mkdir /mnt
for i in proc dev etc; do mount $i /mnt/$i; done #er... disk prefix missing?
chroot /mnt
ls /var/log/apt/history.log
Renewed the Let's encrypt certificate before it expires on December 9.
Note: need to give berry314.girod.fi so
that the certificate is valid for both berry314.girod.fi
and girod.fi.
Next expiration: March 4.
~> sudo perl -pi -e 's/Rewrite/# Rewrite/' /etc/apache2/sites-available/000-default.conf
~> sudo apachectl graceful
# certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): berry314.girod.fi
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for girod.fi
Input the webroot for girod.fi: (Enter 'c' to cancel): /var/www/html
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/berry314.girod.fi/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/berry314.girod.fi/privkey.pem
Your cert will expire on 2023-03-04. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
~> sudo perl -pi -e 's/# Rewrite/Rewrite/' /etc/apache2/sites-available/000-default.conf
~> sudo apachectl graceful
~> sudo openssl x509 -enddate -noout -in /etc/letsencrypt/archive/berry314.girod.fi/fullchain3.pem
notAfter=Mar 4 17:44:41 2023 GMT
htdig> sudo $BINDIR/htdig -vvv -i -a
1:1:https://berry314.girod.fi/
New server: berry314.girod.fi, 80
Retrieval command for http://berry314.girod.fi/robots.txt: GET /robots.txt HTTP/1.0
User-Agent: htdig/3.1.6 ([email protected])
Host: berry314.girod.fi
Header line: HTTP/1.1 301 Moved Permanently
Header line: Date: Sun, 18 Sep 2022 08:04:27 GMT
Header line: Server: Apache/2.4.38 (Raspbian)
Header line: Location: https://berry314.girod.fi/robots.txt
Header line: Content-Length: 329
Header line: Connection: close
Header line: Content-Type: text/html; charset=iso-8859-1
Header line:
returnStatus = 3
pushed
pick: berry314.girod.fi, # servers = 1
0:0:0:https://berry314.girod.fi/: Retrieval command for https://berry314.girod.fi/: GET / HTTP/1.0
User-Agent: htdig/3.1.6 ([email protected])
Host: berry314.girod.fi
Header line: HTTP/1.1 301 Moved Permanently
Header line: Date: Sun, 18 Sep 2022 08:04:27 GMT
Header line: Server: Apache/2.4.38 (Raspbian)
Header line: Location: https://berry314.girod.fi/
Header line: Content-Length: 319
Header line: Connection: close
Header line: Content-Type: text/html; charset=iso-8859-1
Header line:
returnStatus = 3
redirect
redirect: https://berry314.girod.fi/
Rejected: Not an http or relative link!pick: berry314.girod.fi, # servers = 1
start_url: http://berry314.girod.fi/
htdig> grep Rewrite /etc/apache2/sites-enabled/000-default.conf
# RewriteEngine On
# RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
# RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
htdig> sudo apachectl graceful
htdig> sudo $BINDIR/htdig -vvv -i -a
1:1:http://berry314.girod.fi/
New server: berry314.girod.fi, 80
Retrieval command for http://berry314.girod.fi/robots.txt: GET /robots.txt HTTP/1.0
User-Agent: htdig/3.1.6 ([email protected])
Host: berry314.girod.fi
Header line: HTTP/1.1 404 Not Found
Header line: Date: Sun, 18 Sep 2022 08:11:54 GMT
Header line: Server: Apache/2.4.38 (Raspbian)
Header line: Content-Length: 281
Header line: Connection: close
Header line: Content-Type: text/html; charset=iso-8859-1
Header line:
returnStatus = 1
pushed
pick: berry314.girod.fi, # servers = 1
0:0:0:http://berry314.girod.fi/: Retrieval command for http://berry314.girod.fi/: GET / HTTP/1.0
User-Agent: htdig/3.1.6 ([email protected])
Host: berry314.girod.fi
Header line: HTTP/1.1 200 OK
Header line: Date: Sun, 18 Sep 2022 08:11:54 GMT
Header line: Server: Apache/2.4.38 (Raspbian)
Header line: Last-Modified: Sun, 01 Sep 2019 08:27:53 GMT
Converted Sun, 01 Sep 2019 08:27:53 GMT to Sun, 01 Sep 2019 08:27:53
Header line: ETag: "526-59179a1ae7187"
Header line: Accept-Ranges: bytes
Header line: Content-Length: 1318
Header line: Vary: Accept-Encoding
Header line: Connection: close
Header line: Content-Type: text/html; charset=UTF-8
Header line:
returnStatus = 0
Read 1318 from document
Read a total of 1318 bytes
href: http://berry314.girod.fi/tmfish (General Fish Family tree)
...
htdig> sudo apachectl graceful
htdig> sudo rm db/db.{docdb,wordlist}
htdig> for f in db/db.{docdb,wordlist}; do sudo mv $f.work $f; done
htdig> LC_COLLATE=C sudo $BINDIR/htmerge
dev> cd /opt/www/htdig/bin
bin> export DBDIR=/opt/www/htdig/db COMMONDIR=/opt/www/htdig/common BINDIR=/opt/www/htdig/bin
bin> export TMPDIR=$DBDIR
bin> sudo $BINDIR/htdig -v -i -a
New server: berry314.girod.fi, 80
0:0:0:https://berry314.girod.fi/: redirect
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
start_url: https://berry314.girod.fi/
bin> host berry314.girod.fi
berry314.girod.fi has address 104.21.21.89
berry314.girod.fi has address 172.67.197.83
berry314.girod.fi has IPv6 address 2606:4700:3033::ac43:c553
berry314.girod.fi has IPv6 address 2606:4700:3037::6815:1559
bin> grep berry314.girod.fi /etc/hosts
127.0.1.1 berry314 berry314.girod.fi
# 86.44.5.225 berry314.girod.fi
# 86.44.5.225 berry314.dyndns-pics.com berry314.girod.fi
tmp> dig berry314.girod.fi | grep -A1 'ANSWER SECTION'
;; ANSWER SECTION:
berry314.girod.fi. 0 IN A 86.44.5.225
CNAME FlatteningBut not so from berry itself:
Cloudflare will follow a CNAME to where it points and return that IP address instead of the CNAME record. By default, Cloudflare will only flatten the CNAME at the root of your domain, which is girod.fi.
ddclient-3.9.1> host berry314.girod.fi
berry314.girod.fi has address 172.67.197.83
berry314.girod.fi has address 104.21.21.89
berry314.girod.fi has IPv6 address 2606:4700:3037::6815:1559
berry314.girod.fi has IPv6 address 2606:4700:3033::ac43:c553
ddclient-3.9.1> host berry314.dyndns-pics.com
berry314.dyndns-pics.com has address 86.44.5.225
tmp> host berry
Host berry not found: 2(SERVFAIL)
tmp> host berry
berry has address 86.44.5.225
Host berry not found: 3(NXDOMAIN)
tmp> host berry
berry has address 192.168.1.7
berry has address 86.44.5.225
Host berry not found: 3(NXDOMAIN)
tmp> host berry314
Host berry314 not found: 2(SERVFAIL)
tmp> host berry314.girod.fi
berry314.girod.fi has address 86.44.5.225
berry314.girod.fi is an alias for berry314.dyndns-pics.com.
tmp> host berry
berry has address 192.168.1.7
Host berry not found: 3(NXDOMAIN)
tmp> host berry314
berry314 has address 86.44.5.225
Host berry314 not found: 3(NXDOMAIN)
tmp> dig berry314.girod.fi | grep -A1 'ANSWER SECTION'
;; ANSWER SECTION:
berry314.girod.fi. 0 IN A 86.44.5.225
tmp> dig berry314.dyndns-pics.com | grep -A1 'ANSWER SECTION'
;; ANSWER SECTION:
berry314.dyndns-pics.com. 0 IN A 86.44.5.225
ddclient-3.9.1> dig berry314.girod.fi | grep -A2 'ANSWER SECTION'
;; ANSWER SECTION:
berry314.girod.fi. 3600 IN CNAME berry314.dyndns-pics.com.
berry314.dyndns-pics.com. 3600 IN A 86.44.5.225
ddclient-3.9.1> sudo certbot certonly -d berry314.girod.fi
...
Failed authorization procedure. berry314.girod.fi (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: 86.44.5.225: Invalid response from http://berry314.girod.fi/.well-known/acme-challenge/-IyZRmjOEebaImeIXP97--DACdvBJ_g8__wYkqkU1WY: 404
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: berry314.girod.fi
Type: unauthorized
Detail: 86.44.5.225: Invalid response from
http://berry314.girod.fi/.well-known/acme-challenge/-IyZRmjOEebaImeIXP97--DACdvBJ_g8__wYkqkU1WY:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
ddclient-3.9.1> sudo certbot certonly --webroot -w /var/www/html -d berry314.girod.fi
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for berry314.girod.fi
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/berry314.girod.fi/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/berry314.girod.fi/privkey.pem
Your cert will expire on 2022-12-09. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
ddclient-3.9.1> sudo egrep -v '^([ ]*#|$)' /etc/apache2/sites-enabled/default-ssl.conf | grep SSLCert
SSLCertificateFile /etc/letsencrypt/live/berry314.girod.fi/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/berry314.girod.fi/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/berry314.girod.fi/fullchain.pem
tmp> dig NS girod.fi @opal.ns.cloudflare.com | grep -A2 'ANSWER SECTION'
;; ANSWER SECTION:
girod.fi. 86400 IN NS opal.ns.cloudflare.com.
girod.fi. 86400 IN NS walt.ns.cloudflare.com.
tmp> dig berry314.girod.fi @opal.ns.cloudflare.com | grep -A1 'AUTHORITY SECTION'
;; AUTHORITY SECTION:
berry314.girod.fi. 300 IN NS berry314.dyndns-pics.com.
tmp> dig NS girod.fi | grep -A2 'ANSWER SECTION'
;; ANSWER SECTION:
girod.fi. 6584 IN NS ns1.shellit.org.
girod.fi. 6584 IN NS ns1.z.fi.
tmp> dig berry314.girod.fi | grep -A1 'ANSWER SECTION'
;; ANSWER SECTION:
berry314.girod.fi. 0 IN A 164.215.39.201
tmp> dig berry314.girod.fi | grep -A1 'ANSWER SECTION'
;; ANSWER SECTION:
berry314.girod.fi. 0 IN A 86.44.5.225
tmp> dig NS girod.fi | grep -A2 'ANSWER SECTION'
;; ANSWER SECTION:
girod.fi. 21600 IN NS opal.ns.cloudflare.com.
girod.fi. 21600 IN NS walt.ns.cloudflare.com.
ddclient-3.9.1> sudo certbot certonly -d berry314.girod.fi
Saving debug log to /var/log/letsencrypt/letsencrypt.log
...
Failed authorization procedure. berry314.girod.fi (http-01): urn:ietf:params:acme:error:dns :: DNS problem: query timed out looking up A for berry314.girod.fi; DNS problem: SERVFAIL looking up AAAA for berry314.girod.fi - the domain's nameservers may be malfunctioning
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: berry314.girod.fi
Type: None
Detail: DNS problem: query timed out looking up A for
berry314.girod.fi; DNS problem: SERVFAIL looking up AAAA for
berry314.girod.fi - the domain's nameservers may be malfunctioning
tmp> dig berry314.girod.fi
; <<>> DiG 9.16.1-Ubuntu <<>> berry314.girod.fi
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60103
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;berry314.girod.fi. IN A
;; ANSWER SECTION:
berry314.girod.fi. 0 IN A 164.215.39.201
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Thu Sep 08 08:38:19 IST 2022
;; MSG SIZE rcvd: 62
ddclient-3.9.1> sudo certbot certonly -d girod.fi
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for girod.fi
Input the webroot for girod.fi: (Enter 'c' to cancel): /home/marc/webroot/girod
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. girod.fi (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: 2a03:e581:4::11: Invalid response from http://girod.fi/.well-known/acme-challenge/KgJIcfxawvbG-qXGHk0Z-Da3165sgIt0kpxumXfld5E: 404
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: girod.fi
Type: unauthorized
Detail: 2a03:e581:4::11: Invalid response from
http://girod.fi/.well-known/acme-challenge/KgJIcfxawvbG-qXGHk0Z-Da3165sgIt0kpxumXfld5E:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
ddclient-3.9.1> sudo certbot certonly -d dyndns-pics.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dyndns-pics.com
Input the webroot for dyndns-pics.com: (Enter 'c' to cancel): /home/marc/webroot/dyndns
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. dyndns-pics.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: 132.226.44.1: Fetching https://www.oracle.com/corporate/acquisitions/dyn/: Timeout after connect (your server may be slow or overloaded)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: dyndns-pics.com
Type: connection
Detail: 132.226.44.1: Fetching
https://www.oracle.com/corporate/acquisitions/dyn/: Timeout after
connect (your server may be slow or overloaded)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
ddclient-3.9.1> sudo certbot certonly -d berry314.dyndns-pics.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for berry314.dyndns-pics.com
Input the webroot for berry314.dyndns-pics.com: (Enter 'c' to cancel): /home/marc/webroot/dyndns
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. berry314.dyndns-pics.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: 86.44.5.225: Invalid response from http://berry314.dyndns-pics.com/.well-known/acme-challenge/h0q9GnqCnvHWIhkT0NCjj_GAB38wKqQ6mzGLjxi7xIE: 404
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: berry314.dyndns-pics.com
Type: unauthorized
Detail: 86.44.5.225: Invalid response from
http://berry314.dyndns-pics.com/.well-known/acme-challenge/h0q9GnqCnvHWIhkT0NCjj_GAB38wKqQ6mzGLjxi7xIE:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
tmp> sudo certbot certonly -d dyndns-pics.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017-w-v1.3-notice.pdf.
You must agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dyndns-pics.com
Input the webroot for dyndns-pics.com: (Enter 'c' to cancel): ~/tmp/webroot/dyndns
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
~/tmp/webroot/dyndns does not exist or is not a directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Input the webroot for dyndns-pics.com: (Enter 'c' to cancel): /home/marc/tmp/webroot/dyndns
Waiting for verification...
Challenge failed for domain dyndns-pics.com
http-01 challenge for dyndns-pics.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: dyndns-pics.com
Type: connection
Detail: 132.226.44.1: Fetching
https://www.oracle.com/corporate/acquisitions/dyn/: Timeout after
connect (your server may be slow or overloaded)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- We were unable to subscribe you the EFF mailing list because your
e-mail address appears to be invalid. You can try again later by
visiting https://act.eff.org.
tmp> sudo certbot certonly -d berry314.dyndns-pics.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for berry314.dyndns-pics.com
Input the webroot for berry314.dyndns-pics.com: (Enter 'c' to cancel): /home/marc/tmp/webroot/dyndns
Waiting for verification...
Challenge failed for domain berry314.dyndns-pics.com
http-01 challenge for berry314.dyndns-pics.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: berry314.dyndns-pics.com
Type: unauthorized
Detail: 86.44.5.225: Invalid response from
http://berry314.dyndns-pics.com/.well-known/acme-challenge/oSPK_mj8o9BOfcR3abRNJK-1qaeTEqH0nV4OevHdBEA:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
● ddclient.lsb.service - LSB: ddclient provides support for updating dynamic DNS services
Loaded: loaded (/etc/init.d/ddclient.lsb; generated)
Active: active (running) since Tue 2022-09-06 17:41:56 IST; 8h ago
Docs: man:systemd-sysv-generator(8)
Process: 23146 ExecStart=/etc/init.d/ddclient.lsb start (code=exited, status=0/SUCCESS)
Tasks: 1 (limit: 877)
CGroup: /system.slice/ddclient.lsb.service
└─23151 ddclient - sleeping for 170 seconds
...
Sep 07 02:04:12 berry314 ddclient[26584]: FAILED: updating berry314.thruhere.net: nohost: The hostname specified does not exist in the database
Sep 07 02:09:13 berry314 ddclient[26732]: WARNING: file /var/cache/ddclient/ddclient.cache, line 3: Invalid Value for keyword 'ip' = ''
Sep 07 02:09:13 berry314 ddclient[26734]: SUCCESS: updating berry314.dyndns-pics.com: good: IP address set to 86.44.5.225
tmp> dig NS thruhere.net @a.gtld-servers.net
; <<>> DiG 9.16.1-Ubuntu <<>> NS thruhere.net @a.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39817
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 9
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;thruhere.net. IN NS
;; AUTHORITY SECTION:
thruhere.net. 172800 IN NS ns1.p201.dns.oraclecloud.net.
thruhere.net. 172800 IN NS ns2.p201.dns.oraclecloud.net.
thruhere.net. 172800 IN NS ns3.p201.dns.oraclecloud.net.
thruhere.net. 172800 IN NS ns4.p201.dns.oraclecloud.net.
;; ADDITIONAL SECTION:
ns1.p201.dns.oraclecloud.net. 172800 IN A 108.59.166.201
ns1.p201.dns.oraclecloud.net. 172800 IN AAAA 2600:2000:2100::c9
ns2.p201.dns.oraclecloud.net. 172800 IN A 108.59.168.201
ns2.p201.dns.oraclecloud.net. 172800 IN AAAA 2600:2000:2110::c9
ns3.p201.dns.oraclecloud.net. 172800 IN A 108.59.170.201
ns3.p201.dns.oraclecloud.net. 172800 IN AAAA 2600:2000:2120::c9
ns4.p201.dns.oraclecloud.net. 172800 IN A 108.59.172.201
ns4.p201.dns.oraclecloud.net. 172800 IN AAAA 2600:2000:2130::c9
;; Query time: 27 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Tue Sep 06 13:14:02 IST 2022
;; MSG SIZE rcvd: 310
tmp> dig NS girod.fi @a.gtld-servers.net
; <<>> DiG 9.16.1-Ubuntu <<>> NS girod.fi @a.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15322
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;girod.fi. IN NS
;; AUTHORITY SECTION:
. 518400 IN NS k.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS j.root-servers.net.
;; Query time: 23 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Tue Sep 06 13:15:09 IST 2022
;; MSG SIZE rcvd: 248
ddclient-3.9.1> sudo systemctl -l status ddclient.lsb
● ddclient.lsb.service - LSB: ddclient provides support for updating dynamic DNS services
Loaded: loaded (/etc/init.d/ddclient.lsb; generated)
Active: active (running) since Tue 2022-09-06 17:41:56 IST; 38min ago
Docs: man:systemd-sysv-generator(8)
Process: 23146 ExecStart=/etc/init.d/ddclient.lsb start (code=exited, status=0/SUCCESS)
Tasks: 1 (limit: 877)
CGroup: /system.slice/ddclient.lsb.service
└─23151 ddclient - sleeping for 130 seconds
Sep 06 17:41:56 berry314 ddclient[23156]: WARNING: Wait at least 5 minutes between update attempts.
Sep 06 17:46:59 berry314 ddclient[23185]: FAILED: updating berry314.thruhere.net: nohost: The hostname specified does not exist in the database
Sep 06 17:51:59 berry314 ddclient[23204]: WARNING: file /var/cache/ddclient/ddclient.cache, line 4: Invalid Value for keyword 'ip' = ''
Sep 06 17:52:00 berry314 ddclient[23206]: FAILED: updating berry314.thruhere.net: nohost: The hostname specified does not exist in the database
Sep 06 17:57:00 berry314 ddclient[23219]: WARNING: file /var/cache/ddclient/ddclient.cache, line 4: Invalid Value for keyword 'ip' = ''
Sep 06 17:57:01 berry314 ddclient[23221]: FAILED: updating berry314.thruhere.net: nohost: The hostname specified does not exist in the database
Sep 06 18:02:02 berry314 ddclient[23241]: WARNING: file /var/cache/ddclient/ddclient.cache, line 4: Invalid Value for keyword 'ip' = ''
Sep 06 18:02:03 berry314 ddclient[23243]: FAILED: updating berry314.thruhere.net: nohost: The hostname specified does not exist in the database
Sep 06 18:07:03 berry314 ddclient[23258]: WARNING: file /var/cache/ddclient/ddclient.cache, line 4: Invalid Value for keyword 'ip' = ''
Sep 06 18:07:04 berry314 ddclient[23262]: FAILED: updating berry314.thruhere.net: nohost: The hostname specified does not exist in the database
ddclient-3.9.1> sudo cat /var/cache/ddclient/ddclient.cache
## ddclient-3.9.1
## last updated at Tue Sep 6 18:12:04 2022 (1662484324)
atime=1662480437,backupmx=1,custom=0,host=berry314.girod.fi,mtime=0,mx=berry314.girod.fi,script=/nic/update,static=0,status=nohost,warned-min-error-interval=0,warned-min-interval=0,wildcard=0,wtime=30 berry314.girod.fi
atime=0,backupmx=1,custom=0,host=berry314.thruhere.net,ip=86.44.5.225,mtime=0,mx=berry314.thruhere.net,script=/nic/update,static=0,status=nohost,warned-min-error-interval=0,warned-min-interval=0,wildcard=0,wtime=30 berry314.thruhere.net
└─23151 ddclient - sleeping for 250 seconds
ddclient-3.9.1> sudo mv /var/cache/ddclient/ddclient.cache /tmp/
ddclient-3.9.1> sudo systemctl -l status ddclient.lsb
● ddclient.lsb.service - LSB: ddclient provides support for updating dynamic DNS services
Loaded: loaded (/etc/init.d/ddclient.lsb; generated)
Active: active (running) since Tue 2022-09-06 17:41:56 IST; 50min ago
Docs: man:systemd-sysv-generator(8)
Process: 23146 ExecStart=/etc/init.d/ddclient.lsb start (code=exited, status=0/SUCCESS)
Tasks: 1 (limit: 877)
CGroup: /system.slice/ddclient.lsb.service
└─23151 ddclient - sleeping for 290 seconds
...
Sep 06 18:07:04 berry314 ddclient[23262]: FAILED: updating berry314.thruhere.net: nohost: The hostname specified does not exist in the database
Sep 06 18:32:08 berry314 ddclient[23603]: FAILED: updating berry314.thruhere.net: nohost: The hostname specified does not exist in the database
ddclient-3.9.1> sudo cat /var/cache/ddclient/ddclient.cache
## ddclient-3.9.1
## last updated at Tue Sep 6 18:32:06 2022 (1662485526)
atime=1662485526,backupmx=1,custom=0,host=berry314.thruhere.net,ip=,mtime=0,mx=berry314.thruhere.net,script=/nic/update,static=0,status=nohost,warned-min-error-interval=0,warned-min-interval=0,wildcard=0,wtime=0 berry314.thruhere.net
Sep 06 18:32:08 berry314 ddclient[23603]: FAILED: updating berry314.thruhere.net: nohost: The hostname specified does not exist in the database
Sep 06 18:37:08 berry314 ddclient[23713]: WARNING: file /var/cache/ddclient/ddclient.cache, line 3: Invalid Value for keyword 'ip' = ''
Sep 06 18:37:09 berry314 ddclient[23715]: FAILED: updating berry314.thruhere.net: nohost: The hostname specified does not exist in the database
tmp> host thruhere.net
thruhere.net has address 132.226.162.56
ddclient-3.9.1> sudo cat /var/cache/ddclient/ddclient.cache
## ddclient-3.9.1
## last updated at Tue Sep 6 18:42:09 2022 (1662486129)
atime=1662486129,backupmx=1,custom=0,host=berry314.thruhere.net,ip=132.226.162.56,mtime=0,mx=berry314.thruhere.net,script=/nic/update,static=0,status=nohost,warned-min-error-interval=0,warned-min-interval=0,wildcard=0,wtime=0 berry314.thruhere.net
└─23151 ddclient - sleeping for 230 seconds
...
Sep 06 18:42:10 berry314 ddclient[23957]: FAILED: updating berry314.thruhere.net: nohost: The hostname specified does not exist in the database
Sep 06 18:47:11 berry314 ddclient[24152]: FAILED: updating berry314.thruhere.net: nohost: The hostname specified does not exist in the database
ddclient-3.9.1> sudo cat /var/cache/ddclient/ddclient.cache
## ddclient-3.9.1
## last updated at Tue Sep 6 18:47:10 2022 (1662486430)
atime=1662486430,backupmx=1,custom=0,host=berry314.thruhere.net,ip=,mtime=0,mx=berry314.thruhere.net,script=/nic/update,static=0,status=nohost,warned-min-error-interval=0,warned-min-interval=0,wildcard=0,wtime=0 berry314.thruhere.net
dev> sudo apt update
dev> sudo apt-get install certbot
dev> certbot run --dry-run
--dry-run currently only works with the 'certonly' or 'renew' subcommands ('run')
dev> sudo certbot run -d girod.fi,dyndns-pics.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
dev> sudo certbot certonly -d dyndns-pics.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dyndns-pics.com
Input the webroot for dyndns-pics.com: (Enter 'c' to cancel): /home/marc/webroot/dyndns
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. dyndns-pics.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: 132.226.44.1: Fetching https://www.oracle.com/corporate/acquisitions/dyn/: Timeout after connect (your server may be slow or overloaded)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: dyndns-pics.com
Type: connection
Detail: 132.226.44.1: Fetching
https://www.oracle.com/corporate/acquisitions/dyn/: Timeout after
connect (your server may be slow or overloaded)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
root@berry314:/etc/ddclient# certbot certonly -d thruhere.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for thruhere.net
Input the webroot for thruhere.net: (Enter 'c' to cancel): /home/marc/webroot/
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. thruhere.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: 132.226.162.56: Fetching https://www.oracle.com/corporate/acquisitions/dyn/: Timeout after connect (your server may be slow or overloaded)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: thruhere.net
Type: connection
Detail: 132.226.162.56: Fetching
https://www.oracle.com/corporate/acquisitions/dyn/: Timeout after
connect (your server may be slow or overloaded)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
root@berry314:/etc/ddclient# certbot certonly -d girod.fi
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for girod.fi
Input the webroot for girod.fi: (Enter 'c' to cancel): /home/marc/webroot/girod/
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. girod.fi (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: 2a03:e581:4::11: Invalid response from http://girod.fi/.well-known/acme-challenge/BYLGzzALKGIe72r8ASAn_FVm7Birw5purqRj3XSM9BM: 404
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: girod.fi
Type: unauthorized
Detail: 2a03:e581:4::11: Invalid response from
http://girod.fi/.well-known/acme-challenge/BYLGzzALKGIe72r8ASAn_FVm7Birw5purqRj3XSM9BM:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
/etc/hosts:
192.168.1.7 berry314.dyndns-pics.com