Neilpang
commented
6 years ago show me the log with --log-level 2
Open Shuro opened 6 years ago
Neilpang
commented
6 years ago show me the log with --log-level 2
Shuro
commented
6 years ago Here @Neilpang .
[Thu Mar 15 16:49:17 CET 2018] LE_WORKING_DIR='/root/.acme.sh'
[Thu Mar 15 16:49:17 CET 2018] _main_domain='larptreff.de'
[Thu Mar 15 16:49:17 CET 2018] _alt_domains='*.larptreff.de'
[Thu Mar 15 16:49:17 CET 2018] Using config home:/root/.acme.sh
[Thu Mar 15 16:49:17 CET 2018] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Mar 15 16:49:17 CET 2018] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Thu Mar 15 16:49:17 CET 2018] DOMAIN_PATH='/root/.acme.sh/larptreff.de_ecc'
[Thu Mar 15 16:49:17 CET 2018] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Thu Mar 15 16:49:17 CET 2018] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Thu Mar 15 16:49:17 CET 2018] GET
[Thu Mar 15 16:49:17 CET 2018] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Mar 15 16:49:17 CET 2018] timeout=
[Thu Mar 15 16:49:17 CET 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Mar 15 16:49:17 CET 2018] ret='0'
[Thu Mar 15 16:49:17 CET 2018] response='{
"PvK8O30HUwY": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Thu Mar 15 16:49:17 CET 2018] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Thu Mar 15 16:49:17 CET 2018] ACME_NEW_AUTHZ
[Thu Mar 15 16:49:17 CET 2018] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Mar 15 16:49:17 CET 2018] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Thu Mar 15 16:49:17 CET 2018] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Thu Mar 15 16:49:17 CET 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Thu Mar 15 16:49:17 CET 2018] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Mar 15 16:49:17 CET 2018] ACME_VERSION='2'
[Thu Mar 15 16:49:17 CET 2018] Le_NextRenewTime
[Thu Mar 15 16:49:17 CET 2018] _on_before_issue
[Thu Mar 15 16:49:17 CET 2018] _chk_main_domain='larptreff.de'
[Thu Mar 15 16:49:17 CET 2018] _chk_alt_domains='*.larptreff.de'
[Thu Mar 15 16:49:17 CET 2018] 'dns_inwx' does not contain 'no'
[Thu Mar 15 16:49:17 CET 2018] Le_LocalAddress
[Thu Mar 15 16:49:17 CET 2018] d='larptreff.de'
[Thu Mar 15 16:49:17 CET 2018] Check for domain='larptreff.de'
[Thu Mar 15 16:49:17 CET 2018] _currentRoot='dns_inwx'
[Thu Mar 15 16:49:17 CET 2018] d='*.larptreff.de'
[Thu Mar 15 16:49:17 CET 2018] Check for domain='*.larptreff.de'
[Thu Mar 15 16:49:17 CET 2018] _currentRoot='dns_inwx'
[Thu Mar 15 16:49:17 CET 2018] d
[Thu Mar 15 16:49:17 CET 2018] 'dns_inwx' does not contain 'apache'
[Thu Mar 15 16:49:17 CET 2018] _saved_account_key_hash='5IC269hgcvZmVR9apArRV5sMEx6c9r4mrhZUMo/GgGY='
[Thu Mar 15 16:49:17 CET 2018] _saved_account_key_hash is not changed, skip register account.
[Thu Mar 15 16:49:17 CET 2018] Read key length:ec-256
[Thu Mar 15 16:49:17 CET 2018] _createcsr
[Thu Mar 15 16:49:17 CET 2018] domain='larptreff.de'
[Thu Mar 15 16:49:17 CET 2018] domainlist='*.larptreff.de'
[Thu Mar 15 16:49:17 CET 2018] csrkey='/root/.acme.sh/larptreff.de_ecc/larptreff.de.key'
[Thu Mar 15 16:49:17 CET 2018] csr='/root/.acme.sh/larptreff.de_ecc/larptreff.de.csr'
[Thu Mar 15 16:49:17 CET 2018] csrconf='/root/.acme.sh/larptreff.de_ecc/larptreff.de.csr.conf'
[Thu Mar 15 16:49:17 CET 2018] _is_idn_d='*.larptreff.de'
[Thu Mar 15 16:49:17 CET 2018] _idn_temp
[Thu Mar 15 16:49:17 CET 2018] domainlist='*.larptreff.de'
[Thu Mar 15 16:49:17 CET 2018] Multi domain='DNS:larptreff.de,DNS:*.larptreff.de'
[Thu Mar 15 16:49:17 CET 2018] _is_idn_d='larptreff.de'
[Thu Mar 15 16:49:17 CET 2018] _idn_temp
[Thu Mar 15 16:49:17 CET 2018] _csr_cn='larptreff.de'
[Thu Mar 15 16:49:17 CET 2018] Getting domain auth token for each domain
[Thu Mar 15 16:49:17 CET 2018] d='*.larptreff.de'
[Thu Mar 15 16:49:17 CET 2018] d
[Thu Mar 15 16:49:17 CET 2018] _identifiers='{"type":"dns","value":"larptreff.de"},{"type":"dns","value":"*.larptreff.de"}'
[Thu Mar 15 16:49:17 CET 2018] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Mar 15 16:49:17 CET 2018] payload='{"identifiers": [{"type":"dns","value":"larptreff.de"},{"type":"dns","value":"*.larptreff.de"}]}'
[Thu Mar 15 16:49:17 CET 2018] RSA key
[Thu Mar 15 16:49:17 CET 2018] Get nonce. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Mar 15 16:49:17 CET 2018] HEAD
[Thu Mar 15 16:49:17 CET 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Mar 15 16:49:17 CET 2018] body
[Thu Mar 15 16:49:17 CET 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g -H "Content-Type: application/jose+json" '
[Thu Mar 15 16:50:23 CET 2018] _ret='0'
[Thu Mar 15 16:50:23 CET 2018] _headers='HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 15 Mar 2018 15:49:17 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://application/jose+json"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
HTTP/1.1 204 No Content
Server: nginx
Replay-Nonce: pnGCchomeD7pSyeQaPB0cP9q1HzMCteLRxolSGmA9f0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 15 Mar 2018 15:50:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 15 Mar 2018 15:50:23 GMT
Connection: keep-alive
'
[Thu Mar 15 16:50:23 CET 2018] _CACHED_NONCE='pnGCchomeD7pSyeQaPB0cP9q1HzMCteLRxolSGmA9f0'
[Thu Mar 15 16:50:23 CET 2018] nonce='pnGCchomeD7pSyeQaPB0cP9q1HzMCteLRxolSGmA9f0'
[Thu Mar 15 16:50:23 CET 2018] POST
[Thu Mar 15 16:50:23 CET 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Mar 15 16:50:23 CET 2018] body='{"protected": "eyJub25jZSI6ICJwbkdDY2hvbWVEN3BTeWVRYVBCMGNQOXExSHpNQ3RlTFJ4b2xTR21BOWYwIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FwcGxpY2F0aW9uL2pvc2UranNvbiIifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImxhcnB0cmVmZi5kZSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5sYXJwdHJlZmYuZGUifV19", "signature": "tMngFlrCfUdoRNPh_lNyZ0_tIj-oXXwXszSiq_dHdCSu8vblnQ9e8Co2kAxcNp5u0I0kFPD4yqCQNv_ucE6-jdq_ZPaS05MVxARWcGRwFech3e9ohgx9RY4YFXCGR0zuNCBJrB-61VH9L9nSJNQ4wa98qCkczh33Oo1fmZ97Wl3ZpM61KmEHp8y9EQvfk9adRKhkPCLvF1iF4yfWKIU1Rlla9hj3bhRNkXw_-stV1_m4g0jFmwqS7zzHeeWXzeMM3fo7MuZTE3O5-JsodaWZAgRXeIXKJEOZbx3rRq6D0R3A7loT_rcRkrJR67JsclEx7DFvNfkKUe0tnHzXsx-w2w"}'
[Thu Mar 15 16:50:23 CET 2018] Http already initialized.
[Thu Mar 15 16:50:23 CET 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g -H "Content-Type: application/jose+json" '
[Thu Mar 15 16:50:23 CET 2018] _ret='0'
[Thu Mar 15 16:50:23 CET 2018] original='{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Parse error reading JWS",
"status": 400
}'
[Thu Mar 15 16:50:23 CET 2018] responseHeaders='HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 15 Mar 2018 15:50:23 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://application/jose+json"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 108
Replay-Nonce: dBKgt_J9b6YlpjDCe6QTdzLNXdoUxvLEc26EkQKwv4U
Expires: Thu, 15 Mar 2018 15:50:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 15 Mar 2018 15:50:23 GMT
Connection: close
'
[Thu Mar 15 16:50:23 CET 2018] response='{"type":"urn:ietf:params:acme:error:malformed","detail":"Parse error reading JWS","status": 400}'
[Thu Mar 15 16:50:23 CET 2018] code='400'
[Thu Mar 15 16:50:23 CET 2018] Le_OrderFinalize
[Thu Mar 15 16:50:23 CET 2018] Create new order error. Le_OrderFinalize not found. {"type":"urn:ietf:params:acme:error:malformed","detail":"Parse error reading JWS","status": 400}
[Thu Mar 15 16:50:23 CET 2018] pid
[Thu Mar 15 16:50:23 CET 2018] No need to restore nginx, skip.
[Thu Mar 15 16:50:23 CET 2018] _clearupdns
[Thu Mar 15 16:50:23 CET 2018] skip dns.
[Thu Mar 15 16:50:23 CET 2018] _on_issue_err
[Thu Mar 15 16:50:23 CET 2018] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Thu Mar 15 16:50:23 CET 2018] _chk_vlist
DanielCeregatti
commented
6 years ago Referencing my comment regarding this bug from another bug:
https://github.com/Neilpang/acme.sh/issues/1261#issuecomment-373195773
And my --debug 2 log:
https://github.com/Neilpang/acme.sh/issues/1261#issuecomment-373423586
Neilpang
commented
6 years ago @Shuro please show me the output with --debug 3
Shuro
commented
6 years ago @Neilpang here
[Thu Mar 15 17:00:19 CET 2018] readlink exists=0
[Thu Mar 15 17:00:19 CET 2018] dirname exists=0
[Thu Mar 15 17:00:19 CET 2018] Lets find script dir.
[Thu Mar 15 17:00:19 CET 2018] _SCRIPT_='/root/.acme.sh/acme.sh'
[Thu Mar 15 17:00:19 CET 2018] _script='/root/.acme.sh/acme.sh'
[Thu Mar 15 17:00:19 CET 2018] _script_home='/root/.acme.sh'
[Thu Mar 15 17:00:19 CET 2018] Using config home:/root/.acme.sh
[Thu Mar 15 17:00:19 CET 2018] OK
[Thu Mar 15 17:00:19 CET 2018] 3:LOG_FILE='/root/.acme.sh/acme.sh.log'
[Thu Mar 15 17:00:19 CET 2018] OK
[Thu Mar 15 17:00:19 CET 2018] 4:LOG_LEVEL='3'
[Thu Mar 15 17:00:19 CET 2018] OK
[Thu Mar 15 17:00:19 CET 2018] 10:AUTO_UPGRADE='1'
[Thu Mar 15 17:00:19 CET 2018] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.7.8
[Thu Mar 15 17:00:19 CET 2018] _main_domain='larptreff.de'
[Thu Mar 15 17:00:19 CET 2018] _alt_domains='*.larptreff.de'
[Thu Mar 15 17:00:19 CET 2018] Using config home:/root/.acme.sh
[Thu Mar 15 17:00:19 CET 2018] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Mar 15 17:00:19 CET 2018] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Thu Mar 15 17:00:19 CET 2018] CA_CONF='/root/.acme.sh/ca/acme-v02.api.letsencrypt.org/ca.conf'
[Thu Mar 15 17:00:19 CET 2018] DOMAIN_PATH='/root/.acme.sh/larptreff.de'
[Thu Mar 15 17:00:19 CET 2018] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Thu Mar 15 17:00:19 CET 2018] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Thu Mar 15 17:00:19 CET 2018] GET
[Thu Mar 15 17:00:19 CET 2018] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Mar 15 17:00:19 CET 2018] timeout=
[Thu Mar 15 17:00:19 CET 2018] curl exists=0
[Thu Mar 15 17:00:19 CET 2018] mktemp exists=0
[Thu Mar 15 17:00:19 CET 2018] wget exists=0
[Thu Mar 15 17:00:19 CET 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.7g0glmQwkp -g '
[Thu Mar 15 17:00:19 CET 2018] ret='0'
[Thu Mar 15 17:00:19 CET 2018] response='{
"BC74pTL9j8Q": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Thu Mar 15 17:00:19 CET 2018] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Thu Mar 15 17:00:19 CET 2018] ACME_NEW_AUTHZ
[Thu Mar 15 17:00:19 CET 2018] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Mar 15 17:00:19 CET 2018] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Thu Mar 15 17:00:19 CET 2018] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Thu Mar 15 17:00:19 CET 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Thu Mar 15 17:00:19 CET 2018] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Mar 15 17:00:19 CET 2018] ACME_VERSION='2'
[Thu Mar 15 17:00:19 CET 2018] Le_NextRenewTime='1526218370'
[Thu Mar 15 17:00:19 CET 2018] OK
[Thu Mar 15 17:00:19 CET 2018] 1:Le_Domain='larptreff.de'
[Thu Mar 15 17:00:19 CET 2018] OK
[Thu Mar 15 17:00:19 CET 2018] 2:Le_Alt='*.larptreff.de'
[Thu Mar 15 17:00:19 CET 2018] OK
[Thu Mar 15 17:00:19 CET 2018] 3:Le_Webroot='dns_inwx'
[Thu Mar 15 17:00:19 CET 2018] OK
[Thu Mar 15 17:00:19 CET 2018] 4:Le_PreHook=''
[Thu Mar 15 17:00:19 CET 2018] OK
[Thu Mar 15 17:00:19 CET 2018] 5:Le_PostHook=''
[Thu Mar 15 17:00:19 CET 2018] OK
[Thu Mar 15 17:00:19 CET 2018] 6:Le_RenewHook=''
[Thu Mar 15 17:00:19 CET 2018] OK
[Thu Mar 15 17:00:19 CET 2018] 7:Le_API='https://acme-v02.api.letsencrypt.org/directory'
[Thu Mar 15 17:00:19 CET 2018] _on_before_issue
[Thu Mar 15 17:00:19 CET 2018] _chk_main_domain='larptreff.de'
[Thu Mar 15 17:00:19 CET 2018] _chk_alt_domains='*.larptreff.de'
[Thu Mar 15 17:00:19 CET 2018] 'dns_inwx' does not contain 'no'
[Thu Mar 15 17:00:19 CET 2018] Le_LocalAddress
[Thu Mar 15 17:00:19 CET 2018] d='larptreff.de'
[Thu Mar 15 17:00:19 CET 2018] Check for domain='larptreff.de'
[Thu Mar 15 17:00:19 CET 2018] _currentRoot='dns_inwx'
[Thu Mar 15 17:00:19 CET 2018] d='*.larptreff.de'
[Thu Mar 15 17:00:19 CET 2018] Check for domain='*.larptreff.de'
[Thu Mar 15 17:00:19 CET 2018] _currentRoot='dns_inwx'
[Thu Mar 15 17:00:19 CET 2018] d
[Thu Mar 15 17:00:19 CET 2018] 'dns_inwx' does not contain 'apache'
[Thu Mar 15 17:00:19 CET 2018] _saved_account_key_hash='5IC269hgcvZmVR9apArRV5sMEx6c9r4mrhZUMo/GgGY='
[Thu Mar 15 17:00:19 CET 2018] base64 single line.
[Thu Mar 15 17:00:19 CET 2018] _saved_account_key_hash is not changed, skip register account.
[Thu Mar 15 17:00:19 CET 2018] Read key length:
[Thu Mar 15 17:00:19 CET 2018] _createcsr
[Thu Mar 15 17:00:19 CET 2018] domain='larptreff.de'
[Thu Mar 15 17:00:19 CET 2018] domainlist='*.larptreff.de'
[Thu Mar 15 17:00:19 CET 2018] csrkey='/root/.acme.sh/larptreff.de/larptreff.de.key'
[Thu Mar 15 17:00:19 CET 2018] csr='/root/.acme.sh/larptreff.de/larptreff.de.csr'
[Thu Mar 15 17:00:19 CET 2018] csrconf='/root/.acme.sh/larptreff.de/larptreff.de.csr.conf'
[Thu Mar 15 17:00:19 CET 2018] _is_idn_d='*.larptreff.de'
[Thu Mar 15 17:00:19 CET 2018] _idn_temp
[Thu Mar 15 17:00:19 CET 2018] domainlist='*.larptreff.de'
[Thu Mar 15 17:00:19 CET 2018] Multi domain='DNS:larptreff.de,DNS:*.larptreff.de'
[Thu Mar 15 17:00:19 CET 2018] _is_idn_d='larptreff.de'
[Thu Mar 15 17:00:19 CET 2018] _idn_temp
[Thu Mar 15 17:00:19 CET 2018] _csr_cn='larptreff.de'
[Thu Mar 15 17:00:19 CET 2018] OK
[Thu Mar 15 17:00:19 CET 2018] 8:Le_Keylength=''
[Thu Mar 15 17:00:19 CET 2018] Getting domain auth token for each domain
[Thu Mar 15 17:00:19 CET 2018] d='*.larptreff.de'
[Thu Mar 15 17:00:19 CET 2018] d
[Thu Mar 15 17:00:19 CET 2018] _identifiers='{"type":"dns","value":"larptreff.de"},{"type":"dns","value":"*.larptreff.de"}'
[Thu Mar 15 17:00:19 CET 2018] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Mar 15 17:00:19 CET 2018] payload='{"identifiers": [{"type":"dns","value":"larptreff.de"},{"type":"dns","value":"*.larptreff.de"}]}'
[Thu Mar 15 17:00:19 CET 2018] RSA key
[Thu Mar 15 17:00:19 CET 2018] pub_exp='010001'
[Thu Mar 15 17:00:19 CET 2018] base64 single line.
[Thu Mar 15 17:00:19 CET 2018] xxd exists=0
[Thu Mar 15 17:00:19 CET 2018] e='AQAB'
[Thu Mar 15 17:00:19 CET 2018] modulus='CC86DC35C065D86E7C4D50DEF4E6DEB234BBDF04C04E8CB19B63BC8C9FAF65AF17827F4DF2802BDF37D646AEDE7F2008DE4B1CA26B92F990877FB0C2A74E20936A4F65116D30E9B12A222C87539407F23301A10AD29EC086859C167D2DFB3FF6E9D68FCF075F1E89EDF9BF1FC947886F06E67048ABF035EA017410D7D044560A520A90AED38D5504187817D4E96DF717427E22DD9A2600C53354F37319D87EEF21AF2D740DF501F77D3DEC7383C574210DE1F03AF176224B90784B2EAD07F4DFE28AE09788652F13348755A3E3EF08CBDE7C12C2DC854EBC139053EFE8EAB21869D7BC42DE6DD0485B372FBDBB2D688D72162E6ED613DEDB6C136C2A86C8C93F'
[Thu Mar 15 17:00:19 CET 2018] xxd exists=0
[Thu Mar 15 17:00:19 CET 2018] base64 single line.
[Thu Mar 15 17:00:19 CET 2018] n='zIbcNcBl2G58TVDe9ObesjS73wTAToyxm2O8jJ-vZa8Xgn9N8oAr3zfWRq7efyAI3kscomuS-ZCHf7DCp04gk2pPZRFtMOmxKiIsh1OUB_IzAaEK0p7AhoWcFn0t-z_26daPzwdfHont-b8fyUeIbwbmcEir8DXqAXQQ19BEVgpSCpCu041VBBh4F9TpbfcXQn4i3ZomAMUzVPNzGdh-7yGvLXQN9QH3fT3sc4PFdCEN4fA68XYiS5B4Sy6tB_Tf4orgl4hlLxM0h1Wj4-8Iy958EsLchU68E5BT7-jqshhp17xC3m3QSFs3L727LWiNchYubtYT3ttsE2wqhsjJPw'
[Thu Mar 15 17:00:19 CET 2018] jwk='{"e": "AQAB", "kty": "RSA", "n": "zIbcNcBl2G58TVDe9ObesjS73wTAToyxm2O8jJ-vZa8Xgn9N8oAr3zfWRq7efyAI3kscomuS-ZCHf7DCp04gk2pPZRFtMOmxKiIsh1OUB_IzAaEK0p7AhoWcFn0t-z_26daPzwdfHont-b8fyUeIbwbmcEir8DXqAXQQ19BEVgpSCpCu041VBBh4F9TpbfcXQn4i3ZomAMUzVPNzGdh-7yGvLXQN9QH3fT3sc4PFdCEN4fA68XYiS5B4Sy6tB_Tf4orgl4hlLxM0h1Wj4-8Iy958EsLchU68E5BT7-jqshhp17xC3m3QSFs3L727LWiNchYubtYT3ttsE2wqhsjJPw"}'
[Thu Mar 15 17:00:19 CET 2018] JWK_HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "zIbcNcBl2G58TVDe9ObesjS73wTAToyxm2O8jJ-vZa8Xgn9N8oAr3zfWRq7efyAI3kscomuS-ZCHf7DCp04gk2pPZRFtMOmxKiIsh1OUB_IzAaEK0p7AhoWcFn0t-z_26daPzwdfHont-b8fyUeIbwbmcEir8DXqAXQQ19BEVgpSCpCu041VBBh4F9TpbfcXQn4i3ZomAMUzVPNzGdh-7yGvLXQN9QH3fT3sc4PFdCEN4fA68XYiS5B4Sy6tB_Tf4orgl4hlLxM0h1Wj4-8Iy958EsLchU68E5BT7-jqshhp17xC3m3QSFs3L727LWiNchYubtYT3ttsE2wqhsjJPw"}}'
[Thu Mar 15 17:00:19 CET 2018] base64 single line.
[Thu Mar 15 17:00:19 CET 2018] payload64='eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImxhcnB0cmVmZi5kZSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5sYXJwdHJlZmYuZGUifV19'
[Thu Mar 15 17:00:19 CET 2018] _request_retry_times='0'
[Thu Mar 15 17:00:19 CET 2018] Get nonce. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Mar 15 17:00:19 CET 2018] HEAD
[Thu Mar 15 17:00:19 CET 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Mar 15 17:00:19 CET 2018] body
[Thu Mar 15 17:00:19 CET 2018] curl exists=0
[Thu Mar 15 17:00:19 CET 2018] mktemp exists=0
[Thu Mar 15 17:00:20 CET 2018] wget exists=0
[Thu Mar 15 17:00:20 CET 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.jko75R87GO -g -H "Content-Type: application/jose+json" '
[Thu Mar 15 17:01:25 CET 2018] _ret='0'
[Thu Mar 15 17:01:25 CET 2018] _headers='HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 15 Mar 2018 16:00:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://application/jose+json"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
HTTP/1.1 204 No Content
Server: nginx
Replay-Nonce: 5RNSYQw0EeKiB1liVS1j0dJ-ev6MheSUJJsGeSTXi3E
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 15 Mar 2018 16:01:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 15 Mar 2018 16:01:25 GMT
Connection: keep-alive
'
[Thu Mar 15 17:01:25 CET 2018] _CACHED_NONCE='5RNSYQw0EeKiB1liVS1j0dJ-ev6MheSUJJsGeSTXi3E'
[Thu Mar 15 17:01:25 CET 2018] nonce='5RNSYQw0EeKiB1liVS1j0dJ-ev6MheSUJJsGeSTXi3E'
[Thu Mar 15 17:01:25 CET 2018] protected='{"nonce": "5RNSYQw0EeKiB1liVS1j0dJ-ev6MheSUJJsGeSTXi3E", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "alg": "RS256", "kid": "https://application/jose+json""}'
[Thu Mar 15 17:01:25 CET 2018] base64 single line.
[Thu Mar 15 17:01:25 CET 2018] protected64='eyJub25jZSI6ICI1Uk5TWVF3MEVlS2lCMWxpVlMxajBkSi1ldjZNaGVTVUpKc0dlU1RYaTNFIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FwcGxpY2F0aW9uL2pvc2UranNvbiIifQ'
[Thu Mar 15 17:01:25 CET 2018] base64 single line.
[Thu Mar 15 17:01:25 CET 2018] _sig_t='SBcw+oLUsn7TJXbhoUqd8x6jYbXc15N4Iy/thCLJgRK3p7K7C/TIT2UFk6zk4EjG+BanVAn9ecZZvDacjDqo3APkn8DWN3oK573iUf3GgAgoq9oiI0KBFVdCsrbiCAmG3A9Jnf7RIfir36g4onqeJA9REEOtX4ReP7Sl/gCHHMhEAaU6rayRPM8AySl234/KFKVOKg7xWVoASv7Pkt0TTKDIx9A6dmv31Klm34QIobXmhC8CqkQZqoXz3R9+MyGRtze34sMas/5Kawz2ah5Rtc+G0jVyPNJmVy+Jkn4vCTmCDr24fH6jpQWPsLMRcw9xW/FkritAxNcK8lHSWM2HQw=='
[Thu Mar 15 17:01:25 CET 2018] sig='SBcw-oLUsn7TJXbhoUqd8x6jYbXc15N4Iy_thCLJgRK3p7K7C_TIT2UFk6zk4EjG-BanVAn9ecZZvDacjDqo3APkn8DWN3oK573iUf3GgAgoq9oiI0KBFVdCsrbiCAmG3A9Jnf7RIfir36g4onqeJA9REEOtX4ReP7Sl_gCHHMhEAaU6rayRPM8AySl234_KFKVOKg7xWVoASv7Pkt0TTKDIx9A6dmv31Klm34QIobXmhC8CqkQZqoXz3R9-MyGRtze34sMas_5Kawz2ah5Rtc-G0jVyPNJmVy-Jkn4vCTmCDr24fH6jpQWPsLMRcw9xW_FkritAxNcK8lHSWM2HQw'
[Thu Mar 15 17:01:25 CET 2018] body='{"protected": "eyJub25jZSI6ICI1Uk5TWVF3MEVlS2lCMWxpVlMxajBkSi1ldjZNaGVTVUpKc0dlU1RYaTNFIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FwcGxpY2F0aW9uL2pvc2UranNvbiIifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImxhcnB0cmVmZi5kZSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5sYXJwdHJlZmYuZGUifV19", "signature": "SBcw-oLUsn7TJXbhoUqd8x6jYbXc15N4Iy_thCLJgRK3p7K7C_TIT2UFk6zk4EjG-BanVAn9ecZZvDacjDqo3APkn8DWN3oK573iUf3GgAgoq9oiI0KBFVdCsrbiCAmG3A9Jnf7RIfir36g4onqeJA9REEOtX4ReP7Sl_gCHHMhEAaU6rayRPM8AySl234_KFKVOKg7xWVoASv7Pkt0TTKDIx9A6dmv31Klm34QIobXmhC8CqkQZqoXz3R9-MyGRtze34sMas_5Kawz2ah5Rtc-G0jVyPNJmVy-Jkn4vCTmCDr24fH6jpQWPsLMRcw9xW_FkritAxNcK8lHSWM2HQw"}'
[Thu Mar 15 17:01:25 CET 2018] POST
[Thu Mar 15 17:01:25 CET 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Mar 15 17:01:25 CET 2018] body='{"protected": "eyJub25jZSI6ICI1Uk5TWVF3MEVlS2lCMWxpVlMxajBkSi1ldjZNaGVTVUpKc0dlU1RYaTNFIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FwcGxpY2F0aW9uL2pvc2UranNvbiIifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImxhcnB0cmVmZi5kZSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5sYXJwdHJlZmYuZGUifV19", "signature": "SBcw-oLUsn7TJXbhoUqd8x6jYbXc15N4Iy_thCLJgRK3p7K7C_TIT2UFk6zk4EjG-BanVAn9ecZZvDacjDqo3APkn8DWN3oK573iUf3GgAgoq9oiI0KBFVdCsrbiCAmG3A9Jnf7RIfir36g4onqeJA9REEOtX4ReP7Sl_gCHHMhEAaU6rayRPM8AySl234_KFKVOKg7xWVoASv7Pkt0TTKDIx9A6dmv31Klm34QIobXmhC8CqkQZqoXz3R9-MyGRtze34sMas_5Kawz2ah5Rtc-G0jVyPNJmVy-Jkn4vCTmCDr24fH6jpQWPsLMRcw9xW_FkritAxNcK8lHSWM2HQw"}'
[Thu Mar 15 17:01:25 CET 2018] Http already initialized.
[Thu Mar 15 17:01:25 CET 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.jko75R87GO -g -H "Content-Type: application/jose+json" '
[Thu Mar 15 17:01:25 CET 2018] _ret='0'
[Thu Mar 15 17:01:25 CET 2018] original='{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Parse error reading JWS",
"status": 400
}'
[Thu Mar 15 17:01:25 CET 2018] responseHeaders='HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 15 Mar 2018 16:01:25 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://application/jose+json"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 108
Replay-Nonce: CML-5Jcd9MiygIPsLGPqu9-0X9Kdf5qKByw9efinYPQ
Expires: Thu, 15 Mar 2018 16:01:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 15 Mar 2018 16:01:25 GMT
Connection: close
'
[Thu Mar 15 17:01:25 CET 2018] response='{"type":"urn:ietf:params:acme:error:malformed","detail":"Parse error reading JWS","status": 400}'
[Thu Mar 15 17:01:25 CET 2018] code='400'
[Thu Mar 15 17:01:25 CET 2018] Le_OrderFinalize
[Thu Mar 15 17:01:25 CET 2018] Create new order error. Le_OrderFinalize not found. {"type":"urn:ietf:params:acme:error:malformed","detail":"Parse error reading JWS","status": 400}
[Thu Mar 15 17:01:25 CET 2018] pid
[Thu Mar 15 17:01:25 CET 2018] No need to restore nginx, skip.
[Thu Mar 15 17:01:25 CET 2018] _clearupdns
[Thu Mar 15 17:01:25 CET 2018] skip dns.
[Thu Mar 15 17:01:25 CET 2018] _on_issue_err
[Thu Mar 15 17:01:25 CET 2018] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Thu Mar 15 17:01:25 CET 2018] _chk_vlist
[Thu Mar 15 17:01:25 CET 2018] openssl exists=0
[Thu Mar 15 17:01:25 CET 2018] nginx exists=0
[Thu Mar 15 17:01:25 CET 2018] socat exists=0
[Thu Mar 15 17:01:25 CET 2018] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.0f 25 May 2017
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.10.3
built with OpenSSL 1.1.0f 25 May 2017
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-2tpxfc/nginx-1.10.3=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-auth-pam --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-dav-ext-module --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-echo --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-upstream-fair --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/ngx_http_substitutions_filter_module
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
options:
-V print version and feature information to stdout, and exit
-h|-? print a help text describing command line options and addresses
-hh like -h, plus a list of all common address option names
-hhh like -hh, plus a list of all available address option names
-d increase verbosity (use up to 4 times; 2 are recommended)
-D analyze file descriptors before loop
-ly[facility] log to syslog, using facility (default is daemon)
-lf<logfile> log to file
-ls log to stderr (default if no other log)
-lm[facility] mixed log mode (stderr during initialization, then syslog)
-lp<progname> set the program name used for logging
-lu use microseconds for logging timestamps
-lh add hostname to log messages
-v verbose data traffic, text
-x verbose data traffic, hexadecimal
-b<size_t> set data buffer size (8192)
-s sloppy (continue on error)
-t<timeout> wait seconds before closing second channel
-T<timeout> total inactivity timeout in seconds
-u unidirectional mode (left to right)
-U unidirectional mode (right to left)
-g do not check option groups
-L <lockfile> try to obtain lock, or fail
-W <lockfile> try to obtain lock, or wait
-4 prefer IPv4 if version is not explicitly specified
-6 prefer IPv6 if version is not explicitly specified
bi-address:
pipe[,<opts>] groups=FD,FIFO
<single-address>!!<single-address>
<single-address>
single-address:
<address-head>[,<opts>]
address-head:
abstract-client:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-connect:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-listen:<filename> groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
abstract-recv:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-recvfrom:<filename> groups=FD,SOCKET,CHILD,RETRY,UNIX
abstract-sendto:<filename> groups=FD,SOCKET,RETRY,UNIX
create:<filename> groups=FD,REG,NAMED
exec:<command-line> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
fd:<num> groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
gopen:<filename> groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
interface:<interface> groups=FD,SOCKET
ip-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recv:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
ip-sendto:<host>:<protocol> groups=FD,SOCKET,IP4,IP6
ip4-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recv:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4
ip4-sendto:<host>:<protocol> groups=FD,SOCKET,IP4
ip6-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recv:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP6
ip6-sendto:<host>:<protocol> groups=FD,SOCKET,IP6
open:<filename> groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
openssl:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
openssl-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
pipe:<filename> groups=FD,FIFO,NAMED,OPEN
proxy:<proxy-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
pty groups=FD,NAMED,TERMIOS,PTY
sctp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
sctp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
sctp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
sctp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
sctp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
sctp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
socket-connect:<domain>:<protocol>:<remote-address> groups=FD,SOCKET,CHILD,RETRY
socket-datagram:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET,RANGE
socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
socket-recv:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,RANGE
socket-recvfrom:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,CHILD,RANGE
socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
socks4:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
socks4a:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
stderr groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdin groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdio groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdout groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
system:<shell-command> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
tcp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
tcp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
tcp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
tcp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
tun[:<ip-addr>/<bits>] groups=FD,CHR,NAMED,OPEN,INTERFACE
udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
udp-recv:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
udp-sendto:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp4-connect:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp4-datagram:<remote-address>:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
udp4-recv:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-recvfrom:<host>:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp6-connect:<host>:<port> groups=FD,SOCKET,IP6,UDP
udp6-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
udp6-recv:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
unix-client:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-connect:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-listen:<filename> groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
unix-recv:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-recvfrom:<filename> groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
unix-sendto:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX@Shuro thank you . it's too late here. I will check it tomorrow.
Shuro
commented
6 years ago No problem, have a nice evening.
bluesbro1982
commented
6 years ago I think I'm seeing this problem as well. I ran:
``./acme.sh --issue --dns -d sub.mydomain.com -d *.sub.mydomain.com --keylength ec-384 --debug 2 --ecc
and pasted the resulting txt records into my dns. Then I entered: ./acme.sh --renew --dns -d sub.mydomain.com -d *.sub.mydomain.com --keylength ec-384 --debug 2 --ecc
(Dammit, it WORKED this time! WTF I've been seeing this issue for the last 24 hours) I'll check to see if I have a log of the failures somewhere. My error was the JWS error as listed above...
Shuro
commented
6 years ago @bluesbro1982 maybe it is/was a server side problem? Tasting it soon again. Edit: nope, still happening.
pantaraf
commented
6 years ago I'm having the very same problem here using acme.sh client v2.7.8 acme.sh --issue -d *.(domainname).ovh --dns dns_ovh I tried to force --server https://acme-v02.api.letsencrypt.org/directory the outcome is always the same: Create new order error. Le_OrderFinalize not found. {"type":"urn:ietf:params:acme:error:malformed","detail":"Parse error reading JWS","status": 400}
Thank you!
peterzapfl
commented
6 years ago Just to add I had the same problem on Thursday evening (CET) but it happened only once - Ran with "--debug 2" a second time and it ran through successfully ... odd
dynos01
commented
6 years ago The same error here. And the problem has been there for at least 3 days. Seems that acme.sh is visiting my localhost instead of LE's API endpoint, which is extremely strange.
Shuro
commented
6 years ago I've noticed that, at the time of the reporting, it took very long for LE to send back the "Parse error reading JWS" error. Right now it is nearly instant. Maybe an error with their Boulder?
Neilpang
commented
6 years ago @Shuro
protected='{"nonce": "5RNSYQw0EeKiB1liVS1j0dJ-ev6MheSUJJsGeSTXi3E", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "alg": "RS256", "kid": "https://application/jose+json""}'It seems that we got a wrong kid: "kid": "https://application/jose+json"
please upgrade to the latest dev code, and try again with --debug 3. I just added more debug info.
export BRANCH=dev
acme.sh --upgrade
Hi @cpu
In @Shuro 's log, we got such a response http headers for the new-cert request:
[Thu Mar 15 17:01:25 CET 2018] responseHeaders='HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 15 Mar 2018 16:01:25 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://application/jose+json"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 108
Replay-Nonce: CML-5Jcd9MiygIPsLGPqu9-0X9Kdf5qKByw9efinYPQ
Expires: Thu, 15 Mar 2018 16:01:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 15 Mar 2018 16:01:25 GMT
Connection: closeHere is a location header: Location: https://application/jose+json"
Also in the same log, we got error:
protected='{"nonce": "5RNSYQw0EeKiB1liVS1j0dJ-ev6MheSUJJsGeSTXi3E", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "alg": "RS256", "kid": "https://application/jose+json""}'Yes, you know the kid field is wrong: "kid": "https://application/jose+json"
the kid is called ACCOUNT_URL in acme.sh, and it was obtained from the Location: header of response from the new-reg request. The code is as following:
_debug2 responseHeaders "$responseHeaders"
_accUri="$(echo "$responseHeaders" | grep "^Location:" | _head_n 1 | cut -d ' ' -f 2 | tr -d "\r\n")"
_debug "_accUri" "$_accUri"
_savecaconf "ACCOUNT_URL" "$_accUri"
export ACCOUNT_URL="$ACCOUNT_URL"So, It seems to me that Boulder had given us a wrong response header containing a wrong Location header in it, which resulted in a wrong kid(ACCOUNT_URL) for acme.sh. That's why we got an error finally in the new-cert request.
what do you think ?
Shuro
commented
6 years ago After upgrade to dev branch:
[Sun Mar 18 10:31:21 CET 2018] readlink exists=0
[Sun Mar 18 10:31:21 CET 2018] dirname exists=0
[Sun Mar 18 10:31:21 CET 2018] Lets find script dir.
[Sun Mar 18 10:31:21 CET 2018] _SCRIPT_='/root/.acme.sh/acme.sh'
[Sun Mar 18 10:31:21 CET 2018] _script='/root/.acme.sh/acme.sh'
[Sun Mar 18 10:31:21 CET 2018] _script_home='/root/.acme.sh'
[Sun Mar 18 10:31:21 CET 2018] Using config home:/root/.acme.sh
[Sun Mar 18 10:31:21 CET 2018] OK
[Sun Mar 18 10:31:21 CET 2018] 10:AUTO_UPGRADE='1'
[Sun Mar 18 10:31:21 CET 2018] OK
[Sun Mar 18 10:31:21 CET 2018] 17:ACME_USE_WGET='1'
[Sun Mar 18 10:31:21 CET 2018] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.7.8
[Sun Mar 18 10:31:21 CET 2018] _main_domain='larptreff.de'
[Sun Mar 18 10:31:21 CET 2018] _alt_domains='*.larptreff.de'
[Sun Mar 18 10:31:21 CET 2018] Using config home:/root/.acme.sh
[Sun Mar 18 10:31:21 CET 2018] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Sun Mar 18 10:31:21 CET 2018] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Sun Mar 18 10:31:21 CET 2018] CA_CONF='/root/.acme.sh/ca/acme-v02.api.letsencrypt.org/ca.conf'
[Sun Mar 18 10:31:21 CET 2018] DOMAIN_PATH='/root/.acme.sh/larptreff.de'
[Sun Mar 18 10:31:21 CET 2018] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Sun Mar 18 10:31:21 CET 2018] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Sun Mar 18 10:31:21 CET 2018] GET
[Sun Mar 18 10:31:21 CET 2018] url='https://acme-v02.api.letsencrypt.org/directory'
[Sun Mar 18 10:31:21 CET 2018] timeout=
[Sun Mar 18 10:31:21 CET 2018] curl exists=0
[Sun Mar 18 10:31:21 CET 2018] mktemp exists=0
[Sun Mar 18 10:31:21 CET 2018] wget exists=0
[Sun Mar 18 10:31:21 CET 2018] _WGET='wget -q -d --content-on-error '
Setting --content-on-error (contentonerror) to 1
Setting --user-agent (useragent) to acme.sh/2.7.8 (https://github.com/Neilpang/acme.sh)
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --output-document (outputdocument) to -
DEBUG output created by Wget 1.18 on linux-gnu.
Reading HSTS entries from /root/.wget-hsts
URI encoding = ‘UTF-8’
Certificates loaded: 166
Caching acme-v02.api.letsencrypt.org => 104.123.22.170 2a02:26f0:105:288::3a8e 2a02:26f0:105:28c::3a8e
Created socket 3.
Releasing 0x0000560c6fa1fd60 (new refcount 1).
---request begin---
GET /directory HTTP/1.1
User-Agent: acme.sh/2.7.8 (https://github.com/Neilpang/acme.sh)
Accept: */*
Accept-Encoding: identity
Host: acme-v02.api.letsencrypt.org
Connection: Keep-Alive
---request end---
---response begin---
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 562
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 18 Mar 2018 09:31:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 18 Mar 2018 09:31:22 GMT
Connection: keep-alive
---response end---
Registered socket 3 for persistent reuse.
Parsed Strict-Transport-Security max-age = 604800, includeSubDomains = false
Updated HSTS host: acme-v02.api.letsencrypt.org:443 (max-age: 604800, includeSubdomains: false)
[Sun Mar 18 10:31:22 CET 2018] ret='0'
[Sun Mar 18 10:31:22 CET 2018] response='{
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"qOM-XdmoA4U": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Sun Mar 18 10:31:22 CET 2018] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Sun Mar 18 10:31:22 CET 2018] ACME_NEW_AUTHZ
[Sun Mar 18 10:31:22 CET 2018] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sun Mar 18 10:31:22 CET 2018] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Sun Mar 18 10:31:22 CET 2018] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Sun Mar 18 10:31:22 CET 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sun Mar 18 10:31:22 CET 2018] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sun Mar 18 10:31:22 CET 2018] ACME_VERSION='2'
[Sun Mar 18 10:31:22 CET 2018] Le_NextRenewTime
[Sun Mar 18 10:31:22 CET 2018] OK
[Sun Mar 18 10:31:22 CET 2018] 1:Le_Domain='larptreff.de'
[Sun Mar 18 10:31:22 CET 2018] OK
[Sun Mar 18 10:31:22 CET 2018] 2:Le_Alt='*.larptreff.de'
[Sun Mar 18 10:31:22 CET 2018] OK
[Sun Mar 18 10:31:22 CET 2018] 3:Le_Webroot='dns_inwx'
[Sun Mar 18 10:31:22 CET 2018] OK
[Sun Mar 18 10:31:22 CET 2018] 4:Le_PreHook=''
[Sun Mar 18 10:31:22 CET 2018] OK
[Sun Mar 18 10:31:22 CET 2018] 5:Le_PostHook=''
[Sun Mar 18 10:31:22 CET 2018] OK
[Sun Mar 18 10:31:22 CET 2018] 6:Le_RenewHook=''
[Sun Mar 18 10:31:22 CET 2018] OK
[Sun Mar 18 10:31:22 CET 2018] 7:Le_API='https://acme-v02.api.letsencrypt.org/directory'
[Sun Mar 18 10:31:22 CET 2018] _on_before_issue
[Sun Mar 18 10:31:22 CET 2018] _chk_main_domain='larptreff.de'
[Sun Mar 18 10:31:22 CET 2018] _chk_alt_domains='*.larptreff.de'
[Sun Mar 18 10:31:22 CET 2018] 'dns_inwx' does not contain 'no'
[Sun Mar 18 10:31:22 CET 2018] Le_LocalAddress
[Sun Mar 18 10:31:22 CET 2018] d='larptreff.de'
[Sun Mar 18 10:31:22 CET 2018] Check for domain='larptreff.de'
[Sun Mar 18 10:31:22 CET 2018] _currentRoot='dns_inwx'
[Sun Mar 18 10:31:22 CET 2018] d='*.larptreff.de'
[Sun Mar 18 10:31:22 CET 2018] Check for domain='*.larptreff.de'
[Sun Mar 18 10:31:22 CET 2018] _currentRoot='dns_inwx'
[Sun Mar 18 10:31:22 CET 2018] d
[Sun Mar 18 10:31:22 CET 2018] 'dns_inwx' does not contain 'apache'
[Sun Mar 18 10:31:22 CET 2018] _saved_account_key_hash='5IC269hgcvZmVR9apArRV5sMEx6c9r4mrhZUMo/GgGY='
[Sun Mar 18 10:31:22 CET 2018] base64 single line.
[Sun Mar 18 10:31:22 CET 2018] _saved_account_key_hash is not changed, skip register account.
[Sun Mar 18 10:31:22 CET 2018] Read key length:
[Sun Mar 18 10:31:22 CET 2018] _createcsr
[Sun Mar 18 10:31:22 CET 2018] domain='larptreff.de'
[Sun Mar 18 10:31:22 CET 2018] domainlist='*.larptreff.de'
[Sun Mar 18 10:31:22 CET 2018] csrkey='/root/.acme.sh/larptreff.de/larptreff.de.key'
[Sun Mar 18 10:31:22 CET 2018] csr='/root/.acme.sh/larptreff.de/larptreff.de.csr'
[Sun Mar 18 10:31:22 CET 2018] csrconf='/root/.acme.sh/larptreff.de/larptreff.de.csr.conf'
[Sun Mar 18 10:31:22 CET 2018] _is_idn_d='*.larptreff.de'
[Sun Mar 18 10:31:22 CET 2018] _idn_temp
[Sun Mar 18 10:31:22 CET 2018] domainlist='*.larptreff.de'
[Sun Mar 18 10:31:22 CET 2018] Multi domain='DNS:larptreff.de,DNS:*.larptreff.de'
[Sun Mar 18 10:31:22 CET 2018] _is_idn_d='larptreff.de'
[Sun Mar 18 10:31:22 CET 2018] _idn_temp
[Sun Mar 18 10:31:22 CET 2018] _csr_cn='larptreff.de'
[Sun Mar 18 10:31:22 CET 2018] OK
[Sun Mar 18 10:31:22 CET 2018] 8:Le_Keylength=''
[Sun Mar 18 10:31:22 CET 2018] Getting domain auth token for each domain
[Sun Mar 18 10:31:22 CET 2018] d='*.larptreff.de'
[Sun Mar 18 10:31:22 CET 2018] d
[Sun Mar 18 10:31:22 CET 2018] _identifiers='{"type":"dns","value":"larptreff.de"},{"type":"dns","value":"*.larptreff.de"}'
[Sun Mar 18 10:31:22 CET 2018] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sun Mar 18 10:31:22 CET 2018] payload='{"identifiers": [{"type":"dns","value":"larptreff.de"},{"type":"dns","value":"*.larptreff.de"}]}'
[Sun Mar 18 10:31:22 CET 2018] RSA key
[Sun Mar 18 10:31:22 CET 2018] pub_exp='010001'
[Sun Mar 18 10:31:22 CET 2018] [Sun Mar 18 10:31:22 CET 2018] base64 single line.
xxd exists=0
[Sun Mar 18 10:31:22 CET 2018] e='AQAB'
[Sun Mar 18 10:31:22 CET 2018] modulus='CC86DC35C065D86E7C4D50DEF4E6DEB234BBDF04C04E8CB19B63BC8C9FAF65AF17827F4DF2802BDF37D646AEDE7F2008DE4B1CA26B92F990877FB0C2A74E20936A4F65116D30E9B12A222C87539407F23301A10AD29EC086859C167D2DFB3FF6E9D68FCF075F1E89EDF9BF1FC947886F06E67048ABF035EA017410D7D044560A520A90AED38D5504187817D4E96DF717427E22DD9A2600C53354F37319D87EEF21AF2D740DF501F77D3DEC7383C574210DE1F03AF176224B90784B2EAD07F4DFE28AE09788652F13348755A3E3EF08CBDE7C12C2DC854EBC139053EFE8EAB21869D7BC42DE6DD0485B372FBDBB2D688D72162E6ED613DEDB6C136C2A86C8C93F'
[Sun Mar 18 10:31:22 CET 2018] base64 single line.
[Sun Mar 18 10:31:22 CET 2018] xxd exists=0
[Sun Mar 18 10:31:22 CET 2018] n='zIbcNcBl2G58TVDe9ObesjS73wTAToyxm2O8jJ-vZa8Xgn9N8oAr3zfWRq7efyAI3kscomuS-ZCHf7DCp04gk2pPZRFtMOmxKiIsh1OUB_IzAaEK0p7AhoWcFn0t-z_26daPzwdfHont-b8fyUeIbwbmcEir8DXqAXQQ19BEVgpSCpCu041VBBh4F9TpbfcXQn4i3ZomAMUzVPNzGdh-7yGvLXQN9QH3fT3sc4PFdCEN4fA68XYiS5B4Sy6tB_Tf4orgl4hlLxM0h1Wj4-8Iy958EsLchU68E5BT7-jqshhp17xC3m3QSFs3L727LWiNchYubtYT3ttsE2wqhsjJPw'
[Sun Mar 18 10:31:22 CET 2018] jwk='{"e": "AQAB", "kty": "RSA", "n": "zIbcNcBl2G58TVDe9ObesjS73wTAToyxm2O8jJ-vZa8Xgn9N8oAr3zfWRq7efyAI3kscomuS-ZCHf7DCp04gk2pPZRFtMOmxKiIsh1OUB_IzAaEK0p7AhoWcFn0t-z_26daPzwdfHont-b8fyUeIbwbmcEir8DXqAXQQ19BEVgpSCpCu041VBBh4F9TpbfcXQn4i3ZomAMUzVPNzGdh-7yGvLXQN9QH3fT3sc4PFdCEN4fA68XYiS5B4Sy6tB_Tf4orgl4hlLxM0h1Wj4-8Iy958EsLchU68E5BT7-jqshhp17xC3m3QSFs3L727LWiNchYubtYT3ttsE2wqhsjJPw"}'
[Sun Mar 18 10:31:22 CET 2018] JWK_HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "zIbcNcBl2G58TVDe9ObesjS73wTAToyxm2O8jJ-vZa8Xgn9N8oAr3zfWRq7efyAI3kscomuS-ZCHf7DCp04gk2pPZRFtMOmxKiIsh1OUB_IzAaEK0p7AhoWcFn0t-z_26daPzwdfHont-b8fyUeIbwbmcEir8DXqAXQQ19BEVgpSCpCu041VBBh4F9TpbfcXQn4i3ZomAMUzVPNzGdh-7yGvLXQN9QH3fT3sc4PFdCEN4fA68XYiS5B4Sy6tB_Tf4orgl4hlLxM0h1Wj4-8Iy958EsLchU68E5BT7-jqshhp17xC3m3QSFs3L727LWiNchYubtYT3ttsE2wqhsjJPw"}}'
[Sun Mar 18 10:31:22 CET 2018] base64 single line.
[Sun Mar 18 10:31:22 CET 2018] payload64='eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImxhcnB0cmVmZi5kZSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5sYXJwdHJlZmYuZGUifV19'
[Sun Mar 18 10:31:22 CET 2018] _request_retry_times='0'
[Sun Mar 18 10:31:22 CET 2018] Get nonce. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sun Mar 18 10:31:22 CET 2018] HEAD
[Sun Mar 18 10:31:22 CET 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sun Mar 18 10:31:22 CET 2018] body
[Sun Mar 18 10:31:22 CET 2018] curl exists=0
[Sun Mar 18 10:31:22 CET 2018] mktemp exists=0
[Sun Mar 18 10:31:22 CET 2018] wget exists=0
[Sun Mar 18 10:31:22 CET 2018] _WGET='wget -q -d --content-on-error '
[Sun Mar 18 10:31:23 CET 2018] options='s/^ *//g'
[Sun Mar 18 10:31:23 CET 2018] Using sed -i
[Sun Mar 18 10:31:23 CET 2018] _ret='0'
[Sun Mar 18 10:31:23 CET 2018] _headers='Setting --content-on-error (contentonerror) to 1
Setting --server-response (serverresponse) to 1
Setting --output-document (outputdocument) to -
Setting --user-agent (useragent) to acme.sh/2.7.8 (https://github.com/Neilpang/acme.sh)
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to Content-Type: application/jose+json
Setting --method (method) to HEAD
Setting --body-data (bodydata) to
Setting --spider (spider) to 1
DEBUG output created by Wget 1.18 on linux-gnu.
Reading HSTS entries from /root/.wget-hsts
URI encoding = ‘UTF-8’
Certificates loaded: 166
Caching acme-v02.api.letsencrypt.org => 104.123.22.170 2a02:26f0:105:288::3a8e 2a02:26f0:105:28c::3a8e
Created socket 3.
Releasing 0x000055ec32e44a60 (new refcount 1).
---request begin---
HEAD /acme/new-nonce HTTP/1.1
User-Agent: acme.sh/2.7.8 (https://github.com/Neilpang/acme.sh)
Accept: */*
Accept-Encoding: identity
Host: acme-v02.api.letsencrypt.org
Connection: Keep-Alive
Content-Type: application/jose+json
Content-Length: 0
---request end---
[BODY data: ]
---response begin---
HTTP/1.1 204 No Content
Server: nginx
Replay-Nonce: u0HRzl3O0WPpHXFWtkZq-CK1ciI9HdqBMRK7LmFcu24
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 18 Mar 2018 09:31:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 18 Mar 2018 09:31:23 GMT
Connection: keep-alive
---response end---
HTTP/1.1 204 No Content
Server: nginx
Replay-Nonce: u0HRzl3O0WPpHXFWtkZq-CK1ciI9HdqBMRK7LmFcu24
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 18 Mar 2018 09:31:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 18 Mar 2018 09:31:23 GMT
Connection: keep-alive
Registered socket 3 for persistent reuse.
Parsed Strict-Transport-Security max-age = 604800, includeSubDomains = false
Updated HSTS host: acme-v02.api.letsencrypt.org:443 (max-age: 604800, includeSubdomains: false)'
[Sun Mar 18 10:31:23 CET 2018] _CACHED_NONCE='u0HRzl3O0WPpHXFWtkZq-CK1ciI9HdqBMRK7LmFcu24'
[Sun Mar 18 10:31:23 CET 2018] nonce='u0HRzl3O0WPpHXFWtkZq-CK1ciI9HdqBMRK7LmFcu24'
[Sun Mar 18 10:31:23 CET 2018] protected='{"nonce": "u0HRzl3O0WPpHXFWtkZq-CK1ciI9HdqBMRK7LmFcu24", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "alg": "RS256", "kid": "https://application/jose+json""}'
[Sun Mar 18 10:31:23 CET 2018] base64 single line.
[Sun Mar 18 10:31:23 CET 2018] protected64='eyJub25jZSI6ICJ1MEhSemwzTzBXUHBIWEZXdGtacS1DSzFjaUk5SGRxQk1SSzdMbUZjdTI0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FwcGxpY2F0aW9uL2pvc2UranNvbiIifQ'
[Sun Mar 18 10:31:23 CET 2018] base64 single line.
[Sun Mar 18 10:31:23 CET 2018] _sig_t='bxc0U3/gQd6CLB0AdNuFff4hmxEW7NqXhSICFCtXrtmCr6ftwZmBVDnsbxedspKfXCN2F0umiRLslaf7m9jXzn5Dw2UEXc+cwL56EgkqUaFkJSGbJWpn70TdiVtyWNRBrZFgYz/KsbJKZaBBj9ap+a4mZiNRSFncYsDz/dsfdBgWnJIFxxaHogMaqcdHKac7vIZzsXKpZLYtqa7HllJYm/hDi7ThO6oWPAjThMt2aQeuFAW4w7X8q+5og+EEhob9svUQOiYJBJ1XbheCKR7JVN/IxHZT16MlzhKw5aHaperd33CPNtnoYZz4kh5VA/qp8BOjjAeiXF8HZriLSSLiJg=='
[Sun Mar 18 10:31:23 CET 2018] sig='bxc0U3_gQd6CLB0AdNuFff4hmxEW7NqXhSICFCtXrtmCr6ftwZmBVDnsbxedspKfXCN2F0umiRLslaf7m9jXzn5Dw2UEXc-cwL56EgkqUaFkJSGbJWpn70TdiVtyWNRBrZFgYz_KsbJKZaBBj9ap-a4mZiNRSFncYsDz_dsfdBgWnJIFxxaHogMaqcdHKac7vIZzsXKpZLYtqa7HllJYm_hDi7ThO6oWPAjThMt2aQeuFAW4w7X8q-5og-EEhob9svUQOiYJBJ1XbheCKR7JVN_IxHZT16MlzhKw5aHaperd33CPNtnoYZz4kh5VA_qp8BOjjAeiXF8HZriLSSLiJg'
[Sun Mar 18 10:31:23 CET 2018] body='{"protected": "eyJub25jZSI6ICJ1MEhSemwzTzBXUHBIWEZXdGtacS1DSzFjaUk5SGRxQk1SSzdMbUZjdTI0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FwcGxpY2F0aW9uL2pvc2UranNvbiIifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImxhcnB0cmVmZi5kZSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5sYXJwdHJlZmYuZGUifV19", "signature": "bxc0U3_gQd6CLB0AdNuFff4hmxEW7NqXhSICFCtXrtmCr6ftwZmBVDnsbxedspKfXCN2F0umiRLslaf7m9jXzn5Dw2UEXc-cwL56EgkqUaFkJSGbJWpn70TdiVtyWNRBrZFgYz_KsbJKZaBBj9ap-a4mZiNRSFncYsDz_dsfdBgWnJIFxxaHogMaqcdHKac7vIZzsXKpZLYtqa7HllJYm_hDi7ThO6oWPAjThMt2aQeuFAW4w7X8q-5og-EEhob9svUQOiYJBJ1XbheCKR7JVN_IxHZT16MlzhKw5aHaperd33CPNtnoYZz4kh5VA_qp8BOjjAeiXF8HZriLSSLiJg"}'
[Sun Mar 18 10:31:23 CET 2018] POST
[Sun Mar 18 10:31:23 CET 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sun Mar 18 10:31:23 CET 2018] body='{"protected": "eyJub25jZSI6ICJ1MEhSemwzTzBXUHBIWEZXdGtacS1DSzFjaUk5SGRxQk1SSzdMbUZjdTI0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FwcGxpY2F0aW9uL2pvc2UranNvbiIifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImxhcnB0cmVmZi5kZSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5sYXJwdHJlZmYuZGUifV19", "signature": "bxc0U3_gQd6CLB0AdNuFff4hmxEW7NqXhSICFCtXrtmCr6ftwZmBVDnsbxedspKfXCN2F0umiRLslaf7m9jXzn5Dw2UEXc-cwL56EgkqUaFkJSGbJWpn70TdiVtyWNRBrZFgYz_KsbJKZaBBj9ap-a4mZiNRSFncYsDz_dsfdBgWnJIFxxaHogMaqcdHKac7vIZzsXKpZLYtqa7HllJYm_hDi7ThO6oWPAjThMt2aQeuFAW4w7X8q-5og-EEhob9svUQOiYJBJ1XbheCKR7JVN_IxHZT16MlzhKw5aHaperd33CPNtnoYZz4kh5VA_qp8BOjjAeiXF8HZriLSSLiJg"}'
[Sun Mar 18 10:31:23 CET 2018] Http already initialized.
[Sun Mar 18 10:31:23 CET 2018] _WGET='wget -q -d --content-on-error '
[Sun Mar 18 10:31:23 CET 2018] wget returns 8, the server returns a 'Bad request' response, lets process the response later.
[Sun Mar 18 10:31:23 CET 2018] options='s/^ *//g'
[Sun Mar 18 10:31:23 CET 2018] Using sed -i
[Sun Mar 18 10:31:23 CET 2018] _ret='0'
[Sun Mar 18 10:31:23 CET 2018] original='{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Parse error reading JWS",
"status": 400
}'
[Sun Mar 18 10:31:23 CET 2018] responseHeaders='Setting --content-on-error (contentonerror) to 1
Setting --server-response (serverresponse) to 1
Setting --output-document (outputdocument) to -
Setting --user-agent (useragent) to acme.sh/2.7.8 (https://github.com/Neilpang/acme.sh)
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to Content-Type: application/jose+json
Setting --post-data (postdata) to {"protected": "eyJub25jZSI6ICJ1MEhSemwzTzBXUHBIWEZXdGtacS1DSzFjaUk5SGRxQk1SSzdMbUZjdTI0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FwcGxpY2F0aW9uL2pvc2UranNvbiIifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImxhcnB0cmVmZi5kZSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5sYXJwdHJlZmYuZGUifV19", "signature": "bxc0U3_gQd6CLB0AdNuFff4hmxEW7NqXhSICFCtXrtmCr6ftwZmBVDnsbxedspKfXCN2F0umiRLslaf7m9jXzn5Dw2UEXc-cwL56EgkqUaFkJSGbJWpn70TdiVtyWNRBrZFgYz_KsbJKZaBBj9ap-a4mZiNRSFncYsDz_dsfdBgWnJIFxxaHogMaqcdHKac7vIZzsXKpZLYtqa7HllJYm_hDi7ThO6oWPAjThMt2aQeuFAW4w7X8q-5og-EEhob9svUQOiYJBJ1XbheCKR7JVN_IxHZT16MlzhKw5aHaperd33CPNtnoYZz4kh5VA_qp8BOjjAeiXF8HZriLSSLiJg"}
Setting --method (method) to POST
Setting --body-data (bodydata) to {"protected": "eyJub25jZSI6ICJ1MEhSemwzTzBXUHBIWEZXdGtacS1DSzFjaUk5SGRxQk1SSzdMbUZjdTI0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FwcGxpY2F0aW9uL2pvc2UranNvbiIifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImxhcnB0cmVmZi5kZSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5sYXJwdHJlZmYuZGUifV19", "signature": "bxc0U3_gQd6CLB0AdNuFff4hmxEW7NqXhSICFCtXrtmCr6ftwZmBVDnsbxedspKfXCN2F0umiRLslaf7m9jXzn5Dw2UEXc-cwL56EgkqUaFkJSGbJWpn70TdiVtyWNRBrZFgYz_KsbJKZaBBj9ap-a4mZiNRSFncYsDz_dsfdBgWnJIFxxaHogMaqcdHKac7vIZzsXKpZLYtqa7HllJYm_hDi7ThO6oWPAjThMt2aQeuFAW4w7X8q-5og-EEhob9svUQOiYJBJ1XbheCKR7JVN_IxHZT16MlzhKw5aHaperd33CPNtnoYZz4kh5VA_qp8BOjjAeiXF8HZriLSSLiJg"}
DEBUG output created by Wget 1.18 on linux-gnu.
Reading HSTS entries from /root/.wget-hsts
URI encoding = ‘UTF-8’
Certificates loaded: 166
Caching acme-v02.api.letsencrypt.org => 104.123.22.170 2a02:26f0:105:288::3a8e 2a02:26f0:105:28c::3a8e
Created socket 3.
Releasing 0x000055701e0af480 (new refcount 1).
---request begin---
POST /acme/new-order HTTP/1.1
User-Agent: acme.sh/2.7.8 (https://github.com/Neilpang/acme.sh)
Accept: */*
Accept-Encoding: identity
Host: acme-v02.api.letsencrypt.org
Connection: Keep-Alive
Content-Type: application/jose+json
Content-Length: 753
---request end---
[BODY data: {"protected": "eyJub25jZSI6ICJ1MEhSemwzTzBXUHBIWEZXdGtacS1DSzFjaUk5SGRxQk1SSzdMbUZjdTI0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FwcGxpY2F0aW9uL2pvc2UranNvbiIifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImxhcnB0cmVmZi5kZSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5sYXJwdHJlZmYuZGUifV19", "signature": "bxc0U3_gQd6CLB0AdNuFff4hmxEW7NqXhSICFCtXrtmCr6ftwZmBVDnsbxedspKfXCN2F0umiRLslaf7m9jXzn5Dw2UEXc-cwL56EgkqUaFkJSGbJWpn70TdiVtyWNRBrZFgYz_KsbJKZaBBj9ap-a4mZiNRSFncYsDz_dsfdBgWnJIFxxaHogMaqcdHKac7vIZzsXKpZLYtqa7HllJYm_hDi7ThO6oWPAjThMt2aQeuFAW4w7X8q-5og-EEhob9svUQOiYJBJ1XbheCKR7JVN_IxHZT16MlzhKw5aHaperd33CPNtnoYZz4kh5VA_qp8BOjjAeiXF8HZriLSSLiJg"}]
---response begin---
HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 108
Replay-Nonce: ijzXieOufZmN_R0Ld_r57lGCBzupJCap1EDEUuMRmfM
Expires: Sun, 18 Mar 2018 09:31:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 18 Mar 2018 09:31:23 GMT
Connection: close
---response end---
HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 108
Replay-Nonce: ijzXieOufZmN_R0Ld_r57lGCBzupJCap1EDEUuMRmfM
Expires: Sun, 18 Mar 2018 09:31:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 18 Mar 2018 09:31:23 GMT
Connection: close'
[Sun Mar 18 10:31:23 CET 2018] response='{"type":"urn:ietf:params:acme:error:malformed","detail":"Parse error reading JWS","status": 400}'
[Sun Mar 18 10:31:23 CET 2018] code='400'
[Sun Mar 18 10:31:23 CET 2018] Le_OrderFinalize
[Sun Mar 18 10:31:23 CET 2018] Create new order error. Le_OrderFinalize not found. {"type":"urn:ietf:params:acme:error:malformed","detail":"Parse error reading JWS","status": 400}
[Sun Mar 18 10:31:23 CET 2018] pid
[Sun Mar 18 10:31:23 CET 2018] No need to restore nginx, skip.
[Sun Mar 18 10:31:23 CET 2018] _clearupdns
[Sun Mar 18 10:31:23 CET 2018] skip dns.
[Sun Mar 18 10:31:23 CET 2018] _on_issue_err
[Sun Mar 18 10:31:23 CET 2018] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Sun Mar 18 10:31:23 CET 2018] _chk_vlist
[Sun Mar 18 10:31:23 CET 2018] openssl exists=0
[Sun Mar 18 10:31:23 CET 2018] nginx exists=0
[Sun Mar 18 10:31:23 CET 2018] socat exists=0
[Sun Mar 18 10:31:23 CET 2018] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.0f 25 May 2017
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.10.3
built with OpenSSL 1.1.0f 25 May 2017
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-2tpxfc/nginx-1.10.3=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-auth-pam --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-dav-ext-module --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-echo --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-upstream-fair --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/ngx_http_substitutions_filter_module
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
options:
-V print version and feature information to stdout, and exit
-h|-? print a help text describing command line options and addresses
-hh like -h, plus a list of all common address option names
-hhh like -hh, plus a list of all available address option names
-d increase verbosity (use up to 4 times; 2 are recommended)
-D analyze file descriptors before loop
-ly[facility] log to syslog, using facility (default is daemon)
-lf<logfile> log to file
-ls log to stderr (default if no other log)
-lm[facility] mixed log mode (stderr during initialization, then syslog)
-lp<progname> set the program name used for logging
-lu use microseconds for logging timestamps
-lh add hostname to log messages
-v verbose data traffic, text
-x verbose data traffic, hexadecimal
-b<size_t> set data buffer size (8192)
-s sloppy (continue on error)
-t<timeout> wait seconds before closing second channel
-T<timeout> total inactivity timeout in seconds
-u unidirectional mode (left to right)
-U unidirectional mode (right to left)
-g do not check option groups
-L <lockfile> try to obtain lock, or fail
-W <lockfile> try to obtain lock, or wait
-4 prefer IPv4 if version is not explicitly specified
-6 prefer IPv6 if version is not explicitly specified
bi-address:
pipe[,<opts>] groups=FD,FIFO
<single-address>!!<single-address>
<single-address>
single-address:
<address-head>[,<opts>]
address-head:
abstract-client:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-connect:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-listen:<filename> groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
abstract-recv:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-recvfrom:<filename> groups=FD,SOCKET,CHILD,RETRY,UNIX
abstract-sendto:<filename> groups=FD,SOCKET,RETRY,UNIX
create:<filename> groups=FD,REG,NAMED
exec:<command-line> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
fd:<num> groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
gopen:<filename> groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
interface:<interface> groups=FD,SOCKET
ip-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recv:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
ip-sendto:<host>:<protocol> groups=FD,SOCKET,IP4,IP6
ip4-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recv:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4
ip4-sendto:<host>:<protocol> groups=FD,SOCKET,IP4
ip6-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recv:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP6
ip6-sendto:<host>:<protocol> groups=FD,SOCKET,IP6
open:<filename> groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
openssl:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
openssl-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
pipe:<filename> groups=FD,FIFO,NAMED,OPEN
proxy:<proxy-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
pty groups=FD,NAMED,TERMIOS,PTY
sctp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
sctp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
sctp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
sctp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
sctp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
sctp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
socket-connect:<domain>:<protocol>:<remote-address> groups=FD,SOCKET,CHILD,RETRY
socket-datagram:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET,RANGE
socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
socket-recv:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,RANGE
socket-recvfrom:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,CHILD,RANGE
socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
socks4:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
socks4a:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
stderr groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdin groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdio groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdout groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
system:<shell-command> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
tcp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
tcp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
tcp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
tcp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
tun[:<ip-addr>/<bits>] groups=FD,CHR,NAMED,OPEN,INTERFACE
udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
udp-recv:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
udp-sendto:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp4-connect:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp4-datagram:<remote-address>:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
udp4-recv:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-recvfrom:<host>:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp6-connect:<host>:<port> groups=FD,SOCKET,IP6,UDP
udp6-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
udp6-recv:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
unix-client:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-connect:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-listen:<filename> groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
unix-recv:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-recvfrom:<filename> groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
unix-sendto:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIXshow me the ca conf please:
cat .acme.sh/ca/acme-v02.api.letsencrypt.org/ca.confroot@ovh.shuro.de:~>cat .acme.sh/ca/acme-v02.api.letsencrypt.org/ca.conf
ACCOUNT_URL='https://application/jose+json"'
CA_KEY_HASH='5IC269hgcvZmVR9apArRV5sMEx6c9r4mrhZUMo/GgGY='Which seems wrong, if I look at the conversation.
Shuro
commented
6 years ago I've removed it and let it recreate through cert-process.
That gives a new error: {"type":"urn:ietf:params:acme:error:malformed","detail":"No Key ID in JWS header","status": 400}
[Sun Mar 18 10:44:39 CET 2018] readlink exists=0
[Sun Mar 18 10:44:39 CET 2018] dirname exists=0
[Sun Mar 18 10:44:39 CET 2018] Lets find script dir.
[Sun Mar 18 10:44:39 CET 2018] _SCRIPT_='/root/.acme.sh/acme.sh'
[Sun Mar 18 10:44:39 CET 2018] _script='/root/.acme.sh/acme.sh'
[Sun Mar 18 10:44:39 CET 2018] _script_home='/root/.acme.sh'
[Sun Mar 18 10:44:39 CET 2018] Using config home:/root/.acme.sh
[Sun Mar 18 10:44:39 CET 2018] OK
[Sun Mar 18 10:44:39 CET 2018] 10:AUTO_UPGRADE='1'
[Sun Mar 18 10:44:39 CET 2018] OK
[Sun Mar 18 10:44:39 CET 2018] 17:ACME_USE_WGET='1'
[Sun Mar 18 10:44:39 CET 2018] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.7.8
[Sun Mar 18 10:44:39 CET 2018] _main_domain='larptreff.de'
[Sun Mar 18 10:44:39 CET 2018] _alt_domains='*.larptreff.de'
[Sun Mar 18 10:44:39 CET 2018] Using config home:/root/.acme.sh
[Sun Mar 18 10:44:39 CET 2018] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Sun Mar 18 10:44:39 CET 2018] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Sun Mar 18 10:44:39 CET 2018] CA_CONF='/root/.acme.sh/ca/acme-v02.api.letsencrypt.org/ca.conf'
[Sun Mar 18 10:44:39 CET 2018] DOMAIN_PATH='/root/.acme.sh/larptreff.de'
[Sun Mar 18 10:44:39 CET 2018] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Sun Mar 18 10:44:39 CET 2018] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Sun Mar 18 10:44:39 CET 2018] GET
[Sun Mar 18 10:44:39 CET 2018] url='https://acme-v02.api.letsencrypt.org/directory'
[Sun Mar 18 10:44:39 CET 2018] timeout=
[Sun Mar 18 10:44:39 CET 2018] curl exists=0
[Sun Mar 18 10:44:39 CET 2018] mktemp exists=0
[Sun Mar 18 10:44:39 CET 2018] wget exists=0
[Sun Mar 18 10:44:39 CET 2018] _WGET='wget -q -d --content-on-error '
Setting --content-on-error (contentonerror) to 1
Setting --user-agent (useragent) to acme.sh/2.7.8 (https://github.com/Neilpang/acme.sh)
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --output-document (outputdocument) to -
DEBUG output created by Wget 1.18 on linux-gnu.
Reading HSTS entries from /root/.wget-hsts
URI encoding = ‘UTF-8’
Certificates loaded: 166
Caching acme-v02.api.letsencrypt.org => 104.123.22.170 2a02:26f0:105:288::3a8e 2a02:26f0:105:28c::3a8e
Created socket 3.
Releasing 0x00005606f48ded60 (new refcount 1).
---request begin---
GET /directory HTTP/1.1
User-Agent: acme.sh/2.7.8 (https://github.com/Neilpang/acme.sh)
Accept: */*
Accept-Encoding: identity
Host: acme-v02.api.letsencrypt.org
Connection: Keep-Alive
---request end---
---response begin---
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 562
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 18 Mar 2018 09:44:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 18 Mar 2018 09:44:39 GMT
Connection: keep-alive
---response end---
Registered socket 3 for persistent reuse.
Parsed Strict-Transport-Security max-age = 604800, includeSubDomains = false
Updated HSTS host: acme-v02.api.letsencrypt.org:443 (max-age: 604800, includeSubdomains: false)
[Sun Mar 18 10:44:39 CET 2018] ret='0'
[Sun Mar 18 10:44:39 CET 2018] response='{
"4kgg8ygI0QU": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Sun Mar 18 10:44:39 CET 2018] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Sun Mar 18 10:44:39 CET 2018] ACME_NEW_AUTHZ
[Sun Mar 18 10:44:39 CET 2018] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sun Mar 18 10:44:39 CET 2018] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Sun Mar 18 10:44:39 CET 2018] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Sun Mar 18 10:44:39 CET 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sun Mar 18 10:44:39 CET 2018] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sun Mar 18 10:44:39 CET 2018] ACME_VERSION='2'
[Sun Mar 18 10:44:39 CET 2018] Le_NextRenewTime
[Sun Mar 18 10:44:39 CET 2018] OK
[Sun Mar 18 10:44:39 CET 2018] 1:Le_Domain='larptreff.de'
[Sun Mar 18 10:44:39 CET 2018] OK
[Sun Mar 18 10:44:39 CET 2018] 2:Le_Alt='*.larptreff.de'
[Sun Mar 18 10:44:39 CET 2018] OK
[Sun Mar 18 10:44:39 CET 2018] 3:Le_Webroot='dns_inwx'
[Sun Mar 18 10:44:39 CET 2018] OK
[Sun Mar 18 10:44:39 CET 2018] 4:Le_PreHook=''
[Sun Mar 18 10:44:39 CET 2018] OK
[Sun Mar 18 10:44:39 CET 2018] 5:Le_PostHook=''
[Sun Mar 18 10:44:39 CET 2018] OK
[Sun Mar 18 10:44:39 CET 2018] 6:Le_RenewHook=''
[Sun Mar 18 10:44:39 CET 2018] OK
[Sun Mar 18 10:44:39 CET 2018] 7:Le_API='https://acme-v02.api.letsencrypt.org/directory'
[Sun Mar 18 10:44:39 CET 2018] _on_before_issue
[Sun Mar 18 10:44:39 CET 2018] _chk_main_domain='larptreff.de'
[Sun Mar 18 10:44:39 CET 2018] _chk_alt_domains='*.larptreff.de'
[Sun Mar 18 10:44:39 CET 2018] 'dns_inwx' does not contain 'no'
[Sun Mar 18 10:44:39 CET 2018] Le_LocalAddress
[Sun Mar 18 10:44:39 CET 2018] d='larptreff.de'
[Sun Mar 18 10:44:39 CET 2018] Check for domain='larptreff.de'
[Sun Mar 18 10:44:39 CET 2018] _currentRoot='dns_inwx'
[Sun Mar 18 10:44:39 CET 2018] d='*.larptreff.de'
[Sun Mar 18 10:44:39 CET 2018] Check for domain='*.larptreff.de'
[Sun Mar 18 10:44:39 CET 2018] _currentRoot='dns_inwx'
[Sun Mar 18 10:44:39 CET 2018] d
[Sun Mar 18 10:44:39 CET 2018] 'dns_inwx' does not contain 'apache'
[Sun Mar 18 10:44:39 CET 2018] config file is empty, can not read CA_KEY_HASH
[Sun Mar 18 10:44:39 CET 2018] _saved_account_key_hash
[Sun Mar 18 10:44:39 CET 2018] Using config home:/root/.acme.sh
[Sun Mar 18 10:44:39 CET 2018] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Sun Mar 18 10:44:39 CET 2018] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Sun Mar 18 10:44:39 CET 2018] CA_CONF='/root/.acme.sh/ca/acme-v02.api.letsencrypt.org/ca.conf'
[Sun Mar 18 10:44:39 CET 2018] _regAccount
[Sun Mar 18 10:44:39 CET 2018] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Sun Mar 18 10:44:39 CET 2018] RSA key
[Sun Mar 18 10:44:39 CET 2018] pub_exp='010001'
[Sun Mar 18 10:44:39 CET 2018] xxd exists=0
[Sun Mar 18 10:44:39 CET 2018] base64 single line.
[Sun Mar 18 10:44:39 CET 2018] e='AQAB'
[Sun Mar 18 10:44:39 CET 2018] modulus='CC86DC35C065D86E7C4D50DEF4E6DEB234BBDF04C04E8CB19B63BC8C9FAF65AF17827F4DF2802BDF37D646AEDE7F2008DE4B1CA26B92F990877FB0C2A74E20936A4F65116D30E9B12A222C87539407F23301A10AD29EC086859C167D2DFB3FF6E9D68FCF075F1E89EDF9BF1FC947886F06E67048ABF035EA017410D7D044560A520A90AED38D5504187817D4E96DF717427E22DD9A2600C53354F37319D87EEF21AF2D740DF501F77D3DEC7383C574210DE1F03AF176224B90784B2EAD07F4DFE28AE09788652F13348755A3E3EF08CBDE7C12C2DC854EBC139053EFE8EAB21869D7BC42DE6DD0485B372FBDBB2D688D72162E6ED613DEDB6C136C2A86C8C93F'
[Sun Mar 18 10:44:39 CET 2018] xxd exists=0
[Sun Mar 18 10:44:39 CET 2018] base64 single line.
[Sun Mar 18 10:44:39 CET 2018] n='zIbcNcBl2G58TVDe9ObesjS73wTAToyxm2O8jJ-vZa8Xgn9N8oAr3zfWRq7efyAI3kscomuS-ZCHf7DCp04gk2pPZRFtMOmxKiIsh1OUB_IzAaEK0p7AhoWcFn0t-z_26daPzwdfHont-b8fyUeIbwbmcEir8DXqAXQQ19BEVgpSCpCu041VBBh4F9TpbfcXQn4i3ZomAMUzVPNzGdh-7yGvLXQN9QH3fT3sc4PFdCEN4fA68XYiS5B4Sy6tB_Tf4orgl4hlLxM0h1Wj4-8Iy958EsLchU68E5BT7-jqshhp17xC3m3QSFs3L727LWiNchYubtYT3ttsE2wqhsjJPw'
[Sun Mar 18 10:44:39 CET 2018] jwk='{"e": "AQAB", "kty": "RSA", "n": "zIbcNcBl2G58TVDe9ObesjS73wTAToyxm2O8jJ-vZa8Xgn9N8oAr3zfWRq7efyAI3kscomuS-ZCHf7DCp04gk2pPZRFtMOmxKiIsh1OUB_IzAaEK0p7AhoWcFn0t-z_26daPzwdfHont-b8fyUeIbwbmcEir8DXqAXQQ19BEVgpSCpCu041VBBh4F9TpbfcXQn4i3ZomAMUzVPNzGdh-7yGvLXQN9QH3fT3sc4PFdCEN4fA68XYiS5B4Sy6tB_Tf4orgl4hlLxM0h1Wj4-8Iy958EsLchU68E5BT7-jqshhp17xC3m3QSFs3L727LWiNchYubtYT3ttsE2wqhsjJPw"}'
[Sun Mar 18 10:44:39 CET 2018] JWK_HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "zIbcNcBl2G58TVDe9ObesjS73wTAToyxm2O8jJ-vZa8Xgn9N8oAr3zfWRq7efyAI3kscomuS-ZCHf7DCp04gk2pPZRFtMOmxKiIsh1OUB_IzAaEK0p7AhoWcFn0t-z_26daPzwdfHont-b8fyUeIbwbmcEir8DXqAXQQ19BEVgpSCpCu041VBBh4F9TpbfcXQn4i3ZomAMUzVPNzGdh-7yGvLXQN9QH3fT3sc4PFdCEN4fA68XYiS5B4Sy6tB_Tf4orgl4hlLxM0h1Wj4-8Iy958EsLchU68E5BT7-jqshhp17xC3m3QSFs3L727LWiNchYubtYT3ttsE2wqhsjJPw"}}'
[Sun Mar 18 10:44:39 CET 2018] Registering account
[Sun Mar 18 10:44:39 CET 2018] url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Sun Mar 18 10:44:39 CET 2018] payload='{"termsOfServiceAgreed": true}'
[Sun Mar 18 10:44:39 CET 2018] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
[Sun Mar 18 10:44:39 CET 2018] base64 single line.
[Sun Mar 18 10:44:39 CET 2018] payload64='eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWV9'
[Sun Mar 18 10:44:39 CET 2018] _request_retry_times='0'
[Sun Mar 18 10:44:39 CET 2018] Get nonce. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sun Mar 18 10:44:39 CET 2018] HEAD
[Sun Mar 18 10:44:39 CET 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sun Mar 18 10:44:39 CET 2018] body
[Sun Mar 18 10:44:39 CET 2018] curl exists=0
[Sun Mar 18 10:44:40 CET 2018] mktemp exists=0
[Sun Mar 18 10:44:40 CET 2018] wget exists=0
[Sun Mar 18 10:44:40 CET 2018] _WGET='wget -q -d --content-on-error '
[Sun Mar 18 10:44:40 CET 2018] options='s/^ *//g'
[Sun Mar 18 10:44:40 CET 2018] Using sed -i
[Sun Mar 18 10:44:40 CET 2018] _ret='0'
[Sun Mar 18 10:44:40 CET 2018] _headers='Setting --content-on-error (contentonerror) to 1
Setting --server-response (serverresponse) to 1
Setting --output-document (outputdocument) to -
Setting --user-agent (useragent) to acme.sh/2.7.8 (https://github.com/Neilpang/acme.sh)
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to Content-Type: application/jose+json
Setting --method (method) to HEAD
Setting --body-data (bodydata) to
Setting --spider (spider) to 1
DEBUG output created by Wget 1.18 on linux-gnu.
Reading HSTS entries from /root/.wget-hsts
URI encoding = ‘UTF-8’
Certificates loaded: 166
Caching acme-v02.api.letsencrypt.org => 104.123.22.170 2a02:26f0:105:288::3a8e 2a02:26f0:105:28c::3a8e
Created socket 3.
Releasing 0x000055efc3a51a60 (new refcount 1).
---request begin---
HEAD /acme/new-nonce HTTP/1.1
User-Agent: acme.sh/2.7.8 (https://github.com/Neilpang/acme.sh)
Accept: */*
Accept-Encoding: identity
Host: acme-v02.api.letsencrypt.org
Connection: Keep-Alive
Content-Type: application/jose+json
Content-Length: 0
---request end---
[BODY data: ]
---response begin---
HTTP/1.1 204 No Content
Server: nginx
Replay-Nonce: OLMNYM6sNuHRj68r53gsLxqPX2fjmos0ebrKbB0bnQ4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 18 Mar 2018 09:44:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 18 Mar 2018 09:44:40 GMT
Connection: keep-alive
---response end---
HTTP/1.1 204 No Content
Server: nginx
Replay-Nonce: OLMNYM6sNuHRj68r53gsLxqPX2fjmos0ebrKbB0bnQ4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 18 Mar 2018 09:44:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 18 Mar 2018 09:44:40 GMT
Connection: keep-alive
Registered socket 3 for persistent reuse.
Parsed Strict-Transport-Security max-age = 604800, includeSubDomains = false
Updated HSTS host: acme-v02.api.letsencrypt.org:443 (max-age: 604800, includeSubdomains: false)'
[Sun Mar 18 10:44:40 CET 2018] _CACHED_NONCE='OLMNYM6sNuHRj68r53gsLxqPX2fjmos0ebrKbB0bnQ4'
[Sun Mar 18 10:44:40 CET 2018] nonce='OLMNYM6sNuHRj68r53gsLxqPX2fjmos0ebrKbB0bnQ4'
[Sun Mar 18 10:44:40 CET 2018] protected='{"nonce": "OLMNYM6sNuHRj68r53gsLxqPX2fjmos0ebrKbB0bnQ4", "url": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "zIbcNcBl2G58TVDe9ObesjS73wTAToyxm2O8jJ-vZa8Xgn9N8oAr3zfWRq7efyAI3kscomuS-ZCHf7DCp04gk2pPZRFtMOmxKiIsh1OUB_IzAaEK0p7AhoWcFn0t-z_26daPzwdfHont-b8fyUeIbwbmcEir8DXqAXQQ19BEVgpSCpCu041VBBh4F9TpbfcXQn4i3ZomAMUzVPNzGdh-7yGvLXQN9QH3fT3sc4PFdCEN4fA68XYiS5B4Sy6tB_Tf4orgl4hlLxM0h1Wj4-8Iy958EsLchU68E5BT7-jqshhp17xC3m3QSFs3L727LWiNchYubtYT3ttsE2wqhsjJPw"}}'
[Sun Mar 18 10:44:40 CET 2018] base64 single line.
[Sun Mar 18 10:44:40 CET 2018] protected64='eyJub25jZSI6ICJPTE1OWU02c051SFJqNjhyNTNnc0x4cVBYMmZqbW9zMGVicktiQjBiblE0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogInpJYmNOY0JsMkc1OFRWRGU5T2Jlc2pTNzN3VEFUb3l4bTJPOGpKLXZaYThYZ245TjhvQXIzemZXUnE3ZWZ5QUkza3Njb211Uy1aQ0hmN0RDcDA0Z2sycFBaUkZ0TU9teEtpSXNoMU9VQl9JekFhRUswcDdBaG9XY0ZuMHQtel8yNmRhUHp3ZGZIb250LWI4ZnlVZUlid2JtY0VpcjhEWHFBWFFRMTlCRVZncFNDcEN1MDQxVkJCaDRGOVRwYmZjWFFuNGkzWm9tQU1VelZQTnpHZGgtN3lHdkxYUU45UUgzZlQzc2M0UEZkQ0VONGZBNjhYWWlTNUI0U3k2dEJfVGY0b3JnbDRobEx4TTBoMVdqNC04SXk5NThFc0xjaFU2OEU1QlQ3LWpxc2hocDE3eEMzbTNRU0ZzM0w3MjdMV2lOY2hZdWJ0WVQzdHRzRTJ3cWhzakpQdyJ9fQ'
[Sun Mar 18 10:44:40 CET 2018] base64 single line.
[Sun Mar 18 10:44:40 CET 2018] _sig_t='xPdu2pmFPJB54cL+q00w5mnSy5egclaFy3grOoEAq7PmdZTq1hbqepTJ4Lh9lYU9q4E7o0PWUqVT3sZOlXCfkIXMcEP7SaEvWG68Ho4gGu8nJPpNBun7dvfH2vi5FQ8b3TstfidPQL05Hjg2rEN8OnSx79IX9YgqSUr6DozNjkgSAmc4EBmV6FPOod6WqeFJDXUXBKleVlKxXzbBj9Sfmg7I+pCsWVBEdO3qUL00tFCmuk4htSMUyLQ/Bmt6NR9AJt2H53MTeiknRYpCkiRXvMbu8QksEelcyYZ4hk4x01m5gjFZ7easQnHW2EF68TJPYHpD5WgCbpgOXGDMwZd0mg=='
[Sun Mar 18 10:44:40 CET 2018] sig='xPdu2pmFPJB54cL-q00w5mnSy5egclaFy3grOoEAq7PmdZTq1hbqepTJ4Lh9lYU9q4E7o0PWUqVT3sZOlXCfkIXMcEP7SaEvWG68Ho4gGu8nJPpNBun7dvfH2vi5FQ8b3TstfidPQL05Hjg2rEN8OnSx79IX9YgqSUr6DozNjkgSAmc4EBmV6FPOod6WqeFJDXUXBKleVlKxXzbBj9Sfmg7I-pCsWVBEdO3qUL00tFCmuk4htSMUyLQ_Bmt6NR9AJt2H53MTeiknRYpCkiRXvMbu8QksEelcyYZ4hk4x01m5gjFZ7easQnHW2EF68TJPYHpD5WgCbpgOXGDMwZd0mg'
[Sun Mar 18 10:44:40 CET 2018] body='{"protected": "eyJub25jZSI6ICJPTE1OWU02c051SFJqNjhyNTNnc0x4cVBYMmZqbW9zMGVicktiQjBiblE0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogInpJYmNOY0JsMkc1OFRWRGU5T2Jlc2pTNzN3VEFUb3l4bTJPOGpKLXZaYThYZ245TjhvQXIzemZXUnE3ZWZ5QUkza3Njb211Uy1aQ0hmN0RDcDA0Z2sycFBaUkZ0TU9teEtpSXNoMU9VQl9JekFhRUswcDdBaG9XY0ZuMHQtel8yNmRhUHp3ZGZIb250LWI4ZnlVZUlid2JtY0VpcjhEWHFBWFFRMTlCRVZncFNDcEN1MDQxVkJCaDRGOVRwYmZjWFFuNGkzWm9tQU1VelZQTnpHZGgtN3lHdkxYUU45UUgzZlQzc2M0UEZkQ0VONGZBNjhYWWlTNUI0U3k2dEJfVGY0b3JnbDRobEx4TTBoMVdqNC04SXk5NThFc0xjaFU2OEU1QlQ3LWpxc2hocDE3eEMzbTNRU0ZzM0w3MjdMV2lOY2hZdWJ0WVQzdHRzRTJ3cWhzakpQdyJ9fQ", "payload": "eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWV9", "signature": "xPdu2pmFPJB54cL-q00w5mnSy5egclaFy3grOoEAq7PmdZTq1hbqepTJ4Lh9lYU9q4E7o0PWUqVT3sZOlXCfkIXMcEP7SaEvWG68Ho4gGu8nJPpNBun7dvfH2vi5FQ8b3TstfidPQL05Hjg2rEN8OnSx79IX9YgqSUr6DozNjkgSAmc4EBmV6FPOod6WqeFJDXUXBKleVlKxXzbBj9Sfmg7I-pCsWVBEdO3qUL00tFCmuk4htSMUyLQ_Bmt6NR9AJt2H53MTeiknRYpCkiRXvMbu8QksEelcyYZ4hk4x01m5gjFZ7easQnHW2EF68TJPYHpD5WgCbpgOXGDMwZd0mg"}'
[Sun Mar 18 10:44:40 CET 2018] POST
[Sun Mar 18 10:44:40 CET 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Sun Mar 18 10:44:40 CET 2018] body='{"protected": "eyJub25jZSI6ICJPTE1OWU02c051SFJqNjhyNTNnc0x4cVBYMmZqbW9zMGVicktiQjBiblE0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogInpJYmNOY0JsMkc1OFRWRGU5T2Jlc2pTNzN3VEFUb3l4bTJPOGpKLXZaYThYZ245TjhvQXIzemZXUnE3ZWZ5QUkza3Njb211Uy1aQ0hmN0RDcDA0Z2sycFBaUkZ0TU9teEtpSXNoMU9VQl9JekFhRUswcDdBaG9XY0ZuMHQtel8yNmRhUHp3ZGZIb250LWI4ZnlVZUlid2JtY0VpcjhEWHFBWFFRMTlCRVZncFNDcEN1MDQxVkJCaDRGOVRwYmZjWFFuNGkzWm9tQU1VelZQTnpHZGgtN3lHdkxYUU45UUgzZlQzc2M0UEZkQ0VONGZBNjhYWWlTNUI0U3k2dEJfVGY0b3JnbDRobEx4TTBoMVdqNC04SXk5NThFc0xjaFU2OEU1QlQ3LWpxc2hocDE3eEMzbTNRU0ZzM0w3MjdMV2lOY2hZdWJ0WVQzdHRzRTJ3cWhzakpQdyJ9fQ", "payload": "eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWV9", "signature": "xPdu2pmFPJB54cL-q00w5mnSy5egclaFy3grOoEAq7PmdZTq1hbqepTJ4Lh9lYU9q4E7o0PWUqVT3sZOlXCfkIXMcEP7SaEvWG68Ho4gGu8nJPpNBun7dvfH2vi5FQ8b3TstfidPQL05Hjg2rEN8OnSx79IX9YgqSUr6DozNjkgSAmc4EBmV6FPOod6WqeFJDXUXBKleVlKxXzbBj9Sfmg7I-pCsWVBEdO3qUL00tFCmuk4htSMUyLQ_Bmt6NR9AJt2H53MTeiknRYpCkiRXvMbu8QksEelcyYZ4hk4x01m5gjFZ7easQnHW2EF68TJPYHpD5WgCbpgOXGDMwZd0mg"}'
[Sun Mar 18 10:44:40 CET 2018] Http already initialized.
[Sun Mar 18 10:44:40 CET 2018] _WGET='wget -q -d --content-on-error '
[Sun Mar 18 10:44:40 CET 2018] options='s/^ *//g'
[Sun Mar 18 10:44:40 CET 2018] Using sed -i
[Sun Mar 18 10:44:40 CET 2018] _ret='0'
[Sun Mar 18 10:44:40 CET 2018] original
[Sun Mar 18 10:44:40 CET 2018] responseHeaders='Setting --content-on-error (contentonerror) to 1
Setting --server-response (serverresponse) to 1
Setting --output-document (outputdocument) to -
Setting --user-agent (useragent) to acme.sh/2.7.8 (https://github.com/Neilpang/acme.sh)
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to Content-Type: application/jose+json
Setting --post-data (postdata) to {"protected": "eyJub25jZSI6ICJPTE1OWU02c051SFJqNjhyNTNnc0x4cVBYMmZqbW9zMGVicktiQjBiblE0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogInpJYmNOY0JsMkc1OFRWRGU5T2Jlc2pTNzN3VEFUb3l4bTJPOGpKLXZaYThYZ245TjhvQXIzemZXUnE3ZWZ5QUkza3Njb211Uy1aQ0hmN0RDcDA0Z2sycFBaUkZ0TU9teEtpSXNoMU9VQl9JekFhRUswcDdBaG9XY0ZuMHQtel8yNmRhUHp3ZGZIb250LWI4ZnlVZUlid2JtY0VpcjhEWHFBWFFRMTlCRVZncFNDcEN1MDQxVkJCaDRGOVRwYmZjWFFuNGkzWm9tQU1VelZQTnpHZGgtN3lHdkxYUU45UUgzZlQzc2M0UEZkQ0VONGZBNjhYWWlTNUI0U3k2dEJfVGY0b3JnbDRobEx4TTBoMVdqNC04SXk5NThFc0xjaFU2OEU1QlQ3LWpxc2hocDE3eEMzbTNRU0ZzM0w3MjdMV2lOY2hZdWJ0WVQzdHRzRTJ3cWhzakpQdyJ9fQ", "payload": "eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWV9", "signature": "xPdu2pmFPJB54cL-q00w5mnSy5egclaFy3grOoEAq7PmdZTq1hbqepTJ4Lh9lYU9q4E7o0PWUqVT3sZOlXCfkIXMcEP7SaEvWG68Ho4gGu8nJPpNBun7dvfH2vi5FQ8b3TstfidPQL05Hjg2rEN8OnSx79IX9YgqSUr6DozNjkgSAmc4EBmV6FPOod6WqeFJDXUXBKleVlKxXzbBj9Sfmg7I-pCsWVBEdO3qUL00tFCmuk4htSMUyLQ_Bmt6NR9AJt2H53MTeiknRYpCkiRXvMbu8QksEelcyYZ4hk4x01m5gjFZ7easQnHW2EF68TJPYHpD5WgCbpgOXGDMwZd0mg"}
Setting --method (method) to POST
Setting --body-data (bodydata) to {"protected": "eyJub25jZSI6ICJPTE1OWU02c051SFJqNjhyNTNnc0x4cVBYMmZqbW9zMGVicktiQjBiblE0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogInpJYmNOY0JsMkc1OFRWRGU5T2Jlc2pTNzN3VEFUb3l4bTJPOGpKLXZaYThYZ245TjhvQXIzemZXUnE3ZWZ5QUkza3Njb211Uy1aQ0hmN0RDcDA0Z2sycFBaUkZ0TU9teEtpSXNoMU9VQl9JekFhRUswcDdBaG9XY0ZuMHQtel8yNmRhUHp3ZGZIb250LWI4ZnlVZUlid2JtY0VpcjhEWHFBWFFRMTlCRVZncFNDcEN1MDQxVkJCaDRGOVRwYmZjWFFuNGkzWm9tQU1VelZQTnpHZGgtN3lHdkxYUU45UUgzZlQzc2M0UEZkQ0VONGZBNjhYWWlTNUI0U3k2dEJfVGY0b3JnbDRobEx4TTBoMVdqNC04SXk5NThFc0xjaFU2OEU1QlQ3LWpxc2hocDE3eEMzbTNRU0ZzM0w3MjdMV2lOY2hZdWJ0WVQzdHRzRTJ3cWhzakpQdyJ9fQ", "payload": "eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWV9", "signature": "xPdu2pmFPJB54cL-q00w5mnSy5egclaFy3grOoEAq7PmdZTq1hbqepTJ4Lh9lYU9q4E7o0PWUqVT3sZOlXCfkIXMcEP7SaEvWG68Ho4gGu8nJPpNBun7dvfH2vi5FQ8b3TstfidPQL05Hjg2rEN8OnSx79IX9YgqSUr6DozNjkgSAmc4EBmV6FPOod6WqeFJDXUXBKleVlKxXzbBj9Sfmg7I-pCsWVBEdO3qUL00tFCmuk4htSMUyLQ_Bmt6NR9AJt2H53MTeiknRYpCkiRXvMbu8QksEelcyYZ4hk4x01m5gjFZ7easQnHW2EF68TJPYHpD5WgCbpgOXGDMwZd0mg"}
DEBUG output created by Wget 1.18 on linux-gnu.
Reading HSTS entries from /root/.wget-hsts
URI encoding = ‘UTF-8’
Certificates loaded: 166
Caching acme-v02.api.letsencrypt.org => 104.123.22.170 2a02:26f0:105:288::3a8e 2a02:26f0:105:28c::3a8e
Created socket 3.
Releasing 0x000055eecb0d68f0 (new refcount 1).
---request begin---
POST /acme/new-acct HTTP/1.1
User-Agent: acme.sh/2.7.8 (https://github.com/Neilpang/acme.sh)
Accept: */*
Accept-Encoding: identity
Host: acme-v02.api.letsencrypt.org
Connection: Keep-Alive
Content-Type: application/jose+json
Content-Length: 1125
---request end---
[BODY data: {"protected": "eyJub25jZSI6ICJPTE1OWU02c051SFJqNjhyNTNnc0x4cVBYMmZqbW9zMGVicktiQjBiblE0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogInpJYmNOY0JsMkc1OFRWRGU5T2Jlc2pTNzN3VEFUb3l4bTJPOGpKLXZaYThYZ245TjhvQXIzemZXUnE3ZWZ5QUkza3Njb211Uy1aQ0hmN0RDcDA0Z2sycFBaUkZ0TU9teEtpSXNoMU9VQl9JekFhRUswcDdBaG9XY0ZuMHQtel8yNmRhUHp3ZGZIb250LWI4ZnlVZUlid2JtY0VpcjhEWHFBWFFRMTlCRVZncFNDcEN1MDQxVkJCaDRGOVRwYmZjWFFuNGkzWm9tQU1VelZQTnpHZGgtN3lHdkxYUU45UUgzZlQzc2M0UEZkQ0VONGZBNjhYWWlTNUI0U3k2dEJfVGY0b3JnbDRobEx4TTBoMVdqNC04SXk5NThFc0xjaFU2OEU1QlQ3LWpxc2hocDE3eEMzbTNRU0ZzM0w3MjdMV2lOY2hZdWJ0WVQzdHRzRTJ3cWhzakpQdyJ9fQ", "payload": "eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWV9", "signature": "xPdu2pmFPJB54cL-q00w5mnSy5egclaFy3grOoEAq7PmdZTq1hbqepTJ4Lh9lYU9q4E7o0PWUqVT3sZOlXCfkIXMcEP7SaEvWG68Ho4gGu8nJPpNBun7dvfH2vi5FQ8b3TstfidPQL05Hjg2rEN8OnSx79IX9YgqSUr6DozNjkgSAmc4EBmV6FPOod6WqeFJDXUXBKleVlKxXzbBj9Sfmg7I-pCsWVBEdO3qUL00tFCmuk4htSMUyLQ_Bmt6NR9AJt2H53MTeiknRYpCkiRXvMbu8QksEelcyYZ4hk4x01m5gjFZ7easQnHW2EF68TJPYHpD5WgCbpgOXGDMwZd0mg"}]
---response begin---
HTTP/1.1 200 OK
Server: nginx
Content-Length: 0
Location: https://acme-v02.api.letsencrypt.org/acme/acct/31194868
Replay-Nonce: tA6_mjklOJOx3jnCk1tEVS75DbBs-3dBhIvGcbyjW8o
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 18 Mar 2018 09:44:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 18 Mar 2018 09:44:40 GMT
Connection: keep-alive
---response end---
HTTP/1.1 200 OK
Server: nginx
Content-Length: 0
Location: https://acme-v02.api.letsencrypt.org/acme/acct/31194868
Replay-Nonce: tA6_mjklOJOx3jnCk1tEVS75DbBs-3dBhIvGcbyjW8o
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 18 Mar 2018 09:44:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 18 Mar 2018 09:44:40 GMT
Connection: keep-alive
Registered socket 3 for persistent reuse.
Parsed Strict-Transport-Security max-age = 604800, includeSubDomains = false
Updated HSTS host: acme-v02.api.letsencrypt.org:443 (max-age: 604800, includeSubdomains: false)'
[Sun Mar 18 10:44:40 CET 2018] response
[Sun Mar 18 10:44:40 CET 2018] code='200'
[Sun Mar 18 10:44:40 CET 2018] Already registered
[Sun Mar 18 10:44:40 CET 2018] responseHeaders='Setting --content-on-error (contentonerror) to 1
Setting --server-response (serverresponse) to 1
Setting --output-document (outputdocument) to -
Setting --user-agent (useragent) to acme.sh/2.7.8 (https://github.com/Neilpang/acme.sh)
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to Content-Type: application/jose+json
Setting --post-data (postdata) to {"protected": "eyJub25jZSI6ICJPTE1OWU02c051SFJqNjhyNTNnc0x4cVBYMmZqbW9zMGVicktiQjBiblE0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogInpJYmNOY0JsMkc1OFRWRGU5T2Jlc2pTNzN3VEFUb3l4bTJPOGpKLXZaYThYZ245TjhvQXIzemZXUnE3ZWZ5QUkza3Njb211Uy1aQ0hmN0RDcDA0Z2sycFBaUkZ0TU9teEtpSXNoMU9VQl9JekFhRUswcDdBaG9XY0ZuMHQtel8yNmRhUHp3ZGZIb250LWI4ZnlVZUlid2JtY0VpcjhEWHFBWFFRMTlCRVZncFNDcEN1MDQxVkJCaDRGOVRwYmZjWFFuNGkzWm9tQU1VelZQTnpHZGgtN3lHdkxYUU45UUgzZlQzc2M0UEZkQ0VONGZBNjhYWWlTNUI0U3k2dEJfVGY0b3JnbDRobEx4TTBoMVdqNC04SXk5NThFc0xjaFU2OEU1QlQ3LWpxc2hocDE3eEMzbTNRU0ZzM0w3MjdMV2lOY2hZdWJ0WVQzdHRzRTJ3cWhzakpQdyJ9fQ", "payload": "eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWV9", "signature": "xPdu2pmFPJB54cL-q00w5mnSy5egclaFy3grOoEAq7PmdZTq1hbqepTJ4Lh9lYU9q4E7o0PWUqVT3sZOlXCfkIXMcEP7SaEvWG68Ho4gGu8nJPpNBun7dvfH2vi5FQ8b3TstfidPQL05Hjg2rEN8OnSx79IX9YgqSUr6DozNjkgSAmc4EBmV6FPOod6WqeFJDXUXBKleVlKxXzbBj9Sfmg7I-pCsWVBEdO3qUL00tFCmuk4htSMUyLQ_Bmt6NR9AJt2H53MTeiknRYpCkiRXvMbu8QksEelcyYZ4hk4x01m5gjFZ7easQnHW2EF68TJPYHpD5WgCbpgOXGDMwZd0mg"}
Setting --method (method) to POST
Setting --body-data (bodydata) to {"protected": "eyJub25jZSI6ICJPTE1OWU02c051SFJqNjhyNTNnc0x4cVBYMmZqbW9zMGVicktiQjBiblE0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogInpJYmNOY0JsMkc1OFRWRGU5T2Jlc2pTNzN3VEFUb3l4bTJPOGpKLXZaYThYZ245TjhvQXIzemZXUnE3ZWZ5QUkza3Njb211Uy1aQ0hmN0RDcDA0Z2sycFBaUkZ0TU9teEtpSXNoMU9VQl9JekFhRUswcDdBaG9XY0ZuMHQtel8yNmRhUHp3ZGZIb250LWI4ZnlVZUlid2JtY0VpcjhEWHFBWFFRMTlCRVZncFNDcEN1MDQxVkJCaDRGOVRwYmZjWFFuNGkzWm9tQU1VelZQTnpHZGgtN3lHdkxYUU45UUgzZlQzc2M0UEZkQ0VONGZBNjhYWWlTNUI0U3k2dEJfVGY0b3JnbDRobEx4TTBoMVdqNC04SXk5NThFc0xjaFU2OEU1QlQ3LWpxc2hocDE3eEMzbTNRU0ZzM0w3MjdMV2lOY2hZdWJ0WVQzdHRzRTJ3cWhzakpQdyJ9fQ", "payload": "eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWV9", "signature": "xPdu2pmFPJB54cL-q00w5mnSy5egclaFy3grOoEAq7PmdZTq1hbqepTJ4Lh9lYU9q4E7o0PWUqVT3sZOlXCfkIXMcEP7SaEvWG68Ho4gGu8nJPpNBun7dvfH2vi5FQ8b3TstfidPQL05Hjg2rEN8OnSx79IX9YgqSUr6DozNjkgSAmc4EBmV6FPOod6WqeFJDXUXBKleVlKxXzbBj9Sfmg7I-pCsWVBEdO3qUL00tFCmuk4htSMUyLQ_Bmt6NR9AJt2H53MTeiknRYpCkiRXvMbu8QksEelcyYZ4hk4x01m5gjFZ7easQnHW2EF68TJPYHpD5WgCbpgOXGDMwZd0mg"}
DEBUG output created by Wget 1.18 on linux-gnu.
Reading HSTS entries from /root/.wget-hsts
URI encoding = ‘UTF-8’
Certificates loaded: 166
Caching acme-v02.api.letsencrypt.org => 104.123.22.170 2a02:26f0:105:288::3a8e 2a02:26f0:105:28c::3a8e
Created socket 3.
Releasing 0x000055eecb0d68f0 (new refcount 1).
---request begin---
POST /acme/new-acct HTTP/1.1
User-Agent: acme.sh/2.7.8 (https://github.com/Neilpang/acme.sh)
Accept: */*
Accept-Encoding: identity
Host: acme-v02.api.letsencrypt.org
Connection: Keep-Alive
Content-Type: application/jose+json
Content-Length: 1125
---request end---
[BODY data: {"protected": "eyJub25jZSI6ICJPTE1OWU02c051SFJqNjhyNTNnc0x4cVBYMmZqbW9zMGVicktiQjBiblE0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogInpJYmNOY0JsMkc1OFRWRGU5T2Jlc2pTNzN3VEFUb3l4bTJPOGpKLXZaYThYZ245TjhvQXIzemZXUnE3ZWZ5QUkza3Njb211Uy1aQ0hmN0RDcDA0Z2sycFBaUkZ0TU9teEtpSXNoMU9VQl9JekFhRUswcDdBaG9XY0ZuMHQtel8yNmRhUHp3ZGZIb250LWI4ZnlVZUlid2JtY0VpcjhEWHFBWFFRMTlCRVZncFNDcEN1MDQxVkJCaDRGOVRwYmZjWFFuNGkzWm9tQU1VelZQTnpHZGgtN3lHdkxYUU45UUgzZlQzc2M0UEZkQ0VONGZBNjhYWWlTNUI0U3k2dEJfVGY0b3JnbDRobEx4TTBoMVdqNC04SXk5NThFc0xjaFU2OEU1QlQ3LWpxc2hocDE3eEMzbTNRU0ZzM0w3MjdMV2lOY2hZdWJ0WVQzdHRzRTJ3cWhzakpQdyJ9fQ", "payload": "eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWV9", "signature": "xPdu2pmFPJB54cL-q00w5mnSy5egclaFy3grOoEAq7PmdZTq1hbqepTJ4Lh9lYU9q4E7o0PWUqVT3sZOlXCfkIXMcEP7SaEvWG68Ho4gGu8nJPpNBun7dvfH2vi5FQ8b3TstfidPQL05Hjg2rEN8OnSx79IX9YgqSUr6DozNjkgSAmc4EBmV6FPOod6WqeFJDXUXBKleVlKxXzbBj9Sfmg7I-pCsWVBEdO3qUL00tFCmuk4htSMUyLQ_Bmt6NR9AJt2H53MTeiknRYpCkiRXvMbu8QksEelcyYZ4hk4x01m5gjFZ7easQnHW2EF68TJPYHpD5WgCbpgOXGDMwZd0mg"}]
---response begin---
HTTP/1.1 200 OK
Server: nginx
Content-Length: 0
Location: https://acme-v02.api.letsencrypt.org/acme/acct/31194868
Replay-Nonce: tA6_mjklOJOx3jnCk1tEVS75DbBs-3dBhIvGcbyjW8o
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 18 Mar 2018 09:44:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 18 Mar 2018 09:44:40 GMT
Connection: keep-alive
---response end---
HTTP/1.1 200 OK
Server: nginx
Content-Length: 0
Location: https://acme-v02.api.letsencrypt.org/acme/acct/31194868
Replay-Nonce: tA6_mjklOJOx3jnCk1tEVS75DbBs-3dBhIvGcbyjW8o
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 18 Mar 2018 09:44:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 18 Mar 2018 09:44:40 GMT
Connection: keep-alive
Registered socket 3 for persistent reuse.
Parsed Strict-Transport-Security max-age = 604800, includeSubDomains = false
Updated HSTS host: acme-v02.api.letsencrypt.org:443 (max-age: 604800, includeSubdomains: false)'
[Sun Mar 18 10:44:40 CET 2018] _accUri='https://acme-v02.api.letsencrypt.org/acme/acct/31194868'
[Sun Mar 18 10:44:40 CET 2018] APP
[Sun Mar 18 10:44:40 CET 2018] 1:ACCOUNT_URL='https://acme-v02.api.letsencrypt.org/acme/acct/31194868'
[Sun Mar 18 10:44:40 CET 2018] base64 single line.
[Sun Mar 18 10:44:40 CET 2018] Calc CA_KEY_HASH='5IC269hgcvZmVR9apArRV5sMEx6c9r4mrhZUMo/GgGY='
[Sun Mar 18 10:44:40 CET 2018] APP
[Sun Mar 18 10:44:40 CET 2018] 2:CA_KEY_HASH='5IC269hgcvZmVR9apArRV5sMEx6c9r4mrhZUMo/GgGY='
[Sun Mar 18 10:44:40 CET 2018] base64 single line.
[Sun Mar 18 10:44:40 CET 2018] ACCOUNT_THUMBPRINT='pHzBNTLvmpzcR1qijGTGSmzDmnopq-0LGjxUbwWE4oA'
[Sun Mar 18 10:44:40 CET 2018] Read key length:
[Sun Mar 18 10:44:40 CET 2018] _createcsr
[Sun Mar 18 10:44:40 CET 2018] domain='larptreff.de'
[Sun Mar 18 10:44:40 CET 2018] domainlist='*.larptreff.de'
[Sun Mar 18 10:44:40 CET 2018] csrkey='/root/.acme.sh/larptreff.de/larptreff.de.key'
[Sun Mar 18 10:44:40 CET 2018] csr='/root/.acme.sh/larptreff.de/larptreff.de.csr'
[Sun Mar 18 10:44:40 CET 2018] csrconf='/root/.acme.sh/larptreff.de/larptreff.de.csr.conf'
[Sun Mar 18 10:44:40 CET 2018] _is_idn_d='*.larptreff.de'
[Sun Mar 18 10:44:40 CET 2018] _idn_temp
[Sun Mar 18 10:44:40 CET 2018] domainlist='*.larptreff.de'
[Sun Mar 18 10:44:40 CET 2018] Multi domain='DNS:larptreff.de,DNS:*.larptreff.de'
[Sun Mar 18 10:44:40 CET 2018] _is_idn_d='larptreff.de'
[Sun Mar 18 10:44:40 CET 2018] _idn_temp
[Sun Mar 18 10:44:40 CET 2018] _csr_cn='larptreff.de'
[Sun Mar 18 10:44:40 CET 2018] OK
[Sun Mar 18 10:44:40 CET 2018] 8:Le_Keylength=''
[Sun Mar 18 10:44:40 CET 2018] Getting domain auth token for each domain
[Sun Mar 18 10:44:40 CET 2018] d='*.larptreff.de'
[Sun Mar 18 10:44:40 CET 2018] d
[Sun Mar 18 10:44:40 CET 2018] _identifiers='{"type":"dns","value":"larptreff.de"},{"type":"dns","value":"*.larptreff.de"}'
[Sun Mar 18 10:44:40 CET 2018] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sun Mar 18 10:44:40 CET 2018] payload='{"identifiers": [{"type":"dns","value":"larptreff.de"},{"type":"dns","value":"*.larptreff.de"}]}'
[Sun Mar 18 10:44:40 CET 2018] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
[Sun Mar 18 10:44:40 CET 2018] base64 single line.
[Sun Mar 18 10:44:40 CET 2018] payload64='eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImxhcnB0cmVmZi5kZSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5sYXJwdHJlZmYuZGUifV19'
[Sun Mar 18 10:44:40 CET 2018] _request_retry_times='0'
[Sun Mar 18 10:44:40 CET 2018] Use _CACHED_NONCE='tA6_mjklOJOx3jnCk1tEVS75DbBs-3dBhIvGcbyjW8o'
[Sun Mar 18 10:44:40 CET 2018] nonce='tA6_mjklOJOx3jnCk1tEVS75DbBs-3dBhIvGcbyjW8o'
[Sun Mar 18 10:44:40 CET 2018] protected='{"nonce": "tA6_mjklOJOx3jnCk1tEVS75DbBs-3dBhIvGcbyjW8o", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "alg": "RS256", "kid": ""}'
[Sun Mar 18 10:44:40 CET 2018] base64 single line.
[Sun Mar 18 10:44:40 CET 2018] protected64='eyJub25jZSI6ICJ0QTZfbWprbE9KT3gzam5DazF0RVZTNzVEYkJzLTNkQmhJdkdjYnlqVzhvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICIifQ'
[Sun Mar 18 10:44:40 CET 2018] base64 single line.
[Sun Mar 18 10:44:40 CET 2018] _sig_t='r08igNzyj2cpnHftnWSqbP05aMeqy4DuQt9pLa92vYWWJgKo56gvH/rnmrPUJlP1p3RAEe80Q0cBxkAYuEqhNmrhFDIHjExPBrxARORDGr7BFK6ydnsZ5FnzJaA+5GKTPyN7IP3eDw/Fi/ffz4qze0dVN3n36xteP2ha+ashzGmOhcLz/dJ9Ql/7Aga35nEoA/hxRWDCxJ9wSqoA1s0VWN9mIu5mDRM5+MvIAdIIeb5D8M64sZr9zEW1xTlUCQVYiQEG+6QYpYsr0p6lM7sdBd17J38s+KIUA5bBhMxlYK2fpGPbnEeUM0/vVNhu5gfXJ2dNqW0kq2ScatcJ8TcElQ=='
[Sun Mar 18 10:44:40 CET 2018] sig='r08igNzyj2cpnHftnWSqbP05aMeqy4DuQt9pLa92vYWWJgKo56gvH_rnmrPUJlP1p3RAEe80Q0cBxkAYuEqhNmrhFDIHjExPBrxARORDGr7BFK6ydnsZ5FnzJaA-5GKTPyN7IP3eDw_Fi_ffz4qze0dVN3n36xteP2ha-ashzGmOhcLz_dJ9Ql_7Aga35nEoA_hxRWDCxJ9wSqoA1s0VWN9mIu5mDRM5-MvIAdIIeb5D8M64sZr9zEW1xTlUCQVYiQEG-6QYpYsr0p6lM7sdBd17J38s-KIUA5bBhMxlYK2fpGPbnEeUM0_vVNhu5gfXJ2dNqW0kq2ScatcJ8TcElQ'
[Sun Mar 18 10:44:40 CET 2018] body='{"protected": "eyJub25jZSI6ICJ0QTZfbWprbE9KT3gzam5DazF0RVZTNzVEYkJzLTNkQmhJdkdjYnlqVzhvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICIifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImxhcnB0cmVmZi5kZSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5sYXJwdHJlZmYuZGUifV19", "signature": "r08igNzyj2cpnHftnWSqbP05aMeqy4DuQt9pLa92vYWWJgKo56gvH_rnmrPUJlP1p3RAEe80Q0cBxkAYuEqhNmrhFDIHjExPBrxARORDGr7BFK6ydnsZ5FnzJaA-5GKTPyN7IP3eDw_Fi_ffz4qze0dVN3n36xteP2ha-ashzGmOhcLz_dJ9Ql_7Aga35nEoA_hxRWDCxJ9wSqoA1s0VWN9mIu5mDRM5-MvIAdIIeb5D8M64sZr9zEW1xTlUCQVYiQEG-6QYpYsr0p6lM7sdBd17J38s-KIUA5bBhMxlYK2fpGPbnEeUM0_vVNhu5gfXJ2dNqW0kq2ScatcJ8TcElQ"}'
[Sun Mar 18 10:44:40 CET 2018] POST
[Sun Mar 18 10:44:40 CET 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sun Mar 18 10:44:40 CET 2018] body='{"protected": "eyJub25jZSI6ICJ0QTZfbWprbE9KT3gzam5DazF0RVZTNzVEYkJzLTNkQmhJdkdjYnlqVzhvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICIifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImxhcnB0cmVmZi5kZSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5sYXJwdHJlZmYuZGUifV19", "signature": "r08igNzyj2cpnHftnWSqbP05aMeqy4DuQt9pLa92vYWWJgKo56gvH_rnmrPUJlP1p3RAEe80Q0cBxkAYuEqhNmrhFDIHjExPBrxARORDGr7BFK6ydnsZ5FnzJaA-5GKTPyN7IP3eDw_Fi_ffz4qze0dVN3n36xteP2ha-ashzGmOhcLz_dJ9Ql_7Aga35nEoA_hxRWDCxJ9wSqoA1s0VWN9mIu5mDRM5-MvIAdIIeb5D8M64sZr9zEW1xTlUCQVYiQEG-6QYpYsr0p6lM7sdBd17J38s-KIUA5bBhMxlYK2fpGPbnEeUM0_vVNhu5gfXJ2dNqW0kq2ScatcJ8TcElQ"}'
[Sun Mar 18 10:44:40 CET 2018] Http already initialized.
[Sun Mar 18 10:44:40 CET 2018] _WGET='wget -q -d --content-on-error '
[Sun Mar 18 10:44:41 CET 2018] wget returns 8, the server returns a 'Bad request' response, lets process the response later.
[Sun Mar 18 10:44:41 CET 2018] options='s/^ *//g'
[Sun Mar 18 10:44:41 CET 2018] Using sed -i
[Sun Mar 18 10:44:41 CET 2018] _ret='0'
[Sun Mar 18 10:44:41 CET 2018] original='{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "No Key ID in JWS header",
"status": 400
}'
[Sun Mar 18 10:44:41 CET 2018] responseHeaders='Setting --content-on-error (contentonerror) to 1
Setting --server-response (serverresponse) to 1
Setting --output-document (outputdocument) to -
Setting --user-agent (useragent) to acme.sh/2.7.8 (https://github.com/Neilpang/acme.sh)
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to Content-Type: application/jose+json
Setting --post-data (postdata) to {"protected": "eyJub25jZSI6ICJ0QTZfbWprbE9KT3gzam5DazF0RVZTNzVEYkJzLTNkQmhJdkdjYnlqVzhvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICIifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImxhcnB0cmVmZi5kZSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5sYXJwdHJlZmYuZGUifV19", "signature": "r08igNzyj2cpnHftnWSqbP05aMeqy4DuQt9pLa92vYWWJgKo56gvH_rnmrPUJlP1p3RAEe80Q0cBxkAYuEqhNmrhFDIHjExPBrxARORDGr7BFK6ydnsZ5FnzJaA-5GKTPyN7IP3eDw_Fi_ffz4qze0dVN3n36xteP2ha-ashzGmOhcLz_dJ9Ql_7Aga35nEoA_hxRWDCxJ9wSqoA1s0VWN9mIu5mDRM5-MvIAdIIeb5D8M64sZr9zEW1xTlUCQVYiQEG-6QYpYsr0p6lM7sdBd17J38s-KIUA5bBhMxlYK2fpGPbnEeUM0_vVNhu5gfXJ2dNqW0kq2ScatcJ8TcElQ"}
Setting --method (method) to POST
Setting --body-data (bodydata) to {"protected": "eyJub25jZSI6ICJ0QTZfbWprbE9KT3gzam5DazF0RVZTNzVEYkJzLTNkQmhJdkdjYnlqVzhvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICIifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImxhcnB0cmVmZi5kZSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5sYXJwdHJlZmYuZGUifV19", "signature": "r08igNzyj2cpnHftnWSqbP05aMeqy4DuQt9pLa92vYWWJgKo56gvH_rnmrPUJlP1p3RAEe80Q0cBxkAYuEqhNmrhFDIHjExPBrxARORDGr7BFK6ydnsZ5FnzJaA-5GKTPyN7IP3eDw_Fi_ffz4qze0dVN3n36xteP2ha-ashzGmOhcLz_dJ9Ql_7Aga35nEoA_hxRWDCxJ9wSqoA1s0VWN9mIu5mDRM5-MvIAdIIeb5D8M64sZr9zEW1xTlUCQVYiQEG-6QYpYsr0p6lM7sdBd17J38s-KIUA5bBhMxlYK2fpGPbnEeUM0_vVNhu5gfXJ2dNqW0kq2ScatcJ8TcElQ"}
DEBUG output created by Wget 1.18 on linux-gnu.
Reading HSTS entries from /root/.wget-hsts
URI encoding = ‘UTF-8’
Certificates loaded: 166
Caching acme-v02.api.letsencrypt.org => 104.123.22.170 2a02:26f0:105:288::3a8e 2a02:26f0:105:28c::3a8e
Created socket 3.
Releasing 0x0000562a0b792420 (new refcount 1).
---request begin---
POST /acme/new-order HTTP/1.1
User-Agent: acme.sh/2.7.8 (https://github.com/Neilpang/acme.sh)
Accept: */*
Accept-Encoding: identity
Host: acme-v02.api.letsencrypt.org
Connection: Keep-Alive
Content-Type: application/jose+json
Content-Length: 713
---request end---
[BODY data: {"protected": "eyJub25jZSI6ICJ0QTZfbWprbE9KT3gzam5DazF0RVZTNzVEYkJzLTNkQmhJdkdjYnlqVzhvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICIifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImxhcnB0cmVmZi5kZSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5sYXJwdHJlZmYuZGUifV19", "signature": "r08igNzyj2cpnHftnWSqbP05aMeqy4DuQt9pLa92vYWWJgKo56gvH_rnmrPUJlP1p3RAEe80Q0cBxkAYuEqhNmrhFDIHjExPBrxARORDGr7BFK6ydnsZ5FnzJaA-5GKTPyN7IP3eDw_Fi_ffz4qze0dVN3n36xteP2ha-ashzGmOhcLz_dJ9Ql_7Aga35nEoA_hxRWDCxJ9wSqoA1s0VWN9mIu5mDRM5-MvIAdIIeb5D8M64sZr9zEW1xTlUCQVYiQEG-6QYpYsr0p6lM7sdBd17J38s-KIUA5bBhMxlYK2fpGPbnEeUM0_vVNhu5gfXJ2dNqW0kq2ScatcJ8TcElQ"}]
---response begin---
HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 108
Replay-Nonce: cfWLhzg617ybLTkwWoAZuAzJNY2luwYWVdskJM0YkpY
Expires: Sun, 18 Mar 2018 09:44:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 18 Mar 2018 09:44:41 GMT
Connection: close
---response end---
HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 108
Replay-Nonce: cfWLhzg617ybLTkwWoAZuAzJNY2luwYWVdskJM0YkpY
Expires: Sun, 18 Mar 2018 09:44:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 18 Mar 2018 09:44:41 GMT
Connection: close'
[Sun Mar 18 10:44:41 CET 2018] response='{"type":"urn:ietf:params:acme:error:malformed","detail":"No Key ID in JWS header","status": 400}'
[Sun Mar 18 10:44:41 CET 2018] code='400'
[Sun Mar 18 10:44:41 CET 2018] Le_OrderFinalize
[Sun Mar 18 10:44:41 CET 2018] Create new order error. Le_OrderFinalize not found. {"type":"urn:ietf:params:acme:error:malformed","detail":"No Key ID in JWS header","status": 400}
[Sun Mar 18 10:44:41 CET 2018] pid
[Sun Mar 18 10:44:41 CET 2018] No need to restore nginx, skip.
[Sun Mar 18 10:44:41 CET 2018] _clearupdns
[Sun Mar 18 10:44:41 CET 2018] skip dns.
[Sun Mar 18 10:44:41 CET 2018] _on_issue_err
[Sun Mar 18 10:44:41 CET 2018] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Sun Mar 18 10:44:41 CET 2018] _chk_vlist
[Sun Mar 18 10:44:41 CET 2018] openssl exists=0
[Sun Mar 18 10:44:41 CET 2018] nginx exists=0
[Sun Mar 18 10:44:41 CET 2018] socat exists=0
[Sun Mar 18 10:44:41 CET 2018] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.0f 25 May 2017
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.10.3
built with OpenSSL 1.1.0f 25 May 2017
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-2tpxfc/nginx-1.10.3=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-auth-pam --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-dav-ext-module --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-echo --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-upstream-fair --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/ngx_http_substitutions_filter_module
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
options:
-V print version and feature information to stdout, and exit
-h|-? print a help text describing command line options and addresses
-hh like -h, plus a list of all common address option names
-hhh like -hh, plus a list of all available address option names
-d increase verbosity (use up to 4 times; 2 are recommended)
-D analyze file descriptors before loop
-ly[facility] log to syslog, using facility (default is daemon)
-lf<logfile> log to file
-ls log to stderr (default if no other log)
-lm[facility] mixed log mode (stderr during initialization, then syslog)
-lp<progname> set the program name used for logging
-lu use microseconds for logging timestamps
-lh add hostname to log messages
-v verbose data traffic, text
-x verbose data traffic, hexadecimal
-b<size_t> set data buffer size (8192)
-s sloppy (continue on error)
-t<timeout> wait seconds before closing second channel
-T<timeout> total inactivity timeout in seconds
-u unidirectional mode (left to right)
-U unidirectional mode (right to left)
-g do not check option groups
-L <lockfile> try to obtain lock, or fail
-W <lockfile> try to obtain lock, or wait
-4 prefer IPv4 if version is not explicitly specified
-6 prefer IPv6 if version is not explicitly specified
bi-address:
pipe[,<opts>] groups=FD,FIFO
<single-address>!!<single-address>
<single-address>
single-address:
<address-head>[,<opts>]
address-head:
abstract-client:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-connect:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-listen:<filename> groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
abstract-recv:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-recvfrom:<filename> groups=FD,SOCKET,CHILD,RETRY,UNIX
abstract-sendto:<filename> groups=FD,SOCKET,RETRY,UNIX
create:<filename> groups=FD,REG,NAMED
exec:<command-line> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
fd:<num> groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
gopen:<filename> groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
interface:<interface> groups=FD,SOCKET
ip-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recv:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
ip-sendto:<host>:<protocol> groups=FD,SOCKET,IP4,IP6
ip4-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recv:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4
ip4-sendto:<host>:<protocol> groups=FD,SOCKET,IP4
ip6-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recv:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP6
ip6-sendto:<host>:<protocol> groups=FD,SOCKET,IP6
open:<filename> groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
openssl:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
openssl-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
pipe:<filename> groups=FD,FIFO,NAMED,OPEN
proxy:<proxy-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
pty groups=FD,NAMED,TERMIOS,PTY
sctp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
sctp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
sctp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
sctp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
sctp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
sctp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
socket-connect:<domain>:<protocol>:<remote-address> groups=FD,SOCKET,CHILD,RETRY
socket-datagram:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET,RANGE
socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
socket-recv:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,RANGE
socket-recvfrom:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,CHILD,RANGE
socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
socks4:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
socks4a:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
stderr groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdin groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdio groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdout groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
system:<shell-command> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
tcp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
tcp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
tcp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
tcp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
tun[:<ip-addr>/<bits>] groups=FD,CHR,NAMED,OPEN,INTERFACE
udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
udp-recv:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
udp-sendto:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp4-connect:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp4-datagram:<remote-address>:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
udp4-recv:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-recvfrom:<host>:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp6-connect:<host>:<port> groups=FD,SOCKET,IP6,UDP
udp6-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
udp6-recv:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
unix-client:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-connect:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-listen:<filename> groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
unix-recv:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-recvfrom:<filename> groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
unix-sendto:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
show me the conf again.
cat .acme.sh/ca/acme-v02.api.letsencrypt.org/ca.confroot@ovh.shuro.de:~>cat .acme.sh/ca/acme-v02.api.letsencrypt.org/ca.conf
ACCOUNT_URL='https://acme-v02.api.letsencrypt.org/acme/acct/31194868'
CA_KEY_HASH='5IC269hgcvZmVR9apArRV5sMEx6c9r4mrhZUMo/GgGY='@Shuro please upgrade and try again:
export BRANCH=dev
acme.sh --upgraderemove the ca.conf first.
rm .acme.sh/ca/acme-v02.api.letsencrypt.org/ca.confIt works now, I didn't remove the ca.conf tho. It is still running, I could remove it then and retry it.
Shuro
commented
6 years ago It also works with removing the ca.conf.
Neilpang
commented
6 years ago @Shuro yes, I just fixed the empty kid issue. so it works. but it seems that there is still a bug in it. I'm not sure whether it's Boulder's bug or not. Let's wait and see what @cpu comments.
Thanks.
CengizS
commented
6 years ago Sorry to bother but I still have the same problem after deleting the ca.conf and installing from dev acme.sh.log
pantaraf
commented
6 years ago Same here. I tried to upgrade (my version was at 2.7.8 already) and I tried to delete ca.conf as well with no success. The only difference I can appreciate from three days ago is the error showing up immediately while before it took seconds.
Neilpang
commented
6 years ago @pantaraf show me the log with --debug 3
pantaraf
commented
6 years ago [Mon Mar 19 08:24:37 CET 2018] readlink exists=0
[Mon Mar 19 08:24:37 CET 2018] dirname exists=0
[Mon Mar 19 08:24:37 CET 2018] Lets find script dir.
[Mon Mar 19 08:24:37 CET 2018] SCRIPT='./acme.sh'
[Mon Mar 19 08:24:37 CET 2018] _script='/root/.acme.sh/acme.sh'
[Mon Mar 19 08:24:37 CET 2018] _script_home='/root/.acme.sh'
[Mon Mar 19 08:24:37 CET 2018] Using config home:/root/.acme.sh
[Mon Mar 19 08:24:37 CET 2018] LE_WORKING_DIR='/root/.acme.sh'
[Mon Mar 19 08:24:37 CET 2018] _main_domain='.smartunnel.ovh'
[Mon Mar 19 08:24:37 CET 2018] _alt_domains='no'
[Mon Mar 19 08:24:37 CET 2018] Using config home:/root/.acme.sh
[Mon Mar 19 08:24:37 CET 2018] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon Mar 19 08:24:37 CET 2018] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Mon Mar 19 08:24:37 CET 2018] CA_CONF='/root/.acme.sh/ca/acme-v02.api.letsencrypt.org/ca.conf'
[Mon Mar 19 08:24:37 CET 2018] DOMAIN_PATH='/root/.acme.sh/.smartunnel.ovh'
[Mon Mar 19 08:24:37 CET 2018] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Mon Mar 19 08:24:37 CET 2018] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Mon Mar 19 08:24:37 CET 2018] GET
[Mon Mar 19 08:24:37 CET 2018] url='https://acme-v02.api.letsencrypt.org/directory'
[Mon Mar 19 08:24:37 CET 2018] timeout=
[Mon Mar 19 08:24:37 CET 2018] curl exists=0
[Mon Mar 19 08:24:37 CET 2018] mktemp exists=0
[Mon Mar 19 08:24:37 CET 2018] wget exists=0
[Mon Mar 19 08:24:37 CET 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.jkktuEC4EL -g '
[Mon Mar 19 08:24:37 CET 2018] ret='0'
[Mon Mar 19 08:24:37 CET 2018] response='{
"WBzkAUcsyfc": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Mon Mar 19 08:24:37 CET 2018] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Mon Mar 19 08:24:37 CET 2018] ACME_NEW_AUTHZ
[Mon Mar 19 08:24:37 CET 2018] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon Mar 19 08:24:37 CET 2018] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Mon Mar 19 08:24:37 CET 2018] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Mon Mar 19 08:24:37 CET 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Mon Mar 19 08:24:37 CET 2018] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Mar 19 08:24:37 CET 2018] ACME_VERSION='2'
[Mon Mar 19 08:24:37 CET 2018] Le_NextRenewTime
[Mon Mar 19 08:24:37 CET 2018] OK
[Mon Mar 19 08:24:37 CET 2018] 1:Le_Domain='.smartunnel.ovh'
[Mon Mar 19 08:24:37 CET 2018] OK
[Mon Mar 19 08:24:37 CET 2018] 2:Le_Alt='no'
[Mon Mar 19 08:24:37 CET 2018] OK
[Mon Mar 19 08:24:37 CET 2018] 3:Le_Webroot='dns_ovh'
[Mon Mar 19 08:24:37 CET 2018] OK
[Mon Mar 19 08:24:37 CET 2018] 4:Le_PreHook=''
[Mon Mar 19 08:24:37 CET 2018] OK
[Mon Mar 19 08:24:37 CET 2018] 5:Le_PostHook=''
[Mon Mar 19 08:24:37 CET 2018] OK
[Mon Mar 19 08:24:37 CET 2018] 6:Le_RenewHook=''
[Mon Mar 19 08:24:37 CET 2018] OK
[Mon Mar 19 08:24:37 CET 2018] 7:Le_API='https://acme-v02.api.letsencrypt.org/directory'
[Mon Mar 19 08:24:37 CET 2018] _on_before_issue
[Mon Mar 19 08:24:37 CET 2018] _chk_main_domain='.smartunnel.ovh'
[Mon Mar 19 08:24:37 CET 2018] _chk_alt_domains
[Mon Mar 19 08:24:37 CET 2018] 'dns_ovh' does not contain 'no'
[Mon Mar 19 08:24:37 CET 2018] Le_LocalAddress
[Mon Mar 19 08:24:37 CET 2018] d='.smartunnel.ovh'
[Mon Mar 19 08:24:37 CET 2018] Check for domain='.smartunnel.ovh'
[Mon Mar 19 08:24:37 CET 2018] _currentRoot='dns_ovh'
[Mon Mar 19 08:24:37 CET 2018] d
[Mon Mar 19 08:24:37 CET 2018] 'dns_ovh' does not contain 'apache'
[Mon Mar 19 08:24:37 CET 2018] _saved_account_key_hash='JkxRkT0rBNxQCmNegYc3Ze8HvnxAH4NzSIHU/cEbBlw='
[Mon Mar 19 08:24:37 CET 2018] base64 single line.
[Mon Mar 19 08:24:37 CET 2018] _saved_account_key_hash is not changed, skip register account.
[Mon Mar 19 08:24:37 CET 2018] Read key length:
[Mon Mar 19 08:24:37 CET 2018] _createcsr
[Mon Mar 19 08:24:37 CET 2018] domain='.smartunnel.ovh'
[Mon Mar 19 08:24:37 CET 2018] domainlist
[Mon Mar 19 08:24:37 CET 2018] csrkey='/root/.acme.sh/.smartunnel.ovh/.smartunnel.ovh.key'
[Mon Mar 19 08:24:37 CET 2018] csr='/root/.acme.sh/.smartunnel.ovh/.smartunnel.ovh.csr'
[Mon Mar 19 08:24:37 CET 2018] csrconf='/root/.acme.sh/.smartunnel.ovh/.smartunnel.ovh.csr.conf'
[Mon Mar 19 08:24:38 CET 2018] _is_idn_d='.smartunnel.ovh'
[Mon Mar 19 08:24:38 CET 2018] _idn_temp
[Mon Mar 19 08:24:38 CET 2018] _csr_cn='.smartunnel.ovh'
[Mon Mar 19 08:24:38 CET 2018] OK
[Mon Mar 19 08:24:38 CET 2018] 8:Le_Keylength=''
[Mon Mar 19 08:24:38 CET 2018] d
[Mon Mar 19 08:24:38 CET 2018] _identifiers='{"type":"dns","value":".smartunnel.ovh"}'
[Mon Mar 19 08:24:38 CET 2018] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon Mar 19 08:24:38 CET 2018] payload='{"identifiers": [{"type":"dns","value":"*.smartunnel.ovh"}]}'
[Mon Mar 19 08:24:38 CET 2018] RSA key
[Mon Mar 19 08:24:38 CET 2018] pub_exp='010001'
[Mon Mar 19 08:24:38 CET 2018] base64 single line.
[Mon Mar 19 08:24:38 CET 2018] xxd exists=0
[Mon Mar 19 08:24:38 CET 2018] e='AQAB'
[Mon Mar 19 08:24:38 CET 2018] modulus='BF2F02F3FEE53CFE5501DF10687C68F99D041411D6A945E85465C3F56C7E21E6B389EB1A7151C23D495AB203407E7CAA3DB7960782F8B53D3A742420BCB2AA0214A5B308427544079DBDF5F35BD8F97373152A4B5B8C305A010669C0EA2E4A8D48CFA06AC0EBFCD0BF805FC8712085E69573354CE627DDC03DD53EF4E233A285D01FC654532E3FC80711D3D78B9F9B61E5B6901C5A4C974924B284E4EEA8B425593D3FC0BBFC949E97019DA531A7C31BDFCC135CC52F3224D3A3F56D9AB782A9551771C3D4D5A44B9650DB4DC65E97E55BB277E8C05E8E120C5CA92690EAD644AF42AD54AD62DF67E8F4FCA416D4BC59B7E90EA85E2482C76BD747666D3BD049'
[Mon Mar 19 08:24:38 CET 2018] base64 single line.
[Mon Mar 19 08:24:38 CET 2018] xxd exists=0
[Mon Mar 19 08:24:38 CET 2018] n='vy8C8_7lPP5VAd8QaHxo-Z0EFBHWqUXoVGXD9Wx-IeaziesacVHCPUlasgNAfnyqPbeWB4L4tT06dCQgvLKqAhSlswhCdUQHnb3181vY-XNzFSpLW4wwWgEGacDqLkqNSM-gasDr_NC_gF_IcSCF5pVzNUzmJ93APdU-9OIzooXQH8ZUUy4_yAcR09eLn5th5baQHFpMl0kksoTk7qi0JVk9P8C7_JSelwGdpTGnwxvfzBNcxS8yJNOj9W2at4KpVRdxw9TVpEuWUNtNxl6X5Vuyd-jAXo4SDFypJpDq1kSvQq1UrWLfZ-j0_KQW1LxZt-kOqF4kgsdr10dmbTvQSQ'
[Mon Mar 19 08:24:38 CET 2018] jwk='{"e": "AQAB", "kty": "RSA", "n": "vy8C8_7lPP5VAd8QaHxo-Z0EFBHWqUXoVGXD9Wx-IeaziesacVHCPUlasgNAfnyqPbeWB4L4tT06dCQgvLKqAhSlswhCdUQHnb3181vY-XNzFSpLW4wwWgEGacDqLkqNSM-gasDr_NC_gF_IcSCF5pVzNUzmJ93APdU-9OIzooXQH8ZUUy4_yAcR09eLn5th5baQHFpMl0kksoTk7qi0JVk9P8C7_JSelwGdpTGnwxvfzBNcxS8yJNOj9W2at4KpVRdxw9TVpEuWUNtNxl6X5Vuyd-jAXo4SDFypJpDq1kSvQq1UrWLfZ-j0_KQW1LxZt-kOqF4kgsdr10dmbTvQSQ"}'
[Mon Mar 19 08:24:38 CET 2018] JWK_HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "vy8C8_7lPP5VAd8QaHxo-Z0EFBHWqUXoVGXD9Wx-IeaziesacVHCPUlasgNAfnyqPbeWB4L4tT06dCQgvLKqAhSlswhCdUQHnb3181vY-XNzFSpLW4wwWgEGacDqLkqNSM-gasDr_NC_gF_IcSCF5pVzNUzmJ93APdU-9OIzooXQH8ZUUy4_yAcR09eLn5th5baQHFpMl0kksoTk7qi0JVk9P8C7_JSelwGdpTGnwxvfzBNcxS8yJNOj9W2at4KpVRdxw9TVpEuWUNtNxl6X5Vuyd-jAXo4SDFypJpDq1kSvQq1UrWLfZ-j0_KQW1LxZt-kOqF4kgsdr10dmbTvQSQ"}}'
[Mon Mar 19 08:24:38 CET 2018] base64 single line.
[Mon Mar 19 08:24:38 CET 2018] payload64='eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6Iiouc21hcnR1bm5lbC5vdmgifV19'
[Mon Mar 19 08:24:38 CET 2018] _request_retry_times='0'
[Mon Mar 19 08:24:38 CET 2018] Get nonce. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Mar 19 08:24:38 CET 2018] HEAD
[Mon Mar 19 08:24:38 CET 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Mar 19 08:24:38 CET 2018] body
[Mon Mar 19 08:24:38 CET 2018] _postContentType='application/jose+json'
[Mon Mar 19 08:24:38 CET 2018] curl exists=0
[Mon Mar 19 08:24:38 CET 2018] mktemp exists=0
[Mon Mar 19 08:24:38 CET 2018] wget exists=0
[Mon Mar 19 08:24:38 CET 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.rtyCURVGqq -g '
[Mon Mar 19 08:24:38 CET 2018] _ret='0'
[Mon Mar 19 08:24:38 CET 2018] _headers='HTTP/1.1 204 No Content
Server: nginx
Replay-Nonce: 9HsxzY0zlqfrvJCt7a83nrZ_6gQRFHLF69FkCTgBrvU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 19 Mar 2018 07:26:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 19 Mar 2018 07:26:12 GMT
Connection: keep-alive
'
[Mon Mar 19 08:24:38 CET 2018] _CACHED_NONCE='9HsxzY0zlqfrvJCt7a83nrZ_6gQRFHLF69FkCTgBrvU'
[Mon Mar 19 08:24:38 CET 2018] nonce='9HsxzY0zlqfrvJCt7a83nrZ_6gQRFHLF69FkCTgBrvU'
[Mon Mar 19 08:24:38 CET 2018] protected='{"nonce": "9HsxzY0zlqfrvJCt7a83nrZ_6gQRFHLF69FkCTgBrvU", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "alg": "RS256", "kid": "https://application/jose+json""}'
[Mon Mar 19 08:24:38 CET 2018] base64 single line.
[Mon Mar 19 08:24:38 CET 2018] protected64='eyJub25jZSI6ICI5SHN4elkwemxxZnJ2SkN0N2E4M25yWl82Z1FSRkhMRjY5RmtDVGdCcnZVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FwcGxpY2F0aW9uL2pvc2UranNvbiIifQ'
[Mon Mar 19 08:24:38 CET 2018] base64 single line.
[Mon Mar 19 08:24:38 CET 2018] _sig_t='uDsjUPhvWSybxhBB//niWnBSdkrUCCDoviXYubuofCG66Mbf7GCNtNa1AkjMFRq4WHdTVvFMdByJupra1WkPc367Z2lD7gCjy+kvjBtfzsLLplZWsFJKlMMGgssvib7f4qgQAjxw/3Uypd5TKMkIBLQX7G42mk0++BIh3Z/tqKJBiMid3o7VLAUyKh3KerXnHpgL3NxC8EWnPh8j8LAAc5WGRjmGJ1e3PQ6Idra21NQDRAqCWd3NugcnI0VZvu1UTOjA4/ybAnQjQbbA5XOa4glcCnFieKNKup66p4AruI99nidExAk3R76nkSsPE8uF/TvY3SiMug+fFQZOHjbZlg=='
[Mon Mar 19 08:24:38 CET 2018] sig='uDsjUPhvWSybxhBBniWnBSdkrUCCDoviXYubuofCG66Mbf7GCNtNa1AkjMFRq4WHdTVvFMdByJupra1WkPc367Z2lD7gCjy-kvjBtfzsLLplZWsFJKlMMGgssvib7f4qgQAjxw_3Uypd5TKMkIBLQX7G42mk0--BIh3Z_tqKJBiMid3o7VLAUyKh3KerXnHpgL3NxC8EWnPh8j8LAAc5WGRjmGJ1e3PQ6Idra21NQDRAqCWd3NugcnI0VZvu1UTOjA4_ybAnQjQbbA5XOa4glcCnFieKNKup66p4AruI99nidExAk3R76nkSsPE8uF_TvY3SiMug-fFQZOHjbZlg'
[Mon Mar 19 08:24:38 CET 2018] body='{"protected": "eyJub25jZSI6ICI5SHN4elkwemxxZnJ2SkN0N2E4M25yWl82Z1FSRkhMRjY5RmtDVGdCcnZVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FwcGxpY2F0aW9uL2pvc2UranNvbiIifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6Iiouc21hcnR1bm5lbC5vdmgifV19", "signature": "uDsjUPhvWSybxhBBniWnBSdkrUCCDoviXYubuofCG66Mbf7GCNtNa1AkjMFRq4WHdTVvFMdByJupra1WkPc367Z2lD7gCjy-kvjBtfzsLLplZWsFJKlMMGgssvib7f4qgQAjxw_3Uypd5TKMkIBLQX7G42mk0--BIh3Z_tqKJBiMid3o7VLAUyKh3KerXnHpgL3NxC8EWnPh8j8LAAc5WGRjmGJ1e3PQ6Idra21NQDRAqCWd3NugcnI0VZvu1UTOjA4_ybAnQjQbbA5XOa4glcCnFieKNKup66p4AruI99nidExAk3R76nkSsPE8uF_TvY3SiMug-fFQZOHjbZlg"}'
[Mon Mar 19 08:24:38 CET 2018] POST
[Mon Mar 19 08:24:38 CET 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon Mar 19 08:24:38 CET 2018] body='{"protected": "eyJub25jZSI6ICI5SHN4elkwemxxZnJ2SkN0N2E4M25yWl82Z1FSRkhMRjY5RmtDVGdCcnZVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FwcGxpY2F0aW9uL2pvc2UranNvbiIifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6Iiouc21hcnR1bm5lbC5vdmgifV19", "signature": "uDsjUPhvWSybxhBB__niWnBSdkrUCCDoviXYubuofCG66Mbf7GCNtNa1AkjMFRq4WHdTVvFMdByJupra1WkPc367Z2lD7gCjy-kvjBtfzsLLplZWsFJKlMMGgssvib7f4qgQAjxw_3Uypd5TKMkIBLQX7G42mk0--BIh3Z_tqKJBiMid3o7VLAUyKh3KerXnHpgL3NxC8EWnPh8j8LAAc5WGRjmGJ1e3PQ6Idra21NQDRAqCWd3NugcnI0VZvu1UTOjA4_ybAnQjQbbA5XOa4glcCnFieKNKup66p4AruI99nidExAk3R76nkSsPE8uF_TvY3SiMug-fFQZOHjbZlg"}'
[Mon Mar 19 08:24:38 CET 2018] _postContentType='application/jose+json'
[Mon Mar 19 08:24:38 CET 2018] Http already initialized.
[Mon Mar 19 08:24:38 CET 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.rtyCURVGqq -g '
[Mon Mar 19 08:24:38 CET 2018] _ret='0'
[Mon Mar 19 08:24:38 CET 2018] original='{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Parse error reading JWS",
"status": 400
}'
[Mon Mar 19 08:24:38 CET 2018] responseHeaders='HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 108
Replay-Nonce: DymDK7RNQ_3jC4x4WrdJtuR5ZzHkpWDPPCL9BO5JtF4
Expires: Mon, 19 Mar 2018 07:26:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 19 Mar 2018 07:26:12 GMT
Connection: close
'
[Mon Mar 19 08:24:38 CET 2018] response='{"type":"urn:ietf:params:acme:error:malformed","detail":"Parse error reading JWS","status": 400}'
[Mon Mar 19 08:24:38 CET 2018] code='400'
[Mon Mar 19 08:24:38 CET 2018] Le_OrderFinalize
[Mon Mar 19 08:24:38 CET 2018] Create new order error. Le_OrderFinalize not found. {"type":"urn:ietf:params:acme:error:malformed","detail":"Parse error reading JWS","status": 400}
[Mon Mar 19 08:24:38 CET 2018] pid
[Mon Mar 19 08:24:38 CET 2018] No need to restore nginx, skip.
[Mon Mar 19 08:24:38 CET 2018] _clearupdns
[Mon Mar 19 08:24:38 CET 2018] skip dns.
[Mon Mar 19 08:24:38 CET 2018] _on_issue_err
[Mon Mar 19 08:24:38 CET 2018] Please add '--debug' or '--log' to check more details.
[Mon Mar 19 08:24:38 CET 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Mon Mar 19 08:24:38 CET 2018] _chk_vlist
[Mon Mar 19 08:24:38 CET 2018] openssl exists=0
[Mon Mar 19 08:24:38 CET 2018] nginx exists=0
[Mon Mar 19 08:24:38 CET 2018] socat exists=0
[Mon Mar 19 08:24:38 CET 2018] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.1t 3 May 2016
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.2.1
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-pcre-jit --with-debug --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_realip_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-ipv6 --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl --with-mail --with-mail_ssl_module --add-module=/build/nginx-1.2.1/debian/modules/nginx-auth-pam --add-module=/build/nginx-1.2.1/debian/modules/nginx-echo --add-module=/build/nginx-1.2.1/debian/modules/nginx-upstream-fair --add-module=/build/nginx-1.2.1/debian/modules/nginx-dav-ext-module
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options]
Neilpang
commented
6 years ago @pantaraf remove the ca.conf
rm -f /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/ca.confThis time it worked. Is deleting the ca.conf file a workaround or was I stuck because of me doing something wrong? Thanks a lot!
dynos01
commented
6 years ago Just switched to dev branch, and deleted ca.conf. Still no luck. Is LE’s server down, or I did anything wrong?
Neilpang
commented
6 years ago @dynos01 so, why not paste your debug log ?
cpu
commented
6 years ago So, It seems to me that Boulder had given us a wrong response header containing a wrong Location header in it, which resulted in a wrong kid(ACCOUNT_URL) for acme.sh. That's why we got an error finally in the new-cert request.
@Neilpang You tagged me on this and another acme.sh issue but they're both very crowded with user comments & log snippets and I'm having a hard time keeping things straight. Can you open a bug on the Boulder repo for this with the relevant log snippets? I don't believe Boulder could set such a Location header in a new-account response but we can debug further there.
I'm slightly confused: We're talking about key ID's which is an ACME v2 concept, but you're also talking about posts to new-cert which is an ACME v1 endpoint. There's no step in an ACME v2 issuance where you should be POSTing new-cert at all.
Neilpang
commented
6 years ago @cpu Thank you. I will collect more logs and then report issue to Boulder if it's confirmed.
Thanks.
Shuro
commented
6 years ago @Neilpang This is over an week old. Is there an update on this problem?
Neilpang
commented
6 years ago @Shuro please try with the latest code.
Shuro
commented
6 years ago It worked since the changes in dev. Is there a good and secure way to switch to the stable branch again?
Neilpang
commented
6 years ago @Shuro yes, you can always switch between master and dev. There will not be too much difference, and dev is always merged to master fast.
Error
Create new order error. Le_OrderFinalize not found. {"type":"urn:ietf:params:acme:error:malformed","detail":"Parse error reading JWS","status": 400}
Steps to reproduce
root@localhost:~/.acme.sh>acme.sh --issue -d larptreff.de -d *.larptreff.de --dns dns_inwx --force --debug 2 --logDebug log
root@localhost:~/.acme.sh>acme.sh --versionroot@localhost:~/.acme.sh>cat acme.sh.log