2025-12-25 00:22:14,973:DEBUG:certbot._internal.main:certbot version: 5.1.0
2025-12-25 00:22:14,973:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2025-12-25 00:22:14,973:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/data/logs', '--cert-name', 'npm-6', '--agree-tos', '--authenticator', 'webroot', '-m', 'kincses@gmail.com', '--preferred-challenges', 'http', '--domains', 'NAS']
2025-12-25 00:22:14,973:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-12-25 00:22:14,983:DEBUG:certbot._internal.log:Root logging level set at 30
2025-12-25 00:22:14,984:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2025-12-25 00:22:14,984:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A separate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x753e34e9f750>
Prep: True
2025-12-25 00:22:14,984:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x753e34e9f750> and installer None
2025-12-25 00:22:14,984:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2025-12-25 00:22:15,021:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/2906438176', new_authzr_uri=None, terms_of_service=None), e417a583de478a0cfdeed332c1113068, Meta(creation_dt=datetime.datetime(2025, 12, 24, 20, 49, 55, tzinfo=datetime.timezone.utc), creation_host='c6fe500e2aae', register_to_eff=None))>
2025-12-25 00:22:15,022:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-12-25 00:22:15,023:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-12-25 00:22:15,458:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 1033
2025-12-25 00:22:15,459:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 25 Dec 2025 00:22:15 GMT
Content-Type: application/json
Content-Length: 1033
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "1l3nqP4MWMY": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived",
      "tlsclient": "https://letsencrypt.org/docs/profiles#tlsclient",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-12-25 00:22:15,460:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for nas
2025-12-25 00:22:15,466:DEBUG:acme.client:Requesting fresh nonce
2025-12-25 00:22:15,466:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2025-12-25 00:22:15,610:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-12-25 00:22:15,611:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 25 Dec 2025 00:22:15 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: GxwILcG0AD_6BXqPygFbMveOuqSkyCiMUeUVFAvrWZI2ElVq0Ng
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2025-12-25 00:22:15,611:DEBUG:acme.client:Storing nonce: GxwILcG0AD_6BXqPygFbMveOuqSkyCiMUeUVFAvrWZI2ElVq0Ng
2025-12-25 00:22:15,612:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "nas"\n    }\n  ]\n}'
2025-12-25 00:22:15,616:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjkwNjQzODE3NiIsICJub25jZSI6ICJHeHdJTGNHMEFEXzZCWHFQeWdGYk12ZU91cVNreUNpTVVlVVZGQXZyV1pJMkVsVnEwTmciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "aJXimnOO7pSdAlG-4kI2bUUZur1O7B8TwxRG80y8nn30sdHmQvGJUANapSWrCeNO829809Id1OAWM9zyTkUc2fCqUvi2rchNuDQTRn9SkKLTF-il9YDATHln9_ntTx63_M1rpSd1Bc4C127E9kF_u0XhuOQwEX9-avrXX4IoIW5boT-UOBeTc99R7F-a44qwOygnAmm1kVsmEMhn3bDFq7zR433y8xZ3s0IOEdjwc0bBKRfyY7MSmfKd94CQOnsmwWl5Jihr0Thzb2PGrCNnPLrMZ5FJG03eFu_Dw1wHP6U5wX_AXwChJd62NtmJlLbCu38ZY4XJWWQfAU-AoZrj6w",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm5hcyIKICAgIH0KICBdCn0"
}
2025-12-25 00:22:15,759:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 400 187
2025-12-25 00:22:15,760:DEBUG:acme.client:Received response:
HTTP 400
Server: nginx
Date: Thu, 25 Dec 2025 00:22:15 GMT
Content-Type: application/problem+json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 2906438176
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: GxwILcG0ae-rlLzstdWaO22bjUruUT6uwpcxeklOj39FPgxhdl0

{
  "type": "urn:ietf:params:acme:error:rejectedIdentifier",
  "detail": "Invalid identifiers requested :: Cannot issue for \"nas\": Domain name needs at least one dot",
  "status": 400
}
2025-12-25 00:22:15,761:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 7, in <module>
    sys.exit(main())
             ^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 18, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1850, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1562, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 526, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 427, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 487, in _get_order_and_authorizations
    orderr = self.acme.new_order(csr_pem, profile=profile)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 141, in new_order
    response = self._post(self.directory['newOrder'], order)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 467, in _post
    return self.net.post(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 818, in post
    return self._post_once(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 833, in _post_once
    response = self._check_response(response, content_type=content_type)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 705, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rejectedIdentifier :: The server will not issue certificates for the identifier :: Invalid identifiers requested :: Cannot issue for "nas": Domain name needs at least one dot
2025-12-25 00:22:15,774:ERROR:certbot._internal.log:An unexpected error occurred:
2025-12-25 00:22:15,775:ERROR:certbot._internal.log:Invalid identifiers requested :: Cannot issue for "nas": Domain name needs at least one dot