Let's Encrypt renewal failing behind Bunny.net CDN - "Redirect loop detected"

web3.0 · March 26, 2026, 8:58pm

Hi everyone,

I’m running into an issue with Let’s Encrypt certificate renewals for domains proxied through Bunny.net CDN on my HestiaCP server (Ubuntu).

Until recently, auto-renewals worked perfectly for all my websites without any special configuration. However, they have suddenly started failing, causing the origin certificates to expire.

When I try to force the renewal manually from the HestiaCP panel (by unchecking and re-checking the Let’s Encrypt option), I get the following error:

Error: Let’s Encrypt validation status 400 (mydomain.com). Details: 400:“…” Fetching http://mydomain.com/.well-known/acme-challenge/xxx: Redirect loop detected"

It seems like Let’s Encrypt is trying to validate via HTTP, but there’s a redirect loop happening between the CDN’s forced HTTPS and the server.

My question is: why did this suddenly stop working when it used to renew automatically just fine? Have there been any recent changes to how HestiaCP handles the .well-known/acme-challenge alias in its Nginx/Apache templates, or is this purely a CDN-side change?

Any guidance on how to properly fix this so auto-renewals work again would be greatly appreciated.

Thanks!

sahsanu · March 26, 2026, 9:24pm

Hi,

I’m not sure what happened with the renewals, but it seems that your site currently doesn’t have a certificate in Hestia. However, your CDN is configured to connect using HTTPS, so HTTP requests are being redirected to HTTPS by the CDN. Meanwhile, your server is only responding over HTTP, and Bunny is redirecting those requests back to HTTPS again, creating a loop.

What’s your conf in Bunny for that domain?

It would be useful to have the actual domain name.

Also, show the output of these commands:

cat /home/YourUser/conf/web/YourDomain/nginx.conf
cat /home/YourUser/conf/web/YourDomain/nginx.conf_letsencrypt
cat /home/YourUser/conf/web/YourDomain/nginx.ssl.conf

web3.0 · March 27, 2026, 8:36am

thanks for your response

cat /home/YourUser/conf/web/YourDomain/nginx.conf

Default Web Domain Template

DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS






#=========================================================================#

server {
listen      xxxxxx;
server_name queverenponferrada.com www.queverenponferrada.com;
root        /home/queverenponferrada/web/queverenponferrada.com/public_html;
index       index.php index.html index.htm;
access_log  /var/log/nginx/domains/queverenponferrada.com.log combined;
access_log  /var/log/nginx/domains/queverenponferrada.com.bytes bytes;
error_log   /var/log/nginx/domains/queverenponferrada.com.error.log error;

    include /home/queverenponferrada/conf/web/queverenponferrada.com/nginx.forcessl.conf*;

    location = /favicon.ico {
            log_not_found off;
            access_log off;
    }

    location = /robots.txt {
            try_files $uri $uri/ /index.php?$args;
            log_not_found off;
            access_log off;
    }

    location ~ /\.(?!well-known\/) {
            deny all;
            return 404;
    }

    location / {
            try_files $uri $uri/ /index.php?$args;

            location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
                    expires 30d;
                    fastcgi_hide_header "Set-Cookie";
            }

            location ~* /(?:uploads|files)/.*.php$ {
                    deny all;
                    return 404;
            }

            location ~ [^/]\.php(/|$) {
                    try_files $uri =404;

                    include /etc/nginx/fastcgi_params;

                    fastcgi_index index.php;
                    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

                    fastcgi_pass unix:/run/php/php8.4-fpm-queverenponferrada.com.sock;

                    include /home/queverenponferrada/conf/web/queverenponferrada.com/nginx.fastcgi_cache.conf*;

                    if ($request_uri ~* "/wp-admin/|/wp-json/|wp-.*.php|xmlrpc.php|index.php|/store.*|/cart.*|/my-account.*|/checkout.*") {
                            set $no_cache 1;
                    }

                    if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart|woocommerce_cart_hash|PHPSESSID") {
                            set $no_cache 1;
                    }
            }
    }

    location /error/ {
            alias /home/queverenponferrada/web/queverenponferrada.com/document_errors/;
    }

    location /vstats/ {
            alias   /home/queverenponferrada/web/queverenponferrada.com/stats/;
            include /home/queverenponferrada/web/queverenponferrada.com/stats/auth.conf*;
    }

    include /etc/nginx/conf.d/phpmyadmin.inc*;
    include /etc/nginx/conf.d/phppgadmin.inc*;
    include /home/queverenponferrada/conf/web/queverenponferrada.com/nginx.conf_*;

}

cat /home/YourUser/conf/web/YourDomain/nginx.conf_letsencrypt

location ~ “^/.well-known/acme-challenge/([-_A-Za-z0-9]+)$” {
default_type text/plain;
return 200 “$1.HXZFZ3-K57NcL49u3YxFto9uEpn9Mb43fobaRi0c4g0”;
}

cat /home/YourUser/conf/web/YourDomain/nginx.ssl.conf

#=========================================================================#

Default Web Domain Template

DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS






#=========================================================================#

server {
listen      xxxxxxxx ssl;
server_name queverenponferrada.com www.queverenponferrada.com;
root        /home/queverenponferrada/web/queverenponferrada.com/public_html;
index       index.php index.html index.htm;
access_log  /var/log/nginx/domains/queverenponferrada.com.log combined;
access_log  /var/log/nginx/domains/queverenponferrada.com.bytes bytes;
error_log   /var/log/nginx/domains/queverenponferrada.com.error.log error;

    ssl_certificate     /home/queverenponferrada/conf/web/queverenponferrada.com/ssl/queverenponferrada.com.pem;
    ssl_certificate_key /home/queverenponferrada/conf/web/queverenponferrada.com/ssl/queverenponferrada.com.key;
    ssl_stapling        on;
    ssl_stapling_verify on;

    # TLS 1.3 0-RTT anti-replay
    if ($anti_replay = 307) { return 307 https://$host$request_uri; }
    if ($anti_replay = 425) { return 425; }

    include /home/queverenponferrada/conf/web/queverenponferrada.com/nginx.hsts.conf*;

    location = /favicon.ico {
            log_not_found off;
            access_log off;
    }

    location = /robots.txt {
            try_files $uri $uri/ /index.php?$args;
            log_not_found off;
            access_log off;
    }

    location ~ /\.(?!well-known\/) {
            deny all;
            return 404;
    }

    location / {
            try_files $uri $uri/ /index.php?$args;

            location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
                    expires 30d;
                    fastcgi_hide_header "Set-Cookie";
            }

            location ~* /(?:uploads|files)/.*.php$ {
                    deny all;
                    return 404;
            }

            location ~ [^/]\.php(/|$) {
                    try_files $uri =404;

                    include /etc/nginx/fastcgi_params;

                    fastcgi_index index.php;
                    fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
                    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

                    fastcgi_pass unix:/run/php/php8.4-fpm-queverenponferrada.com.sock;

                    include /home/queverenponferrada/conf/web/queverenponferrada.com/nginx.fastcgi_cache.conf*;

                    if ($request_uri ~* "/wp-admin/|/wp-json/|wp-.*.php|xmlrpc.php|index.php|/store.*|/cart.*|/my-account.*|/checkout.*") {
                            set $no_cache 1;
                    }

                    if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart|woocommerce_cart_hash|PHPSESSID") {
                            set $no_cache 1;
                    }
            }
    }

    location /error/ {
            alias /home/queverenponferrada/web/queverenponferrada.com/document_errors/;
    }

    location /vstats/ {
            alias   /home/queverenponferrada/web/queverenponferrada.com/stats/;
            include /home/queverenponferrada/web/queverenponferrada.com/stats/auth.conf*;
    }

    proxy_hide_header Upgrade;

    include /etc/nginx/conf.d/phpmyadmin.inc*;
    include /etc/nginx/conf.d/phppgadmin.inc*;
    include /home/queverenponferrada/conf/web/queverenponferrada.com/nginx.ssl.conf_*;

}

sahsanu · March 27, 2026, 9:05am

I see nothing wrong in your conf.

I can make requests to your acme challenge, but it returns pCgsLqqaFPQhNjH62Y94bEU69ei_IvLhq1lP9F1L6wc instead of HXZFZ3-K57NcL49u3YxFto9uEpn9Mb43fobaRi0c4g0, which is the challenge shown in your current configuration. I’m not sure if you tried to issue a new certificate after copying the config.

❯ curl -ikL http://queverenponferrada.com/.well-known/acme-challenge/test
HTTP/1.1 200 OK
Date: Fri, 27 Mar 2026 08:56:46 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 48
Connection: keep-alive
Server: BunnyCDN-ES1-895
CDN-PullZone: 4418759
CDN-RequestCountryCode: ES
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000;
CDN-ProxyVer: 1.49
CDN-RequestPullCode: 200
CDN-RequestPullSuccess: True
CDN-EdgeStorageId: 895
CDN-CachedAt: 03/27/2026 08:56:46
CDN-Status: 200
CDN-RequestTime: 0
CDN-RequestId: a533211b91b4470f78a1ca09dc9b1b3f
CDN-Cache: MISS

test.pCgsLqqaFPQhNjH62Y94bEU69ei_IvLhq1lP9F1L6wc

❯ curl -ikL http://www.queverenponferrada.com/.well-known/acme-challenge/test
HTTP/1.1 200 OK
Date: Fri, 27 Mar 2026 08:56:58 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 48
Connection: keep-alive
Server: BunnyCDN-ES1-895
CDN-PullZone: 4418759
CDN-RequestCountryCode: ES
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000;
CDN-ProxyVer: 1.49
CDN-RequestPullCode: 200
CDN-RequestPullSuccess: True
CDN-EdgeStorageId: 895
CDN-CachedAt: 03/27/2026 08:56:58
CDN-Status: 200
CDN-RequestTime: 0
CDN-RequestId: 2e1e7693454bdd657fcd0bbdef389535
CDN-Cache: MISS

test.pCgsLqqaFPQhNjH62Y94bEU69ei_IvLhq1lP9F1L6wc

I also see that a certificate for your domain and its www alias was issued yesterday.

  {
    "id": "14273815949",
    "tbs_sha256": "3a877809979d2dd1f370d1aaaf00bb3edf4c9eeaf9826653995ca943a7f23186",
    "cert_sha256": "92555c2ad3024fdfe870a29da35594f37ae31e0b2e82d2923d2fefb7be1ad7e6",
    "dns_names": [
      "queverenponferrada.com",
      "www.queverenponferrada.com"
    ],
    "pubkey_sha256": "07a29cf84832b3715b84e189cad658221d6a6913b273394a1d4d1338c66076ba",
    "issuer": {
      "friendly_name": "Let's Encrypt",
      "pubkey_sha256": "025490860b498ab73c6a12f27a49ad5fe230fafe3ac8f6112c9b7d0aad46941d",
      "name": "C=US, O=Let's Encrypt, CN=R13"
    },
    "not_before": "2026-03-26T19:49:06Z",
    "not_after": "2026-06-24T19:49:05Z",
    "revoked": false
  },

Could you please show the Let’s Encrypt log?

cat /var/log/hestia/LE-queverenponferrada-queverenponferrada.com.log

web3.0 · March 27, 2026, 10:01am

I issued the certificate yesterday, but to do so I had to disable the bunny CDN.


=============================
Date Time: 2026-02-24 04:24:36
WEB_SYSTEM: nginx
PROXY_SYSTEM:
user: queverenponferrada
domain: queverenponferrada.com

aliases: www.queverenponferrada.com

proto: http-01

wildcard:

==[Step 1]==

status: 200

nonce: 8BF2r2lNPJrbg2Nshf3k7DBsmZu1U7XP0IbqZjWoXgWot3gT7Bw

answer: HTTP/2 200
server: nginx
date: Tue, 24 Feb 2026 03:24:36 GMT
content-type: application/json
content-length: 1033
cache-control: public, max-age=0, no-cache
replay-nonce: 8BF2r2lNPJrbg2Nshf3k7DBsmZu1U7XP0IbqZjWoXgWot3gT7Bw
x-frame-options: DENY
strict-transport-security: max-age=604800

==[API call]==
exit status: 0

==[Step 2]==

status: 201

nonce: 4AH-2vvBdO7YXE-jYKKb-5FkSmxvBHm8mMAjOP8nS6WwuGA_PN4

authz: https://acme-v02.api.letsencrypt.org/acme/authz/3068018046/663543517996
https://acme-v02.api.letsencrypt.org/acme/authz/3068018046/663543518036

finalize: https://acme-v02.api.letsencrypt.org/acme/finalize/3068018046/483751639936

payload: {“identifiers”:[{“type”:“dns”,“value”:“queverenponferrada.com”},{“type”:“dns”,“value”:“www.queverenponferrada.com”}]}

answer: HTTP/2 201
server: nginx
date: Tue, 24 Feb 2026 03:24:36 GMT
content-type: application/json
content-length: 513
boulder-requester: 3068018046
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
location: https://acme-v02.api.letsencrypt.org/acme/order/3068018046/483751639936
replay-nonce: 4AH-2vvBdO7YXE-jYKKb-5FkSmxvBHm8mMAjOP8nS6WwuGA_PN4
x-frame-options: DENY
strict-transport-security: max-age=604800

{
“status”: “pending”,
“expires”: “2026-03-03T03:24:36Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “queverenponferrada.com”
},
{
“type”: “dns”,
“value”: “www.queverenponferrada.com”
}
],
“authorizations”: [
“https://acme-v02.api.letsencrypt.org/acme/authz/3068018046/663543517996”,
“https://acme-v02.api.letsencrypt.org/acme/authz/3068018046/663543518036”
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/3068018046/483751639936”
}
order: https://acme-v02.api.letsencrypt.org/acme/order/3068018046/483751639936

==[API call]==
exit status: 0

==[Step 3]==

status: 200

nonce: 8BF2r2lNWz9mtxe6ajRDA59iNuqOpzf0DbN9PjZQAwN_EJJcUYc

url: https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/663543517996/cOrnyg

token: V50aIIJMmGSmBQv3Te2aDuWd9kAbpGBR7aYgUKSfWvQ

answer: HTTP/2 200
server: nginx
date: Tue, 24 Feb 2026 03:24:37 GMT
content-type: application/json
content-length: 830
boulder-requester: 3068018046
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
replay-nonce: 8BF2r2lNWz9mtxe6ajRDA59iNuqOpzf0DbN9PjZQAwN_EJJcUYc
x-frame-options: DENY
strict-transport-security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “queverenponferrada.com”
},
“status”: “pending”,
“expires”: “2026-03-03T03:24:36Z”,
“challenges”: [
{
“type”: “tls-alpn-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/663543517996/Jjw2DQ”,
“status”: “pending”,
“token”: “V50aIIJMmGSmBQv3Te2aDuWd9kAbpGBR7aYgUKSfWvQ”
},
{
“type”: “dns-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/663543517996/HrAsrw”,
“status”: “pending”,
“token”: “V50aIIJMmGSmBQv3Te2aDuWd9kAbpGBR7aYgUKSfWvQ”
},
{
“type”: “http-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/663543517996/cOrnyg”,
“status”: “pending”,
“token”: “V50aIIJMmGSmBQv3Te2aDuWd9kAbpGBR7aYgUKSfWvQ”
}
]
}

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[Step 5]==

status: 400

url: https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/663543517996/cOrnyg

nonce: 4AH-2vvB571sEtn2Ocj2ms-TmOiy20ff3bYAbWf4g-IIfjuCwuU

validation:

details: Unable to update challenge :: authorization must be pending

answer: HTTP/2 400
server: nginx
date: Tue, 24 Feb 2026 03:25:55 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 3068018046
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
replay-nonce: 4AH-2vvB571sEtn2Ocj2ms-TmOiy20ff3bYAbWf4g-IIfjuCwuU

{
“type”: “urn:ietf:params:acme:error:malformed”,
“detail”: “Unable to update challenge :: authorization must be pending”,
“status”: 400
}

==[Debug information Step 5]==
{
“type”: “http-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/663543517996/cOrnyg”,
“status”: “invalid”,
“validated”: “2026-02-24T03:24:42Z”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “The key authorization file from the server did not match this challenge. Expected "V50aIIJMmGSmBQv3Te2aDuWd9kAbpGBR7aYgUKSfWvQ.HXZFZ3-K57NcL49u3YxFto9uEpn9Mb43fobaRi0c4g0" (got "V50aIIJMmGSmBQv3Te2aDuWd9kAbpGBR7aYgUKSfWvQ.pCgsLqqaFPQhNjH62Y94bEU69ei_IvLhq1lP9F1L6wc")”,
“status”: 403
},
“token”: “V50aIIJMmGSmBQv3Te2aDuWd9kAbpGBR7aYgUKSfWvQ”,
“validationRecord”: [
{
“url”: “http://queverenponferrada.com/.well-known/acme-challenge/V50aIIJMmGSmBQv3Te2aDuWd9kAbpGBR7aYgUKSfWvQ”,
“hostname”: “queverenponferrada.com”,
“port”: “80”,
“addressesResolved”: [
“2400:52e0:1a00::1070:1”,
“169.150.236.100”
],
“addressUsed”: “2400:52e0:1a00::1070:1”
}
]
}

==[Abort Step 5]==
=> Wrong status

=============================
Date Time: 2026-02-25 04:24:35
WEB_SYSTEM: nginx
PROXY_SYSTEM:
user: queverenponferrada
domain: queverenponferrada.com

aliases: www.queverenponferrada.com

proto: http-01

wildcard:

==[Step 1]==

status: 200

nonce: NeKnt8TGgqMyZR40Pbz7ebQTXlQ6NlNOo0IhVVzlitytbDKll9k

answer: HTTP/2 200
server: nginx
date: Wed, 25 Feb 2026 03:24:36 GMT
content-type: application/json
content-length: 1033
cache-control: public, max-age=0, no-cache
replay-nonce: NeKnt8TGgqMyZR40Pbz7ebQTXlQ6NlNOo0IhVVzlitytbDKll9k
x-frame-options: DENY
strict-transport-security: max-age=604800

==[API call]==
exit status: 0

==[Step 2]==

status: 201

nonce: NeKnt8TGpDm7Cr7FmERkrnRME4ULbRHIfo0aI0Hc7UhjiP4IdWg

authz: https://acme-v02.api.letsencrypt.org/acme/authz/3068018046/664054838196
https://acme-v02.api.letsencrypt.org/acme/authz/3068018046/664054838206

finalize: https://acme-v02.api.letsencrypt.org/acme/finalize/3068018046/484113658746

payload: {“identifiers”:[{“type”:“dns”,“value”:“queverenponferrada.com”},{“type”:“dns”,“value”:“www.queverenponferrada.com”}]}

answer: HTTP/2 201
server: nginx
date: Wed, 25 Feb 2026 03:24:36 GMT
content-type: application/json
content-length: 513
boulder-requester: 3068018046
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
location: https://acme-v02.api.letsencrypt.org/acme/order/3068018046/484113658746
replay-nonce: NeKnt8TGpDm7Cr7FmERkrnRME4ULbRHIfo0aI0Hc7UhjiP4IdWg
x-frame-options: DENY
strict-transport-security: max-age=604800

{
“status”: “pending”,
“expires”: “2026-03-04T03:24:36Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “queverenponferrada.com”
},
{
“type”: “dns”,
“value”: “www.queverenponferrada.com”
}
],
“authorizations”: [
“https://acme-v02.api.letsencrypt.org/acme/authz/3068018046/664054838196”,
“https://acme-v02.api.letsencrypt.org/acme/authz/3068018046/664054838206”
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/3068018046/484113658746”
}
order: https://acme-v02.api.letsencrypt.org/acme/order/3068018046/484113658746

==[API call]==
exit status: 0

==[Step 3]==

status: 200

nonce: NeKnt8TGW2_h2p1ecUvwLCavh3pQwq_QDEN6WwU3IpxU-o623wk

url: https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/664054838196/Wum0LQ

token: p2swsZFn6hOppv8IiEyqiX7wNz6prdkobHhSmeN0RMI

answer: HTTP/2 200
server: nginx
date: Wed, 25 Feb 2026 03:24:37 GMT
content-type: application/json
content-length: 830
boulder-requester: 3068018046
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
replay-nonce: NeKnt8TGW2_h2p1ecUvwLCavh3pQwq_QDEN6WwU3IpxU-o623wk
x-frame-options: DENY
strict-transport-security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “queverenponferrada.com”
},
“status”: “pending”,
“expires”: “2026-03-04T03:24:36Z”,
“challenges”: [
{
“type”: “tls-alpn-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/664054838196/otuTVA”,
“status”: “pending”,
“token”: “p2swsZFn6hOppv8IiEyqiX7wNz6prdkobHhSmeN0RMI”
},
{
“type”: “http-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/664054838196/Wum0LQ”,
“status”: “pending”,
“token”: “p2swsZFn6hOppv8IiEyqiX7wNz6prdkobHhSmeN0RMI”
},
{
“type”: “dns-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/664054838196/pzzC4Q”,
“status”: “pending”,
“token”: “p2swsZFn6hOppv8IiEyqiX7wNz6prdkobHhSmeN0RMI”
}
]
}

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[Step 5]==

status: 400

url: https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/664054838196/Wum0LQ

nonce: NeKnt8TGrhx_9NzcRCQoPhDuvMG4yjPCphmmJ76kfm1aTlQALTc

validation:

details: Unable to update challenge :: authorization must be pending

answer: HTTP/2 400
server: nginx
date: Wed, 25 Feb 2026 03:25:55 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 3068018046
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
replay-nonce: NeKnt8TGrhx_9NzcRCQoPhDuvMG4yjPCphmmJ76kfm1aTlQALTc

{
“type”: “urn:ietf:params:acme:error:malformed”,
“detail”: “Unable to update challenge :: authorization must be pending”,
“status”: 400
}

==[Debug information Step 5]==
{
“type”: “http-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/664054838196/Wum0LQ”,
“status”: “invalid”,
“validated”: “2026-02-25T03:24:42Z”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “The key authorization file from the server did not match this challenge. Expected "p2swsZFn6hOppv8IiEyqiX7wNz6prdkobHhSmeN0RMI.HXZFZ3-K57NcL49u3YxFto9uEpn9Mb43fobaRi0c4g0" (got "p2swsZFn6hOppv8IiEyqiX7wNz6prdkobHhSmeN0RMI.pCgsLqqaFPQhNjH62Y94bEU69ei_IvLhq1lP9F1L6wc")”,
“status”: 403
},
“token”: “p2swsZFn6hOppv8IiEyqiX7wNz6prdkobHhSmeN0RMI”,
“validationRecord”: [
{
“url”: “http://queverenponferrada.com/.well-known/acme-challenge/p2swsZFn6hOppv8IiEyqiX7wNz6prdkobHhSmeN0RMI”,
“hostname”: “queverenponferrada.com”,
“port”: “80”,
“addressesResolved”: [
“2400:52e0:1a00::1346:1”,
“143.244.60.195”
],
“addressUsed”: “2400:52e0:1a00::1346:1”
}
]
}

==[Abort Step 5]==
=> Wrong status

=============================
Date Time: 2026-02-26 04:24:34
WEB_SYSTEM: nginx
PROXY_SYSTEM:
user: queverenponferrada
domain: queverenponferrada.com

aliases: www.queverenponferrada.com

proto: http-01

wildcard:

==[Step 1]==

status: 200

nonce: IVJpGJOvSMJcvb0Y6zKmspeO4axuYdpJTaTy1doXne53uIVsn28

answer: HTTP/2 200
server: nginx
date: Thu, 26 Feb 2026 03:24:34 GMT
content-type: application/json
content-length: 1033
cache-control: public, max-age=0, no-cache
replay-nonce: IVJpGJOvSMJcvb0Y6zKmspeO4axuYdpJTaTy1doXne53uIVsn28
x-frame-options: DENY
strict-transport-security: max-age=604800

==[API call]==
exit status: 0

==[Step 2]==

status: 201

nonce: iZV491wVRzuApzPzf8vbKr5xPHoU2A3jrW4hLG9Cu-xXL7_X7O0

authz: https://acme-v02.api.letsencrypt.org/acme/authz/3068018046/664574873336
https://acme-v02.api.letsencrypt.org/acme/authz/3068018046/664574873386

finalize: https://acme-v02.api.letsencrypt.org/acme/finalize/3068018046/484485464016

payload: {“identifiers”:[{“type”:“dns”,“value”:“queverenponferrada.com”},{“type”:“dns”,“value”:“www.queverenponferrada.com”}]}

answer: HTTP/2 201
server: nginx
date: Thu, 26 Feb 2026 03:24:34 GMT
content-type: application/json
content-length: 513
boulder-requester: 3068018046
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
location: https://acme-v02.api.letsencrypt.org/acme/order/3068018046/484485464016
replay-nonce: iZV491wVRzuApzPzf8vbKr5xPHoU2A3jrW4hLG9Cu-xXL7_X7O0
x-frame-options: DENY
strict-transport-security: max-age=604800

{
“status”: “pending”,
“expires”: “2026-03-05T03:24:34Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “queverenponferrada.com”
},
{
“type”: “dns”,
“value”: “www.queverenponferrada.com”
}
],
“authorizations”: [
“https://acme-v02.api.letsencrypt.org/acme/authz/3068018046/664574873336”,
“https://acme-v02.api.letsencrypt.org/acme/authz/3068018046/664574873386”
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/3068018046/484485464016”
}
order: https://acme-v02.api.letsencrypt.org/acme/order/3068018046/484485464016

==[API call]==
exit status: 0

==[Step 3]==

status: 200

nonce: IVJpGJOv891cvCxBO0sxvVdvkCnIUpCduVPJ1RYl_2L6naZW8GU

url: https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/664574873336/gsn8Rg

token: ra3kS88gft8Qpg1TYLNQjGhQg_XHdfzCsAiawFGakPY

answer: HTTP/2 200
server: nginx
date: Thu, 26 Feb 2026 03:24:35 GMT
content-type: application/json
content-length: 830
boulder-requester: 3068018046
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
replay-nonce: IVJpGJOv891cvCxBO0sxvVdvkCnIUpCduVPJ1RYl_2L6naZW8GU
x-frame-options: DENY
strict-transport-security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “queverenponferrada.com”
},
“status”: “pending”,
“expires”: “2026-03-05T03:24:34Z”,
“challenges”: [
{
“type”: “tls-alpn-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/664574873336/HK7IlQ”,
“status”: “pending”,
“token”: “ra3kS88gft8Qpg1TYLNQjGhQg_XHdfzCsAiawFGakPY”
},
{
“type”: “http-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/664574873336/gsn8Rg”,
“status”: “pending”,
“token”: “ra3kS88gft8Qpg1TYLNQjGhQg_XHdfzCsAiawFGakPY”
},
{
“type”: “dns-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/664574873336/8QNZRg”,
“status”: “pending”,
“token”: “ra3kS88gft8Qpg1TYLNQjGhQg_XHdfzCsAiawFGakPY”
}
]
}

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[Step 5]==

status: 400

url: https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/664574873336/gsn8Rg

nonce: IVJpGJOvvepf9YEakoE1QxgSYUFhwHflOJkF7tbh_yi4zpKvFjM

validation:

details: Unable to update challenge :: authorization must be pending

answer: HTTP/2 400
server: nginx
date: Thu, 26 Feb 2026 03:25:54 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 3068018046
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
replay-nonce: IVJpGJOvvepf9YEakoE1QxgSYUFhwHflOJkF7tbh_yi4zpKvFjM

{
“type”: “urn:ietf:params:acme:error:malformed”,
“detail”: “Unable to update challenge :: authorization must be pending”,
“status”: 400
}

==[Debug information Step 5]==
{
“type”: “http-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/664574873336/gsn8Rg”,
“status”: “invalid”,
“validated”: “2026-02-26T03:24:40Z”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “The key authorization file from the server did not match this challenge. Expected "ra3kS88gft8Qpg1TYLNQjGhQg_XHdfzCsAiawFGakPY.HXZFZ3-K57NcL49u3YxFto9uEpn9Mb43fobaRi0c4g0" (got "ra3kS88gft8Qpg1TYLNQjGhQg_XHdfzCsAiawFGakPY.pCgsLqqaFPQhNjH62Y94bEU69ei_IvLhq1lP9F1L6wc")”,
“status”: 403
},
“token”: “ra3kS88gft8Qpg1TYLNQjGhQg_XHdfzCsAiawFGakPY”,
“validationRecord”: [
{
“url”: “http://queverenponferrada.com/.well-known/acme-challenge/ra3kS88gft8Qpg1TYLNQjGhQg_XHdfzCsAiawFGakPY”,
“hostname”: “queverenponferrada.com”,
“port”: “80”,
“addressesResolved”: [
“2400:52e0:1a00::1346:1”,
“143.244.60.197”
],
“addressUsed”: “2400:52e0:1a00::1346:1”
}
]
}

==[Abort Step 5]==
=> Wrong status

=============================
Date Time: 2026-02-27 04:24:38
WEB_SYSTEM: nginx
PROXY_SYSTEM:
user: queverenponferrada
domain: queverenponferrada.com

aliases: www.queverenponferrada.com

proto: http-01

wildcard:

==[Step 1]==

status: 200

nonce: E1g8ClBFpqgdzhd7Bj_G-4hlnaJs5KILbT-bSOlMi_jTr3jq9m0

answer: HTTP/2 200
server: nginx
date: Fri, 27 Feb 2026 03:24:38 GMT
content-type: application/json
content-length: 1033
cache-control: public, max-age=0, no-cache
replay-nonce: E1g8ClBFpqgdzhd7Bj_G-4hlnaJs5KILbT-bSOlMi_jTr3jq9m0
x-frame-options: DENY
strict-transport-security: max-age=604800

==[API call]==
exit status: 0

==[Step 2]==

status: 201

nonce: E1g8ClBFFKXihB2s11O-X-8ocn9jyvwbQhBdfkEldOsMf7f2iBQ

authz: https://acme-v02.api.letsencrypt.org/acme/authz/3068018046/665086965652
https://acme-v02.api.letsencrypt.org/acme/authz/3068018046/665086965762

finalize: https://acme-v02.api.letsencrypt.org/acme/finalize/3068018046/484850368232

payload: {“identifiers”:[{“type”:“dns”,“value”:“queverenponferrada.com”},{“type”:“dns”,“value”:“www.queverenponferrada.com”}]}

answer: HTTP/2 201
server: nginx
date: Fri, 27 Feb 2026 03:24:39 GMT
content-type: application/json
content-length: 513
boulder-requester: 3068018046
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
location: https://acme-v02.api.letsencrypt.org/acme/order/3068018046/484850368232
replay-nonce: E1g8ClBFFKXihB2s11O-X-8ocn9jyvwbQhBdfkEldOsMf7f2iBQ
x-frame-options: DENY
strict-transport-security: max-age=604800

{
“status”: “pending”,
“expires”: “2026-03-06T03:24:39Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “queverenponferrada.com”
},
{
“type”: “dns”,
“value”: “www.queverenponferrada.com”
}
],
“authorizations”: [
“https://acme-v02.api.letsencrypt.org/acme/authz/3068018046/665086965652”,
“https://acme-v02.api.letsencrypt.org/acme/authz/3068018046/665086965762”
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/3068018046/484850368232”
}
order: https://acme-v02.api.letsencrypt.org/acme/order/3068018046/484850368232

==[API call]==
exit status: 0

==[Step 3]==

status: 200

nonce: y54mxubz830nFzvPBWoYx5-EODYM-IxvK_QJqARayFJTmxiJIj4

url: https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/665086965652/ld0o2Q

token: bS5dFfcjjy2L8nwpNu4zbgPF75ttVHP9XmbNADt_T3U

answer: HTTP/2 200
server: nginx
date: Fri, 27 Feb 2026 03:24:39 GMT
content-type: application/json
content-length: 830
boulder-requester: 3068018046
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
replay-nonce: y54mxubz830nFzvPBWoYx5-EODYM-IxvK_QJqARayFJTmxiJIj4
x-frame-options: DENY
strict-transport-security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “queverenponferrada.com”
},
“status”: “pending”,
“expires”: “2026-03-06T03:24:39Z”,
“challenges”: [
{
“type”: “http-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/665086965652/ld0o2Q”,
“status”: “pending”,
“token”: “bS5dFfcjjy2L8nwpNu4zbgPF75ttVHP9XmbNADt_T3U”
},
{
“type”: “dns-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/665086965652/AJcgAg”,
“status”: “pending”,
“token”: “bS5dFfcjjy2L8nwpNu4zbgPF75ttVHP9XmbNADt_T3U”
},
{
“type”: “tls-alpn-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/665086965652/CClYjg”,
“status”: “pending”,
“token”: “bS5dFfcjjy2L8nwpNu4zbgPF75ttVHP9XmbNADt_T3U”
}
]
}

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[Step 5]==

status: 400

url: https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/665086965652/ld0o2Q

nonce: 1LxIaoJRIFW8E2XMibv7eVs3aS35-Jeo6ExVTCezOOgKDxCeZfg

validation:

details: Unable to update challenge :: authorization must be pending

answer: HTTP/2 400
server: nginx
date: Fri, 27 Feb 2026 03:26:01 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 3068018046
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
replay-nonce: 1LxIaoJRIFW8E2XMibv7eVs3aS35-Jeo6ExVTCezOOgKDxCeZfg

{
“type”: “urn:ietf:params:acme:error:malformed”,
“detail”: “Unable to update challenge :: authorization must be pending”,
“status”: 400
}

==[Debug information Step 5]==
{
“type”: “http-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/665086965652/ld0o2Q”,
“status”: “invalid”,
“validated”: “2026-02-27T03:24:45Z”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “The key authorization file from the server did not match this challenge. Expected "bS5dFfcjjy2L8nwpNu4zbgPF75ttVHP9XmbNADt_T3U.HXZFZ3-K57NcL49u3YxFto9uEpn9Mb43fobaRi0c4g0" (got "bS5dFfcjjy2L8nwpNu4zbgPF75ttVHP9XmbNADt_T3U.pCgsLqqaFPQhNjH62Y94bEU69ei_IvLhq1lP9F1L6wc")”,
“status”: 403
},
“token”: “bS5dFfcjjy2L8nwpNu4zbgPF75ttVHP9XmbNADt_T3U”,
“validationRecord”: [
{
“url”: “http://queverenponferrada.com/.well-known/acme-challenge/bS5dFfcjjy2L8nwpNu4zbgPF75ttVHP9XmbNADt_T3U”,
“hostname”: “queverenponferrada.com”,
“port”: “80”,
“addressesResolved”: [
“2400:52e0:1a00::1348:1”,
“169.150.236.100”
],
“addressUsed”: “2400:52e0:1a00::1348:1”
}
]
}

==[Abort Step 5]==
=> Wrong status

=============================
Date Time: 2026-02-28 04:24:33
WEB_SYSTEM: nginx
PROXY_SYSTEM:
user: queverenponferrada
domain: queverenponferrada.com

aliases: www.queverenponferrada.com

proto: http-01

wildcard:

==[Step 1]==

status: 200

nonce: E1g8ClBF2VX8CsY4qDSEpSHT0TRKMDwzod1qBNF_j-7TmkP13s8

answer: HTTP/2 200
server: nginx
date: Sat, 28 Feb 2026 03:24:34 GMT
content-type: application/json
content-length: 1033
cache-control: public, max-age=0, no-cache
replay-nonce: E1g8ClBF2VX8CsY4qDSEpSHT0TRKMDwzod1qBNF_j-7TmkP13s8
x-frame-options: DENY
strict-transport-security: max-age=604800

==[API call]==
exit status: 0

==[Step 2]==

status: 201

nonce: 1LxIaoJRoEwIRWBU6on7g-sClqz1rncc8xGSzy09OYr9gVJp4AA

authz: https://acme-v02.api.letsencrypt.org/acme/authz/3068018046/665600943462
https://acme-v02.api.letsencrypt.org/acme/authz/3068018046/665600943492

finalize: https://acme-v02.api.letsencrypt.org/acme/finalize/3068018046/485215839682

payload: {“identifiers”:[{“type”:“dns”,“value”:“queverenponferrada.com”},{“type”:“dns”,“value”:“www.queverenponferrada.com”}]}

answer: HTTP/2 201
server: nginx
date: Sat, 28 Feb 2026 03:24:34 GMT
content-type: application/json
content-length: 513
boulder-requester: 3068018046
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
location: https://acme-v02.api.letsencrypt.org/acme/order/3068018046/485215839682
replay-nonce: 1LxIaoJRoEwIRWBU6on7g-sClqz1rncc8xGSzy09OYr9gVJp4AA
x-frame-options: DENY
strict-transport-security: max-age=604800

{
“status”: “pending”,
“expires”: “2026-03-07T03:24:34Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “queverenponferrada.com”
},
{
“type”: “dns”,
“value”: “www.queverenponferrada.com”
}
],
“authorizations”: [
“https://acme-v02.api.letsencrypt.org/acme/authz/3068018046/665600943462”,
“https://acme-v02.api.letsencrypt.org/acme/authz/3068018046/665600943492”
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/3068018046/485215839682”
}
order: https://acme-v02.api.letsencrypt.org/acme/order/3068018046/485215839682

==[API call]==
exit status: 0

==[Step 3]==

status: 200

nonce: NR77tNYCc5axyXk-96d2I_WpnbOVHnw_H-mGgyDu9X3kLrA_iTc

url: https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/665600943462/mGxVbw

token: 7EB4WRkX1_1-cMQEz801YiNs71XyR6kRF-w0-sICF0w

answer: HTTP/2 200
server: nginx
date: Sat, 28 Feb 2026 03:24:35 GMT
content-type: application/json
content-length: 830
boulder-requester: 3068018046
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
replay-nonce: NR77tNYCc5axyXk-96d2I_WpnbOVHnw_H-mGgyDu9X3kLrA_iTc
x-frame-options: DENY
strict-transport-security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “queverenponferrada.com”
},
“status”: “pending”,
“expires”: “2026-03-07T03:24:34Z”,
“challenges”: [
{
“type”: “http-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/665600943462/mGxVbw”,
“status”: “pending”,
“token”: “7EB4WRkX1_1-cMQEz801YiNs71XyR6kRF-w0-sICF0w”
},
{
“type”: “tls-alpn-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/665600943462/feTMTw”,
“status”: “pending”,
“token”: “7EB4WRkX1_1-cMQEz801YiNs71XyR6kRF-w0-sICF0w”
},
{
“type”: “dns-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/665600943462/vl3DcQ”,
“status”: “pending”,
“token”: “7EB4WRkX1_1-cMQEz801YiNs71XyR6kRF-w0-sICF0w”
}
]
}

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[API call]==
exit status: 0

==[Step 5]==

status: 400

url: https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/665600943462/mGxVbw

nonce: NR77tNYCqo5lA-L6CWZ6BXPljUYlyDA5EAf0A368nWlyQf5HcW0

validation:

details: Unable to update challenge :: authorization must be pending

answer: HTTP/2 400
server: nginx
date: Sat, 28 Feb 2026 03:25:54 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 3068018046
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
replay-nonce: NR77tNYCqo5lA-L6CWZ6BXPljUYlyDA5EAf0A368nWlyQf5HcW0

{
“type”: “urn:ietf:params:acme:error:malformed”,
“detail”: “Unable to update challenge :: authorization must be pending”,
“status”: 400
}

==[Debug information Step 5]==
{
“type”: “http-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall/3068018046/665600943462/mGxVbw”,
“status”: “invalid”,
“validated”: “2026-02-28T03:24:40Z”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “The key authorization file from the server did not match this challenge. Expected "7EB4WRkX1_1-cMQEz801YiNs71XyR6kRF-w0-sICF0w.HXZFZ3-K57NcL49u3YxFto9uEpn9Mb43fobaRi0c4g0" (got "7EB4WRkX1_1-cMQEz801YiNs71XyR6kRF-w0-sICF0w.pCgsLqqaFPQhNjH62Y94bEU69ei_IvLhq1lP9F1L6wc")”,
“status”: 403
},
“token”: “7EB4WRkX1_1-cMQEz801YiNs71XyR6kRF-w0-sICF0w”,
“validationRecord”: [
{
“url”: “http://queverenponferrada.com/.well-known/acme-challenge/7EB4WRkX1_1-cMQEz801YiNs71XyR6kRF-w0-sICF0w”,
“hostname”: “queverenponferrada.com”,
“port”: “80”,
“addressesResolved”: [
“2400:52e0:1a00::1348:1”,
“185.93.1.245”
],
“addressUsed”: “2400:52e0:1a00::1348:1”
}
]
}

==[Abort Step 5]==
=> Wrong status

sahsanu · March 27, 2026, 10:13am

Show the output of this command because I think the challenge is being returned by the default host.

grep -r 'pCgsLqqaFPQhNjH62Y94bEU69ei_IvLhq1lP9F1L6wc' /home/*/conf/web/

web3.0 · March 27, 2026, 11:52am

/home/queverenponferrada/conf/web/queverenponferrada.com/nginx.ssl.conf_letsencrypt:    return 200 "$1.pCgsLqqaFPQhNjH62Y94bEU69ei_IvLhq1lP9F1L6wc";

sahsanu · March 27, 2026, 11:56am

I’m confused, /home/queverenponferrada/conf/web/queverenponferrada.com/nginx.conf_letsencrypt shows something different to /home/queverenponferrada/conf/web/queverenponferrada.com/nginx.ssl.conf_letsencrypt

Show me the files in the dir:

ls -la /home/queverenponferrada/conf/web/queverenponferrada.com/

web3.0 · March 27, 2026, 12:19pm

root@srv1:/home/ubuntu# ls -la /home/queverenponferrada/conf/web/queverenponferrada.com/
total 40
drwxr-xr-x 3 root root               4096 Mar 26 21:47 .
drwxr-x--x 5 root root               4096 Jan 31 18:41 ..
-rw-r----- 1 root queverenponferrada 2669 Feb 13 10:23 nginx.conf
-rw-r--r-- 1 root root                159 Mar 26 21:47 nginx.conf_letsencrypt
-rw-r----- 1 root queverenponferrada  234 Jan 31 18:41 nginx.fastcgi_cache.conf
-rw-r----- 1 root queverenponferrada   38 Mar 26 21:47 nginx.forcessl.conf
-rw-r----- 1 root queverenponferrada   65 Mar 26 21:47 nginx.hsts.conf
-rw-r----- 1 root queverenponferrada 3175 Mar 26 21:47 nginx.ssl.conf
-rw-r--r-- 1 root root                159 Jan 31 18:40 nginx.ssl.conf_letsencrypt
drwxr-xr-x 2 root root               4096 Mar 26 21:47 ssl

sahsanu · March 27, 2026, 12:38pm

That must be a symbolic link to nginx.conf_letsencrypt

To fix it:

ln -sf /home/queverenponferrada/conf/web/queverenponferrada.com/nginx.conf_letsencrypt /home/queverenponferrada/conf/web/queverenponferrada.com/nginx.ssl.conf_letsencrypt

web3.0 · March 27, 2026, 1:11pm

Thank you very much, but I don’t want to do it now because there’s traffic and I would have to generate another certificate with active Bunny and I don’t want to lose the traffic.

sahsanu · March 27, 2026, 2:03pm

You’re welcome. Just apply the fix and restart/reload nginx before trying to issue the certificate again.

web3.0 · April 10, 2026, 2:53pm

Hi, sorry for the delay in replying and confirming the solution.

I encountered the same error. To renew the certificate, I had to disable Bunny’s CDN Acceleration.

I previously performed the symbolic link as you instructed and restarted Nginx.

Regards