnsvNXlWYh05BLNutszmV-6OCVkG5IDfcdJ-kcYZsKA7riE-iGMRtlVi3_Rhyos_W1P2R4cum1MbPHR5J5G7qiYiD1snmemK9K9nK9eRmlfbwaORFNd7nDH2LAB2eTA",
  "payload": ""
}
2026-07-14 12:44:08,671:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/3332866786/739323792126 HTTP/1.1" 200 1032
2026-07-14 12:44:08,672:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 14 Jul 2026 16:44:08 GMT
Content-Type: application/json
Content-Length: 1032
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 9w0p0d3w2ou9Dy1XbOri9uOCJMrXVXzp-Px1s2HyciodxGS7LZA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mail.espica.me"
  },
  "status": "invalid",
  "expires": "2026-07-21T16:44:07Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739323792126/aV0h5Q",
      "status": "invalid",
      "validated": "2026-07-14T16:44:07Z",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "51.75.182.103: Invalid response from http://mail.espica.me/.well-known/acme-challenge/12Dpb_FcNNSP3KOWnBI9qGgX1Gl1gOfmkHZhJCSCcLc: 404",
        "status": 403
      },
      "token": "12Dpb_FcNNSP3KOWnBI9qGgX1Gl1gOfmkHZhJCSCcLc",
      "validationRecord": [
        {
          "url": "http://mail.espica.me/.well-known/acme-challenge/12Dpb_FcNNSP3KOWnBI9qGgX1Gl1gOfmkHZhJCSCcLc",
          "hostname": "mail.espica.me",
          "port": "80",
          "addressesResolved": [
            "51.75.182.103"
          ],
          "addressUsed": "51.75.182.103"
        }
      ]
    }
  ]
}
2026-07-14 12:44:08,672:DEBUG:acme.client:Storing nonce: 9w0p0d3w2ou9Dy1XbOri9uOCJMrXVXzp-Px1s2HyciodxGS7LZA
2026-07-14 12:44:08,672:INFO:certbot._internal.auth_handler:Challenge failed for domain mail.espica.me
2026-07-14 12:44:08,672:INFO:certbot._internal.auth_handler:http-01 challenge for mail.espica.me
2026-07-14 12:44:08,672:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: mail.espica.me
  Type:   unauthorized
  Detail: 51.75.182.103: Invalid response from http://mail.espica.me/.well-known/acme-challenge/12Dpb_FcNNSP3KOWnBI9qGgX1Gl1gOfmkHZhJCSCcLc: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2026-07-14 12:44:08,673:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2026-07-14 12:44:08,673:DEBUG:certbot._internal.error_handler:Calling registered functions
2026-07-14 12:44:08,673:INFO:certbot._internal.auth_handler:Cleaning up challenges
2026-07-14 12:44:08,673:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/12Dpb_FcNNSP3KOWnBI9qGgX1Gl1gOfmkHZhJCSCcLc
2026-07-14 12:44:08,674:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2026-07-14 12:44:08,674:ERROR:certbot._internal.renewal:Failed to renew certificate mail.espica.me with error: Some challenges have failed.
2026-07-14 12:44:08,676:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1529, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 130, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 429, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 497, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2026-07-14 12:44:08,677:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2026-07-14 12:44:08,677:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2026-07-14 12:44:08,677:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/mail.espica.me/fullchain.pem (failure)
2026-07-14 12:44:08,677:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2026-07-14 12:44:08,677:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/usr/lib/python3.9/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1873, in main
    return config.func(config, plugins)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1621, in renew
    renewed_domains, failed_domains = renewal.handle_renewal_request(config)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request
    raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2026-07-14 12:44:08,678:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
2026-07-15 00:44:07,239:DEBUG:certbot._internal.main:certbot version: 3.1.0
2026-07-15 00:44:07,239:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2026-07-15 00:44:07,239:DEBUG:certbot._internal.main:Arguments: ['--noninteractive', '--no-random-sleep-on-renew']
2026-07-15 00:44:07,240:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2026-07-15 00:44:07,249:DEBUG:certbot._internal.log:Root logging level set at 30
2026-07-15 00:44:07,251:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/mail.espica.me.conf
2026-07-15 00:44:07,253:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2026-07-15 00:44:07,279:INFO:certbot.ocsp:Cannot extract OCSP URI from /etc/letsencrypt/archive/mail.espica.me/cert1.pem
2026-07-15 00:44:07,282:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2026-08-11 23:31:43 UTC.
2026-07-15 00:44:07,282:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2026-07-15 00:44:07,282:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2026-07-15 00:44:07,282:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A separate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7fc4b67efa00>
Prep: True
2026-07-15 00:44:07,282:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7fc4b67efa00> and installer None
2026-07-15 00:44:07,282:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2026-07-15 00:44:07,324:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/3332866786', new_authzr_uri=None, terms_of_service=None), 16f9bbe895785731de66527b923ef6c7, Meta(creation_dt=datetime.datetime(2026, 5, 14, 0, 30, 9, tzinfo=<UTC>), creation_host='mail.espica.me', register_to_eff=None))>
2026-07-15 00:44:07,325:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2026-07-15 00:44:07,327:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2026-07-15 00:44:07,749:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 961
2026-07-15 00:44:07,749:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 Jul 2026 04:44:07 GMT
Content-Type: application/json
Content-Length: 961
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.8-July-06-2026.pdf",
    "website": "https://letsencrypt.org"
  },
  "mkvmOuqqfSY": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2026-07-15 00:44:07,751:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for mail.espica.me
2026-07-15 00:44:07,755:DEBUG:acme.client:Requesting fresh nonce
2026-07-15 00:44:07,755:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2026-07-15 00:44:07,888:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2026-07-15 00:44:07,889:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 Jul 2026 04:44:07 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 9w0p0d3wORsirmGhpBaFfWkl9cmnAXkgi8igjdOl581ziBcWUiU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2026-07-15 00:44:07,889:DEBUG:acme.client:Storing nonce: 9w0p0d3wORsirmGhpBaFfWkl9cmnAXkgi8igjdOl581ziBcWUiU
2026-07-15 00:44:07,889:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "mail.espica.me"\n    }\n  ]\n}'
2026-07-15 00:44:07,891:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICI5dzBwMGQzd09Sc2lybUdocEJhRmZXa2w5Y21uQVhrZ2k4aWdqZE9sNTgxemlCY1dVaVUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "pz5G7rMkSplJVmWi1tVWWa3brvLRmdsyIntyOYyG8fZU5KROJ2ZuyDodT-MI-PkzDv0bW3siu4ladNjsOEjQSkdo-yzWK1SNUQfSFwfv0bynY4H5qZuY_cau8Q_TMY0S5pIP47fT3HdtyX-uZN3GlYdH97R78vmkpl8W3S_oUQQHTgmKForWTJjpJhG4OqQI5gGYOx-pnUrq_F6-5nDs29wIQ6LapmAqaMMTWOE9ibDG6qJh9TwAPXWkx8ohRO2jHW7EEryQKmX3TGrM-fvb88uwcrpwh8_MfInaXAmR9X7B8piaNDpj_GbdKchdBAfnmmvF649zAAvf8xznuKGUiA",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1haWwuZXNwaWNhLm1lIgogICAgfQogIF0KfQ"
}
2026-07-15 00:44:08,039:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 348
2026-07-15 00:44:08,040:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 15 Jul 2026 04:44:07 GMT
Content-Type: application/json
Content-Length: 348
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/3332866786/532433675546
Replay-Nonce: tgKU1SCRWEPsOjuwISqT3cHArCOZqmZ5bNjmFEpI8hkmCsyJO-c
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2026-07-22T04:44:07Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "mail.espica.me"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/739629747186"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/3332866786/532433675546"
}
2026-07-15 00:44:08,040:DEBUG:acme.client:Storing nonce: tgKU1SCRWEPsOjuwISqT3cHArCOZqmZ5bNjmFEpI8hkmCsyJO-c
2026-07-15 00:44:08,040:DEBUG:acme.client:JWS payload:
b''
2026-07-15 00:44:08,041:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/739629747186:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJ0Z0tVMVNDUldFUHNPanV3SVNxVDNjSEFyQ09acW1aNWJOam1GRXBJOGhrbUNzeUpPLWMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzMzMzI4NjY3ODYvNzM5NjI5NzQ3MTg2In0",
  "signature": "utx3ZRUlGtfsEwZFVGMBc9DDcmGasLuNDCRNq6HKO6mT0wc7E040Gb90lpwUz7xIZFvOR1zeDFuEWSP4lBF5BfZneu5UHkQPbeQMyZ2dWopOCXbB8yU79ByqoIFGf7x_TeQejHM7Fkozo63hzLR3X021trpbVamAS02BPfGEeB5vedw6E4YzXcTIyGpYuywH2NoMh4QOprQAUljDbLkowK5KPhbwFlE1ucsz3GK4Y4R7FP88wzbSeahUAQN5T8avP_LkrMOL-FQlI4odLnY4xjbo6IAJ45E2oxmJyaVoMEPagoeI6qHIuTMmq4pi7pmrH1fA5zJa2Ay51sq4JUSxZw",
  "payload": ""
}
2026-07-15 00:44:08,178:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/3332866786/739629747186 HTTP/1.1" 200 822
2026-07-15 00:44:08,178:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 Jul 2026 04:44:08 GMT
Content-Type: application/json
Content-Length: 822
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 9w0p0d3wRjZzYgi5qE5Tw1-csNcQUQ5dIILSTMHk-2E_bSdAVoM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mail.espica.me"
  },
  "status": "pending",
  "expires": "2026-07-22T04:44:07Z",
  "challenges": [
    {
      "type": "tls-alpn-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739629747186/RNMNoA",
      "status": "pending",
      "token": "xfbiRaY_CVCmQyCMRBMG0aLB4R5fKQYhwVavGsuC2Pc"
    },
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739629747186/GGYziw",
      "status": "pending",
      "token": "xfbiRaY_CVCmQyCMRBMG0aLB4R5fKQYhwVavGsuC2Pc"
    },
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739629747186/Sm4Zbg",
      "status": "pending",
      "token": "xfbiRaY_CVCmQyCMRBMG0aLB4R5fKQYhwVavGsuC2Pc"
    }
  ]
}
2026-07-15 00:44:08,179:DEBUG:acme.client:Storing nonce: 9w0p0d3wRjZzYgi5qE5Tw1-csNcQUQ5dIILSTMHk-2E_bSdAVoM
2026-07-15 00:44:08,179:INFO:certbot._internal.auth_handler:Performing the following challenges:
2026-07-15 00:44:08,179:INFO:certbot._internal.auth_handler:http-01 challenge for mail.espica.me
2026-07-15 00:44:08,179:INFO:certbot._internal.plugins.webroot:Using the webroot path /var/www/html for all unmatched domains.
2026-07-15 00:44:08,180:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
2026-07-15 00:44:08,181:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/html/.well-known/acme-challenge/xfbiRaY_CVCmQyCMRBMG0aLB4R5fKQYhwVavGsuC2Pc
2026-07-15 00:44:08,182:DEBUG:acme.client:JWS payload:
b'{}'
2026-07-15 00:44:08,183:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739629747186/GGYziw:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICI5dzBwMGQzd1JqWnpZZ2k1cUU1VHcxLWNzTmNRVVE1ZElJTFNUTUhrLTJFX2JTZEFWb00iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzMzMzI4NjY3ODYvNzM5NjI5NzQ3MTg2L0dHWXppdyJ9",
  "signature": "S-EC9oF5vFX4tjvvcfj5hvrcAEKBM-tvlOwi8hB3gYT6LQcb5GsRhc4Ttoj_a1YmuPy0M9kwRlW4QDqffQmOu1DljA3i0BXNYlYhCdHhEtwsu3vxwvvGUojciPdZNfVEzxSg9lHGQtoPO2Y6S5mOqJrdyLQNFeE0QGigmG1ipeib4z1batuhvpHTRfWj0IFi5SgyC9fiBgUwbZgP3-JEEW0DMn_VZ6J5C2f8lGMpZynuV2KbYkAn48rRrezOehjgE2BZs9FIhuKmRWyalWO7dQsRVB9Dn7ypTXc4j1gfC3PtMh8YmWNZvxLtu7qZVh2XLN_1W-_00-H2O8w-RqI6kA",
  "payload": "e30"
}
2026-07-15 00:44:08,322:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/3332866786/739629747186/GGYziw HTTP/1.1" 200 195
2026-07-15 00:44:08,322:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 Jul 2026 04:44:08 GMT
Content-Type: application/json
Content-Length: 195
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/739629747186>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739629747186/GGYziw
Replay-Nonce: 9w0p0d3wAQrLdFTCvv4HUcGgfmPJ2xru6gyeoYVo4pz45Og5x5Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739629747186/GGYziw",
  "status": "pending",
  "token": "xfbiRaY_CVCmQyCMRBMG0aLB4R5fKQYhwVavGsuC2Pc"
}
2026-07-15 00:44:08,322:DEBUG:acme.client:Storing nonce: 9w0p0d3wAQrLdFTCvv4HUcGgfmPJ2xru6gyeoYVo4pz45Og5x5Y
2026-07-15 00:44:08,323:INFO:certbot._internal.auth_handler:Waiting for verification...
2026-07-15 00:44:09,324:DEBUG:acme.client:JWS payload:
b''
2026-07-15 00:44:09,326:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/739629747186:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICI5dzBwMGQzd0FRckxkRlRDdnY0SFVjR2dmbVBKMnhydTZneWVvWVZvNHB6NDVPZzV4NVkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzMzMzI4NjY3ODYvNzM5NjI5NzQ3MTg2In0",
  "signature": "LcP_mi8GgS2kwB6uq9CZZrRgGpLvH6Eyo5G1typvyhfHxmaZWhM4TfmLGkRaRN5SWmwUhkkXzsv5Ui1y1DU04IGRH4S2zvVq9VsJU37VRXg3rhYNy9y0bAlxpfBDC0jBYqm7CKyeV6pR82GRk2RP08Xw_K0uHwTyiv6c9Pv224Cy0EL1tcOAJJdkidvE7mSPL4MfvbnlpQmWl791hIqFYBz6trX4ucGyXK6ikujNPencV3jQ-TM31x97OpzzOPDTAAM2MdQcM2de_HuCfuI0TWwXIi1SgBdIdS14auU8W8Sie7B-AwEQ0r2p8L9VviXO-Ede7UAVv7qr8hdRBbPIyw",
  "payload": ""
}
2026-07-15 00:44:09,461:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/3332866786/739629747186 HTTP/1.1" 200 1032
2026-07-15 00:44:09,461:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 Jul 2026 04:44:09 GMT
Content-Type: application/json
Content-Length: 1032
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: tgKU1SCR6H_KxaxIBL0kEgMyONlMBkRB4UEGfHMJy1TT3xbv_ic
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mail.espica.me"
  },
  "status": "invalid",
  "expires": "2026-07-22T04:44:07Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739629747186/GGYziw",
      "status": "invalid",
      "validated": "2026-07-15T04:44:08Z",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "51.75.182.103: Invalid response from http://mail.espica.me/.well-known/acme-challenge/xfbiRaY_CVCmQyCMRBMG0aLB4R5fKQYhwVavGsuC2Pc: 404",
        "status": 403
      },
      "token": "xfbiRaY_CVCmQyCMRBMG0aLB4R5fKQYhwVavGsuC2Pc",
      "validationRecord": [
        {
          "url": "http://mail.espica.me/.well-known/acme-challenge/xfbiRaY_CVCmQyCMRBMG0aLB4R5fKQYhwVavGsuC2Pc",
          "hostname": "mail.espica.me",
          "port": "80",
          "addressesResolved": [
            "51.75.182.103"
          ],
          "addressUsed": "51.75.182.103"
        }
      ]
    }
  ]
}
2026-07-15 00:44:09,461:DEBUG:acme.client:Storing nonce: tgKU1SCR6H_KxaxIBL0kEgMyONlMBkRB4UEGfHMJy1TT3xbv_ic
2026-07-15 00:44:09,462:INFO:certbot._internal.auth_handler:Challenge failed for domain mail.espica.me
2026-07-15 00:44:09,462:INFO:certbot._internal.auth_handler:http-01 challenge for mail.espica.me
2026-07-15 00:44:09,462:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: mail.espica.me
  Type:   unauthorized
  Detail: 51.75.182.103: Invalid response from http://mail.espica.me/.well-known/acme-challenge/xfbiRaY_CVCmQyCMRBMG0aLB4R5fKQYhwVavGsuC2Pc: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2026-07-15 00:44:09,463:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2026-07-15 00:44:09,463:DEBUG:certbot._internal.error_handler:Calling registered functions
2026-07-15 00:44:09,463:INFO:certbot._internal.auth_handler:Cleaning up challenges
2026-07-15 00:44:09,463:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/xfbiRaY_CVCmQyCMRBMG0aLB4R5fKQYhwVavGsuC2Pc
2026-07-15 00:44:09,463:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2026-07-15 00:44:09,464:ERROR:certbot._internal.renewal:Failed to renew certificate mail.espica.me with error: Some challenges have failed.
2026-07-15 00:44:09,466:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1529, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 130, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 429, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 497, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2026-07-15 00:44:09,467:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2026-07-15 00:44:09,467:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2026-07-15 00:44:09,467:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/mail.espica.me/fullchain.pem (failure)
2026-07-15 00:44:09,467:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2026-07-15 00:44:09,467:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/usr/lib/python3.9/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1873, in main
    return config.func(config, plugins)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1621, in renew
    renewed_domains, failed_domains = renewal.handle_renewal_request(config)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request
    raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2026-07-15 00:44:09,468:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
2026-07-15 14:56:02,796:DEBUG:certbot._internal.main:certbot version: 3.1.0
2026-07-15 14:56:02,796:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2026-07-15 14:56:02,796:DEBUG:certbot._internal.main:Arguments: ['--noninteractive', '--no-random-sleep-on-renew']
2026-07-15 14:56:02,798:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2026-07-15 14:56:02,809:DEBUG:certbot._internal.log:Root logging level set at 30
2026-07-15 14:56:02,811:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/mail.espica.me.conf
2026-07-15 14:56:02,815:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2026-07-15 14:56:02,839:INFO:certbot.ocsp:Cannot extract OCSP URI from /etc/letsencrypt/archive/mail.espica.me/cert1.pem
2026-07-15 14:56:02,842:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2026-08-11 23:31:43 UTC.
2026-07-15 14:56:02,842:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2026-07-15 14:56:02,842:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2026-07-15 14:56:02,842:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A separate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f7898d3ca00>
Prep: True
2026-07-15 14:56:02,843:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f7898d3ca00> and installer None
2026-07-15 14:56:02,843:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2026-07-15 14:56:02,881:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/3332866786', new_authzr_uri=None, terms_of_service=None), 16f9bbe895785731de66527b923ef6c7, Meta(creation_dt=datetime.datetime(2026, 5, 14, 0, 30, 9, tzinfo=<UTC>), creation_host='mail.espica.me', register_to_eff=None))>
2026-07-15 14:56:02,882:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2026-07-15 14:56:02,884:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2026-07-15 14:56:03,310:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 961
2026-07-15 14:56:03,311:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 Jul 2026 18:56:03 GMT
Content-Type: application/json
Content-Length: 961
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.8-July-06-2026.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
  "rhl5eA2QVWI": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
2026-07-15 14:56:03,312:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for mail.espica.me
2026-07-15 14:56:03,315:DEBUG:acme.client:Requesting fresh nonce
2026-07-15 14:56:03,315:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2026-07-15 14:56:03,451:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2026-07-15 14:56:03,452:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 Jul 2026 18:56:03 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: YUeQbvp2rAwovHRgQNGobZOVRbKjjmhRW8w8ZLCEjiier44DBdM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2026-07-15 14:56:03,452:DEBUG:acme.client:Storing nonce: YUeQbvp2rAwovHRgQNGobZOVRbKjjmhRW8w8ZLCEjiier44DBdM
2026-07-15 14:56:03,452:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "mail.espica.me"\n    }\n  ]\n}'
2026-07-15 14:56:03,454:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJZVWVRYnZwMnJBd292SFJnUU5Hb2JaT1ZSYktqam1oUlc4dzhaTENFamlpZXI0NERCZE0iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "F9DuqvLtptcUzW7fq2G05MnO0sPZ09hErO0hLr3k3CnIdbEYU40jLpCza1huaooiG_AbnXvf5P22b6hF-ROBONArHli9lDMDif_42-ItpDDjxAqO-NYJ-hyKWdx7F7xmQcpoTPv6QT6Pg4Kt5FHKfmz2hhSBqBJhSZbVChksoF1fgL7kLL01EA4RxEv2CMGy5Eg0LIr_rbDoUvn41Uw3dKKRqCValmeKpRQ8H1wmQLBUdUqHVJYLK_wtdsrKOyeiGSEi64OySg3WlHO7zj_OpUnkUPq4j_oFyzZWtlDx562JqTWGpuxWf-kQNUPDo1ID_J97zg8fxqqrQkeB_PRQuw",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1haWwuZXNwaWNhLm1lIgogICAgfQogIF0KfQ"
}
2026-07-15 14:56:03,615:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 348
2026-07-15 14:56:03,615:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 15 Jul 2026 18:56:03 GMT
Content-Type: application/json
Content-Length: 348
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/3332866786/532652264936
Replay-Nonce: DeP8OpbN2w7F7Lms9itrMY3Y4hkLBP-V4u8bZHReMkxUni5kKvw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2026-07-22T18:56:03Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "mail.espica.me"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/739986177966"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/3332866786/532652264936"
}
2026-07-15 14:56:03,615:DEBUG:acme.client:Storing nonce: DeP8OpbN2w7F7Lms9itrMY3Y4hkLBP-V4u8bZHReMkxUni5kKvw
2026-07-15 14:56:03,616:DEBUG:acme.client:JWS payload:
b''
2026-07-15 14:56:03,617:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/739986177966:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJEZVA4T3BiTjJ3N0Y3TG1zOWl0ck1ZM1k0aGtMQlAtVjR1OGJaSFJlTWt4VW5pNWtLdnciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzMzMzI4NjY3ODYvNzM5OTg2MTc3OTY2In0",
  "signature": "UDUNxPz6C2E4W988kUIcwTnDNaU483DOzkeA6TL303oWBR2STHBkfbB3MKd0CLgQXA2RYf6fKJhQjKhNzAqpDwcL-m1S5otqGON082KwG1rhA-YBtaTa8rS7dYyQLWiPOv5VestNa1Ii5adk4702PXAKn3IN_ZtZ06zXlttI4o5VfqHH7knm7OO8hxVeZR4-deITWWsLYugAotLhL-Z6vlWjCVJfSUiNWZpFO59nNvtng0fHn-BjfnjwzjUa6Ndlt5rXNc7Wq3uyGonNvM0jt2lzdrPWqdxLGDJVwHPj5fA2UR5TL28H7sZaSoOEoBWAqot8llEAwTo4x0enu4MLAA",
  "payload": ""
}
2026-07-15 14:56:03,756:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/3332866786/739986177966 HTTP/1.1" 200 822
2026-07-15 14:56:03,757:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 Jul 2026 18:56:03 GMT
Content-Type: application/json
Content-Length: 822
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: DeP8OpbNWodwweV8VpT9VfRt4SIkXmy6YIzJxWO0JKFRFhbw2FI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mail.espica.me"
  },
  "status": "pending",
  "expires": "2026-07-22T18:56:03Z",
  "challenges": [
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739986177966/rodfEQ",
      "status": "pending",
      "token": "n-qdpQayOTCzmkV4AMYNRvVK58NkcLonYU7AwXlXTzs"
    },
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739986177966/Yczxow",
      "status": "pending",
      "token": "n-qdpQayOTCzmkV4AMYNRvVK58NkcLonYU7AwXlXTzs"
    },
    {
      "type": "tls-alpn-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739986177966/k1MWUg",
      "status": "pending",
      "token": "n-qdpQayOTCzmkV4AMYNRvVK58NkcLonYU7AwXlXTzs"
    }
  ]
}
2026-07-15 14:56:03,757:DEBUG:acme.client:Storing nonce: DeP8OpbNWodwweV8VpT9VfRt4SIkXmy6YIzJxWO0JKFRFhbw2FI
2026-07-15 14:56:03,758:INFO:certbot._internal.auth_handler:Performing the following challenges:
2026-07-15 14:56:03,758:INFO:certbot._internal.auth_handler:http-01 challenge for mail.espica.me
2026-07-15 14:56:03,758:INFO:certbot._internal.plugins.webroot:Using the webroot path /var/www/html for all unmatched domains.
2026-07-15 14:56:03,758:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
2026-07-15 14:56:03,760:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/html/.well-known/acme-challenge/n-qdpQayOTCzmkV4AMYNRvVK58NkcLonYU7AwXlXTzs
2026-07-15 14:56:03,761:DEBUG:acme.client:JWS payload:
b'{}'
2026-07-15 14:56:03,763:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739986177966/Yczxow:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJEZVA4T3BiTldvZHd3ZVY4VnBUOVZmUnQ0U0lrWG15NllJekp4V08wSktGUkZoYncyRkkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzMzMzI4NjY3ODYvNzM5OTg2MTc3OTY2L1ljenhvdyJ9",
  "signature": "LtMA5PuNqLup0J6Ml9eySWYZs7Y6AfYsaKX9QjERLKvq0fsdFRIyO2gVrxLwstSJs9cL4uxRUur5ClN0ZHMmkXEkB6CE3YtTXVDmvTmqK8plcDKzqeSmSYom-T9lSeSN72rItYXk_tkQhSF2NCsXQBb-WZt1vtzGXMXPnmoyKqv-uI2H4qapO91BgVBWuxEBaXgrb9MhfjRdJK7RnBAuzb1y7fpFo7swp2SpE9Tg-L8_zfUVvIztNM4L-i-a9Go8_SHhTPJFfLtuIND_dvE6kouVI1PQso6c-Zch72Nan5qGK7OqpoOgIin0xOeqaurGabtkRtE35H5UvOhNVBTewQ",
  "payload": "e30"
}
2026-07-15 14:56:03,906:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/3332866786/739986177966/Yczxow HTTP/1.1" 200 195
2026-07-15 14:56:03,907:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 Jul 2026 18:56:03 GMT
Content-Type: application/json
Content-Length: 195
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/739986177966>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739986177966/Yczxow
Replay-Nonce: YUeQbvp2XyLJiyPwGvbEY6Md2Rw4_UbdtvHPsZIhOsVUyVH410k
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739986177966/Yczxow",
  "status": "pending",
  "token": "n-qdpQayOTCzmkV4AMYNRvVK58NkcLonYU7AwXlXTzs"
}
2026-07-15 14:56:03,907:DEBUG:acme.client:Storing nonce: YUeQbvp2XyLJiyPwGvbEY6Md2Rw4_UbdtvHPsZIhOsVUyVH410k
2026-07-15 14:56:03,907:INFO:certbot._internal.auth_handler:Waiting for verification...
2026-07-15 14:56:04,908:DEBUG:acme.client:JWS payload:
b''
2026-07-15 14:56:04,910:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/739986177966:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJZVWVRYnZwMlh5TEppeVB3R3ZiRVk2TWQyUnc0X1ViZHR2SFBzWkloT3NWVXlWSDQxMGsiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzMzMzI4NjY3ODYvNzM5OTg2MTc3OTY2In0",
  "signature": "N5sCYHArC74N9OPrbNTzoqGnFkGAG1Dr9Bg7RuDgFIRYQalqpMGIkTYIbwoEuCZuFP-dy4v9h06RlLV2kpUVJXfMVtzVZ-ZNNNlmGFNT9dHiLLcKWzZ8pPbd77fio1DtTGmeYNuSCv0yJ1qmkzPVrCKmSbmBSYOdhp-ANq6rbH310iym7zII6yubS9Ps2AXE_c6XKvbm35EMtkDdvFB0w0T_XTvxPxm3S5WPW3llTAO_owMk-38Da6B2oAXzumXECsTi_mr0UPv5HcoU0CH470cyIoIFUc7KGVTnXuYeYlGJb3Zoz3YiRllrNd01UZxm7dMmDBrH3SG8po7-psKLag",
  "payload": ""
}
2026-07-15 14:56:05,056:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/3332866786/739986177966 HTTP/1.1" 200 1032
2026-07-15 14:56:05,057:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 Jul 2026 18:56:04 GMT
Content-Type: application/json
Content-Length: 1032
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: YUeQbvp2nL7GqM6StqzpEpePNogYWw9GdzNVfj8uenMPAogGZ88
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mail.espica.me"
  },
  "status": "invalid",
  "expires": "2026-07-22T18:56:03Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/739986177966/Yczxow",
      "status": "invalid",
      "validated": "2026-07-15T18:56:03Z",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "51.75.182.103: Invalid response from http://mail.espica.me/.well-known/acme-challenge/n-qdpQayOTCzmkV4AMYNRvVK58NkcLonYU7AwXlXTzs: 404",
        "status": 403
      },
      "token": "n-qdpQayOTCzmkV4AMYNRvVK58NkcLonYU7AwXlXTzs",
      "validationRecord": [
        {
          "url": "http://mail.espica.me/.well-known/acme-challenge/n-qdpQayOTCzmkV4AMYNRvVK58NkcLonYU7AwXlXTzs",
          "hostname": "mail.espica.me",
          "port": "80",
          "addressesResolved": [
            "51.75.182.103"
          ],
          "addressUsed": "51.75.182.103"
        }
      ]
    }
  ]
}
2026-07-15 14:56:05,057:DEBUG:acme.client:Storing nonce: YUeQbvp2nL7GqM6StqzpEpePNogYWw9GdzNVfj8uenMPAogGZ88
2026-07-15 14:56:05,057:INFO:certbot._internal.auth_handler:Challenge failed for domain mail.espica.me
2026-07-15 14:56:05,057:INFO:certbot._internal.auth_handler:http-01 challenge for mail.espica.me
2026-07-15 14:56:05,057:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: mail.espica.me
  Type:   unauthorized
  Detail: 51.75.182.103: Invalid response from http://mail.espica.me/.well-known/acme-challenge/n-qdpQayOTCzmkV4AMYNRvVK58NkcLonYU7AwXlXTzs: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2026-07-15 14:56:05,058:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2026-07-15 14:56:05,058:DEBUG:certbot._internal.error_handler:Calling registered functions
2026-07-15 14:56:05,058:INFO:certbot._internal.auth_handler:Cleaning up challenges
2026-07-15 14:56:05,058:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/n-qdpQayOTCzmkV4AMYNRvVK58NkcLonYU7AwXlXTzs
2026-07-15 14:56:05,059:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2026-07-15 14:56:05,059:ERROR:certbot._internal.renewal:Failed to renew certificate mail.espica.me with error: Some challenges have failed.
2026-07-15 14:56:05,061:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1529, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 130, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 429, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 497, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2026-07-15 14:56:05,062:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2026-07-15 14:56:05,062:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2026-07-15 14:56:05,062:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/mail.espica.me/fullchain.pem (failure)
2026-07-15 14:56:05,062:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2026-07-15 14:56:05,063:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/usr/lib/python3.9/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1873, in main
    return config.func(config, plugins)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1621, in renew
    renewed_domains, failed_domains = renewal.handle_renewal_request(config)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request
    raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2026-07-15 14:56:05,063:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
2026-07-16 01:56:46,935:DEBUG:certbot._internal.main:certbot version: 3.1.0
2026-07-16 01:56:46,935:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2026-07-16 01:56:46,935:DEBUG:certbot._internal.main:Arguments: ['--noninteractive', '--no-random-sleep-on-renew']
2026-07-16 01:56:46,936:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2026-07-16 01:56:46,946:DEBUG:certbot._internal.log:Root logging level set at 30
2026-07-16 01:56:46,950:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/mail.espica.me.conf
2026-07-16 01:56:46,952:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2026-07-16 01:56:46,978:INFO:certbot.ocsp:Cannot extract OCSP URI from /etc/letsencrypt/archive/mail.espica.me/cert1.pem
2026-07-16 01:56:46,981:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2026-08-11 23:31:43 UTC.
2026-07-16 01:56:46,981:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2026-07-16 01:56:46,981:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2026-07-16 01:56:46,981:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A separate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7efdf83bfa00>
Prep: True
2026-07-16 01:56:46,981:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7efdf83bfa00> and installer None
2026-07-16 01:56:46,981:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2026-07-16 01:56:47,029:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/3332866786', new_authzr_uri=None, terms_of_service=None), 16f9bbe895785731de66527b923ef6c7, Meta(creation_dt=datetime.datetime(2026, 5, 14, 0, 30, 9, tzinfo=<UTC>), creation_host='mail.espica.me', register_to_eff=None))>
2026-07-16 01:56:47,030:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2026-07-16 01:56:47,032:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2026-07-16 01:56:47,457:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 961
2026-07-16 01:56:47,458:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 Jul 2026 05:56:47 GMT
Content-Type: application/json
Content-Length: 961
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "MrFSDXqoKmI": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.8-July-06-2026.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2026-07-16 01:56:47,459:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for mail.espica.me
2026-07-16 01:56:47,461:DEBUG:acme.client:Requesting fresh nonce
2026-07-16 01:56:47,462:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2026-07-16 01:56:47,598:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2026-07-16 01:56:47,599:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 Jul 2026 05:56:47 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: YUeQbvp26ftEWwjILYxvYsbmdF3criqAZjzqI1paEeyR-WFbiHA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2026-07-16 01:56:47,599:DEBUG:acme.client:Storing nonce: YUeQbvp26ftEWwjILYxvYsbmdF3criqAZjzqI1paEeyR-WFbiHA
2026-07-16 01:56:47,599:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "mail.espica.me"\n    }\n  ]\n}'
2026-07-16 01:56:47,601:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJZVWVRYnZwMjZmdEVXd2pJTFl4dllzYm1kRjNjcmlxQVpqenFJMXBhRWV5Ui1XRmJpSEEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "u4Ii3kIHvP7EEO-LeZ57MO2qjWfY12ddQTUOqyD1S2xYT-FIs7h0IhQkQYshEbwNVoLfRNXLzvsvJlztJ69h5ZrA2JdLZ0m5oECfFxm95WYthLy2sqe64PTdgkZbZNLbtl9W0pXlueZYGCwRJjTmfHtslk9TlsV2WSQowZl8eqPUMGbGLCbhJ_uBV4Jat2nZC6mORMiV2HF6tVylhnlm9wy0cLHGdmFH1h-K32CdCqStcOx9u7trOM3Jytxm9vYmLiEF6zVFyAsXPVAXnUZuw2g4ETVafldlKFT_wfpx5YQ4gmL4TVjKTWaZNOghe-l4Hy9WVp8FeVcbPbukX1Y6Ug",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1haWwuZXNwaWNhLm1lIgogICAgfQogIF0KfQ"
}
2026-07-16 01:56:47,760:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 348
2026-07-16 01:56:47,760:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 16 Jul 2026 05:56:47 GMT
Content-Type: application/json
Content-Length: 348
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/3332866786/532834310356
Replay-Nonce: DeP8OpbNw6kF-G-Mkde823exBezdKCMtVAR97tOhQktt551Qcro
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2026-07-23T05:56:47Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "mail.espica.me"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/740272662306"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/3332866786/532834310356"
}
2026-07-16 01:56:47,760:DEBUG:acme.client:Storing nonce: DeP8OpbNw6kF-G-Mkde823exBezdKCMtVAR97tOhQktt551Qcro
2026-07-16 01:56:47,760:DEBUG:acme.client:JWS payload:
b''
2026-07-16 01:56:47,762:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/740272662306:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJEZVA4T3BiTnc2a0YtRy1Na2RlODIzZXhCZXpkS0NNdFZBUjk3dE9oUWt0dDU1MVFjcm8iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzMzMzI4NjY3ODYvNzQwMjcyNjYyMzA2In0",
  "signature": "pVdIjfT122m1cRPHSyJ-eX9rQSepaHyCIIophxEOeT261VfXUdECfkOMndCSm_2SmmLP3Xsls80nFz_GrD_u8wSzZN9-QkD_IQEPTWOx81oG8EyZq3RnjyI_VFtQTUaLHmmwT-6OOoaAPk7KJ_MLqR8LgM2LarRysrfPfSNYHFDZiC_txjpNIy8gGw_9y3Pjz8Dj784p1W285LNmEzF1NIkVaXp-zwffBSBVjc2XzkinbVZGUz9BAhSEgfHB80WOKFln63XsQuEenHebPn5wGwRHGqwA5jzwGc7FbeA3rl0Mx40DtuwVRujVzZEEUphlen2p0OtvHClYtVbjzNs3Pw",
  "payload": ""
}
2026-07-16 01:56:47,897:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/3332866786/740272662306 HTTP/1.1" 200 822
2026-07-16 01:56:47,898:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 Jul 2026 05:56:47 GMT
Content-Type: application/json
Content-Length: 822
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: DeP8OpbNWlhzpb7_hekBbCk8ek5qC-DAQmnmEx591q1fUxJ2shk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mail.espica.me"
  },
  "status": "pending",
  "expires": "2026-07-23T05:56:47Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/740272662306/VaL11w",
      "status": "pending",
      "token": "zcECzq5A8VTsl6E24g0vVWwjOhsRsCQ40VsXtFWCr6U"
    },
    {
      "type": "tls-alpn-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/740272662306/Xz6QKw",
      "status": "pending",
      "token": "zcECzq5A8VTsl6E24g0vVWwjOhsRsCQ40VsXtFWCr6U"
    },
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/740272662306/ODBJyQ",
      "status": "pending",
      "token": "zcECzq5A8VTsl6E24g0vVWwjOhsRsCQ40VsXtFWCr6U"
    }
  ]
}
2026-07-16 01:56:47,898:DEBUG:acme.client:Storing nonce: DeP8OpbNWlhzpb7_hekBbCk8ek5qC-DAQmnmEx591q1fUxJ2shk
2026-07-16 01:56:47,898:INFO:certbot._internal.auth_handler:Performing the following challenges:
2026-07-16 01:56:47,898:INFO:certbot._internal.auth_handler:http-01 challenge for mail.espica.me
2026-07-16 01:56:47,899:INFO:certbot._internal.plugins.webroot:Using the webroot path /var/www/html for all unmatched domains.
2026-07-16 01:56:47,899:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
2026-07-16 01:56:47,900:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/html/.well-known/acme-challenge/zcECzq5A8VTsl6E24g0vVWwjOhsRsCQ40VsXtFWCr6U
2026-07-16 01:56:47,901:DEBUG:acme.client:JWS payload:
b'{}'
2026-07-16 01:56:47,902:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/740272662306/VaL11w:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJEZVA4T3BiTldsaHpwYjdfaGVrQmJDazhlazVxQy1EQVFtbm1FeDU5MXExZlV4SjJzaGsiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzMzMzI4NjY3ODYvNzQwMjcyNjYyMzA2L1ZhTDExdyJ9",
  "signature": "JuEAsi_RicgEBCBzhBJmkTSLaBmzK72CTg6deBoVsrPsHZAkirIr2jBay8lHAO85u45is1D1OXqcDpX6IHRfFEiamqUb2bontl4nzMGCPqDyzgruJOptwpvODk1bBe8kCsDbhtXsQYMZSCYOqD3Peg3juoI1f912C5aHh4EF4nDMhD7Pzb761uEtw-kt1RFQgdAiTIYSBi4FfoppY80W1NsylNf5w7UrfDlrOwHvc7rrOJ830aRgyH8SC3EuMQFvQwO50CX1FDb0Yh-Ri___gkAKdqv1YONtrKClmwIWYRUI3hL3d0GUinSiLfVpM1O4txS4nsd5Vezhmvf6YI0KQQ",
  "payload": "e30"
}
2026-07-16 01:56:48,041:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/3332866786/740272662306/VaL11w HTTP/1.1" 200 195
2026-07-16 01:56:48,042:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 Jul 2026 05:56:47 GMT
Content-Type: application/json
Content-Length: 195
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/740272662306>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/740272662306/VaL11w
Replay-Nonce: DeP8OpbNho957Hx7T7GAype8KX3SvzFoxvmG24qBhI3TRMoOlwA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/740272662306/VaL11w",
  "status": "pending",
  "token": "zcECzq5A8VTsl6E24g0vVWwjOhsRsCQ40VsXtFWCr6U"
}
2026-07-16 01:56:48,042:DEBUG:acme.client:Storing nonce: DeP8OpbNho957Hx7T7GAype8KX3SvzFoxvmG24qBhI3TRMoOlwA
2026-07-16 01:56:48,043:INFO:certbot._internal.auth_handler:Waiting for verification...
2026-07-16 01:56:49,043:DEBUG:acme.client:JWS payload:
b''
2026-07-16 01:56:49,044:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/3332866786/740272662306:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMzMzMjg2Njc4NiIsICJub25jZSI6ICJEZVA4T3BiTmhvOTU3SHg3VDdHQXlwZThLWDNTdnpGb3h2bUcyNHFCaEkzVFJNb09sd0EiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzMzMzI4NjY3ODYvNzQwMjcyNjYyMzA2In0",
  "signature": "qy8FXLsYfjJ5CLvyJBeQYLfQKrpYHJfyXk4OE48lLgGdRfNe-N7bmeGgtY1tlBZWELLJLCUk_1v06JLcfnxLJZ100C4SfeRyhrzOzyYLGlSazdr0hiEEGP4mxt-j9ytt8lcL3QA-xxDDV4RLnXlnGeg2IWrnJidiil6YE3JoJ_6NotIsLMosZKxMGUkixxvCOI_SUDn3rUkClOUvi2tRxbQsnQ-6pd8MLhFHgJfQWJh8bF9RKReP_BNB8VN6rgGNpNIVYr4Y9QFGClHiSlbtwBGqLyLJS7rpIkbHbPY4UyJXkrkOykqDvDVSwPJaZiQVdhIaNT0LoVYOAnfC9i3ysA",
  "payload": ""
}
2026-07-16 01:56:49,181:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/3332866786/740272662306 HTTP/1.1" 200 1032
2026-07-16 01:56:49,181:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 Jul 2026 05:56:49 GMT
Content-Type: application/json
Content-Length: 1032
Connection: keep-alive
Boulder-Requester: 3332866786
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: DeP8OpbNP3PLuyKHPQHSxvenvTrOJOxpjtrAqpF0YLSyG_yxfig
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mail.espica.me"
  },
  "status": "invalid",
  "expires": "2026-07-23T05:56:47Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/3332866786/740272662306/VaL11w",
      "status": "invalid",
      "validated": "2026-07-16T05:56:47Z",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "51.75.182.103: Invalid response from http://mail.espica.me/.well-known/acme-challenge/zcECzq5A8VTsl6E24g0vVWwjOhsRsCQ40VsXtFWCr6U: 404",
        "status": 403
      },
      "token": "zcECzq5A8VTsl6E24g0vVWwjOhsRsCQ40VsXtFWCr6U",
      "validationRecord": [
        {
          "url": "http://mail.espica.me/.well-known/acme-challenge/zcECzq5A8VTsl6E24g0vVWwjOhsRsCQ40VsXtFWCr6U",
          "hostname": "mail.espica.me",
          "port": "80",
          "addressesResolved": [
            "51.75.182.103"
          ],
          "addressUsed": "51.75.182.103"
        }
      ]
    }
  ]
}
2026-07-16 01:56:49,181:DEBUG:acme.client:Storing nonce: DeP8OpbNP3PLuyKHPQHSxvenvTrOJOxpjtrAqpF0YLSyG_yxfig
2026-07-16 01:56:49,182:INFO:certbot._internal.auth_handler:Challenge failed for domain mail.espica.me
2026-07-16 01:56:49,182:INFO:certbot._internal.auth_handler:http-01 challenge for mail.espica.me
2026-07-16 01:56:49,182:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: mail.espica.me
  Type:   unauthorized
  Detail: 51.75.182.103: Invalid response from http://mail.espica.me/.well-known/acme-challenge/zcECzq5A8VTsl6E24g0vVWwjOhsRsCQ40VsXtFWCr6U: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2026-07-16 01:56:49,183:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2026-07-16 01:56:49,183:DEBUG:certbot._internal.error_handler:Calling registered functions
2026-07-16 01:56:49,183:INFO:certbot._internal.auth_handler:Cleaning up challenges
2026-07-16 01:56:49,183:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/zcECzq5A8VTsl6E24g0vVWwjOhsRsCQ40VsXtFWCr6U
2026-07-16 01:56:49,183:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2026-07-16 01:56:49,184:ERROR:certbot._internal.renewal:Failed to renew certificate mail.espica.me with error: Some challenges have failed.
2026-07-16 01:56:49,185:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1529, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 130, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 429, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 497, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2026-07-16 01:56:49,186:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2026-07-16 01:56:49,186:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2026-07-16 01:56:49,187:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/mail.espica.me/fullchain.pem (failure)
2026-07-16 01:56:49,187:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2026-07-16 01:56:49,187:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/usr/lib/python3.9/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1873, in main
    return config.func(config, plugins)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1621, in renew
    renewed_domains, failed_domains = renewal.handle_renewal_request(config)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request
    raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2026-07-16 01:56:49,187:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)