search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
38.84k stars 4.93k forks source link

Cannot use other port except port 80 #1089

Closed Enterpr1se closed 6 years ago

Enterpr1se commented 6 years ago

Unable to use other port to make the cert, the verify process always use port 80, just like this

http://example.com/.well-known/acme-challenge/HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4

even users use --httpport 8080 to change the port to 8080. the like remain the same. I expect the link would be

http://example.com:8080/.well-known/acme-challenge/HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4

Steps to reproduce

acme.sh --issue -d example.com --standalone --httpport 8080

Debug log

acme.sh  --issue .....   --debug 2

admin@RT-AC68U-0A58:/tmp/home/root# /root/.acme.sh/acme.sh --issue -d example.com --standalone --httpport 8080 --debug 2 [Tue Oct 31 12:46:20 GMT 2017] Lets find script dir. [Tue Oct 31 12:46:21 GMT 2017] SCRIPT='/root/.acme.sh/acme.sh' [Tue Oct 31 12:46:21 GMT 2017] _script='/tmp/home/root/.acme.sh/acme.sh' [Tue Oct 31 12:46:21 GMT 2017] _script_home='/tmp/home/root/.acme.sh' [Tue Oct 31 12:46:21 GMT 2017] Using default home:/root/.acme.sh [Tue Oct 31 12:46:21 GMT 2017] Using config home:/root/.acme.sh [Tue Oct 31 12:46:22 GMT 2017] LE_WORKING_DIR='/root/.acme.sh' https://github.com/Neilpang/acme.sh v2.7.4 [Tue Oct 31 12:46:22 GMT 2017] Using config home:/root/.acme.sh [Tue Oct 31 12:46:22 GMT 2017] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory' [Tue Oct 31 12:46:22 GMT 2017] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org' [Tue Oct 31 12:46:23 GMT 2017] DOMAIN_PATH='/root/.acme.sh/example.com' [Tue Oct 31 12:46:23 GMT 2017] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory [Tue Oct 31 12:46:23 GMT 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory [Tue Oct 31 12:46:23 GMT 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change' [Tue Oct 31 12:46:23 GMT 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz' [Tue Oct 31 12:46:23 GMT 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert' [Tue Oct 31 12:46:24 GMT 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg' [Tue Oct 31 12:46:24 GMT 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert' [Tue Oct 31 12:46:24 GMT 2017] Le_NextRenewTime [Tue Oct 31 12:46:26 GMT 2017] _on_before_issue [Tue Oct 31 12:46:26 GMT 2017] 'no' contains 'no' [Tue Oct 31 12:46:26 GMT 2017] Le_LocalAddress [Tue Oct 31 12:46:26 GMT 2017] Check for domain='example.com' [Tue Oct 31 12:46:26 GMT 2017] _currentRoot='no' [Tue Oct 31 12:46:27 GMT 2017] Standalone mode. [Tue Oct 31 12:46:27 GMT 2017] _checkport='8080' [Tue Oct 31 12:46:27 GMT 2017] _checkaddr [Tue Oct 31 12:46:28 GMT 2017] Using: netstat [Tue Oct 31 12:46:28 GMT 2017] 'no' does not contain 'apache' [Tue Oct 31 12:46:28 GMT 2017] _saved_account_key_hash='wZ/35sefizjbxpm2PFBWgUrxYlPcDN8XdiGAtCW2rD4=' [Tue Oct 31 12:46:29 GMT 2017] _saved_account_key_hash is not changed, skip register account. [Tue Oct 31 12:46:29 GMT 2017] Read key length: [Tue Oct 31 12:46:29 GMT 2017] _createcsr [Tue Oct 31 12:46:29 GMT 2017] domain='example.com' [Tue Oct 31 12:46:29 GMT 2017] domainlist [Tue Oct 31 12:46:30 GMT 2017] csrkey='/root/.acme.sh/example.com/example.com.key' [Tue Oct 31 12:46:30 GMT 2017] csr='/root/.acme.sh/example.com/example.com.csr' [Tue Oct 31 12:46:30 GMT 2017] csrconf='/root/.acme.sh/example.com/example.com.csr.conf' [Tue Oct 31 12:46:30 GMT 2017] Single domain='example.com' [Tue Oct 31 12:46:30 GMT 2017] _is_idn_d='example.com' [Tue Oct 31 12:46:30 GMT 2017] _idn_temp [Tue Oct 31 12:46:30 GMT 2017] _csr_cn='example.com' [Tue Oct 31 12:46:31 GMT 2017] Getting domain auth token for each domain [Tue Oct 31 12:46:31 GMT 2017] Getting webroot for domain='example.com' [Tue Oct 31 12:46:31 GMT 2017] _w='no' [Tue Oct 31 12:46:32 GMT 2017] _currentRoot='no' [Tue Oct 31 12:46:32 GMT 2017] Getting new-authz for domain='example.com' [Tue Oct 31 12:46:32 GMT 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory [Tue Oct 31 12:46:32 GMT 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change' [Tue Oct 31 12:46:33 GMT 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz' [Tue Oct 31 12:46:33 GMT 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert' [Tue Oct 31 12:46:33 GMT 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg' [Tue Oct 31 12:46:33 GMT 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert' [Tue Oct 31 12:46:33 GMT 2017] Try new-authz for the 0 time. [Tue Oct 31 12:46:33 GMT 2017] _is_idn_d='example.com' [Tue Oct 31 12:46:34 GMT 2017] _idn_temp [Tue Oct 31 12:46:34 GMT 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz' [Tue Oct 31 12:46:34 GMT 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "example.com"}}' [Tue Oct 31 12:46:34 GMT 2017] RSA key [Tue Oct 31 12:46:34 GMT 2017] _URGLY_PRINTF [Tue Oct 31 12:46:35 GMT 2017] xargs [Tue Oct 31 12:46:35 GMT 2017] _URGLY_PRINTF [Tue Oct 31 12:46:35 GMT 2017] xargs [Tue Oct 31 12:46:36 GMT 2017] Get nonce. ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory' [Tue Oct 31 12:46:36 GMT 2017] GET [Tue Oct 31 12:46:36 GMT 2017] url='https://acme-v01.api.letsencrypt.org/directory' [Tue Oct 31 12:46:36 GMT 2017] timeout [Tue Oct 31 12:46:37 GMT 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/acme.shwefADf24sf.1509425196.tmp ' [Tue Oct 31 12:46:38 GMT 2017] ret='0' [Tue Oct 31 12:46:38 GMT 2017] _headers='HTTP/1.1 200 OK Server: nginx Content-Type: application/json Content-Length: 561 Replay-Nonce: xrpu07Tb0S45xqU9yVCLlmxr3ryF0MihG8_x_DIuXgA X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Tue, 31 Oct 2017 04:46:38 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 31 Oct 2017 04:46:38 GMT Connection: keep-alive ' [Tue Oct 31 12:46:38 GMT 2017] _CACHED_NONCE='xrpu07Tb0S45xqU9yVCLlmxr3ryF0MihG8_x_DIuXgA' [Tue Oct 31 12:46:38 GMT 2017] nonce='xrpu07Tb0S45xqU9yVCLlmxr3ryF0MihG8_x_DIuXgA' [Tue Oct 31 12:46:39 GMT 2017] POST [Tue Oct 31 12:46:39 GMT 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz' [Tue Oct 31 12:46:39 GMT 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "7OSqwy473PmSAvDXLELvXhLskZEhayWYmJsnogIyfuJH0mXFLLtPbe9XkvCja67gzjlI5oId-_zwXsH_Cq3cPwv6zg-cL3ZGVWB15jijYfy3O_9vUedunMc mcQL5W4a_DzpzL8ygdVSob3ZE2c_HDIeAk8AA66vz2le3GsZhH_XHQCczMaNKkGwlYie1RUFmuG6KVtAsujLGqgxibXX4-y_c1CMSsT9BX18cY7aQEQ3hh48DbxQLgsstMwls_wcKxIpZ6qSPmRIUaYngUUVgRIYNP8ddkuZizLZXKCBUS0nJYOGNAvhUjo4PyQMWUA3swlPzwYZY4bH6JjjiUKih5w"} }, "protected": "eyJub25jZSI6ICJ4cnB1MDdUYjBTNDV4cVU5eVZDTGxteHIzcnlGME1paEc4X3hfREl1WGdBIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYXV0aHoiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwg Imt0eSI6ICJSU0EiLCAibiI6ICI3T1Nxd3k0NzNQbVNBdkRYTEVMdlhoTHNrWkVoYXlXWW1Kc25vZ0l5ZnVKSDBtWEZMTHRQYmU5WGt2Q2phNjdnempsSTVvSWQtX3p3WHNIX0NxM2NQd3Y2emctY0wzWkdWV0IxNWppallmeTNPXzl2VWVkdW5NY21jUUw1VzRhX0R6cHpMOHlnZFZTb2IzWkUyY19IR EllQWs4QUE2NnZ6MmxlM0dzWmhIX1hIUUNjek1hTktrR3dsWWllMVJVRm11RzZLVnRBc3VqTEdxZ3hpYlhYNC15X2MxQ01Tc1Q5QlgxOGNZN2FRRVEzaGg0OERieFFMZ3NzdE13bHNfd2NLeElwWjZxU1BtUklVYVluZ1VVVmdSSVlOUDhkZGt1Wml6TFpYS0NCVVMwbkpZT0dOQXZoVWpvNFB5UU1XVU Ezc3dsUHp3WVpZNGJINkpqamlVS2loNXcifX0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiaXRhbGtob21lLmFzdXNjb21tLmNvbSJ9fQ", "signature": "MFsbzSqzA4445Y1XvgXvB_Lz4HRM8bkHCD EsxOS05zz_H3j10Sx0uCnYG5QA5tVA7Ijb9MMD9q8LaJ8QpwSnvr4Cjm6APcfZhIQH0BOzEXlFkpcRSuOSWsRNZap_pjRKGzY4B6bbsdH6NuM52_oemSlHk-o8EsNeZU8Vc3JctvrGL9JIHEigNXlC4i1b-CBQXGav7f2hbym3kzgV72lXWubta5ITu3x62Wo97MxOvjd1raERWMEIDRrVHJI1kLekCaK 2eXix9dfB2H5Ss2qCXr7dyBMucQNdzBdWS0aubSC_zdct3EWqNlBCviqINBkqWAKx0MvQuGFuRPfFvEBcug"}' [Tue Oct 31 12:46:40 GMT 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/acme.shwefADf24sf.1509425199.tmp ' [Tue Oct 31 12:46:42 GMT 2017] _ret='0' [Tue Oct 31 12:46:42 GMT 2017] original='{   "identifier": {     "type": "dns",     "value": "example.com"   },   "status": "pending",   "expires": "2017-11-07T04:46:41.52147853Z",   "challenges": [     {       "type": "tls-sni-01",       "status": "pending",       "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055787",       "token": "RLBQqLC3qxZtVANpAiR8SH8M23NfxlpF-Jv1svtzvG8"     },     {       "type": "dns-01",       "status": "pending",       "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055792",       "token": "hewAJlnjZ-xt4aLK-MG2ayyYCwJDDGQvgMMuF9quJHg"     },     {       "type": "http-01",       "status": "pending",       "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055799",       "token": "HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4"     }   ],   "combinations": [     [       0     ],     [       1     ],     [       2     ]   ] }' [Tue Oct 31 12:46:42 GMT 2017] responseHeaders='HTTP/1.1 100 Continue Expires: Tue, 31 Oct 2017 04:46:41 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache

HTTP/1.1 201 Created Server: nginx Content-Type: application/json Content-Length: 1009 Boulder-Requester: 23516711 Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next" Location: https://acme-v01.api.letsencrypt.org/acme/authz/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g Replay-Nonce: 9TruwNnnFS6sWEfgA4AEHF-w2eGI2g4EVqFNIz_yaF4 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Tue, 31 Oct 2017 04:46:41 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 31 Oct 2017 04:46:41 GMT Connection: keep-alive ' [Tue Oct 31 12:46:42 GMT 2017] response='{"identifier":{"type":"dns","value":"example.com"},"status":"pending","expires":"2017-11-07T04:46:41.52147853Z","challenges":[{"type":"tls-sni-01","status":"pending","uri":" https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055787","token":"RLBQqLC3qxZtVANpAiR8SH8M23NfxlpF-Jv1svtzvG8"},{"type":"dns-01","status":"pending","uri":"https://acme-v01.ap i.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055792","token":"hewAJlnjZ-xt4aLK-MG2ayyYCwJDDGQvgMMuF9quJHg"},{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/ acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055799","token":"HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4"}],"combinations":[[0],[1],[2]]}' [Tue Oct 31 12:46:42 GMT 2017] code='201' [Tue Oct 31 12:46:43 GMT 2017] The new-authz request is ok. [Tue Oct 31 12:46:43 GMT 2017] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055799","token":"HfRhr-ZPrRUpy3fBk5czRkrHquX H6ekgFeK0UJkDxl4"' [Tue Oct 31 12:46:43 GMT 2017] token='HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4' [Tue Oct 31 12:46:44 GMT 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055799' [Tue Oct 31 12:46:44 GMT 2017] keyauthorization='HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4.7rKx6-FFCWdtU2Gmv5HLWXyRrZ5iIsOHj4HqoToONH0' [Tue Oct 31 12:46:44 GMT 2017] dvlist='example.com#HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4.7rKx6-FFCWdtU2Gmv5HLWXyRrZ5iIsOHj4HqoToONH0#https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_p Uj51hj4833auBEd9nZ5g/2351055799#http-01#no' [Tue Oct 31 12:46:44 GMT 2017] vlist='example.com#HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4.7rKx6-FFCWdtU2Gmv5HLWXyRrZ5iIsOHj4HqoToONH0#https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pU j51hj4833auBEd9nZ5g/2351055799#http-01#no,' [Tue Oct 31 12:46:45 GMT 2017] ok, let's start to verify [Tue Oct 31 12:46:45 GMT 2017] Verifying:example.com [Tue Oct 31 12:46:45 GMT 2017] d='example.com' [Tue Oct 31 12:46:45 GMT 2017] keyauthorization='HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4.7rKx6-FFCWdtU2Gmv5HLWXyRrZ5iIsOHj4HqoToONH0' [Tue Oct 31 12:46:45 GMT 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055799' [Tue Oct 31 12:46:46 GMT 2017] _currentRoot='no' [Tue Oct 31 12:46:46 GMT 2017] Standalone mode server [Tue Oct 31 12:46:46 GMT 2017] ncaddr [Tue Oct 31 12:46:46 GMT 2017] startserver: 18814 [Tue Oct 31 12:46:47 GMT 2017] Le_HTTPPort='8080' [Tue Oct 31 12:46:47 GMT 2017] Le_Listen_V4 [Tue Oct 31 12:46:47 GMT 2017] Le_Listen_V6 [Tue Oct 31 12:46:47 GMT 2017] _NC='socat' [Tue Oct 31 12:46:48 GMT 2017] serverproc='20621' [Tue Oct 31 12:46:48 GMT 2017] tigger domain validation. [Tue Oct 31 12:46:49 GMT 2017] _t_url='https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055799' [Tue Oct 31 12:46:49 GMT 2017] _t_key_authz='HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4.7rKx6-FFCWdtU2Gmv5HLWXyRrZ5iIsOHj4HqoToONH0' [Tue Oct 31 12:46:49 GMT 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055799' [Tue Oct 31 12:46:49 GMT 2017] payload='{"resource": "challenge", "keyAuthorization": "HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4.7rKx6-FFCWdtU2Gmv5HLWXyRrZ5iIsOHj4HqoToONH0"}' [Tue Oct 31 12:46:49 GMT 2017] Use cached jwk for file: /root/.acme.sh/ca/acme-v01.api.letsencrypt.org/account.key [Tue Oct 31 12:46:49 GMT 2017] Use _CACHED_NONCE='9TruwNnnFS6sWEfgA4AEHF-w2eGI2g4EVqFNIz_yaF4' [Tue Oct 31 12:46:50 GMT 2017] nonce='9TruwNnnFS6sWEfgA4AEHF-w2eGI2g4EVqFNIz_yaF4' [Tue Oct 31 12:46:51 GMT 2017] POST [Tue Oct 31 12:46:51 GMT 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055799' [Tue Oct 31 12:46:51 GMT 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "7OSqwy473PmSAvDXLELvXhLskZEhayWYmJsnogIyfuJH0mXFLLtPbe9XkvCja67gzjlI5oId-_zwXsH_Cq3cPwv6zg-cL3ZGVWB15jijYfy3O_9vUedunMc mcQL5W4a_DzpzL8ygdVSob3ZE2c_HDIeAk8AA66vz2le3GsZhH_XHQCczMaNKkGwlYie1RUFmuG6KVtAsujLGqgxibXX4-y_c1CMSsT9BX18cY7aQEQ3hh48DbxQLgsstMwls_wcKxIpZ6qSPmRIUaYngUUVgRIYNP8ddkuZizLZXKCBUS0nJYOGNAvhUjo4PyQMWUA3swlPzwYZY4bH6JjjiUKih5w"} }, "protected": "eyJub25jZSI6ICI5VHJ1d05ubkZTNnNXRWZnQTRBRUhGLXcyZUdJMmc0RVZxRk5Jel95YUY0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvbHktSVdzRmJ6aU14cC1Zb1VvY3BkX3BVajUxaGo0ODMzYXVCRWQ5 blo1Zy8yMzUxMDU1Nzk5IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiN09TcXd5NDczUG1TQXZEWExFTHZYaExza1pFaGF5V1ltSnNub2dJeWZ1SkgwbVhGTEx0UGJlOVhrdkNqYTY3Z3pqbEk1b0lkLV96d1hzSF9DcTNjUHd2NnpnLWNMM 1pHVldCMTVqaWpZZnkzT185dlVlZHVuTWNtY1FMNVc0YV9EenB6TDh5Z2RWU29iM1pFMmNfSERJZUFrOEFBNjZ2ejJsZTNHc1poSF9YSFFDY3pNYU5La0d3bFlpZTFSVUZtdUc2S1Z0QXN1akxHcWd4aWJYWDQteV9jMUNNU3NUOUJYMThjWTdhUUVRM2hoNDhEYnhRTGdzc3RNd2xzX3djS3hJcFo2cV NQbVJJVWFZbmdVVVZnUklZTlA4ZGRrdVppekxaWEtDQlVTMG5KWU9HTkF2aFVqbzRQeVFNV1VBM3N3bFB6d1laWTRiSDZKamppVUtpaDV3In19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJIZlJoci1aUHJSVXB5M2ZCazVjelJrckhxdVhI NmVrZ0ZlSzBVSmtEeGw0LjdyS3g2LUZGQ1dkdFUyR212NUhMV1h5UnJaNWlJc09IajRIcW9Ub09OSDAifQ", "signature": "IAhH-f9J-tyJMYziDRyIeTFG-_mdq-AfnelN4JezBvN78O2jWpX5LdWSUIUrc_qpzoql5bsdJIOtgqS8tMsejndZSMFpDLi5aN-RRKxM63Z9t_y5-VNIhoL3CORQ1k UohuIGsMxIG27t7sO0eLGpYrCGaTVgJJCPDGJT6umtJbzVuNfBAvdxsRZdYOt_EYaZBDP0aMTNPhGT8AEc7aYIfqJBChmcEdtMUo8GLtDLgwmKCSRGrExuaJDYhZJ7z0A5xwLarAaBWLY8ZZJHpYRwqZhGK5618AWZOpoSO7yq3u7i3pfkQT27Qac-HP4mXQ9SJYIHlz_HdEfze1GESv6UiQ"}' [Tue Oct 31 12:46:51 GMT 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/acme.shwefADf24sf.1509425211.tmp ' [Tue Oct 31 12:46:53 GMT 2017] _ret='0' [Tue Oct 31 12:46:54 GMT 2017] original='{   "type": "http-01",   "status": "pending",   "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055799",   "token": "HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4",   "keyAuthorization": "HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4.7rKx6-FFCWdtU2Gmv5HLWXyRrZ5iIsOHj4HqoToONH0" }' [Tue Oct 31 12:46:54 GMT 2017] responseHeaders='HTTP/1.1 100 Continue Expires: Tue, 31 Oct 2017 04:46:53 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache

HTTP/1.1 202 Accepted Server: nginx Content-Type: application/json Content-Length: 336 Boulder-Requester: 23516711 Link: https://acme-v01.api.letsencrypt.org/acme/authz/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g;rel="up" Location: https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055799 Replay-Nonce: 88sOqsfGBFMkhtfhK6qzp0qWBAYNXbpySs1O2HF4uiE Expires: Tue, 31 Oct 2017 04:46:53 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 31 Oct 2017 04:46:53 GMT Connection: keep-alive ' [Tue Oct 31 12:46:54 GMT 2017] response='{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055799","token":"HfRhr-ZPrRUpy3fBk5czRkr HquXH6ekgFeK0UJkDxl4","keyAuthorization":"HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4.7rKx6-FFCWdtU2Gmv5HLWXyRrZ5iIsOHj4HqoToONH0"}' [Tue Oct 31 12:46:55 GMT 2017] code='202' [Tue Oct 31 12:46:55 GMT 2017] sleep 2 secs to verify [Tue Oct 31 12:46:57 GMT 2017] checking [Tue Oct 31 12:46:57 GMT 2017] GET [Tue Oct 31 12:46:58 GMT 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055799' [Tue Oct 31 12:46:58 GMT 2017] timeout [Tue Oct 31 12:46:59 GMT 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/acme.shwefADf24sf.1509425218.tmp ' [Tue Oct 31 12:47:00 GMT 2017] ret='0' [Tue Oct 31 12:47:00 GMT 2017] original='{   "type": "http-01",   "status": "invalid",   "error": {     "type": "urn:acme:error:connection",     "detail": "Fetching http://example.com/.well-known/acme-challenge/HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4: Timeout",     "status": 400   },   "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055799",   "token": "HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4",   "keyAuthorization": "HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4.7rKx6-FFCWdtU2Gmv5HLWXyRrZ5iIsOHj4HqoToONH0",   "validationRecord": [     {       "url": "http://example.com/.well-known/acme-challenge/HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4",       "hostname": "example.com",       "port": "80",       "addressesResolved": [         "1.36.31.126"       ],       "addressUsed": "1.36.31.126",       "addressesTried": []     }   ] }' [Tue Oct 31 12:47:00 GMT 2017] response='{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:connection","detail":"Fetching http://example.com/.well-known/acme-challenge/HfRhr-ZPrRUpy3fBk5czRkrHquX H6ekgFeK0UJkDxl4: Timeout","status": 400},"uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055799","token":"HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4","keyAuthorizat ion":"HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4.7rKx6-FFCWdtU2Gmv5HLWXyRrZ5iIsOHj4HqoToONH0","validationRecord":[{"url":"http://example.com/.well-known/acme-challenge/HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4", "hostname":"example.com","port":"80","addressesResolved":["1.36.31.126"],"addressUsed":"1.36.31.126","addressesTried":[]}]}' [Tue Oct 31 12:47:00 GMT 2017] error='"error":{"type":"urn:acme:error:connection","detail":"Fetching http://example.com/.well-known/acme-challenge/HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4: Timeout","status": 400 ' [Tue Oct 31 12:47:00 GMT 2017] errordetail='Fetching http://example.com/.well-known/acme-challenge/HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4: Timeout' [Tue Oct 31 12:47:01 GMT 2017] example.com:Verify error:Fetching http://example.com/.well-known/acme-challenge/HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4: Timeout [Tue Oct 31 12:47:01 GMT 2017] Debug: get token url. [Tue Oct 31 12:47:01 GMT 2017] GET [Tue Oct 31 12:47:01 GMT 2017] url='http://example.com/.well-known/acme-challenge/HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4' [Tue Oct 31 12:47:01 GMT 2017] timeout='1' [Tue Oct 31 12:47:02 GMT 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/acme.shwefADf24sf.1509425222.tmp  --connect-timeout 1' [Tue Oct 31 12:47:02 GMT 2017] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7 [Tue Oct 31 12:47:02 GMT 2017] Here is the curl dump log: [Tue Oct 31 12:47:02 GMT 2017] == Info:   Trying 1.36.31.126... == Info: TCP_NODELAY set == Info: connect to 1.36.31.126 port 80 failed: Connection refused == Info: Failed to connect to example.com port 80: Connection refused == Info: Closing connection 0 [Tue Oct 31 12:47:03 GMT 2017] ret='7' [Tue Oct 31 12:47:03 GMT 2017] Skip for removelevel: [Tue Oct 31 12:47:03 GMT 2017] pid='20621' [Tue Oct 31 12:47:03 GMT 2017] No need to restore nginx, skip. [Tue Oct 31 12:47:03 GMT 2017] _clearupdns [Tue Oct 31 12:47:03 GMT 2017] skip dns. [Tue Oct 31 12:47:03 GMT 2017] _on_issue_err [Tue Oct 31 12:47:04 GMT 2017] Please add '--debug' or '--log' to check more details. [Tue Oct 31 12:47:04 GMT 2017] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh [Tue Oct 31 12:47:04 GMT 2017] _chk_vlist='example.com#HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4.7rKx6-FFCWdtU2Gmv5HLWXyRrZ5iIsOHj4HqoToONH0#https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUoc pd_pUj51hj4833auBEd9nZ5g/2351055799#http-01#no,' [Tue Oct 31 12:47:04 GMT 2017] start to deactivate authz [Tue Oct 31 12:47:04 GMT 2017] tigger domain validation. [Tue Oct 31 12:47:05 GMT 2017] _t_url='https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055799' [Tue Oct 31 12:47:05 GMT 2017] _t_key_authz='HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4.7rKx6-FFCWdtU2Gmv5HLWXyRrZ5iIsOHj4HqoToONH0' [Tue Oct 31 12:47:05 GMT 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055799' [Tue Oct 31 12:47:05 GMT 2017] payload='{"resource": "challenge", "keyAuthorization": "HfRhr-ZPrRUpy3fBk5czRkrHquXH6ekgFeK0UJkDxl4.7rKx6-FFCWdtU2Gmv5HLWXyRrZ5iIsOHj4HqoToONH0"}' [Tue Oct 31 12:47:05 GMT 2017] Use cached jwk for file: /root/.acme.sh/ca/acme-v01.api.letsencrypt.org/account.key [Tue Oct 31 12:47:06 GMT 2017] Use _CACHED_NONCE='88sOqsfGBFMkhtfhK6qzp0qWBAYNXbpySs1O2HF4uiE' [Tue Oct 31 12:47:06 GMT 2017] nonce='88sOqsfGBFMkhtfhK6qzp0qWBAYNXbpySs1O2HF4uiE' [Tue Oct 31 12:47:07 GMT 2017] POST [Tue Oct 31 12:47:07 GMT 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/ly-IWsFbziMxp-YoUocpd_pUj51hj4833auBEd9nZ5g/2351055799' [Tue Oct 31 12:47:07 GMT 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "7OSqwy473PmSAvDXLELvXhLskZEhayWYmJsnogIyfuJH0mXFLLtPbe9XkvCja67gzjlI5oId-_zwXsH_Cq3cPwv6zg-cL3ZGVWB15jijYfy3O_9vUedunMc mcQL5W4a_DzpzL8ygdVSob3ZE2c_HDIeAk8AA66vz2le3GsZhH_XHQCczMaNKkGwlYie1RUFmuG6KVtAsujLGqgxibXX4-y_c1CMSsT9BX18cY7aQEQ3hh48DbxQLgsstMwls_wcKxIpZ6qSPmRIUaYngUUVgRIYNP8ddkuZizLZXKCBUS0nJYOGNAvhUjo4PyQMWUA3swlPzwYZY4bH6JjjiUKih5w"} }, "protected": "eyJub25jZSI6ICI4OHNPcXNmR0JGTWtodGZoSzZxenAwcVdCQVlOWGJweVNzMU8ySEY0dWlFIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvbHktSVdzRmJ6aU14cC1Zb1VvY3BkX3BVajUxaGo0ODMzYXVCRWQ5 blo1Zy8yMzUxMDU1Nzk5IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiN09TcXd5NDczUG1TQXZEWExFTHZYaExza1pFaGF5V1ltSnNub2dJeWZ1SkgwbVhGTEx0UGJlOVhrdkNqYTY3Z3pqbEk1b0lkLV96d1hzSF9DcTNjUHd2NnpnLWNMM 1pHVldCMTVqaWpZZnkzT185dlVlZHVuTWNtY1FMNVc0YV9EenB6TDh5Z2RWU29iM1pFMmNfSERJZUFrOEFBNjZ2ejJsZTNHc1poSF9YSFFDY3pNYU5La0d3bFlpZTFSVUZtdUc2S1Z0QXN1akxHcWd4aWJYWDQteV9jMUNNU3NUOUJYMThjWTdhUUVRM2hoNDhEYnhRTGdzc3RNd2xzX3djS3hJcFo2cV NQbVJJVWFZbmdVVVZnUklZTlA4ZGRrdVppekxaWEtDQlVTMG5KWU9HTkF2aFVqbzRQeVFNV1VBM3N3bFB6d1laWTRiSDZKamppVUtpaDV3In19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJIZlJoci1aUHJSVXB5M2ZCazVjelJrckhxdVhI NmVrZ0ZlSzBVSmtEeGw0LjdyS3g2LUZGQ1dkdFUyR212NUhMV1h5UnJaNWlJc09IajRIcW9Ub09OSDAifQ", "signature": "r8qOdykCpDbhyR_U46s-8BPHeW3iPe2HPrezzZsTF5SwxeUKrGKhtfj1LQndUcl_MQnvfs-_yU7A0A-JdIP34P6RjCnQhnqCLUGrWqHBVp_76i6FIzQUhOAfeB1-uR jRvwsX1asCbYYVr_nTE3bCNu0cBuk8YIImXwZdd7yC4ElqFfg7M8XE70AvSx8uUQtTtdjgjzF2W77R8p4_nnCUpvIeY2J7pKQYCo7vLfNBNkmFsfg5m57TXeUodeAu3etym6r2zekNWNEFd1JTVHnkOG2zg_pC55R9be39zAaeBJK0GkojJFu22ZpocnSCqVtbcEcwVxb5nHfXArP8Cg27zA"}' [Tue Oct 31 12:47:07 GMT 2017] Http already initialized. [Tue Oct 31 12:47:07 GMT 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/acme.shwefADf24sf.1509425222.tmp ' [Tue Oct 31 12:47:09 GMT 2017] _ret='0' [Tue Oct 31 12:47:09 GMT 2017] original='{   "type": "urn:acme:error:malformed",   "detail": "Unable to update challenge :: The challenge is not pending.",   "status": 400 }' [Tue Oct 31 12:47:09 GMT 2017] responseHeaders='HTTP/1.1 100 Continue Expires: Tue, 31 Oct 2017 04:47:08 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache

HTTP/1.1 400 Bad Request Server: nginx Content-Type: application/problem+json Content-Length: 132 Boulder-Requester: 23516711 Replay-Nonce: A9LSqvSiA64-vThINrAFYQa2Ajpdln-M0YSgmzGu3XQ Expires: Tue, 31 Oct 2017 04:47:09 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 31 Oct 2017 04:47:09 GMT Connection: close ' [Tue Oct 31 12:47:10 GMT 2017] response='{"type":"urn:acme:error:malformed","detail":"Unable to update challenge :: The challenge is not pending.","status": 400}' [Tue Oct 31 12:47:10 GMT 2017] code='400' [Tue Oct 31 12:47:11 GMT 2017] Diagnosis versions: openssl:openssl OpenSSL 1.0.2l  25 May 2017 apache: apache doesn't exists. nginx: nginx doesn't exists. socat: socat by Gerhard Rieger and contributors - see www.dest-unreach.org Usage: socat [options]    options:       -V     print version and feature information to stdout, and exit       -h|-?  print a help text describing command line options and addresses       -hh    like -h, plus a list of all common address option names       -hhh   like -hh, plus a list of all available address option names       -d     increase verbosity (use up to 4 times; 2 are recommended)       -D     analyze file descriptors before loop       -ly[facility]  log to syslog, using facility (default is daemon)       -lf   log to file       -ls            log to stderr (default if no other log)       -lm[facility]  mixed log mode (stderr during initialization, then syslog)       -lp  set the program name used for logging       -lu            use microseconds for logging timestamps       -lh            add hostname to log messages       -v     verbose data traffic, text       -x     verbose data traffic, hexadecimal       -b     set data buffer size (8192)       -s     sloppy (continue on error)       -t    wait seconds before closing second channel       -T    total inactivity timeout in seconds       -u     unidirectional mode (left to right)       -U     unidirectional mode (right to left)       -g     do not check option groups       -L   try to obtain lock, or fail       -W   try to obtain lock, or wait       -4     prefer IPv4 if version is not explicitly specified       -6     prefer IPv6 if version is not explicitly specified    bi-address:       pipe[,]     groups=FD,FIFO       !!          single-address:       [,]    address-head:       abstract-client:        groups=FD,SOCKET,RETRY,UNIX       abstract-connect:       groups=FD,SOCKET,RETRY,UNIX       abstract-listen:        groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX       abstract-recv:  groups=FD,SOCKET,RETRY,UNIX       abstract-recvfrom:      groups=FD,SOCKET,CHILD,RETRY,UNIX       abstract-sendto:        groups=FD,SOCKET,RETRY,UNIX       create: groups=FD,REG,NAMED       exec:       groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX       fd:  groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP       gopen:  groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX       interface:     groups=FD,SOCKET       ip-datagram::     groups=FD,SOCKET,RANGE,IP4,IP6       ip-recv:        groups=FD,SOCKET,RANGE,IP4,IP6       ip-recvfrom:    groups=FD,SOCKET,CHILD,RANGE,IP4,IP6       ip-sendto::       groups=FD,SOCKET,IP4,IP6       ip4-datagram::    groups=FD,SOCKET,RANGE,IP4       ip4-recv:       groups=FD,SOCKET,RANGE,IP4       ip4-recvfrom:   groups=FD,SOCKET,CHILD,RANGE,IP4       ip4-sendto::      groups=FD,SOCKET,IP4       ip6-datagram::    groups=FD,SOCKET,RANGE,IP6       ip6-recv:       groups=FD,SOCKET,RANGE,IP6       ip6-recvfrom:   groups=FD,SOCKET,CHILD,RANGE,IP6       ip6-sendto::      groups=FD,SOCKET,IP6       open:   groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS       openssl::     groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL       openssl-listen:     groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL       pipe:   groups=FD,FIFO,NAMED,OPEN       proxy:::        groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP       pty       groups=FD,NAMED,TERMIOS,PTY       sctp-connect::        groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP       sctp-listen:        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP       sctp4-connect::       groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP       sctp4-listen:       groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP       sctp6-connect::       groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP       sctp6-listen:       groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP       socket-connect:::       groups=FD,SOCKET,CHILD,RETRY       socket-datagram::::       groups=FD,SOCKET,RANGE       socket-listen::: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE       socket-recv::::    groups=FD,SOCKET,RANGE       socket-recvfrom::::        groups=FD,SOCKET,CHILD,RANGE       socket-sendto:::: groups=FD,SOCKET       socks4:::       groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4       socks4a:::      groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4       stderr    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP       stdin     groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP       stdio     groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP       stdout    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP       system:    groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX       tcp-connect:: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP       tcp-listen: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP       tcp4-connect::        groups=FD,SOCKET,CHILD,RETRY,IP4,TCP       tcp4-listen:        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP       tcp6-connect::        groups=FD,SOCKET,CHILD,RETRY,IP6,TCP       tcp6-listen:        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP       tun[:/]    groups=FD,CHR,NAMED,OPEN,INTERFACE       udp-connect:: groups=FD,SOCKET,IP4,IP6,UDP       udp-datagram::        groups=FD,SOCKET,RANGE,IP4,IP6,UDP       udp-listen: groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP       udp-recv:   groups=FD,SOCKET,RANGE,IP4,IP6,UDP       udp-recvfrom:       groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP       udp-sendto::  groups=FD,SOCKET,IP4,IP6,UDP       udp4-connect::        groups=FD,SOCKET,IP4,UDP       udp4-datagram::     groups=FD,SOCKET,RANGE,IP4,UDP       udp4-listen:        groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP       udp4-recv:  groups=FD,SOCKET,RANGE,IP4,UDP       udp4-recvfrom::       groups=FD,SOCKET,CHILD,RANGE,IP4,UDP       udp4-sendto:: groups=FD,SOCKET,IP4,UDP       udp6-connect::        groups=FD,SOCKET,IP6,UDP       udp6-datagram::       groups=FD,SOCKET,RANGE,IP6,UDP       udp6-listen:        groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP       udp6-recv:  groups=FD,SOCKET,RANGE,IP6,UDP       udp6-recvfrom:      groups=FD,SOCKET,CHILD,RANGE,IP6,UDP       udp6-sendto:: groups=FD,SOCKET,IP6,UDP       unix-client:    groups=FD,SOCKET,NAMED,RETRY,UNIX       unix-connect:   groups=FD,SOCKET,NAMED,RETRY,UNIX       unix-listen:    groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX       unix-recv:      groups=FD,SOCKET,NAMED,RETRY,UNIX       unix-recvfrom:  groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX       unix-sendto:    groups=FD,SOCKET,NAMED,RETRY,UNIX

FernandoMiguel commented 6 years ago

This is not a limitation of acme.sh but of let's encrypt. They only trust services running on port 80 or 443. Any other Port could be rogue.

You can also use dns01 to validate instead of host.

Httpport command is to be used with load balancers and not to change the Port of validation