Ei, acabei de reinstalar meu servidor e, com isso, atualizei do Ubuntu 14.04 para 16.04.
Tudo funcionou bem no Ubuntu 14.04.
Mas agora no Ubuntu 16.04 Certbot não consegue obter meus certificados.
Primeiro, aqui estão os logs para quando eu executo sudo letsencrypt --apache --text -vvvvv
depois de instalar o apache2, php e postgres e o certbot por meio de repositórios.
user<strong i="10">@Server</strong>:~$ sudo cat /var/log/letsencrypt/letsencrypt.log
2016-07-08 15:30:26,402:DEBUG:letsencrypt.cli:Root logging level set at -20
2016-07-08 15:30:26,403:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-07-08 15:30:26,404:DEBUG:letsencrypt.cli:letsencrypt version: 0.4.1
2016-07-08 15:30:26,404:DEBUG:letsencrypt.cli:Arguments: ['--apache', '--text', '-vvvvv']
2016-07-08 15:30:26,404:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-07-08 15:30:26,405:DEBUG:letsencrypt.cli:Requested authenticator apache and installer apache
2016-07-08 15:30:26,861:DEBUG:letsencrypt.display.ops:Single candidate plugin: * apache
Description: Apache Web Server - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = letsencrypt_apache.configurator:ApacheConfigurator
Initialized: <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7f4fa2d0f110>
Prep: True
2016-07-08 15:30:26,862:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7f4fa2d0f110> and installer <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7f4fa2d0f110>
2016-07-08 15:30:36,207:DEBUG:letsencrypt.cli:Picked account: <Account(5e1503fd131a8338a2d21866a6e202c6)>
2016-07-08 15:30:36,208:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2016-07-08 15:30:36,212:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-07-08 15:30:36,783:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 280
2016-07-08 15:30:36,786:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '280', 'Expires': 'Fri, 08 Jul 2016 15:30:36 GMT', 'Boulder-Request-Id': 'PYGfztG4VlK9dwVTDwiVoHUbFRPIXGwvntjgxqUNRik', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 08 Jul 2016 15:30:36 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': '0-KmJIn0g2KMLRf2m2yFf9w2MT8eDXUtJAmP23ycklI'}. Content: '{\n "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
2016-07-08 15:30:36,786:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '280', 'Expires': 'Fri, 08 Jul 2016 15:30:36 GMT', 'Boulder-Request-Id': 'PYGfztG4VlK9dwVTDwiVoHUbFRPIXGwvntjgxqUNRik', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 08 Jul 2016 15:30:36 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': '0-KmJIn0g2KMLRf2m2yFf9w2MT8eDXUtJAmP23ycklI'}): '{\n "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
2016-07-08 15:30:36,940:INFO:letsencrypt.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0011_key-letsencrypt.pem
2016-07-08 15:30:36,943:INFO:letsencrypt.crypto_util:Creating CSR: /etc/letsencrypt/csr/0011_csr-letsencrypt.pem
2016-07-08 15:30:36,944:DEBUG:letsencrypt.client:CSR: CSR(file='/etc/letsencrypt/csr/0011_csr-letsencrypt.pem', data='0\x82\x02\xa80\x82\x01\x90\x02\x01\x020!1\x1f0\x1d\x06\x03U\x04\x03\x0c\x16nextcloud.mattia98.org0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xe6\xbe:9\xab\xceqz4\xcb\x02;W?\x1c\xf3\xc8\xe7G2,\xd3\xea\xea\xba7-|F#\xf9\xc8\x0c\x1bv]\xd0\xcc\xf1%\xcc\x8b{\x8e\x7fodX\xfd-\xf5i\xb6x\xdf\xab\xa7\xe8\x88/\x02\xd9\x0cu\x93\x8f\x1e\x87Ka"\xe7(\xe6\xb9\xff\t\x89;!\x1b\x04\xf9\xd4\xa0\xbc)\xd6\xad\xf4\xe5\xcfH\xfc\x9c\xe3k\x03\xdf\xeb\x9fP\xf6pN>wk\xdfX\x15\x1e(\xc1\xff\xf1Nn\xae\x7f\xf3^yZ\x9fx\xdbt\x01\xfa+\xdf\x1cm\xab(?&\x00]\xd8}\x98\x1c\xdf\x14\xd1\xf5\x92$\xab\x15\xb6\x83$p\xe4\xfe\xfeW\xff\x7f&\xb7\x87\x81I\xeb\xbcL\x96\x85iH\x02\x9a"\x06\xc8\xca\xa9g\xe8c\x9f\xf7\xe9}\\\x8bb\xdd\xfb\xf24\xedZ\x14\xc6}\x90\r\xadMZ\'x %\x84(&\x9d\xf0,H\x13\xae\x14\x89v\xf5Ua\x14\xdcv\x01W\xc5\xd8R=\x17\x97F\x16J\x05<bl\xfc\x0ccR\xd7\x97\xddSI\xc4\x0e\x028y\x02\x03\x01\x00\x01\xa0B0@\x06\t*\x86H\x86\xf7\r\x01\t\x0e13010/\x06\x03U\x1d\x11\x04(0&\x82\x16nextcloud.mattia98.org\x82\x0cmattia98.org0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00;\x1d\xca:\xbav\xad,\x93\x07\xb2S\x9f\xffVX$\x8d\xcb\xfd\xd9\xd8\xd7\xdfea\x10W\xb5\x81\xd8\x9e\x94S\xbe\x1aUG \xc9D\xcaF\x94V\x016\xf8\xc1I\xf6@b\x8d7\x91\x1c\xd6 \xe7\x19\xb8\x80Q\xa3a\xb3\xe0\x86\xb6\'\xf7\xce\x9cE\x86x\xae\xa1rG"\xc8\xbd\x12\x7f\xa3>\xeaN\xa8\xdb\xe89Wq6\xe8\xd0\xb2\x88j\xf4X\x1fFj-\x97\xf2\x1cnO\x8c5s\xc3\xa46P[\xf5\xd8\xed"\n\x18a\xfc\xf7"\x0f\x99\xe5\xee\xbe\x9auf\xf3\xcaE<6\x1e\xce\xf1\x99>\\\xe3\x0e\xb5\xf5O\t\xc8\x1f\xf69w\xfaG\xc6\x1f\xb7\x0cCDA\x8f\x0fX\x12l&\x9b\xcd\xc8j\xa4X\xdfn\xe9\xd2\x82\xa7\x05^ \x89\x98\x03\xe9\xb0\x06\xa2o\xfbp\x1a^]\x95a\x0bH\x1e\x84E\xa0:#\xa2\xddbi$\xa50T.\xf9\x1e\x92\t\x00\xdd\xd1yG\xdb\xde\xbb\xfb\x95\xf4\xc4\xc7\x10\xa1>\xed)\xa8\x8e\xed\xecgj\xab\x87V\xfeI', form='der'), domains: ['nextcloud.mattia98.org', 'mattia98.org']
2016-07-08 15:30:36,944:DEBUG:root:Requesting fresh nonce
2016-07-08 15:30:36,945:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2016-07-08 15:30:36,946:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-07-08 15:30:37,532:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2016-07-08 15:30:37,534:DEBUG:root:Received <Response [405]>. Headers: {'Content-Length': '91', 'Pragma': 'no-cache', 'Boulder-Request-Id': 'JHdVDYTxHAiS5zsJfg6F3qklf1fDauN0eYAERFl13U8', 'Expires': 'Fri, 08 Jul 2016 15:30:37 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow': 'POST', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 08 Jul 2016 15:30:37 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': '7AnRjCaga22PYrBWhPrtL_4u7klzRN_VWXkOgDLv1H8'}. Content: ''
2016-07-08 15:30:37,535:DEBUG:acme.client:Storing nonce: '\xec\t\xd1\x8c&\xa0km\x8fb\xb0V\x84\xfa\xed/\xfe.\xeeIsD\xdf\xd5Yy\x0e\x802\xef\xd4\x7f'
2016-07-08 15:30:37,535:DEBUG:acme.jose.json_util:Omitted empty fields: challenges=None, combinations=None, status=None, expires=None
2016-07-08 15:30:37,535:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "nextcloud.mattia98.org"}, "resource": "new-authz"}
2016-07-08 15:30:37,536:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), x5tS256=None, cty=None, jku=None, x5u=None, x5t=None, crit=(), kid=None, jwk=None, typ=None, alg=None
2016-07-08 15:30:37,541:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), x5tS256=None, cty=None, jku=None, x5u=None, nonce=None, crit=(), x5t=None, kid=None, typ=None
2016-07-08 15:30:37,541:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "0ZtqLvfsdse_etXITjBjpJXIkBtiI0RaAz3bI3mT9aVlS3lU3ydrwfwiMDkz-L30WQOoQM8qfY-UfwzzME7cLMO78Ys4FyHRcawxKAqW6qqEg70Er2kqsstVXzVHPRGu5B2UMBgHqJPRgNKEoBjUUg0gPiDVpOGhJs5Nsy_7cdYszV195bCWXoDjS_Ukhr_l2RSjn3QwGMmH-Qwi3NYWiRBh9ofTuB81lI1T4fOxpwsqCGI5kdxR7eDXCLAOrfsfLPgP-cyIFe0QAVuzPAzrCc9eRuakMGIw1XV6zyeFa8VFhwjkQwmfvzIQFbmRS3x_y2l-DogsetOORt2kbuQEfw"}}, "protected": "eyJub25jZSI6ICI3QW5SakNhZ2EyMlBZckJXaFBydExfNHU3a2x6Uk5fVldYa09nREx2MUg4In0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJuZXh0Y2xvdWQubWF0dGlhOTgub3JnIn0sICJyZXNvdXJjZSI6ICJuZXctYXV0aHoifQ", "signature": "V8USFes73cZQte3Ew-ZIOwKhRgqyn0R-gDI5fhGeciyXIjqqlFBkAnc4qCh9asCRKyvci-4q1PI0cdscld4UCvkpYRPYiWzinDbHzFgl7DIXqsQXDI8NOzGUfN8HDd_rClK_iWZZTl5RdD2MWC5DjgGqEB1iqJu0QR_0jqsB1ROrdkGy3KDvhQYS0Lk4_dR55TojcCI6hIteWaLxPkAEcesZHU_oS0dxwW2GZ7FI4t6CAhW3UiO-O4LrxxYVFECID8dkvD1tNQvAUAYtNtLEsbLdGPUAQc41O6CVAUXMnF74cAgiUhfCosMQI6byGUBOqIL0Vv5pT8UkzeNMCxghSQ"}'}
2016-07-08 15:30:37,542:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-07-08 15:30:37,977:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 1007
2016-07-08 15:30:37,979:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '1007', 'Expires': 'Fri, 08 Jul 2016 15:30:37 GMT', 'Boulder-Request-Id': 'J5teGhdGv8RdkGeEUMo-p68zH5u8vN1gsFW4102E8Q0', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/9DaiEmrBcFDec4QndyAxoT5U2vanpjrX3t0F31HsqTg', 'Pragma': 'no-cache', 'Boulder-Requester': '2538441', 'Date': 'Fri, 08 Jul 2016 15:30:37 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'khYlJM7O1VRbD7HqxYfVLGN2zVZ6DRfZEk5yLzq-fGE'}. Content: '{\n "identifier": {\n "type": "dns",\n "value": "nextcloud.mattia98.org"\n },\n "status": "pending",\n "expires": "2016-07-15T15:30:37.863196959Z",\n "challenges": [\n {\n "type": "http-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/9DaiEmrBcFDec4QndyAxoT5U2vanpjrX3t0F31HsqTg/163861749",\n "token": "6eGSUishHge1kTGdUcwU67lNg0qL3Y22hzEI4JSjBOY"\n },\n {\n "type": "dns-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/9DaiEmrBcFDec4QndyAxoT5U2vanpjrX3t0F31HsqTg/163861750",\n "token": "K5WQRe5_e2_iK0-PYdSLH9Rags-2Hb-1s1Xqe36msWQ"\n },\n {\n "type": "tls-sni-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/9DaiEmrBcFDec4QndyAxoT5U2vanpjrX3t0F31HsqTg/163861751",\n "token": "p-LrTcx43lMdjo5jUcZwzC5oFlklQu9W1H6HkUAwIDQ"\n }\n ],\n "combinations": [\n [\n 2\n ],\n [\n 0\n ],\n [\n 1\n ]\n ]\n}'
2016-07-08 15:30:37,980:DEBUG:acme.client:Storing nonce: '\x92\x16%$\xce\xce\xd5T[\x0f\xb1\xea\xc5\x87\xd5,cv\xcdVz\r\x17\xd9\x12Nr/:\xbe|a'
2016-07-08 15:30:37,980:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '1007', 'Expires': 'Fri, 08 Jul 2016 15:30:37 GMT', 'Boulder-Request-Id': 'J5teGhdGv8RdkGeEUMo-p68zH5u8vN1gsFW4102E8Q0', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/9DaiEmrBcFDec4QndyAxoT5U2vanpjrX3t0F31HsqTg', 'Pragma': 'no-cache', 'Boulder-Requester': '2538441', 'Date': 'Fri, 08 Jul 2016 15:30:37 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'khYlJM7O1VRbD7HqxYfVLGN2zVZ6DRfZEk5yLzq-fGE'}): '{\n "identifier": {\n "type": "dns",\n "value": "nextcloud.mattia98.org"\n },\n "status": "pending",\n "expires": "2016-07-15T15:30:37.863196959Z",\n "challenges": [\n {\n "type": "http-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/9DaiEmrBcFDec4QndyAxoT5U2vanpjrX3t0F31HsqTg/163861749",\n "token": "6eGSUishHge1kTGdUcwU67lNg0qL3Y22hzEI4JSjBOY"\n },\n {\n "type": "dns-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/9DaiEmrBcFDec4QndyAxoT5U2vanpjrX3t0F31HsqTg/163861750",\n "token": "K5WQRe5_e2_iK0-PYdSLH9Rags-2Hb-1s1Xqe36msWQ"\n },\n {\n "type": "tls-sni-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/9DaiEmrBcFDec4QndyAxoT5U2vanpjrX3t0F31HsqTg/163861751",\n "token": "p-LrTcx43lMdjo5jUcZwzC5oFlklQu9W1H6HkUAwIDQ"\n }\n ],\n "combinations": [\n [\n 2\n ],\n [\n 0\n ],\n [\n 1\n ]\n ]\n}'
2016-07-08 15:30:37,981:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'K5WQRe5_e2_iK0-PYdSLH9Rags-2Hb-1s1Xqe36msWQ', u'type': u'dns-01', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/9DaiEmrBcFDec4QndyAxoT5U2vanpjrX3t0F31HsqTg/163861750'}
2016-07-08 15:30:37,982:DEBUG:acme.jose.json_util:Omitted empty fields: challenges=None, combinations=None, status=None, expires=None
2016-07-08 15:30:37,982:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "mattia98.org"}, "resource": "new-authz"}
2016-07-08 15:30:37,983:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), x5tS256=None, cty=None, jku=None, x5u=None, x5t=None, crit=(), kid=None, jwk=None, typ=None, alg=None
2016-07-08 15:30:37,987:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), x5tS256=None, cty=None, jku=None, x5u=None, nonce=None, crit=(), x5t=None, kid=None, typ=None
2016-07-08 15:30:37,987:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "0ZtqLvfsdse_etXITjBjpJXIkBtiI0RaAz3bI3mT9aVlS3lU3ydrwfwiMDkz-L30WQOoQM8qfY-UfwzzME7cLMO78Ys4FyHRcawxKAqW6qqEg70Er2kqsstVXzVHPRGu5B2UMBgHqJPRgNKEoBjUUg0gPiDVpOGhJs5Nsy_7cdYszV195bCWXoDjS_Ukhr_l2RSjn3QwGMmH-Qwi3NYWiRBh9ofTuB81lI1T4fOxpwsqCGI5kdxR7eDXCLAOrfsfLPgP-cyIFe0QAVuzPAzrCc9eRuakMGIw1XV6zyeFa8VFhwjkQwmfvzIQFbmRS3x_y2l-DogsetOORt2kbuQEfw"}}, "protected": "eyJub25jZSI6ICJraFlsSk03TzFWUmJEN0hxeFlmVkxHTjJ6Vlo2RFJmWkVrNXlMenEtZkdFIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJtYXR0aWE5OC5vcmcifSwgInJlc291cmNlIjogIm5ldy1hdXRoeiJ9", "signature": "utNx6n8fsljg6Hi2xuqMcmVHYgFUm_m29_CcwLdtMstVy_YvJjFNsIPexyOTeEjl1KA5axh3Lz9gHZz-j_tRgNrWutUJBvKD4xRKwA1gs8qJFh6hiUUo5Uncir_n7J8f_ihnMqRTZGAXuDShRLM11mUMAD5Cjum8awRuR12O0wW9XCyK2L4ARPOJiLWuKCDrfzkKvNOP2GfWl4UPNj-HFQjpMlkVms9e0RYsXRvugoEUfTMRqosAt9JPS3n8SuIOLub04qhAfpgnBPZLgip2la69oi_m1DC3xbrOpkfyefl9GPZ1NznK6PCO4IeOTl24_65gxGtZRIlJXOjm2lo-BA"}'}
2016-07-08 15:30:37,988:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-07-08 15:30:38,474:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 997
2016-07-08 15:30:38,476:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '997', 'Expires': 'Fri, 08 Jul 2016 15:30:38 GMT', 'Boulder-Request-Id': 'exE0StMYMRyHvZhsoeY5gpr4RjZqSIHwTVhmVEwlnQc', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/NZLIJJXF9eOlesysPBep46rttqwLtrW4xITvKO4m0BU', 'Pragma': 'no-cache', 'Boulder-Requester': '2538441', 'Date': 'Fri, 08 Jul 2016 15:30:38 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'sYD88XRIbKRmM6c6TR2RMqF9smRKpUgfRR6vW93yukE'}. Content: '{\n "identifier": {\n "type": "dns",\n "value": "mattia98.org"\n },\n "status": "pending",\n "expires": "2016-07-15T15:30:38.353277995Z",\n "challenges": [\n {\n "type": "dns-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/NZLIJJXF9eOlesysPBep46rttqwLtrW4xITvKO4m0BU/163861764",\n "token": "gyc-PjZ11Yo3EplHjniX_qqk1MerazX54QAm3vA6KWI"\n },\n {\n "type": "tls-sni-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/NZLIJJXF9eOlesysPBep46rttqwLtrW4xITvKO4m0BU/163861765",\n "token": "3kWeIUQWy9vF8oU2SKgr-wEXeohA3EuYlLERCffmBp8"\n },\n {\n "type": "http-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/NZLIJJXF9eOlesysPBep46rttqwLtrW4xITvKO4m0BU/163861766",\n "token": "CJyZLRqQ5RCt8q2y8x9Nrp5-mLaWDXcmGyD9TKzpk38"\n }\n ],\n "combinations": [\n [\n 1\n ],\n [\n 0\n ],\n [\n 2\n ]\n ]\n}'
2016-07-08 15:30:38,477:DEBUG:acme.client:Storing nonce: '\xb1\x80\xfc\xf1tHl\xa4f3\xa7:M\x1d\x912\xa1}\xb2dJ\xa5H\x1fE\x1e\xaf[\xdd\xf2\xbaA'
2016-07-08 15:30:38,477:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '997', 'Expires': 'Fri, 08 Jul 2016 15:30:38 GMT', 'Boulder-Request-Id': 'exE0StMYMRyHvZhsoeY5gpr4RjZqSIHwTVhmVEwlnQc', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/NZLIJJXF9eOlesysPBep46rttqwLtrW4xITvKO4m0BU', 'Pragma': 'no-cache', 'Boulder-Requester': '2538441', 'Date': 'Fri, 08 Jul 2016 15:30:38 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'sYD88XRIbKRmM6c6TR2RMqF9smRKpUgfRR6vW93yukE'}): '{\n "identifier": {\n "type": "dns",\n "value": "mattia98.org"\n },\n "status": "pending",\n "expires": "2016-07-15T15:30:38.353277995Z",\n "challenges": [\n {\n "type": "dns-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/NZLIJJXF9eOlesysPBep46rttqwLtrW4xITvKO4m0BU/163861764",\n "token": "gyc-PjZ11Yo3EplHjniX_qqk1MerazX54QAm3vA6KWI"\n },\n {\n "type": "tls-sni-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/NZLIJJXF9eOlesysPBep46rttqwLtrW4xITvKO4m0BU/163861765",\n "token": "3kWeIUQWy9vF8oU2SKgr-wEXeohA3EuYlLERCffmBp8"\n },\n {\n "type": "http-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/NZLIJJXF9eOlesysPBep46rttqwLtrW4xITvKO4m0BU/163861766",\n "token": "CJyZLRqQ5RCt8q2y8x9Nrp5-mLaWDXcmGyD9TKzpk38"\n }\n ],\n "combinations": [\n [\n 1\n ],\n [\n 0\n ],\n [\n 2\n ]\n ]\n}'
2016-07-08 15:30:38,478:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'gyc-PjZ11Yo3EplHjniX_qqk1MerazX54QAm3vA6KWI', u'type': u'dns-01', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/NZLIJJXF9eOlesysPBep46rttqwLtrW4xITvKO4m0BU/163861764'}
2016-07-08 15:30:38,478:INFO:letsencrypt.auth_handler:Performing the following challenges:
2016-07-08 15:30:38,479:INFO:letsencrypt.auth_handler:tls-sni-01 challenge for nextcloud.mattia98.org
2016-07-08 15:30:38,479:INFO:letsencrypt.auth_handler:tls-sni-01 challenge for mattia98.org
2016-07-08 15:30:39,129:DEBUG:letsencrypt_apache.tls_sni_01:Adding Include /etc/apache2/le_tls_sni_01_cert_challenge.conf to /files/etc/apache2/apache2.conf
2016-07-08 15:30:39,130:DEBUG:letsencrypt_apache.tls_sni_01:writing a config file with text:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName ee4f8cf0d737d87fd1b172d09e932afa.6a81bd6a27ca58c1324a11a8f178f300.acme.invalid
UseCanonicalName on
SSLStrictSNIVHostCheck on
LimitRequestBody 1048576
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /var/lib/letsencrypt/p-LrTcx43lMdjo5jUcZwzC5oFlklQu9W1H6HkUAwIDQ.crt
SSLCertificateKeyFile /var/lib/letsencrypt/p-LrTcx43lMdjo5jUcZwzC5oFlklQu9W1H6HkUAwIDQ.pem
DocumentRoot /var/lib/letsencrypt/tls_sni_01_page/
</VirtualHost>
<VirtualHost *:443>
ServerName 288e75c418f3b55fa9ce4335bf672833.86b280ba5412aa994ce902544640544f.acme.invalid
UseCanonicalName on
SSLStrictSNIVHostCheck on
LimitRequestBody 1048576
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /var/lib/letsencrypt/3kWeIUQWy9vF8oU2SKgr-wEXeohA3EuYlLERCffmBp8.crt
SSLCertificateKeyFile /var/lib/letsencrypt/3kWeIUQWy9vF8oU2SKgr-wEXeohA3EuYlLERCffmBp8.pem
DocumentRoot /var/lib/letsencrypt/tls_sni_01_page/
</VirtualHost>
</IfModule>
2016-07-08 15:30:39,175:DEBUG:letsencrypt.reverter:Creating backup of /etc/apache2/apache2.conf
2016-07-08 15:30:39,429:ERROR:letsencrypt.le_util:Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
2016-07-08 15:30:39,430:DEBUG:letsencrypt.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/letsencrypt/auth_handler.py", line 115, in _solve_challenges
dv_resp = self.dv_auth.perform(self.dv_c)
File "/usr/lib/python2.7/dist-packages/letsencrypt_apache/configurator.py", line 1554, in perform
self.restart()
File "/usr/lib/python2.7/dist-packages/letsencrypt_apache/configurator.py", line 1463, in restart
self._reload()
File "/usr/lib/python2.7/dist-packages/letsencrypt_apache/configurator.py", line 1474, in _reload
raise errors.MisconfigurationError(str(err))
MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
2016-07-08 15:30:39,430:DEBUG:letsencrypt.error_handler:Calling registered functions
2016-07-08 15:30:39,431:INFO:letsencrypt.auth_handler:Cleaning up challenges
2016-07-08 15:30:39,653:ERROR:letsencrypt.le_util:Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
2016-07-08 15:30:39,653:ERROR:letsencrypt.error_handler:Encountered exception during recovery
2016-07-08 15:30:39,653:ERROR:letsencrypt.error_handler:Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/letsencrypt/error_handler.py", line 74, in call_registered
self.funcs[-1]()
File "/usr/lib/python2.7/dist-packages/letsencrypt/auth_handler.py", line 280, in _cleanup_challenges
self.dv_auth.cleanup(dv_c)
File "/usr/lib/python2.7/dist-packages/letsencrypt_apache/configurator.py", line 1575, in cleanup
self.restart()
File "/usr/lib/python2.7/dist-packages/letsencrypt_apache/configurator.py", line 1463, in restart
self._reload()
File "/usr/lib/python2.7/dist-packages/letsencrypt_apache/configurator.py", line 1474, in _reload
raise errors.MisconfigurationError(str(err))
MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
2016-07-08 15:30:39,655:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/letsencrypt", line 9, in <module>
load_entry_point('letsencrypt==0.4.1', 'console_scripts', 'letsencrypt')()
File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1986, in main
return config.func(config, plugins)
File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 662, in run
lineage, action = _auth_from_domains(le_client, config, domains)
File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 474, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 269, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 252, in obtain_certificate
return self.obtain_certificate_from_csr(domains, csr) + (key, csr)
File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 225, in obtain_certificate_from_csr
authzr = self.auth_handler.get_authorizations(domains)
File "/usr/lib/python2.7/dist-packages/letsencrypt/auth_handler.py", line 80, in get_authorizations
cont_resp, dv_resp = self._solve_challenges()
File "/usr/lib/python2.7/dist-packages/letsencrypt/auth_handler.py", line 115, in _solve_challenges
dv_resp = self.dv_auth.perform(self.dv_c)
File "/usr/lib/python2.7/dist-packages/letsencrypt_apache/configurator.py", line 1554, in perform
self.restart()
File "/usr/lib/python2.7/dist-packages/letsencrypt_apache/configurator.py", line 1463, in restart
self._reload()
File "/usr/lib/python2.7/dist-packages/letsencrypt_apache/configurator.py", line 1474, in _reload
raise errors.MisconfigurationError(str(err))
MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
Isso parece uma duplicata do nº 1783, no entanto, agradeço que você forneça um log completo do problema. Já mencionei esse problema lá.
Eu tive o mesmo problema (a ação 'graciosa' falhou, Aviso: a raiz do documento não existe). No meu caso, o motivo parecia ser a configuração existente do Apache SSL. Eu não tinha certificados configurados (pensando que Letsencrypt cuidaria disso). Adicionar as seguintes linhas à minha configuração do Virtualhost fez com que o erro desaparecesse:
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
Confirmado com meus hosts virtuais também. Pré-configurando os hosts virtuais SSL com o certificado e a chave snakeoil, o certbot -apache é instalado perfeitamente. Isso também eliminou os outros vários "erros" que podem ser encontrados e também são discutidos, como:
" urn:acme : error:malformed :: A mensagem de solicitação foi malformada :: O servidor só fala HTTP, não TLS"
"desafio tls-sni-01: o servidor só fala http, não tls"
"Aviso: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] não existe"
Comentários muito úteis
Eu tive o mesmo problema (a ação 'graciosa' falhou, Aviso: a raiz do documento não existe). No meu caso, o motivo parecia ser a configuração existente do Apache SSL. Eu não tinha certificados configurados (pensando que Letsencrypt cuidaria disso). Adicionar as seguintes linhas à minha configuração do Virtualhost fez com que o erro desaparecesse:
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key