Сбой Acme-challenge с nginx и acmetool

Question

В настоящее время я использую acmetool для обновления моего ssl-сертификата, и он работает как шарм. Недавно, и без видимой причины, проблема просто перестала работать. У меня есть следующая nginx конфигурация для вызова:

server {
    listen         80;
    server_name    app.example.com;

    # Support let's encrypt challenges
    location /.well-known/acme-challenge/ {
        alias /var/prod/hdd/ssl_data/challenges/.well-known/acme-challenge/;
        try_files $uri @forward_https;
    }

    location @forward_https {
        return 301 https://app.example.com$request_uri;
    }

    location / {
        return 301 https://app.example.com$request_uri;
    }
}

Я создал test файл внутри /var/prod/hdd/ssl_data/challenges/.well-known/acme-challenge/, содержащий значение «foo», и при выполнении curl он возвращает это:

> curl -i http://app.example.com/.well-known/acme-challenge/test
HTTP/1.1 200 OK
Content-Security-Policy: default-src 'none'
Content-Type: text/plain
Feature-Policy: geolocation 'none'; camera 'none'; payment 'none'
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-Xss-Protection: 1; mode=block
Date: Thu, 13 Feb 2020 08:39:41 GMT
Content-Length: 48
X-IPLB-Instance: 34763

test.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8%

Я понятия не имею, откуда взялась строка 4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8% или как ее здесь добавить ...

Но поскольку она не возвращает правильное значение, задача обновления сертификата никогда не работает , Вот журнал от acmetool acmetool reconcile --xlog.severity=debug (обратите внимание, что существует несколько сертификатов, но, похоже, источником проблемы не является)

[DEBUG] fdb: enforce permissions: tmp/symlink.272820347 0/0 0/0
[DEBUG] fdb: enforce permissions: tmp/symlink.193887646 0/0 0/0
[DEBUG] fdb: enforce permissions: tmp/symlink.249806949 0/0 0/0
[DEBUG] acme.storageops: Certificate(2oeom5khoo4zgqsocqvjiqbvh5vkwkutbh7op4kjeunspluut45q) satisfies Target(app.example.com;https://acme-v01.api.letsencrypt.org/directory;0)
[DEBUG] acme.storageops: Certificate(lovxu2dnly3faocpqv5pulscajhwia56n75zvsxe7l7hj7jdzp3a) satisfies Target(app.example.com;https://acme-v01.api.letsencrypt.org/directory;0)
[DEBUG] acme.storageops: Certificate(vcky4zq2dhurro57zcgpeq2r5z3rkitgwhwa7gfzg2gktwteiskq) cannot satisfy Target(app.example.com;https://acme-v01.api.letsencrypt.org/directory;0) because required hostname "app.example.com" is not listed on it: []string{"escale.example.com"}
[DEBUG] acme.storageops: Target(app.example.com;https://acme-v01.api.letsencrypt.org/directory;0): best certificate satisfying is Certificate(2oeom5khoo4zgqsocqvjiqbvh5vkwkutbh7op4kjeunspluut45q), err=<nil>
[DEBUG] acme.storageops: Certificate(2oeom5khoo4zgqsocqvjiqbvh5vkwkutbh7op4kjeunspluut45q) needsRenewing=true notAfter=2020-02-13 13:43:17 +0000 UTC
[DEBUG] acme.storageops: Target(app.example.com;https://acme-v01.api.letsencrypt.org/directory;0): requesting certificate
[DEBUG] acme.api: request: https://acme-v01.api.letsencrypt.org/directory
[] false false map[] 0xc4201a2700 0xc4200c0630} <nil>
[DEBUG] acme.api: request: https://acme-v01.api.letsencrypt.org/acme/new-reg
[DEBUG] acme.api: response: &{409 Conflict 409 HTTP/2.0 2 0 map[Replay-Nonce:[0001qABSirixI6X6cC6WFMMhB0FyUQKF_yq5EbC9nlAYHhU] Server:[nginx] Date:[Thu, 13 Feb 2020 08:18:47 GMT] Content-Type:[application/problem+json] Content-Length:[107] Boulder-Requester:[7245536] Cache-Control:[public, max-age=0, no-cache] Location:[https://acme-v01.api.letsencrypt.org/acme/reg/7245536]] {0xc42060a140} 107 [] false false map[] 0xc4201a2300 0xc4200c0630} <nil>
[DEBUG] acme.api: request: https://acme-v01.api.letsencrypt.org/acme/reg/7245536
[DEBUG] acme.api: response: &{202 Accepted 202 HTTP/2.0 2 0 map[Server:[nginx] Date:[Thu, 13 Feb 2020 08:18:47 GMT] Content-Type:[application/json] Content-Length:[655] Boulder-Requester:[7245536] Cache-Control:[public, max-age=0, no-cache] Link:[<https://acme-v01.api.letsencrypt.org/acme/new-authz>;rel="next" <https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>;rel="terms-of-service"] Replay-Nonce:[0002qdkJEgoikDuPgTftoK4s01kd9fzsAc6DgIjWJ32NIJo]] {0xc42012aa00} 655 [] false false map[] 0xc4204b2200 0xc4200c0630} <nil>
[DEBUG] acme.storageops: trying to obtain authorization for "app.example.com"
[DEBUG] acme.api: request: https://acme-v01.api.letsencrypt.org/acme/new-authz
[DEBUG] acme.api: response: &{201 Created 201 HTTP/2.0 2 0 map[Date:[Thu, 13 Feb 2020 08:18:47 GMT] Content-Type:[application/json] Cache-Control:[public, max-age=0, no-cache] Link:[<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"] Location:[https://acme-v01.api.letsencrypt.org/acme/authz-v3/2761726438] X-Frame-Options:[DENY] Strict-Transport-Security:[max-age=604800] Server:[nginx] Content-Length:[880] Boulder-Requester:[7245536] Replay-Nonce:[0001uA-K-tVLHeGi0ePhJ9KGYKwLxHKyEIFSiOlN8dqRIZM]] {0xc4201b0a00} 880 [] false false map[] 0xc4201a2300 0xc4200c0630} <nil>
[DEBUG] acme.solver: attempting challenge type http-01
[DEBUG] acme.responder: failed to listen on [::]:80: listen tcp 0.0.0.0:80: bind: address already in use
[DEBUG] acme.responder: failed to listen on :80: listen tcp :80: bind: address already in use
[DEBUG] acme.responder: listening on 127.0.0.1:402
[DEBUG] acme.responder: listening on [::1]:4402
[DEBUG] acme.responder: listening on 127.0.0.1:4402
[DEBUG] acme.responder: listening on [::1]:402
[DEBUG] acme.responder: writing 2 webroot challenge files
[DEBUG] acme.responder: writing webroot file /var/prod/hdd/ssl/challenges/.well-known/acme-challenge/ty_RkU24EcmOEWxJ1EdXTODJPTRCjAj_Mcf9N-oVHNc
[DEBUG] acme.responder: writing webroot file /var/run/acme/acme-challenge/ty_RkU24EcmOEWxJ1EdXTODJPTRCjAj_Mcf9N-oVHNc
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/copy
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/haproxy
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/reload
[DEBUG] acme.responder: http-01 self test
[INFO] acme.responder: http-01 self test failed: Get http://app.example.com/.well-known/acme-challenge/ty_RkU24EcmOEWxJ1EdXTODJPTRCjAj_Mcf9N-oVHNc: dial tcp 137.74.28.227:80: getsockopt: connection refused
[DEBUG] acme.responder: removing webroot file /var/prod/hdd/ssl/challenges/.well-known/acme-challenge/ty_RkU24EcmOEWxJ1EdXTODJPTRCjAj_Mcf9N-oVHNc
[DEBUG] acme.responder: removing webroot file /var/run/acme/acme-challenge/ty_RkU24EcmOEWxJ1EdXTODJPTRCjAj_Mcf9N-oVHNc
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/copy
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/haproxy
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/reload
[DEBUG] acme.solver: challenge start failed: Get http://app.example.com/.well-known/acme-challenge/ty_RkU24EcmOEWxJ1EdXTODJPTRCjAj_Mcf9N-oVHNc: dial tcp 137.74.28.227:80: getsockopt: connection refused
[DEBUG] acme.solver: attempting challenge type dns-01
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/copy
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/haproxy
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/reload
[DEBUG] acme.solver: challenge start failed: could not install DNS challenge, no hooks succeeded
[ERROR] acme.storageops: could not obtain authorization for app.example.com: failed all combinations
[ERROR] acme.storageops: Target(app.example.com;https://acme-v01.api.letsencrypt.org/directory;0): failed to request certificate: failed all combinations
[DEBUG] acme.storageops: Certificate(2oeom5khoo4zgqsocqvjiqbvh5vkwkutbh7op4kjeunspluut45q) satisfies Target(app.example.com,escale.example.com;https://acme-v01.api.letsencrypt.org/directory;0)
[DEBUG] acme.storageops: Certificate(lovxu2dnly3faocpqv5pulscajhwia56n75zvsxe7l7hj7jdzp3a) cannot satisfy Target(app.example.com,escale.example.com;https://acme-v01.api.letsencrypt.org/directory;0) because required hostname "escale.example.com" is not listed on it: []string{"app.example.com"}
[DEBUG] acme.storageops: Certificate(vcky4zq2dhurro57zcgpeq2r5z3rkitgwhwa7gfzg2gktwteiskq) cannot satisfy Target(app.example.com,escale.example.com;https://acme-v01.api.letsencrypt.org/directory;0) because required hostname "app.example.com" is not listed on it: []string{"escale.example.com"}
[DEBUG] acme.storageops: Target(app.example.com,escale.example.com;https://acme-v01.api.letsencrypt.org/directory;0): best certificate satisfying is Certificate(2oeom5khoo4zgqsocqvjiqbvh5vkwkutbh7op4kjeunspluut45q), err=<nil>
[DEBUG] acme.storageops: Certificate(2oeom5khoo4zgqsocqvjiqbvh5vkwkutbh7op4kjeunspluut45q) needsRenewing=true notAfter=2020-02-13 13:43:17 +0000 UTC
[DEBUG] acme.storageops: Target(app.example.com,escale.example.com;https://acme-v01.api.letsencrypt.org/directory;0): requesting certificate
[DEBUG] acme.api: request: https://acme-v01.api.letsencrypt.org/acme/new-reg
[DEBUG] acme.api: response: &{409 Conflict 409 HTTP/2.0 2 0 map[Content-Length:[107] Boulder-Requester:[7245536] Cache-Control:[public, max-age=0, no-cache] Location:[https://acme-v01.api.letsencrypt.org/acme/reg/7245536] Replay-Nonce:[0002QzVmiSdkSYpOc3Z83mGxdiSUe3HpVbIpLGS7hb40im8] Server:[nginx] Date:[Thu, 13 Feb 2020 08:18:47 GMT] Content-Type:[application/problem+json]] {0xc420226000} 107 [] false false map[] 0xc42011c700 0xc4200c0630} <nil>
[DEBUG] acme.api: request: https://acme-v01.api.letsencrypt.org/acme/reg/7245536
[DEBUG] acme.api: response: &{202 Accepted 202 HTTP/2.0 2 0 map[Boulder-Requester:[7245536] Cache-Control:[public, max-age=0, no-cache] Link:[<https://acme-v01.api.letsencrypt.org/acme/new-authz>;rel="next" <https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>;rel="terms-of-service"] Replay-Nonce:[0001lUY_-XUBip-SnuuSYGQYerU4Dci1yhqYn3B7G1zp_rc] Server:[nginx] Date:[Thu, 13 Feb 2020 08:18:47 GMT] Content-Type:[application/json] Content-Length:[655]] {0xc420226280} 655 [] false false map[] 0xc42011c900 0xc4200c0630} <nil>
[DEBUG] acme.storageops: trying to obtain authorization for "app.example.com"
[DEBUG] acme.api: request: https://acme-v01.api.letsencrypt.org/acme/new-authz
[DEBUG] acme.api: response: &{201 Created 201 HTTP/2.0 2 0 map[Link:[<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"] Location:[https://acme-v01.api.letsencrypt.org/acme/authz-v3/2761726438] X-Frame-Options:[DENY] Strict-Transport-Security:[max-age=604800] Date:[Thu, 13 Feb 2020 08:18:47 GMT] Boulder-Requester:[7245536] Cache-Control:[public, max-age=0, no-cache] Replay-Nonce:[0002ms1wXEUCMMXQZIL3sfQ9mZdiyJuMucPw-qzBsxB67qA] Server:[nginx] Content-Type:[application/json] Content-Length:[880]] {0xc420226500} 880 [] false false map[] 0xc42011cb00 0xc4200c0630} <nil>
[DEBUG] acme.solver: attempting challenge type http-01
[DEBUG] acme.responder: failed to listen on [::]:80: listen tcp 0.0.0.0:80: bind: address already in use
[DEBUG] acme.responder: failed to listen on :80: listen tcp :80: bind: address already in use
[DEBUG] acme.responder: listening on 127.0.0.1:402
[DEBUG] acme.responder: listening on [::1]:4402
[DEBUG] acme.responder: listening on 127.0.0.1:4402
[DEBUG] acme.responder: listening on [::1]:402
[DEBUG] acme.responder: writing 2 webroot challenge files
[DEBUG] acme.responder: writing webroot file /var/prod/hdd/ssl/challenges/.well-known/acme-challenge/ty_RkU24EcmOEWxJ1EdXTODJPTRCjAj_Mcf9N-oVHNc
[DEBUG] acme.responder: writing webroot file /var/run/acme/acme-challenge/ty_RkU24EcmOEWxJ1EdXTODJPTRCjAj_Mcf9N-oVHNc
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/copy
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/haproxy
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/reload
[DEBUG] acme.responder: http-01 self test
[INFO] acme.responder: http-01 self test failed: Get http://app.example.com/.well-known/acme-challenge/ty_RkU24EcmOEWxJ1EdXTODJPTRCjAj_Mcf9N-oVHNc: dial tcp 137.74.28.227:80: getsockopt: connection refused
[DEBUG] acme.responder: removing webroot file /var/prod/hdd/ssl/challenges/.well-known/acme-challenge/ty_RkU24EcmOEWxJ1EdXTODJPTRCjAj_Mcf9N-oVHNc
[DEBUG] acme.responder: removing webroot file /var/run/acme/acme-challenge/ty_RkU24EcmOEWxJ1EdXTODJPTRCjAj_Mcf9N-oVHNc
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/copy
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/haproxy
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/reload
[DEBUG] acme.solver: challenge start failed: Get http://app.example.com/.well-known/acme-challenge/ty_RkU24EcmOEWxJ1EdXTODJPTRCjAj_Mcf9N-oVHNc: dial tcp 137.74.28.227:80: getsockopt: connection refused
[DEBUG] acme.solver: attempting challenge type dns-01
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/copy
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/haproxy
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/reload
[DEBUG] acme.solver: challenge start failed: could not install DNS challenge, no hooks succeeded
[ERROR] acme.storageops: could not obtain authorization for app.example.com: failed all combinations
[ERROR] acme.storageops: Target(app.example.com,escale.example.com;https://acme-v01.api.letsencrypt.org/directory;0): failed to request certificate: failed all combinations
[DEBUG] acme.storageops: Certificate(vcky4zq2dhurro57zcgpeq2r5z3rkitgwhwa7gfzg2gktwteiskq) cannot satisfy Target(app.example.com;https://acme-v01.api.letsencrypt.org/directory;0) because required hostname "app.example.com" is not listed on it: []string{"escale.example.com"}
[DEBUG] acme.storageops: Certificate(2oeom5khoo4zgqsocqvjiqbvh5vkwkutbh7op4kjeunspluut45q) satisfies Target(app.example.com;https://acme-v01.api.letsencrypt.org/directory;0)
[DEBUG] acme.storageops: Certificate(lovxu2dnly3faocpqv5pulscajhwia56n75zvsxe7l7hj7jdzp3a) satisfies Target(app.example.com;https://acme-v01.api.letsencrypt.org/directory;0)
[DEBUG] acme.storageops: Target(app.example.com;https://acme-v01.api.letsencrypt.org/directory;0): best certificate satisfying is Certificate(2oeom5khoo4zgqsocqvjiqbvh5vkwkutbh7op4kjeunspluut45q), err=<nil>
[DEBUG] acme.storageops: Certificate(2oeom5khoo4zgqsocqvjiqbvh5vkwkutbh7op4kjeunspluut45q) needsRenewing=true notAfter=2020-02-13 13:43:17 +0000 UTC
[DEBUG] acme.storageops: Target(app.example.com;https://acme-v01.api.letsencrypt.org/directory;0): requesting certificate
[DEBUG] acme.api: request: https://acme-v01.api.letsencrypt.org/acme/new-reg
[DEBUG] acme.api: response: &{409 Conflict 409 HTTP/2.0 2 0 map[Replay-Nonce:[00028gXJ-IArkTwJWKjNC8z48YQYsNHN_OBZwxhSiUmLgxU] Server:[nginx] Date:[Thu, 13 Feb 2020 08:18:48 GMT] Content-Type:[application/problem+json] Content-Length:[107] Boulder-Requester:[7245536] Cache-Control:[public, max-age=0, no-cache] Location:[https://acme-v01.api.letsencrypt.org/acme/reg/7245536]] {0xc4202268c0} 107 [] false false map[] 0xc42011d200 0xc4200c0630} <nil>
[DEBUG] acme.api: request: https://acme-v01.api.letsencrypt.org/acme/reg/7245536
[DEBUG] acme.api: response: &{202 Accepted 202 HTTP/2.0 2 0 map[Date:[Thu, 13 Feb 2020 08:18:48 GMT] Content-Type:[application/json] Content-Length:[655] Boulder-Requester:[7245536] Cache-Control:[public, max-age=0, no-cache] Link:[<https://acme-v01.api.letsencrypt.org/acme/new-authz>;rel="next" <https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>;rel="terms-of-service"] Replay-Nonce:[0002gk2tw6-579yuhtlfeLBq4uwgItpzPjR4m154RCKa5Sk] Server:[nginx]] {0xc4205e6140} 655 [] false false map[] 0xc420476100 0xc4200c0630} <nil>
[DEBUG] acme.storageops: trying to obtain authorization for "app.example.com"
[DEBUG] acme.api: request: https://acme-v01.api.letsencrypt.org/acme/new-authz
[DEBUG] acme.api: response: &{201 Created 201 HTTP/2.0 2 0 map[Date:[Thu, 13 Feb 2020 08:18:48 GMT] Content-Length:[880] Boulder-Requester:[7245536] Location:[https://acme-v01.api.letsencrypt.org/acme/authz-v3/2761726438] Replay-Nonce:[0001MJMXI4KWKTdbJ_cs6-g4nOftKQBRiamLExoUREkFhlk] Strict-Transport-Security:[max-age=604800] Server:[nginx] Content-Type:[application/json] Cache-Control:[public, max-age=0, no-cache] Link:[<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"] X-Frame-Options:[DENY]] {0xc4205e63c0} 880 [] false false map[] 0xc420476300 0xc4200c0630} <nil>
[DEBUG] acme.solver: attempting challenge type http-01
[DEBUG] acme.responder: failed to listen on [::]:80: listen tcp 0.0.0.0:80: bind: address already in use
[DEBUG] acme.responder: failed to listen on :80: listen tcp :80: bind: address already in use
[DEBUG] acme.responder: listening on [::1]:4402
[DEBUG] acme.responder: listening on 127.0.0.1:4402
[DEBUG] acme.responder: listening on [::1]:402
[DEBUG] acme.responder: listening on 127.0.0.1:402
[DEBUG] acme.responder: writing 2 webroot challenge files
[DEBUG] acme.responder: writing webroot file /var/prod/hdd/ssl/challenges/.well-known/acme-challenge/ty_RkU24EcmOEWxJ1EdXTODJPTRCjAj_Mcf9N-oVHNc
[DEBUG] acme.responder: writing webroot file /var/run/acme/acme-challenge/ty_RkU24EcmOEWxJ1EdXTODJPTRCjAj_Mcf9N-oVHNc
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/copy
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/haproxy
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/reload
[DEBUG] acme.responder: http-01 self test
[INFO] acme.responder: http-01 self test failed: Get http://app.example.com/.well-known/acme-challenge/ty_RkU24EcmOEWxJ1EdXTODJPTRCjAj_Mcf9N-oVHNc: dial tcp 137.74.28.227:80: getsockopt: connection refused
[DEBUG] acme.responder: removing webroot file /var/prod/hdd/ssl/challenges/.well-known/acme-challenge/ty_RkU24EcmOEWxJ1EdXTODJPTRCjAj_Mcf9N-oVHNc
[DEBUG] acme.responder: removing webroot file /var/run/acme/acme-challenge/ty_RkU24EcmOEWxJ1EdXTODJPTRCjAj_Mcf9N-oVHNc
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/copy
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/haproxy
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/reload
[DEBUG] acme.solver: challenge start failed: Get http://app.example.com/.well-known/acme-challenge/ty_RkU24EcmOEWxJ1EdXTODJPTRCjAj_Mcf9N-oVHNc: dial tcp 137.74.28.227:80: getsockopt: connection refused
[DEBUG] acme.solver: attempting challenge type dns-01
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/copy
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/haproxy
[DEBUG] acme.hooks: calling hook script: /usr/lib/acme/hooks/reload
[DEBUG] acme.solver: challenge start failed: could not install DNS challenge, no hooks succeeded
[ERROR] acme.storageops: could not obtain authorization for app.example.com: failed all combinations
[ERROR] acme.storageops: Target(app.example.com;https://acme-v01.api.letsencrypt.org/directory;0): failed to request certificate: failed all combinations
[DEBUG] acme.storageops: done processing targets, reconciliation complete, 3 errors occurred
[ERROR] acme.storageops: error while processing targets: the following errors occurred:
error satisfying Target(app.example.com;https://acme-v01.api.letsencrypt.org/directory;0): failed all combinations;
error satisfying Target(app.example.com,escale.example.com;https://acme-v01.api.letsencrypt.org/directory;0): failed all combinations;
error satisfying Target(app.example.com;https://acme-v01.api.letsencrypt.org/directory;0): failed all combinations
[ERROR] acme.storageops: failed to reconcile: the following errors occurred:
error satisfying Target(app.example.com;https://acme-v01.api.letsencrypt.org/directory;0): failed all combinations;
error satisfying Target(app.example.com,escale.example.com;https://acme-v01.api.letsencrypt.org/directory;0): failed all combinations;
error satisfying Target(app.example.com;https://acme-v01.api.letsencrypt.org/directory;0): failed all combinations
[DEBUG] fdb: enforce permissions: tmp/symlink.091361408 0/0 0/0
[DEBUG] fdb: enforce permissions: tmp/symlink.202573791 0/0 0/0
[DEBUG] fdb: enforce permissions: tmp/symlink.695394738 0/0 0/0
[DEBUG] acme.storageops: disjoint hostname mapping: app.example.com -> Target(app.example.com,escale.example.com;https://acme-v01.api.letsencrypt.org/directory;0)
[DEBUG] acme.storageops: disjoint hostname mapping: escale.example.com -> Target(app.example.com,escale.example.com;https://acme-v01.api.letsencrypt.org/directory;0)
[DEBUG] acme.storageops: Certificate(2oeom5khoo4zgqsocqvjiqbvh5vkwkutbh7op4kjeunspluut45q) satisfies Target(app.example.com,escale.example.com;https://acme-v01.api.letsencrypt.org/directory;0)
[DEBUG] acme.storageops: Certificate(lovxu2dnly3faocpqv5pulscajhwia56n75zvsxe7l7hj7jdzp3a) cannot satisfy Target(app.example.com,escale.example.com;https://acme-v01.api.letsencrypt.org/directory;0) because required hostname "escale.example.com" is not listed on it: []string{"app.example.com"}
[DEBUG] acme.storageops: Certificate(vcky4zq2dhurro57zcgpeq2r5z3rkitgwhwa7gfzg2gktwteiskq) cannot satisfy Target(app.example.com,escale.example.com;https://acme-v01.api.letsencrypt.org/directory;0) because required hostname "app.example.com" is not listed on it: []string{"escale.example.com"}
[DEBUG] acme.storageops: Certificate(vcky4zq2dhurro57zcgpeq2r5z3rkitgwhwa7gfzg2gktwteiskq) cannot satisfy Target(app.example.com,escale.example.com;https://acme-v01.api.letsencrypt.org/directory;0) because required hostname "app.example.com" is not listed on it: []string{"escale.example.com"}
[DEBUG] acme.storageops: Certificate(2oeom5khoo4zgqsocqvjiqbvh5vkwkutbh7op4kjeunspluut45q) satisfies Target(app.example.com,escale.example.com;https://acme-v01.api.letsencrypt.org/directory;0)
[DEBUG] acme.storageops: Certificate(lovxu2dnly3faocpqv5pulscajhwia56n75zvsxe7l7hj7jdzp3a) cannot satisfy Target(app.example.com,escale.example.com;https://acme-v01.api.letsencrypt.org/directory;0) because required hostname "escale.example.com" is not listed on it: []string{"app.example.com"}
[CRITICAL] acmetool: fatal: reconcile: the following errors occurred:
error satisfying Target(app.example.com;https://acme-v01.api.letsencrypt.org/directory;0): failed all combinations;
error satisfying Target(app.example.com,escale.example.com;https://acme-v01.api.letsencrypt.org/directory;0): failed all combinations;
error satisfying Target(app.example.com;https://acme-v01.api.letsencrypt.org/directory;0): failed all combinations

Я пробовал следующее, но безуспешно: * Изменение местоположения папки acme-challenge * Разрешение на все в nginx config * Изменение псевдонима на root в nginx config * и другие ...

Я сейчас обращаюсь к сообществу, чтобы узнать что происходит и, надеюсь, найти решение.

Заранее спасибо!