Multiple DuckDNS subdomains verification failure

[frosty5689]

Hi, I am encountering problem when trying to create a certificate with multiple SAN using DuckDNS. The problem is DuckDNS uses the same TXT record for all its subdomain. IE: setting TXT record for test2.mytest.duckdns.org also sets TXT record for mytest.duckdns.org. The way acme.sh is setup right now, it will set TXT record to all domains and then verify them one by one. For DuckDNS subdomain to be supported, it will have to set TXT record for one domain and verify before moving on to the next one.

Steps to reproduce

1. Use DuckDNS domains with subdomains (ie: test1.mytest.duckdns.org, test2.mytest.duckdns.org)
2. Run acme.sh --issue
3. Fails at verifying first domain because TXT record on DuckDNS is shared between main subdomain and subdomain (Setting test2.mytest.duckdns.org also changes test1.mytest.duckdns.org TXT record)

Debug log

[admin@local]/root: /usr/local/pkg/acme/acme.sh --issue -d 'test1.tmpdom.duckdns.org' -d 'test2.tmpdom.duckdns.org' --home '/tmp/acme/test/' --accountconf '/tmp/acme/test/accountconf.conf' --force --reloadCmd '/tmp/acme/test/reloadcmd.sh' --dns 'dns_duckdns' --debug 2 [Sat Feb 3 17:18:15 PST 2018] Lets find script dir. [Sat Feb 3 17:18:15 PST 2018] SCRIPT='/usr/local/pkg/acme/acme.sh' [Sat Feb 3 17:18:15 PST 2018] _script='/usr/local/pkg/acme/acme.sh' [Sat Feb 3 17:18:15 PST 2018] _script_home='/usr/local/pkg/acme' [Sat Feb 3 17:18:15 PST 2018] Using config home:/tmp/acme/test/ [Sat Feb 3 17:18:15 PST 2018] LE_WORKING_DIR='/tmp/acme/test/' https://github.com/Neilpang/acme.sh v2.7.6 [Sat Feb 3 17:18:15 PST 2018] Using config home:/tmp/acme/test/ [Sat Feb 3 17:18:15 PST 2018] ACME_DIRECTORY='https://acme-staging.api.letsencrypt.org/directory' [Sat Feb 3 17:18:15 PST 2018] _ACME_SERVER_HOST='acme-staging.api.letsencrypt.org' [Sat Feb 3 17:18:15 PST 2018] DOMAIN_PATH='/tmp/acme/test//test1.tmpdom.duckdns.org' [Sat Feb 3 17:18:15 PST 2018] Using ACME_DIRECTORY: https://acme-staging.api.letsencrypt.org/directory [Sat Feb 3 17:18:15 PST 2018] _init api for server: https://acme-staging.api.letsencrypt.org/directory [Sat Feb 3 17:18:15 PST 2018] GET [Sat Feb 3 17:18:15 PST 2018] url='https://acme-staging.api.letsencrypt.org/directory' [Sat Feb 3 17:18:15 PST 2018] timeout [Sat Feb 3 17:18:15 PST 2018] _CURL='curl -L --silent --dump-header /tmp/acme/test//http.header --trace-ascii /tmp/tmp.kSXmYUmB ' [Sat Feb 3 17:18:16 PST 2018] ret='0' [Sat Feb 3 17:18:16 PST 2018] response='{ "JLl6wyCi_0k": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "key-change": "https://acme-staging.api.letsencrypt.org/acme/key-change", "meta": { "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" }, "new-authz": "https://acme-staging.api.letsencrypt.org/acme/new-authz", "new-cert": "https://acme-staging.api.letsencrypt.org/acme/new-cert", "new-reg": "https://acme-staging.api.letsencrypt.org/acme/new-reg", "revoke-cert": "https://acme-staging.api.letsencrypt.org/acme/revoke-cert" }' [Sat Feb 3 17:18:16 PST 2018] ACME_KEY_CHANGE='https://acme-staging.api.letsencrypt.org/acme/key-change' [Sat Feb 3 17:18:16 PST 2018] ACME_NEW_AUTHZ='https://acme-staging.api.letsencrypt.org/acme/new-authz' [Sat Feb 3 17:18:16 PST 2018] ACME_NEW_ORDER='https://acme-staging.api.letsencrypt.org/acme/new-cert' [Sat Feb 3 17:18:16 PST 2018] ACME_NEW_ACCOUNT='https://acme-staging.api.letsencrypt.org/acme/new-reg' [Sat Feb 3 17:18:16 PST 2018] ACME_REVOKE_CERT='https://acme-staging.api.letsencrypt.org/acme/revoke-cert' [Sat Feb 3 17:18:16 PST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf' [Sat Feb 3 17:18:16 PST 2018] Le_NextRenewTime [Sat Feb 3 17:18:16 PST 2018] _on_before_issue [Sat Feb 3 17:18:16 PST 2018] 'dns_duckdns' does not contain 'no' [Sat Feb 3 17:18:16 PST 2018] Le_LocalAddress [Sat Feb 3 17:18:16 PST 2018] Check for domain='test1.tmpdom.duckdns.org' [Sat Feb 3 17:18:16 PST 2018] _currentRoot='dns_duckdns' [Sat Feb 3 17:18:16 PST 2018] Check for domain='test2.tmpdom.duckdns.org' [Sat Feb 3 17:18:16 PST 2018] _currentRoot='dns_duckdns' [Sat Feb 3 17:18:16 PST 2018] 'dns_duckdns' does not contain 'apache' [Sat Feb 3 17:18:16 PST 2018] _saved_account_key_hash='DUMMY' [Sat Feb 3 17:18:16 PST 2018] _saved_account_key_hash is not changed, skip register account. [Sat Feb 3 17:18:16 PST 2018] Read key length: [Sat Feb 3 17:18:16 PST 2018] _createcsr [Sat Feb 3 17:18:16 PST 2018] domain='test1.tmpdom.duckdns.org' [Sat Feb 3 17:18:16 PST 2018] domainlist='test2.tmpdom.duckdns.org' [Sat Feb 3 17:18:16 PST 2018] csrkey='/tmp/acme/test//test1.tmpdom.duckdns.org/test1.tmpdom.duckdns.org.key' [Sat Feb 3 17:18:16 PST 2018] csr='/tmp/acme/test//test1.tmpdom.duckdns.org/test1.tmpdom.duckdns.org.csr' [Sat Feb 3 17:18:16 PST 2018] csrconf='/tmp/acme/test//test1.tmpdom.duckdns.org/test1.tmpdom.duckdns.org.csr.conf' [Sat Feb 3 17:18:16 PST 2018] _is_idn_d='test2.tmpdom.duckdns.org' [Sat Feb 3 17:18:16 PST 2018] _idn_temp [Sat Feb 3 17:18:16 PST 2018] domainlist='test2.tmpdom.duckdns.org' [Sat Feb 3 17:18:16 PST 2018] Multi domain='DNS:test2.tmpdom.duckdns.org' [Sat Feb 3 17:18:16 PST 2018] _is_idn_d='test1.tmpdom.duckdns.org' [Sat Feb 3 17:18:16 PST 2018] _idn_temp [Sat Feb 3 17:18:16 PST 2018] _csr_cn='test1.tmpdom.duckdns.org' [Sat Feb 3 17:18:16 PST 2018] Getting domain auth token for each domain [Sat Feb 3 17:18:16 PST 2018] Getting webroot for domain='test1.tmpdom.duckdns.org' [Sat Feb 3 17:18:16 PST 2018] _w='dns_duckdns' [Sat Feb 3 17:18:16 PST 2018] _currentRoot='dns_duckdns' [Sat Feb 3 17:18:16 PST 2018] Getting new-authz for domain='test1.tmpdom.duckdns.org' [Sat Feb 3 17:18:16 PST 2018] _init api for server: https://acme-staging.api.letsencrypt.org/directory [Sat Feb 3 17:18:16 PST 2018] Try new-authz for the 0 time. [Sat Feb 3 17:18:16 PST 2018] _is_idn_d='test1.tmpdom.duckdns.org' [Sat Feb 3 17:18:16 PST 2018] _idn_temp [Sat Feb 3 17:18:16 PST 2018] url='https://acme-staging.api.letsencrypt.org/acme/new-authz' [Sat Feb 3 17:18:16 PST 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "test1.tmpdom.duckdns.org"}}' [Sat Feb 3 17:18:16 PST 2018] RSA key [Sat Feb 3 17:18:16 PST 2018] _URGLY_PRINTF='1' [Sat Feb 3 17:18:16 PST 2018] _URGLY_PRINTF='1' [Sat Feb 3 17:18:16 PST 2018] Get nonce. ACME_DIRECTORY='https://acme-staging.api.letsencrypt.org/directory' [Sat Feb 3 17:18:16 PST 2018] GET [Sat Feb 3 17:18:16 PST 2018] url='https://acme-staging.api.letsencrypt.org/directory' [Sat Feb 3 17:18:16 PST 2018] timeout [Sat Feb 3 17:18:16 PST 2018] _CURL='curl -L --silent --dump-header /tmp/acme/test//http.header --trace-ascii /tmp/tmp.Hth5azy2 ' [Sat Feb 3 17:18:17 PST 2018] ret='0' [Sat Feb 3 17:18:17 PST 2018] _headers='HTTP/1.1 200 OK Server: nginx Content-Type: application/json Content-Length: 582 Replay-Nonce: DUMMY_TOKEN X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sun, 04 Feb 2018 01:18:17 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 04 Feb 2018 01:18:17 GMT Connection: keep-alive ' [Sat Feb 3 17:18:17 PST 2018] _CACHED_NONCE='DUMMY_TOKEN' [Sat Feb 3 17:18:17 PST 2018] nonce='DUMMY_TOKEN' [Sat Feb 3 17:18:17 PST 2018] POST [Sat Feb 3 17:18:17 PST 2018] url='https://acme-staging.api.letsencrypt.org/acme/new-authz' [Sat Feb 3 17:18:17 PST 2018] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA"}' [Sat Feb 3 17:18:17 PST 2018] _CURL='curl -L --silent --dump-header /tmp/acme/test//http.header --trace-ascii /tmp/tmp.SbdCUdwM ' [Sat Feb 3 17:18:17 PST 2018] _ret='0' [Sat Feb 3 17:18:17 PST 2018] original='{ "identifier": { "type": "dns", "value": "test1.tmpdom.duckdns.org" }, "status": "pending", "expires": "2018-02-11T01:18:17.500348673Z", "challenges": [ { "type": "http-01", "status": "pending", "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956275", "token": "DUMMY" }, { "type": "dns-01", "status": "pending", "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956276", "token": "DUMMY" } ], "combinations": [ [ 0 ], [ 1 ] ] }' [Sat Feb 3 17:18:17 PST 2018] responseHeaders='HTTP/1.1 100 Continue Expires: Sun, 04 Feb 2018 01:18:17 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache

HTTP/1.1 201 Created Server: nginx Content-Type: application/json Content-Length: 744 Boulder-Requester: 5488769 Link: https://acme-staging.api.letsencrypt.org/acme/new-cert;rel="next" Location: https://acme-staging.api.letsencrypt.org/acme/authz/DUMMY_TOKEN Replay-Nonce: DUMMY_TOKEN X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sun, 04 Feb 2018 01:18:17 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 04 Feb 2018 01:18:17 GMT Connection: keep-alive ' [Sat Feb 3 17:18:17 PST 2018] response='{"identifier":{"type":"dns","value":"test1.tmpdom.duckdns.org"},"status":"pending","expires":"2018-02-11T01:18:17.500348673Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956275","token":"FC5qHwd4Fg1dfBtDsFzah4MiT40fiw-du0R92sH6-L8"},{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956276","token":"DUMMY_TOKEN"}],"combinations":[[0],[1]]}' [Sat Feb 3 17:18:17 PST 2018] code='201' [Sat Feb 3 17:18:17 PST 2018] The new-authz request is ok. [Sat Feb 3 17:18:17 PST 2018] entry='"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956276","token":"DUMMY_TOKEN"' [Sat Feb 3 17:18:17 PST 2018] token='DUMMY_TOKEN' [Sat Feb 3 17:18:17 PST 2018] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956276' [Sat Feb 3 17:18:17 PST 2018] keyauthorization='DUMMY_TOKEN.DUMMY_TOKEN' [Sat Feb 3 17:18:17 PST 2018] dvlist='test1.tmpdom.duckdns.org#DUMMY_TOKEN.DUMMY_TOKEN#https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956276#dns-01#dns_duckdns' [Sat Feb 3 17:18:17 PST 2018] Getting webroot for domain='test2.tmpdom.duckdns.org' [Sat Feb 3 17:18:17 PST 2018] _w='dns_duckdns' [Sat Feb 3 17:18:17 PST 2018] _currentRoot='dns_duckdns' [Sat Feb 3 17:18:17 PST 2018] Getting new-authz for domain='test2.tmpdom.duckdns.org' [Sat Feb 3 17:18:17 PST 2018] _init api for server: https://acme-staging.api.letsencrypt.org/directory [Sat Feb 3 17:18:17 PST 2018] Try new-authz for the 0 time. [Sat Feb 3 17:18:17 PST 2018] _is_idn_d='test2.tmpdom.duckdns.org' [Sat Feb 3 17:18:17 PST 2018] _idn_temp [Sat Feb 3 17:18:17 PST 2018] url='https://acme-staging.api.letsencrypt.org/acme/new-authz' [Sat Feb 3 17:18:17 PST 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "test2.tmpdom.duckdns.org"}}' [Sat Feb 3 17:18:17 PST 2018] Use cached jwk for file: /tmp/acme/test//ca/acme-staging.api.letsencrypt.org/account.key [Sat Feb 3 17:18:17 PST 2018] Use _CACHED_NONCE='DUMMY_TOKEN' [Sat Feb 3 17:18:17 PST 2018] nonce='DUMMY_TOKEN' [Sat Feb 3 17:18:17 PST 2018] POST [Sat Feb 3 17:18:17 PST 2018] url='https://acme-staging.api.letsencrypt.org/acme/new-authz' [Sat Feb 3 17:18:17 PST 2018] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "DUMMY_TOKEN", "payload": "DUMMY_TOKEN", "signature": "DUMMY_TOKEN"}' [Sat Feb 3 17:18:17 PST 2018] _CURL='curl -L --silent --dump-header /tmp/acme/test//http.header --trace-ascii /tmp/tmp.joAjYBwj ' [Sat Feb 3 17:18:18 PST 2018] _ret='0' [Sat Feb 3 17:18:18 PST 2018] original='{ "identifier": { "type": "dns", "value": "test2.tmpdom.duckdns.org" }, "status": "pending", "expires": "2018-02-11T01:18:18.078501309Z", "challenges": [ { "type": "http-01", "status": "pending", "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956277", "token": "DUMMY_TOKEN" }, { "type": "dns-01", "status": "pending", "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956278", "token": "DUMMY_TOKEN" } ], "combinations": [ [ 0 ], [ 1 ] ] }' [Sat Feb 3 17:18:18 PST 2018] responseHeaders='HTTP/1.1 100 Continue Expires: Sun, 04 Feb 2018 01:18:18 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache

HTTP/1.1 201 Created Server: nginx Content-Type: application/json Content-Length: 744 Boulder-Requester: 5488769 Link: https://acme-staging.api.letsencrypt.org/acme/new-cert;rel="next" Location: https://acme-staging.api.letsencrypt.org/acme/authz/DUMMY_TOKEN Replay-Nonce: _56Kgh0L7F2u3UlD0moZZATD-sWuje87wUOMj_E6Mg0 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sun, 04 Feb 2018 01:18:18 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 04 Feb 2018 01:18:18 GMT Connection: keep-alive ' [Sat Feb 3 17:18:18 PST 2018] response='{"identifier":{"type":"dns","value":"test2.tmpdom.duckdns.org"},"status":"pending","expires":"2018-02-11T01:18:18.078501309Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956277","token":"9QFQ_F_jYS46KDndpAvd-oepAMi2O8fUyyQObWrKJ7c"},{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956278","token":"DUMMY_TOKEN"}],"combinations":[[0],[1]]}' [Sat Feb 3 17:18:18 PST 2018] code='201' [Sat Feb 3 17:18:18 PST 2018] The new-authz request is ok. [Sat Feb 3 17:18:18 PST 2018] entry='"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956278","token":"DUMMY_TOKEN"' [Sat Feb 3 17:18:18 PST 2018] token='DUMMY_TOKEN' [Sat Feb 3 17:18:18 PST 2018] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956278' [Sat Feb 3 17:18:18 PST 2018] keyauthorization='DUMMY_TOKEN.DUMMY_TOKEN' [Sat Feb 3 17:18:18 PST 2018] dvlist='test2.tmpdom.duckdns.org#DUMMY_TOKEN.DUMMY_TOKEN#https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956278#dns-01#dns_duckdns' [Sat Feb 3 17:18:18 PST 2018] vlist='test1.tmpdom.duckdns.org#DUMMY_TOKEN.DUMMY_TOKEN#https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956276#dns-01#dns_duckdns,test2.tmpdom.duckdns.org#DUMMY_TOKEN.DUMMY_TOKEN#https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956278#dns-01#dns_duckdns,' [Sat Feb 3 17:18:18 PST 2018] txtdomain='_acme-challenge.test1.tmpdom.duckdns.org' [Sat Feb 3 17:18:18 PST 2018] txt='C5_odEoVo-7FHxyWdaGXsVz3Pb3lZcF4jxXhB3jJXvk' [Sat Feb 3 17:18:18 PST 2018] d_api='/usr/local/pkg/acme/dnsapi/dns_duckdns.sh' [Sat Feb 3 17:18:18 PST 2018] Found domain api file: /usr/local/pkg/acme/dnsapi/dns_duckdns.sh [Sat Feb 3 17:18:18 PST 2018] Trying to add TXT record [Sat Feb 3 17:18:18 PST 2018] param='domains=tmpdom&token=DUMMY_TOKEN&txt=C5_odEoVo-7FHxyWdaGXsVz3Pb3lZcF4jxXhB3jJXvk' [Sat Feb 3 17:18:18 PST 2018] url='https://www.duckdns.org/update?domains=tmpdom&token=DUMMY_TOKEN&txt=C5_odEoVo-7FHxyWdaGXsVz3Pb3lZcF4jxXhB3jJXvk' [Sat Feb 3 17:18:18 PST 2018] GET [Sat Feb 3 17:18:18 PST 2018] url='https://www.duckdns.org/update?domains=tmpdom&token=DUMMY_TOKEN&txt=C5_odEoVo-7FHxyWdaGXsVz3Pb3lZcF4jxXhB3jJXvk' [Sat Feb 3 17:18:18 PST 2018] timeout [Sat Feb 3 17:18:18 PST 2018] _CURL='curl -L --silent --dump-header /tmp/acme/test//http.header --trace-ascii /tmp/tmp.mzgk9WtY ' [Sat Feb 3 17:18:18 PST 2018] ret='0' [Sat Feb 3 17:18:18 PST 2018] response='OK' [Sat Feb 3 17:18:18 PST 2018] TXT record has been successfully added to your DuckDNS domain. [Sat Feb 3 17:18:18 PST 2018] Note that all subdomains under this domain uses the same TXT record. [Sat Feb 3 17:18:18 PST 2018] txtdomain='_acme-challenge.test2.tmpdom.duckdns.org' [Sat Feb 3 17:18:18 PST 2018] txt='8T9KxzVcnUFrM52zHSn884ogMqZ1MzptcKVi2iZ4hyI' [Sat Feb 3 17:18:18 PST 2018] d_api='/usr/local/pkg/acme/dnsapi/dns_duckdns.sh' [Sat Feb 3 17:18:18 PST 2018] Found domain api file: /usr/local/pkg/acme/dnsapi/dns_duckdns.sh [Sat Feb 3 17:18:18 PST 2018] Trying to add TXT record [Sat Feb 3 17:18:18 PST 2018] param='domains=tmpdom&token=DUMMY_TOKEN&txt=8T9KxzVcnUFrM52zHSn884ogMqZ1MzptcKVi2iZ4hyI' [Sat Feb 3 17:18:18 PST 2018] url='https://www.duckdns.org/update?domains=tmpdom&token=DUMMY_TOKEN&txt=8T9KxzVcnUFrM52zHSn884ogMqZ1MzptcKVi2iZ4hyI' [Sat Feb 3 17:18:18 PST 2018] GET [Sat Feb 3 17:18:18 PST 2018] url='https://www.duckdns.org/update?domains=tmpdom&token=DUMMY_TOKEN&txt=8T9KxzVcnUFrM52zHSn884ogMqZ1MzptcKVi2iZ4hyI' [Sat Feb 3 17:18:18 PST 2018] timeout [Sat Feb 3 17:18:18 PST 2018] _CURL='curl -L --silent --dump-header /tmp/acme/test//http.header --trace-ascii /tmp/tmp.QY1iW3Th ' [Sat Feb 3 17:18:18 PST 2018] ret='0' [Sat Feb 3 17:18:18 PST 2018] response='OK' [Sat Feb 3 17:18:18 PST 2018] TXT record has been successfully added to your DuckDNS domain. [Sat Feb 3 17:18:18 PST 2018] Note that all subdomains under this domain uses the same TXT record. [Sat Feb 3 17:18:18 PST 2018] Sleep 120 seconds for the txt records to take effect [Sat Feb 3 17:18:20 PST 2018] ok, let's start to verify [Sat Feb 3 17:18:20 PST 2018] Verifying:test1.tmpdom.duckdns.org [Sat Feb 3 17:18:20 PST 2018] d='test1.tmpdom.duckdns.org' [Sat Feb 3 17:18:20 PST 2018] keyauthorization='DUMMY_TOKEN.DUMMY_TOKEN' [Sat Feb 3 17:18:20 PST 2018] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956276' [Sat Feb 3 17:18:20 PST 2018] _currentRoot='dns_duckdns' [Sat Feb 3 17:18:20 PST 2018] tigger domain validation. [Sat Feb 3 17:18:20 PST 2018] _t_url='https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956276' [Sat Feb 3 17:18:20 PST 2018] _t_key_authz='DUMMY_TOKEN.DUMMY_TOKEN' [Sat Feb 3 17:18:20 PST 2018] url='https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956276' [Sat Feb 3 17:18:20 PST 2018] payload='{"resource": "challenge", "keyAuthorization": "DUMMY_TOKEN.DUMMY_TOKEN"}' [Sat Feb 3 17:18:20 PST 2018] Use cached jwk for file: /tmp/acme/test//ca/acme-staging.api.letsencrypt.org/account.key [Sat Feb 3 17:18:20 PST 2018] Use _CACHED_NONCE='_56Kgh0L7F2u3UlD0moZZATD-sWuje87wUOMj_E6Mg0' [Sat Feb 3 17:18:20 PST 2018] nonce='_56Kgh0L7F2u3UlD0moZZATD-sWuje87wUOMj_E6Mg0' [Sat Feb 3 17:18:20 PST 2018] POST [Sat Feb 3 17:18:20 PST 2018] url='https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956276' [Sat Feb 3 17:18:20 PST 2018] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "9FFmmvMQhzQgEyvy1l3--M7ugdrlEeuA_uOsCzAROmX3XvfetVEKEB42NTs9aO6avxBrwn0dN_wVwpPRXCGCWHdyKRaf97qlXOJJWGRvFDHHq4TXzJxI7bGRT7BjkOyZxcI3k6kWN0tSPc1Ssb6LvP4ORLFuiCQy9pgVJMVGJ3BtX_qOcotqkvKrmp_J8szwNWJIpjlLeHc4fOHmT120RQ-61Uo-YecQJNBcLrKXdCGDUAY4mplkwombYfPIBB4Yj37L_qqzP7y37-VJlDHb6BVx8yqq7rnJmkUhgOeOx3nfJfBsnnXBJb1mpBSpFX85ZvrX1AeeCecWITM4CCEmX74-xwIXIJlTF3f-aj8rEZD3694TwEfJLxYtB04NLsaUcMy3M1nChdzEcRsuVeDI_yKhA8G3IS-LiFMKBf2x_uQtGJ-7C2sQiqXGTRPTSwhp3Qg1Fy1BGvu-AzH1zlL2R_8B3034B_KNv76-gOr6nQKOq8D9V6FliYsVVJvmf129K0o-cAQ_dTtE42vpzhztVhVlQG4SGZIN8V31dgGTTPi77Bxxsm2lRir9b8LCipnJ9B3Zm-Q0mgmYJX0I9bE7NgQzFT6d_xVc1_gmytcf8NBh7cGxTpFKbqCJEvFTdvkI7wqNTj3YKniFonZQo9hV_sKPkVkkFGQutyBF_FH8ACc"}}, "protected": "eyJub25jZSI6ICJfNTZLZ2gwTDdGMnUzVWxEMG1vWlpBVEQtc1d1amU4N3dVT01qX0U2TWcwIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL2RlcFhuZHdEOXV3SGtkY2pSblZXTHFqRVpnT0w1QnZ3a05tWVpOT3dDMWMvOTc5NTYyNzYiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICI5RkZtbXZNUWh6UWdFeXZ5MWwzLS1NN3VnZHJsRWV1QV91T3NDekFST21YM1h2ZmV0VkVLRUI0Mk5UczlhTzZhdnhCcnduMGROX3dWd3BQUlhDR0NXSGR5S1JhZjk3cWxYT0pKV0dSdkZESEhxNFRYekp4STdiR1JUN0Jqa095WnhjSTNrNmtXTjB0U1BjMVNzYjZMdlA0T1JMRnVpQ1F5OXBnVkpNVkdKM0J0WF9xT2NvdHFrdktybXBfSjhzendOV0pJcGpsTGVIYzRmT0htVDEyMFJRLTYxVW8tWWVjUUpOQmNMcktYZENHRFVBWTRtcGxrd29tYllmUElCQjRZajM3TF9xcXpQN3kzNy1WSmxESGI2QlZ4OHlxcTdybkpta1VoZ09lT3gzbmZKZkJzbm5YQkpiMW1wQlNwRlg4NVp2clgxQWVlQ2VjV0lUTTRDQ0VtWDc0LXh3SVhJSmxURjNmLWFqOHJFWkQzNjk0VHdFZkpMeFl0QjA0TkxzYVVjTXkzTTFuQ2hkekVjUnN1VmVESV95S2hBOEczSVMtTGlGTUtCZjJ4X3VRdEdKLTdDMnNRaXFYR1RSUFRTd2hwM1FnMUZ5MUJHdnUtQXpIMXpsTDJSXzhCMzAzNEJfS052NzYtZ09yNm5RS09xOEQ5VjZGbGlZc1ZWSnZtZjEyOUswby1jQVFfZFR0RTQydnB6aHp0VmhWbFFHNFNHWklOOFYzMWRnR1RUUGk3N0J4eHNtMmxSaXI5YjhMQ2lwbko5QjNabS1RMG1nbVlKWDBJOWJFN05nUXpGVDZkX3hWYzFfZ215dGNmOE5CaDdjR3hUcEZLYnFDSkV2RlRkdmtJN3dxTlRqM1lLbmlGb25aUW85aFZfc0tQa1Zra0ZHUXV0eUJGX0ZIOEFDYyJ9fQ", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJienI1aVl2QUh4OGVCcWg4TUpCeFROakpaWDNJSHZuRnh0VjVXMS15YXJNLjh6ZDZVc1R4cUNGNl96MEZEMHg4UXo4R3BMdlo0M0NnMmpyOVpYQjc0aEUifQ", "signature": "lvdRZaFp6lmXmp-IKozODZp63f9nuzyr4N4J2cioDH_vpHZURazPkXixr69Du8XDcImWodNh6rD-nuWlFs7k-Gps6pLusATucObWsQMz9YEQd1qt-jVPPgTaJH4GwUJFe6I9D0gRc2yex5a4J1cdMCdqFBjd-n8tFUQb8mmAPGqQ1Apca2ASSJD5rGF4PkA25r3oosLfktfZgnhMybjZhhFeZImoJcvCwt7NUFGAd7Atud6Hu7MhIZKpge7SsXC0UJqjXU1MTTc2xNeukqUMiDQuc_tUnv6vZIuZYd27qnavJo-tjSO9exllkQwyOWeyFU2VgpRvfjdrfGjMH1kI51lMLuBT1JaoGZQ1s5b1y5WSQxWhicFmbANg27dZIMcfddQUZMv4zoM_gUf5eND6f-92BCrP8cFw3Ree5XO2xSLqwjaQuO3V1wap8b2RWNSwflqBm-_0Gz-A0bOWP8wV83C29paooyTuSD-KnyeQqvr51vJPziMaZ_3oBcuDL4igeVZCk4FsRcbMvFL6nBhHEh93JtaGgMj51JeEraSOsPFI2_pu2y7ZKR3slpk5oNBhOOKJ4inkZsPxO-nWu_2uQb5lBEFB6DkirLYqq1QddcX7-3a9I636qbtAyswsFA64mGSKS87Ju3jBN-SV9WiO_JpS0ErqPoNuMfkFG2hkzgk"}' [Sat Feb 3 17:18:20 PST 2018] _CURL='curl -L --silent --dump-header /tmp/acme/test//http.header --trace-ascii /tmp/tmp.3JEJPB8D ' [Sat Feb 3 17:18:21 PST 2018] _ret='0' [Sat Feb 3 17:18:21 PST 2018] original='{ "type": "dns-01", "status": "pending", "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956276", "token": "DUMMY_TOKEN", "keyAuthorization": "DUMMY_TOKEN.DUMMY_TOKEN" }' [Sat Feb 3 17:18:21 PST 2018] responseHeaders='HTTP/1.1 100 Continue Expires: Sun, 04 Feb 2018 01:18:21 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache

HTTP/1.1 202 Accepted Server: nginx Content-Type: application/json Content-Length: 337 Boulder-Requester: 5488769 Link: https://acme-staging.api.letsencrypt.org/acme/authz/DUMMY_TOKEN;rel="up" Location: https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956276 Replay-Nonce: DUMMY_TOKEN Expires: Sun, 04 Feb 2018 01:18:21 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 04 Feb 2018 01:18:21 GMT Connection: keep-alive ' [Sat Feb 3 17:18:21 PST 2018] response='{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956276","token":"DUMMY_TOKEN","keyAuthorization":"DUMMY_TOKEN.DUMMY_TOKEN"}' [Sat Feb 3 17:18:21 PST 2018] code='202' [Sat Feb 3 17:18:21 PST 2018] sleep 2 secs to verify [Sat Feb 3 17:18:23 PST 2018] checking [Sat Feb 3 17:18:23 PST 2018] GET [Sat Feb 3 17:18:23 PST 2018] url='https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956276' [Sat Feb 3 17:18:23 PST 2018] timeout [Sat Feb 3 17:18:23 PST 2018] _CURL='curl -L --silent --dump-header /tmp/acme/test//http.header --trace-ascii /tmp/tmp.M72vIhcC ' [Sat Feb 3 17:18:23 PST 2018] ret='0' [Sat Feb 3 17:18:23 PST 2018] original='{ "type": "dns-01", "status": "invalid", "error": { "type": "urn:acme:error:unauthorized", "detail": "Incorrect TXT record \"8T9KxzVcnUFrM52zHSn884ogMqZ1MzptcKVi2iZ4hyI\" found at _acme-challenge.test1.tmpdom.duckdns.org", "status": 403 }, "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956276", "token": "DUMMY_TOKEN", "keyAuthorization": "DUMMY_TOKEN.DUMMY_TOKEN" }' [Sat Feb 3 17:18:23 PST 2018] response='{"type":"dns-01","status":"invalid","error":{"type":"urn:acme:error:unauthorized","detail":"Incorrect TXT record \"8T9KxzVcnUFrM52zHSn884ogMqZ1MzptcKVi2iZ4hyI\" found at _acme-challenge.test1.tmpdom.duckdns.org","status": 403},"uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956276","token":"DUMMY_TOKEN","keyAuthorization":"DUMMY_TOKEN.DUMMY_TOKEN"}' [Sat Feb 3 17:18:23 PST 2018] error='"error":{"type":"urn:acme:error:unauthorized","detail":"Incorrect TXT record ' [Sat Feb 3 17:18:23 PST 2018] errordetail='Incorrect TXT record ' [Sat Feb 3 17:18:23 PST 2018] test1.tmpdom.duckdns.org:Verify error:Incorrect TXT record [Sat Feb 3 17:18:23 PST 2018] h_api='/usr/local/pkg/acme/dnsapi/dns_duckdns.sh' [Sat Feb 3 17:18:23 PST 2018] Found domain http api file: /usr/local/pkg/acme/dnsapi/dns_duckdns.sh [Sat Feb 3 17:18:23 PST 2018] Trying to remove TXT record [Sat Feb 3 17:18:23 PST 2018] param='domains=tmpdom&token=DUMMY_TOKEN&txt=&clear=true' [Sat Feb 3 17:18:23 PST 2018] url='https://www.duckdns.org/update?domains=tmpdom&token=DUMMY_TOKEN&txt=&clear=true' [Sat Feb 3 17:18:23 PST 2018] GET [Sat Feb 3 17:18:23 PST 2018] url='https://www.duckdns.org/update?domains=tmpdom&token=DUMMY_TOKEN&txt=&clear=true' [Sat Feb 3 17:18:23 PST 2018] timeout [Sat Feb 3 17:18:23 PST 2018] _CURL='curl -L --silent --dump-header /tmp/acme/test//http.header --trace-ascii /tmp/tmp.udUEvkK7 ' [Sat Feb 3 17:18:23 PST 2018] ret='0' [Sat Feb 3 17:18:23 PST 2018] response='OK' [Sat Feb 3 17:18:23 PST 2018] TXT record has been successfully removed from your DuckDNS domain. [Sat Feb 3 17:18:23 PST 2018] pid [Sat Feb 3 17:18:23 PST 2018] No need to restore nginx, skip. [Sat Feb 3 17:18:23 PST 2018] _clearupdns [Sat Feb 3 17:18:23 PST 2018] txt='C5_odEoVo-7FHxyWdaGXsVz3Pb3lZcF4jxXhB3jJXvk' [Sat Feb 3 17:18:23 PST 2018] d_api='/usr/local/pkg/acme/dnsapi/dns_duckdns.sh' [Sat Feb 3 17:18:23 PST 2018] Trying to remove TXT record [Sat Feb 3 17:18:23 PST 2018] param='domains=tmpdom&token=DUMMY_TOKEN&txt=&clear=true' [Sat Feb 3 17:18:23 PST 2018] url='https://www.duckdns.org/update?domains=tmpdom&token=DUMMY_TOKEN&txt=&clear=true' [Sat Feb 3 17:18:23 PST 2018] GET [Sat Feb 3 17:18:23 PST 2018] url='https://www.duckdns.org/update?domains=tmpdom&token=DUMMY_TOKEN&txt=&clear=true' [Sat Feb 3 17:18:23 PST 2018] timeout [Sat Feb 3 17:18:23 PST 2018] _CURL='curl -L --silent --dump-header /tmp/acme/test//http.header --trace-ascii /tmp/tmp.b14DZTnt ' [Sat Feb 3 17:18:23 PST 2018] ret='0' [Sat Feb 3 17:18:23 PST 2018] response='OK' [Sat Feb 3 17:18:23 PST 2018] TXT record has been successfully removed from your DuckDNS domain. [Sat Feb 3 17:18:23 PST 2018] txt='8T9KxzVcnUFrM52zHSn884ogMqZ1MzptcKVi2iZ4hyI' [Sat Feb 3 17:18:23 PST 2018] d_api='/usr/local/pkg/acme/dnsapi/dns_duckdns.sh' [Sat Feb 3 17:18:23 PST 2018] Trying to remove TXT record [Sat Feb 3 17:18:23 PST 2018] param='domains=tmpdom&token=DUMMY_TOKEN&txt=&clear=true' [Sat Feb 3 17:18:23 PST 2018] url='https://www.duckdns.org/update?domains=tmpdom&token=DUMMY_TOKEN&txt=&clear=true' [Sat Feb 3 17:18:23 PST 2018] GET [Sat Feb 3 17:18:23 PST 2018] url='https://www.duckdns.org/update?domains=tmpdom&token=DUMMY_TOKEN&txt=&clear=true' [Sat Feb 3 17:18:23 PST 2018] timeout [Sat Feb 3 17:18:23 PST 2018] _CURL='curl -L --silent --dump-header /tmp/acme/test//http.header --trace-ascii /tmp/tmp.SySHFLoN ' [Sat Feb 3 17:18:26 PST 2018] ret='0' [Sat Feb 3 17:18:26 PST 2018] response='OK' [Sat Feb 3 17:18:26 PST 2018] TXT record has been successfully removed from your DuckDNS domain. [Sat Feb 3 17:18:26 PST 2018] _on_issue_err [Sat Feb 3 17:18:26 PST 2018] Please check log file for more details: /tmp/acme/test/acme_issuecert.log [Sat Feb 3 17:18:26 PST 2018] _chk_vlist='test1.tmpdom.duckdns.org#DUMMY_TOKEN.DUMMY_TOKEN#https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956276#dns-01#dns_duckdns,test2.tmpdom.duckdns.org#DUMMY_TOKEN.DUMMY_TOKEN#https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956278#dns-01#dns_duckdns,' [Sat Feb 3 17:18:26 PST 2018] start to deactivate authz [Sat Feb 3 17:18:26 PST 2018] tigger domain validation. [Sat Feb 3 17:18:26 PST 2018] _t_url='https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956276' [Sat Feb 3 17:18:26 PST 2018] _t_key_authz='DUMMY_TOKEN.DUMMY_TOKEN' [Sat Feb 3 17:18:26 PST 2018] url='https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956276' [Sat Feb 3 17:18:26 PST 2018] payload='{"resource": "challenge", "keyAuthorization": "DUMMY_TOKEN.DUMMY_TOKEN"}' [Sat Feb 3 17:18:26 PST 2018] Use cached jwk for file: /tmp/acme/test//ca/acme-staging.api.letsencrypt.org/account.key [Sat Feb 3 17:18:26 PST 2018] Use _CACHED_NONCE='DUMMY_TOKEN' [Sat Feb 3 17:18:26 PST 2018] nonce='DUMMY_TOKEN' [Sat Feb 3 17:18:26 PST 2018] POST [Sat Feb 3 17:18:26 PST 2018] url='https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956276' [Sat Feb 3 17:18:26 PST 2018] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA"}' [Sat Feb 3 17:18:26 PST 2018] _CURL='curl -L --silent --dump-header /tmp/acme/test//http.header --trace-ascii /tmp/tmp.Cb5cYSUv ' [Sat Feb 3 17:18:27 PST 2018] _ret='0' [Sat Feb 3 17:18:27 PST 2018] original='{ "type": "urn:acme:error:malformed", "detail": "Unable to update challenge :: The challenge is not pending.", "status": 400 }' [Sat Feb 3 17:18:27 PST 2018] responseHeaders='HTTP/1.1 100 Continue Expires: Sun, 04 Feb 2018 01:18:27 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache

HTTP/1.1 400 Bad Request Server: nginx Content-Type: application/problem+json Content-Length: 132 Boulder-Requester: 5488769 Replay-Nonce: DUMMY_TOKEN Expires: Sun, 04 Feb 2018 01:18:27 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 04 Feb 2018 01:18:27 GMT Connection: close ' [Sat Feb 3 17:18:27 PST 2018] response='{"type":"urn:acme:error:malformed","detail":"Unable to update challenge :: The challenge is not pending.","status": 400}' [Sat Feb 3 17:18:27 PST 2018] code='400' [Sat Feb 3 17:18:27 PST 2018] tigger domain validation. [Sat Feb 3 17:18:27 PST 2018] _t_url='https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956278' [Sat Feb 3 17:18:27 PST 2018] _t_key_authz='DUMMY_TOKEN.DUMMY_TOKEN' [Sat Feb 3 17:18:27 PST 2018] url='https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956278' [Sat Feb 3 17:18:27 PST 2018] payload='{"resource": "challenge", "keyAuthorization": "DUMMY_TOKEN.DUMMY_TOKEN"}' [Sat Feb 3 17:18:27 PST 2018] Use cached jwk for file: /tmp/acme/test//ca/acme-staging.api.letsencrypt.org/account.key [Sat Feb 3 17:18:27 PST 2018] Use _CACHED_NONCE='DUMMY_TOKEN' [Sat Feb 3 17:18:27 PST 2018] nonce='DUMMY_TOKEN' [Sat Feb 3 17:18:27 PST 2018] POST [Sat Feb 3 17:18:27 PST 2018] url='https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956278' [Sat Feb 3 17:18:27 PST 2018] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA"}' [Sat Feb 3 17:18:27 PST 2018] _CURL='curl -L --silent --dump-header /tmp/acme/test//http.header --trace-ascii /tmp/tmp.QzbmILQI ' [Sat Feb 3 17:18:27 PST 2018] _ret='0' [Sat Feb 3 17:18:27 PST 2018] original='{ "type": "dns-01", "status": "pending", "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956278", "token": "DUMMY_TOKEN", "keyAuthorization": "DUMMY_TOKEN.DUMMY_TOKEN" }' [Sat Feb 3 17:18:27 PST 2018] responseHeaders='HTTP/1.1 100 Continue Expires: Sun, 04 Feb 2018 01:18:27 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache

HTTP/1.1 202 Accepted Server: nginx Content-Type: application/json Content-Length: 337 Boulder-Requester: 5488769 Link: https://acme-staging.api.letsencrypt.org/acme/authz/DUMMY_TOKEN;rel="up" Location: https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN/97956278 Replay-Nonce: cEzPR1dk_MHVmakOj97rHn8kzo_gfnh2FypHvmm8bo8 Expires: Sun, 04 Feb 2018 01:18:27 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 04 Feb 2018 01:18:27 GMT Connection: keep-alive ' [Sat Feb 3 17:18:27 PST 2018] response='{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/DUMMY_TOKEN","token":"DUMMY_TOKEN","keyAuthorization":"DUMMY_TOKEN.DUMMY_TOKEN"}' [Sat Feb 3 17:18:27 PST 2018] code='202' [Sat Feb 3 17:18:27 PST 2018] Diagnosis versions: openssl:openssl OpenSSL 1.0.2m-freebsd 2 Nov 2017 apache: apache doesn't exists. nginx: nginx version: nginx/1.12.1 built with OpenSSL 1.0.2k-freebsd 26 Jan 2017 (running with OpenSSL 1.0.2m-freebsd 2 Nov 2017) TLS SNI support enabled configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --user=www --group=www --modules-path=/usr/local/libexec/nginx --with-file-aio --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx/access.log --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gzip_static_module --with-http_gunzip_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_stub_status_module --with-http_sub_module --add-module=/wrkdirs/usr/ports/www/nginx/work/ngx_devel_kit-0.3.0 --add-dynamic-module=/wrkdirs/usr/ports/www/nginx/work/lua-nginx-module-0.10.8 --with-pcre --with-http_v2_module --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --with-mail=dynamic --without-mail_imap_module --without-mail_pop3_module --without-mail_smtp_module --with-mail_ssl_module --with-http_ssl_module socat: socat by Gerhard Rieger and contributors - see www.dest-unreach.org Usage: socat [options] options: -V print version and feature information to stdout, and exit -h|-? print a help text describing command line options and addresses -hh like -h, plus a list of all common address option names -hhh like -hh, plus a list of all available address option names -d increase verbosity (use up to 4 times; 2 are recommended) -D analyze file descriptors before loop -ly[facility] log to syslog, using facility (default is daemon) -lf log to file -ls log to stderr (default if no other log) -lm[facility] mixed log mode (stderr during initialization, then syslog) -lp set the program name used for logging -lu use microseconds for logging timestamps -lh add hostname to log messages -v verbose data traffic, text -x verbose data traffic, hexadecimal -b set data buffer size (8192) -s sloppy (continue on error) -t wait seconds before closing second channel -T total inactivity timeout in seconds -u unidirectional mode (left to right) -U unidirectional mode (right to left) -g do not check option groups -L try to obtain lock, or fail -W try to obtain lock, or wait -4 prefer IPv4 if version is not explicitly specified -6 prefer IPv6 if version is not explicitly specified bi-address: pipe[,] groups=FD,FIFO

!! single-address: [,] address-head: create: groups=FD,REG,NAMED exec: groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX fd: groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP gopen: groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX ip-datagram:: groups=FD,SOCKET,RANGE,IP4,IP6 ip-recv: groups=FD,SOCKET,RANGE,IP4,IP6 ip-recvfrom: groups=FD,SOCKET,CHILD,RANGE,IP4,IP6 ip-sendto:: groups=FD,SOCKET,IP4,IP6 ip4-datagram:: groups=FD,SOCKET,RANGE,IP4 ip4-recv: groups=FD,SOCKET,RANGE,IP4 ip4-recvfrom: groups=FD,SOCKET,CHILD,RANGE,IP4 ip4-sendto:: groups=FD,SOCKET,IP4 ip6-datagram:: groups=FD,SOCKET,RANGE,IP6 ip6-recv: groups=FD,SOCKET,RANGE,IP6 ip6-recvfrom: groups=FD,SOCKET,CHILD,RANGE,IP6 ip6-sendto:: groups=FD,SOCKET,IP6 open: groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS openssl:: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL openssl-listen: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL pipe: groups=FD,FIFO,NAMED,OPEN proxy::: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP pty groups=FD,NAMED,TERMIOS,PTY sctp-connect:: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP sctp-listen: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP sctp4-connect:: groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP sctp4-listen: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP sctp6-connect:: groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP sctp6-listen: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP socket-connect::: groups=FD,SOCKET,CHILD,RETRY socket-datagram:::: groups=FD,SOCKET,RANGE socket-listen::: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE socket-recv:::: groups=FD,SOCKET,RANGE socket-recvfrom:::: groups=FD,SOCKET,CHILD,RANGE socket-sendto:::: groups=FD,SOCKET socks4::: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4 socks4a::: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4 stderr groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP stdin groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP stdio groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP stdout groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP system: groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX tcp-connect:: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP tcp-listen: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP tcp4-connect:: groups=FD,SOCKET,CHILD,RETRY,IP4,TCP tcp4-listen: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP tcp6-connect:: groups=FD,SOCKET,CHILD,RETRY,IP6,TCP tcp6-listen: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP udp-connect:: groups=FD,SOCKET,IP4,IP6,UDP udp-datagram:: groups=FD,SOCKET,RANGE,IP4,IP6,UDP udp-listen: groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP udp-recv: groups=FD,SOCKET,RANGE,IP4,IP6,UDP udp-recvfrom: groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP udp-sendto:: groups=FD,SOCKET,IP4,IP6,UDP udp4-connect:: groups=FD,SOCKET,IP4,UDP udp4-datagram:: groups=FD,SOCKET,RANGE,IP4,UDP udp4-listen: groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP udp4-recv: groups=FD,SOCKET,RANGE,IP4,UDP udp4-recvfrom:: groups=FD,SOCKET,CHILD,RANGE,IP4,UDP udp4-sendto:: groups=FD,SOCKET,IP4,UDP udp6-connect:: groups=FD,SOCKET,IP6,UDP udp6-datagram:: groups=FD,SOCKET,RANGE,IP6,UDP udp6-listen: groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP udp6-recv: groups=FD,SOCKET,RANGE,IP6,UDP udp6-recvfrom: groups=FD,SOCKET,CHILD,RANGE,IP6,UDP udp6-sendto:: groups=FD,SOCKET,IP6,UDP unix-client: groups=FD,SOCKET,NAMED,RETRY,UNIX unix-connect: groups=FD,SOCKET,NAMED,RETRY,UNIX unix-listen: groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX unix-recv: groups=FD,SOCKET,NAMED,RETRY,UNIX unix-recvfrom: groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX unix-sendto: groups=FD,SOCKET,NAMED,RETRY,UNIX ``` acme.sh --issue -d 'test1.tmpdom.duckdns.org' -d 'test2.tmpdom.duckdns.org' --home '/tmp/acme/test/' --accountconf '/tmp/acme/test/accountconf.conf' --force --reloadCmd '/tmp/acme/test/reloadcmd.sh' --dns 'dns_duckdns' --debug 2 ```

[Neilpang]

Yes, it was a known issue. I knew that duckdns shares the same txt record for all its subdomains.

You can report bugs to duckdns.

As a tricky workaround, if you have two domains, you can run --issue twice.

acme.sh --issue -d 'test1.tmpdom.duckdns.org' -d 'test2.tmpdom.duckdns.org'  --dns 'dns_duckdns'

Then again:

acme.sh --issue -d 'test1.tmpdom.duckdns.org' -d 'test2.tmpdom.duckdns.org'  --dns 'dns_duckdns'

[frosty5689]

Running it twice doesn't fix the problem though, since the script sets all the TXT records first and then verify them. So it will always fail at verifying the first domain.

One workaround I had was to verify 1st domain, then verify 1st+2nd, and so on since previously verified domains will be skipped. This is not a very good workaround and quickly exhaust the rate limit letsencrypt have.

Edit: Is there an alternative free DDNS service that you know of which supports TXT record through API and works in this use case? (subdomain of subdomain)

[bjmgeek]

After a bit of googling, I found https://www.dynu.com/Resources/Tutorials/DynamicDNS/CreateTXTRecord

I don't know about the subdomain question.

[mod242]

Unfortunately the exact same issue exists with the ddnss-Service, since here is also only one TXT entry for all potential subdomains. Is there any chance for a solution in the process so that each domain is verified one after another?

[KnicKnic]

LEGO can serialize solving requests for duckdns, https://github.com/go-acme/lego/issues/680

[Neilpang]

@KnicKnic How does it work?

[KnicKnic]

@Neilpang the PR should be listed in the issue. Otherwise you may want to go to the https://traefik.io discord and ask ldez if you have any questions on the code as he wrote it.