search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
38.66k stars 4.91k forks source link

Account Updating does not refresh account.json #1074

Open casperklein opened 6 years ago

casperklein commented 6 years ago

I don't now if that works as designed or if it's a bug.

Updating the email address of an account seems to work (see debug log). But when I verify account.json file, the contact field is still empty.

Steps to reproduce

acme.sh --update-account --accountemail my@domain.com

Debug log

[Tue Oct 17 03:21:17 CEST 2017] response='{"id": 123456789,"key":{"kty":"RSA","n":"foo","e":"bar"},"contact":["mailto: my@domain.com"],"agreement":"https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf","initialIp":"x.x.x.x","createdAt":"2016-10-20T21:44:44Z","Status":"valid"}'

Verify account.json

{"id": 123456789,"key":{"kty":"RSA","n":"foo","e":"bar"},"contact":[],"initialIp":"x.x.x.x","createdAt":"2016-05-20T21:22:44.942609064Z","Status":""}

casperklein commented 6 years ago

Works, thank you!

The documentary should also be updated:

--accountemail Specifies the account email for registering, Only valid for the '--install' command.

to

--accountemail Specifies the account email for registering, Only valid for the '--install' and '--update-account' command.

Tungstene commented 6 years ago

Actual version (2.7.7) has the same problem. Please reopen bug.

8weemfoa0v commented 6 years ago

I'm also seeing this too.

acme.sh --update-account --accountemail <email address> will update the email address on ~/.acme.sh/account.conf, but not in ~/.acme.sh/ca/acme-v01.api.letsencrypt.org/account.json.

The updated email address doesn't get expiry reminders, suggesting that the email address update isn't successfully completed.


[Mon 23 Apr 17:15:14 AEST 2018] _SCRIPT_='/home/ssl/.acme.sh/acme.sh'
[Mon 23 Apr 17:15:14 AEST 2018] _script='/home/ssl/.acme.sh/acme.sh'
[Mon 23 Apr 17:15:14 AEST 2018] _script_home='/home/ssl/.acme.sh'
[Mon 23 Apr 17:15:14 AEST 2018] Using config home:/home/ssl/.acme.sh
[Mon 23 Apr 17:15:14 AEST 2018] LE_WORKING_DIR='/home/ssl/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.7.9
[Mon 23 Apr 17:15:14 AEST 2018] Using config home:/home/ssl/.acme.sh
[Mon 23 Apr 17:15:14 AEST 2018] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Mon 23 Apr 17:15:14 AEST 2018] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
[Mon 23 Apr 17:15:14 AEST 2018] Using config home:/home/ssl/.acme.sh
[Mon 23 Apr 17:15:14 AEST 2018] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Mon 23 Apr 17:15:14 AEST 2018] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
[Mon 23 Apr 17:15:14 AEST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Mon 23 Apr 17:15:14 AEST 2018] GET
[Mon 23 Apr 17:15:14 AEST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Mon 23 Apr 17:15:14 AEST 2018] timeout=
[Mon 23 Apr 17:15:14 AEST 2018] _CURL='curl -L --silent --dump-header /home/ssl/.acme.sh/http.header  --trace-ascii /tmp/tmp.**********  -g '
[Mon 23 Apr 17:15:14 AEST 2018] ret='0'
[Mon 23 Apr 17:15:14 AEST 2018] response='{
  "**********": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}'
[Mon 23 Apr 17:15:14 AEST 2018] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Mon 23 Apr 17:15:14 AEST 2018] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon 23 Apr 17:15:14 AEST 2018] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Mon 23 Apr 17:15:14 AEST 2018] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Mon 23 Apr 17:15:14 AEST 2018] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Mon 23 Apr 17:15:14 AEST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Mon 23 Apr 17:15:14 AEST 2018] ACME_NEW_NONCE
[Mon 23 Apr 17:15:14 AEST 2018] ACME_VERSION
[Mon 23 Apr 17:15:14 AEST 2018] RSA key
[Mon 23 Apr 17:15:14 AEST 2018] Registering account
[Mon 23 Apr 17:15:14 AEST 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Mon 23 Apr 17:15:14 AEST 2018] payload='{"resource": "new-reg", "contact": ["mailto: **********"], "terms-of-service-agreed": true, "agreement": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"}'
[Mon 23 Apr 17:15:14 AEST 2018] Use cached jwk for file: /home/ssl/.acme.sh/ca/acme-v01.api.letsencrypt.org/account.key
[Mon 23 Apr 17:15:14 AEST 2018] Get nonce. ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Mon 23 Apr 17:15:14 AEST 2018] GET
[Mon 23 Apr 17:15:14 AEST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Mon 23 Apr 17:15:14 AEST 2018] timeout=
[Mon 23 Apr 17:15:14 AEST 2018] _CURL='curl -L --silent --dump-header /home/ssl/.acme.sh/http.header  --trace-ascii /tmp/tmp.**********  -g '
[Mon 23 Apr 17:15:15 AEST 2018] ret='0'
[Mon 23 Apr 17:15:15 AEST 2018] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 658
Replay-Nonce: **********
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 23 Apr 2018 07:15:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 23 Apr 2018 07:15:15 GMT
Connection: keep-alive
'
[Mon 23 Apr 17:15:15 AEST 2018] _CACHED_NONCE='**********'
[Mon 23 Apr 17:15:15 AEST 2018] nonce='**********'
[Mon 23 Apr 17:15:15 AEST 2018] POST
[Mon 23 Apr 17:15:15 AEST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Mon 23 Apr 17:15:15 AEST 2018] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "**********"}}, "protected": "**********", "payload": "**********", "signature": "**********"}'
[Mon 23 Apr 17:15:15 AEST 2018] _postContentType
[Mon 23 Apr 17:15:15 AEST 2018] _CURL='curl -L --silent --dump-header /home/ssl/.acme.sh/http.header  --trace-ascii /tmp/tmp.**********  -g '
[Mon 23 Apr 17:15:16 AEST 2018] _ret='0'
[Mon 23 Apr 17:15:16 AEST 2018] original='{
  "type": "urn:acme:error:malformed",
  "detail": "Registration key is already in use",
  "status": 409
}'
[Mon 23 Apr 17:15:16 AEST 2018] responseHeaders='HTTP/1.1 100 Continue
Expires: Mon, 23 Apr 2018 07:15:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 409 Conflict
Server: nginx
Content-Type: application/problem+json
Content-Length: 107
Boulder-Requester: 19734681
Location: https://acme-v01.api.letsencrypt.org/acme/reg/**********
Replay-Nonce: **********
Expires: Mon, 23 Apr 2018 07:15:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 23 Apr 2018 07:15:16 GMT
Connection: close
'
[Mon 23 Apr 17:15:16 AEST 2018] response='{"type":"urn:acme:error:malformed","detail":"Registration key is already in use","status": 409}'
[Mon 23 Apr 17:15:16 AEST 2018] code='409'
[Mon 23 Apr 17:15:16 AEST 2018] Already registered
[Mon 23 Apr 17:15:16 AEST 2018] responseHeaders='HTTP/1.1 100 Continue
Expires: Mon, 23 Apr 2018 07:15:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 409 Conflict
Server: nginx
Content-Type: application/problem+json
Content-Length: 107
Boulder-Requester: 19734681
Location: https://acme-v01.api.letsencrypt.org/acme/reg/**********
Replay-Nonce: **********
Expires: Mon, 23 Apr 2018 07:15:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 23 Apr 2018 07:15:16 GMT
Connection: close
'
[Mon 23 Apr 17:15:16 AEST 2018] _accUri='https://acme-v01.api.letsencrypt.org/acme/reg/**********'
[Mon 23 Apr 17:15:16 AEST 2018] Calc CA_KEY_HASH='**********'
[Mon 23 Apr 17:15:16 AEST 2018] ACCOUNT_THUMBPRINT='**********'```
SpazeDev commented 6 years ago

Im having the same issue on v2.7.9

deanet commented 6 years ago

any update of this issue ? contact still null on v2.7.9

"contact":[]

mspreij commented 5 years ago

I ended up reinstalling and specifying the email address..