2025-12-25 00:26:43,459:DEBUG:certbot._internal.main:certbot version: 5.1.0
2025-12-25 00:26:43,459:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2025-12-25 00:26:43,459:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/data/logs', '--cert-name', 'npm-9', '--agree-tos', '--authenticator', 'webroot', '-m', 'kincses@gmail.com', '--preferred-challenges', 'http', '--domains', 'NAS']
2025-12-25 00:26:43,459:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-12-25 00:26:43,469:DEBUG:certbot._internal.log:Root logging level set at 30
2025-12-25 00:26:43,470:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2025-12-25 00:26:43,470:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A separate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7203eeb6bf50>
Prep: True
2025-12-25 00:26:43,470:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7203eeb6bf50> and installer None
2025-12-25 00:26:43,470:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2025-12-25 00:26:43,507:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/2906438176', new_authzr_uri=None, terms_of_service=None), e417a583de478a0cfdeed332c1113068, Meta(creation_dt=datetime.datetime(2025, 12, 24, 20, 49, 55, tzinfo=datetime.timezone.utc), creation_host='c6fe500e2aae', register_to_eff=None))>
2025-12-25 00:26:43,507:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-12-25 00:26:43,509:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-12-25 00:26:43,941:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 1033
2025-12-25 00:26:43,942:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 25 Dec 2025 00:26:43 GMT
Content-Type: application/json
Content-Length: 1033
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "WZ2L0VcwJxs": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived",
      "tlsclient": "https://letsencrypt.org/docs/profiles#tlsclient",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-12-25 00:26:43,943:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for nas
2025-12-25 00:26:43,949:DEBUG:acme.client:Requesting fresh nonce
2025-12-25 00:26:43,950:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2025-12-25 00:26:44,093:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-12-25 00:26:44,094:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 25 Dec 2025 00:26:44 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: GxwILcG0UrPWURe3fNitb6iIML5gPe0pkEuCK58XtFfhhtrGoQ8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2025-12-25 00:26:44,094:DEBUG:acme.client:Storing nonce: GxwILcG0UrPWURe3fNitb6iIML5gPe0pkEuCK58XtFfhhtrGoQ8
2025-12-25 00:26:44,095:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "nas"\n    }\n  ]\n}'
2025-12-25 00:26:44,098:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjkwNjQzODE3NiIsICJub25jZSI6ICJHeHdJTGNHMFVyUFdVUmUzZk5pdGI2aUlNTDVnUGUwcGtFdUNLNThYdEZmaGh0ckdvUTgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "WkheSig5aU-YVlwOcvMr-u29JRUa79lkxSYyb71JwBzSKFWXATVnCswqzLJRm2puloOn3T2dkDszL9poBnfW_0bMVENylL93hfzFQc3hpwDE6GIQHMa7yA-ap8lczjB8sX0KK4BDcHyVUfzDyzc3vH7Md2hwArZaQaB0I5PQNH_bd9gak6x6EvpthzqHuTNoMsrCuc4ms4EkOFWhQQmUfedfLgAmXt_UwCi7Y1BTfLQRqeWNkNLc211K2_dsgc9ulhIO_Vdwqwl7e5lMGE-QHdEOoJFlw61rlwZZFn_clTeJvt4SJabYVxpfbBngpsqGstBfUPz6n3CijsHthF67Wg",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm5hcyIKICAgIH0KICBdCn0"
}
2025-12-25 00:26:44,253:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 400 187
2025-12-25 00:26:44,254:DEBUG:acme.client:Received response:
HTTP 400
Server: nginx
Date: Thu, 25 Dec 2025 00:26:44 GMT
Content-Type: application/problem+json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 2906438176
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: GxwILcG05cm3VHlJ6LM8t_GHg8V-worSn48NT3j9Yo5tZCc98tI

{
  "type": "urn:ietf:params:acme:error:rejectedIdentifier",
  "detail": "Invalid identifiers requested :: Cannot issue for \"nas\": Domain name needs at least one dot",
  "status": 400
}
2025-12-25 00:26:44,256:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 7, in <module>
    sys.exit(main())
             ^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 18, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1850, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1562, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 526, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 427, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 487, in _get_order_and_authorizations
    orderr = self.acme.new_order(csr_pem, profile=profile)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 141, in new_order
    response = self._post(self.directory['newOrder'], order)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 467, in _post
    return self.net.post(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 818, in post
    return self._post_once(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 833, in _post_once
    response = self._check_response(response, content_type=content_type)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 705, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rejectedIdentifier :: The server will not issue certificates for the identifier :: Invalid identifiers requested :: Cannot issue for "nas": Domain name needs at least one dot
2025-12-25 00:26:44,262:ERROR:certbot._internal.log:An unexpected error occurred:
2025-12-25 00:26:44,262:ERROR:certbot._internal.log:Invalid identifiers requested :: Cannot issue for "nas": Domain name needs at least one dot